Webroot Filtering Extension (Chrome) no more Green Padlocks

  • 25 October 2013
  • 80 replies
  • 925 views

Userlevel 3
Enabling Webroot Filtering Extension causes safe "green padlock" sites to report a message that states "this page includes other resources that are not secure".  This image should explain everything.
 


80 replies

I can try to add it Daniel but I "write" not only for coding, I use dozens of software that require typing in general so I finally decided to disable it and everything went back to normality.
 
About the padlock, I guess the topic is about the SSL browser padlock, if not then I misunderstood the topic maybe I should open a new one. What I'm trying to say is that the extension mangles with the SSL on the page serving unprotected content, thus disabling the "green" padlock on the browser address bar and prompting an "alert" padlock instead (as you can see on my screenshot)
Userlevel 7
So you mean the padlock in the address bar then?
Userlevel 7
Badge +56
It shows HTTPS with a padlock in my snapshot above in the address line! Also here in this picture below and that doesn't have anything to with Webroot!
 
Daniel
 


 
 
Userlevel 7
Hi manight
 
The reason for the behaviour you are referring to has been discussed at length earlier in this thread and at present there is no work around or solution.  Having said that with WSA fully switched on it provides better protection of the browser than Chrome's own functionality...and therefore I now ignore the fact that there is no green padlock in the address bar in Chrome.  To date I have not yet been compromised by a browser-related attack.
 
 
Just my thoughts on the subject...for what they are worth.
 
Regards
 
 
 
 Baldrick
Userlevel 7
Badge +56
Okay I see whats going on as I disabled the Web Filtering Extension and the green Padlock reappears so as Solly said above is true!
 
Daniel  ;)
 

Userlevel 7
Hey guys, I was just able to replicate what he is talking about. This is without the filtering extension enabled. Notice that the padlock in the address bar is completely green.

With the filtering extension enabled the padlock is still there but it says that "there are some unecrypted elements" in the webpage and show it turns yellow:


Is this what you are talking about?
Userlevel 7
Hey Daniel, I didn't see yours until I posted mine. Looks like we were going the same place with the screenshots though 😃
Userlevel 7
Badge +56
Yeppers! 😉
Userlevel 7
@_GoSpursGo wrote:
Hey guys, I was just able to replicate what he is talking about. This is without the filtering extension enabled. Notice that the padlock in the address bar is completely green.With the filtering extension enabled the padlock is still there but it says that "there are some unecrypted elements" in the webpage and show it turns yellow:
 
Is this what you are talking about?
Hi Evan...that is all correct and as a reminder Joe explained it all in this previous post in this thread...and currently there appears to be no workaround...but as I said in my previous post...the view from the experts was, I believe, that WSA provides as good if not better protection of the browser, etc., then Chrome's own protection...so there is no danger in not having the green padlock on...at least that is how I understand it and I have not suffered as a result.
 
Regards
 
 
 
 
Baldrick
Userlevel 7
Badge +56
That's why I never caught on as I never used Chrome till about 6 months ago I did just to help support it so even I learn new things everyday!
 
Daniel 😃
I know that the "unsecured" thing going over the wire is the webroot injected script so I don't care if it's encrypted or not of course.
 
I'm just looking at this from the "common user" perspective, who is surfing a website and seeing an alert in the SSL certificate advising him that some of the contents on the site will not be encrypted. Of course this is not reassuring for a user surfing an e-commerce or financial or other kind of website that requires "major" security with data transmissions.
I guess this will leave the user with the feeling that this site has something wrong and doesn't feel completely "confortable" with it.
For many websites operating this kind of business, inspiring trust in their user is a must and of course this is not helping, since not every user will be able to open developer console inspect the requests and spot what's going on.
 
This was the main point.
Userlevel 3
I first brought this issue to Webroot's attention 8 months ago.  They still have not owned this issue. Their extension still makes people wonder if my website is safe.
 
Acceptable responses from Webroot:
- fix the problem
- remove the part of the extension that is causing the problem (perhaps put that part into a second, separate extension that can be optionally enabled)
- add a note to the gray padlock for safe sites (like mine) explaining that the website is actually safe
- upon the extension being enabled (and whenever a browser is launched) make a splash page that educates the user about how they will never see green padlocks again and why (user can disable the splash page in preferences)
- do an update that force-disables the extension until it's repaired
 
What's not acceptable is leaving this issue alone and just making dubious forum responses that "you're safer with this enabled". That does nothing to educate the vast majority of users.
Userlevel 7
Badge +62
Welcome dbergan! Happy to see you here maybe you would like to post here in the Ideas Exchange?
https://community.webroot.com/t5/Ideas-Exchange/idb-p/Ideas

Regards,
Userlevel 7
Badge +56
@ wrote:
I first brought this issue to Webroot's attention 8 months ago.  They still have not owned this issue. Their extension still makes people wonder if my website is safe.
 
Acceptable responses from Webroot:
- fix the problem
- remove the part of the extension that is causing the problem (perhaps put that part into a second, separate extension that can be optionally enabled)
- add a note to the gray padlock for safe sites (like mine) explaining that the website is actually safe
- upon the extension being enabled (and whenever a browser is launched) make a splash page that educates the user about how they will never see green padlocks again and why (user can disable the splash page in preferences)
- do an update that force-disables the extension until it's repaired
 
What's not acceptable is leaving this issue alone and just making dubious forum responses that "you're safer with this enabled". That does nothing to educate the vast majority of users.
Well I would say what Joe did and say you are safer with the Extension enabled!
 
Daniel
Userlevel 3
@ wrote:
Well I would say what Joe did and say you are safer with the Extension enabled!
 
Daniel
1) That is not the point. The point is that uninformed users (which would be all Webroot users not reading this thread) think my website is unsafe and Webroot has done nothing to educate them or help them understand that it is their product that makes my site look unsafe.
 
2) Prove that it's safer. When a product throws up false-negatives indiscriminately, and the company is ok with that behavior, I'm skeptical of the kind of protection they offer...
Userlevel 7
Badge +56
@ wrote:
TripleHelix wrote:
Well I would say what Joe did and say you are safer with the Extension enabled!
 
Daniel
1) That is not the point. The point is that uninformed users (which would be all Webroot users not reading this thread) think my website is unsafe and Webroot has done nothing to educate them or help them understand that it is their product that makes my site look unsafe.
 
2) Prove that it's safer. When a product throws up false-negatives indiscriminately, and the company is ok with that behavior, I'm skeptical of the kind of protection they offer...
Okay we are not getting anywhere so it's best to contact the support inbox and to speak to one of the fine folks from Webroot!
 
Cheers,
 
Daniel 😉
They are using an http connection for their extension to talk to their native application...
What they SHOULD be using is the chrome native message API.
https://developer.chrome.com/extensions/messaging
Userlevel 3

Okay we are not getting anywhere so it's best to contact the support inbox and to speak to one of the fine folks from Webroot!
 
Cheers,
 
Daniel ;)
I did that. 8 months ago.
 
I pursued this through every avenue Webroot had when i first noticed it. Your response is typical of the kind of help i received.
 
(Seriously why is TripleHelix constantly getting kudos? He hasn't said or done anything that helps resolve this issue...)
 
Kind regards,
David
Userlevel 7
Seriously, file a Trouble Ticket...that will update Support with the any new info and get the issue re-reviewed.  We are not Product Dev's here....we are volunteers.
 
TH gets Kudo for attempting to explain as it has been explained by the Dev's in the past.  He gets Kudo's for making sure exactly what the issue at hand is.  He gets Kudo's for the correct reply in the end that a Trouble Ticket would be appropriate at this time.
Userlevel 7
Badge +56
@ wrote:

Okay we are not getting anywhere so it's best to contact the support inbox and to speak to one of the fine folks from Webroot!
 
Cheers,
 
Daniel ;)
I did that. 8 months ago.
 
I pursued this through every avenue Webroot had when i first noticed it. Your response is typical of the kind of help i received.
 
(Seriously why is TripleHelix constantly getting kudos? He hasn't said or done anything that helps resolve this issue...)
 
Kind regards,
David
Why Kudos really? I'm a Volunteer like most of us in here we do our best but we don't develop WSA so who should you be talking to about this big issue? And yes I don't have an issue with this as my Browser is Firefox 99.9% of the time and the extension is built on BrightCloud http://www.brightcloud.com/platform/webroot-intelligence-network.php so even though I have Chrome the Web Shield will block bad sites so what is there to worry about? Never mind don't answer that!
 
Thanks,
 
leinaD
Userlevel 7
Badge +62
Hello all you guys...uhm I've stayed out of this post today but have been following it and have learned a lot of good things...don't make me copy and paste them...But as a team member of Webroot Community Forum I will Kudo TH and DavidP1970 and all who conversed in this very conflicting post trying to help all of you with your issues.

We are not Developers...We are volunteers to help trouble shoot and help others!

Regards,
Yrrehs
Userlevel 3
Apologies for my ignorance.  I assumed that the people making pro-WebRoot replies on this issue were working for WebRoot.  (Also, said people had fancy WebRooty images on their avatar and signature... leads a guy to believe that's he talking to WebRoot...)
 
I don't understand why people would be defending a product having a fairly major bug...
 
Below is the discussion from last October when I opened a support ticket.  (Note, the first message is on the bottom.)
 
As you'll see, I did not take this issue lightly.  And you'll see that their "advice" was to talk about this issue in the forums. (HERE!!!)  Now people on the forums are telling me to file a support ticket.  (INFINITE LOOP!!)
 
It's unbelievable to me that I have typed as much as I have on what amounts to a rather small bug-fix... and people still think that I need to do more!  It's not my product that's screwed up!
 
=============================================================================
 
Webroot Support (Oct 31, 2013 20:43)RE:the green padlocks to the left of the URLHello, 

For this situation I would recommend putting in an entry to our idea's exchange section of our community, that way we can try and get kudos and then the developers put that on their list of things to do. Below is the link where you can create an account via our community: 

community.webroot.com 

To post your idea just press the ideas exchange button, our developers look at this to get an idea of things that customers would like added to the program or changed. 

Thanks, 
Webroot Support Team 
 
 
Your Message (Oct 31, 2013 20:37)the green padlocks to the left of the URLYes, I understand the point of the extension. I'm not a moron, I'm a senior level website programmer. 

I'm reporting a bug with this extension. 

This extension always overrides Chrome's native green padlocks with the gray-padlock-with-yellow-triangle icon that says a website has "resources that are not secure". 

My website IS 100% safe and has a green padlock when the extension is disabled. Twitter, Microsoft, Gmail, etc. are all websites that are 100% safe and have green padlocks when the extension is disabled. When this extension is enabled, they instead show gray-padlocks-with-yellow-triangles and state the website has "resources that are not secure". 

Kind regards, 
David
 
 
 
Webroot Support (Oct 31, 2013 20:20)RE:Green padlocks with Chrome extensionHello, 

Actually with that extension installed from us if you go to a bad site we are going to stop you from going there and tell you that this site is known to be malicious and we will give you an option to either allow or close and by pressing close we will close your browser and get you out of that situation. By pressing Allow on our window its telling us that you trust the site even though we suggest it may be bad and then we will never warn you about that site again. 

Thanks, 
Webroot Support Team
 
 
 
Your Message (Oct 31, 2013 19:07)Green padlocks with Chrome extensionok... it seems like i didn't explain my point well. 

on https websites, just to the left of the url, you will see a padlock. this is explained by google here: https://support.google.com/chrome/answer/95617?hl=en 

the gray-padlock-with-yellow-triangle is a native part of chrome. you can see that icon when you go to a website that is ssl secure, but, say, embeds an image or banner or something from another server that isn't ssl secure. 

the green padlock is a native part of chrome. you see that icon when you go to a website where every element on the webpage (images, javascr1pt, etc) is local to the secured ssl server. 

both are a native part of chrome. 

the issue is that i never see any green url padlocks when webroot filtering extension is enabled. the extension acts as "something on the page that's embedded from another server". therefore, at best, i only see gray-padlocks-with-yellow-triangles. thus, i can never tell the difference between a 100% secured website and one that's only partially secure. 

since i own and run an insurance website, i would very much like users to see the green padlock on my site. but if they have webroot filtering enabled, they'll only see the partially-secure icon... and it looks like it's my company's fault that the site is not 100% secure. 

kind regards, 
david 

 
 
Webroot Support (Oct 31, 2013 18:23)RE:Hi, I did that in the original post on the webr...Hello, 

I guess I am confused also by the request, maybe there is some confusion on what Webroot Filtering Extension is. This will actually show you green check marks and red x's on your search engines, try using Yahoo or Bing and then do a search and you will see a green check mark next to the results Let me know if that works and you see the green check marks. 

Thanks, 
Webroot Support Team
 
 
 
Your Message (Oct 31, 2013 15:53)Hi, I did that in the original post on the webr...Hi, 

I did that in the original post on the webroot forum: 

https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Webroot-Filtering-Extension-Chrome-no-more-Green-Padlocks/td-p/63825#.UmqyWfnNmU4
 
 
 
Webroot Support (Oct 29, 2013 21:12)RE:Hi, I reinstalled as you asked and the issue peHello, 

To help us diagnose the issue you have reported, we request that you take a screen shot of what you see on your screen when the problem occurs. For instructions on taking a screen shot, please choose the correct link below for your operating system. 

Windows XP: 
http://windows.microsoft.com/en-US/windows-xp/help/setup/take-a-screen-shot 

Windows Vista: 
http://windows.microsoft.com/en-US/windows-vista/Take-a-screen-capture-print-screen 

Windows 7: 
http://windows.microsoft.com/en-US/windows7/Take-a-screen-capture-print-your-screen 

Windows 8: 
http://windows.microsoft.com/en-us/windows-8/take-a-screen-shot 

Once you have saved a screen shot depicting the problem, send us the file. To provide files (such as screenshots, scan logs, etc.) to Webroot Technical Support, we suggest you use File Dropper, which is a free and reliable file sharing service. This service handles large files free of charge and can provide you with a link to the file you would like to share with Webroot. The instructions below are general File Dropper site usage directions which will allow you to send files to Webroot with ease. 

Note: If you are having difficulty using the File Dropper site, it will be necessary that you contact File Dropper directly for additional technical support instructions beyond the information outlined below: 

1. Visit www.filedropper.com

2. Click Upload File. 

3. Select the file you want to upload and click Open. 

4. After the file has finished uploading, a page appears with a link labeled "Link To Share This File With Anyone". Right-click the link and select Copy. 

5. Please paste this link into a message to us. Once you have sent the message, this link will allow Webroot access the file you just uploaded. 

Thank you, 

The Webroot Support Team 
 
 
 
Your Message (Oct 28, 2013 22:15)Hi, I reinstalled as you asked and the issue peHi, 

I reinstalled as you asked and the issue persists. Same as before. 

Kind regards, 
David
 
 
 
Webroot Support (Oct 27, 2013 4:15)RE:Green padlocks with Chrome extensionHello, 

Thank you for contacting Webroot Support. 

I would like to see if a clean uninstall/reinstall will help resolve your issue. 

* * Part 1: Uninstall * * 

1a. For Windows XP/ Windows Vista / Windows 7: 

Open the Windows Start menu. 
Click Programs or All Programs, then navigate to the Webroot SecureAnywhere folder. 
Under Webroot SecureAnywhere, open the Tools folder, then click Uninstall Webroot. 
Click Yes and follow any prompts that appear. 

1b. For Windows 8: 

Move your cursor to the bottom right of the screen to open the Charm Bar menu. 
Click Search, then type "appwiz.cpl" (without quotes), and press Enter on your keyboard. 
Scroll down the programs list until you see the Webroot security product. 
Click the Webroot security product entry once to select it, then click Uninstall/Remove. 
When asked if you are sure you want to uninstall, click Yes and follow any prompts that appear. 

2. Restart your computer. 

3. Click the Windows Start button. 

4. Follow the steps below for your Windows version: 

a. Windows XP: Click Run, then enter the following text into the field exactly it appears below, and then press Enter: 

%ALLUSERSPROFILE%Application Data 

b. Windows Vista or Windows 7: Click in the Search box above the Start button, then enter the following text into the field exactly as it appears below, and then press Enter: 

%PROGRAMDATA% 

c. Windows 8: Move your cursor to the bottom right of the screen to open the Charm Bar menu. Click Search, enter the following text into the field exactly as it appears below, and then press Enter: 

%PROGRAMDATA% 

5. Locate the WRData folder. This folder may not be present; if it is not, then continue to Part 2. If it is present, right-click the WRData folder and select Rename. Change the name to WRData1. 

* * Part 2: Install * * 

To reinstall, click the link below to download the latest installer. 

http://anywhere.webrootcloudav.com/zerol/wsainstall.exe 

1. Save the file to your desktop. 
2. Double-click "wsainstall.exe" to run the installer. 
3. Enter your keycode when prompted. 

Your keycode is: xxxxxxxxxxxxxxxxxxxxxxxx

4. Click Agree and Install. 
5. If asked "Would you like to automatically import the settings that were used in your previous installation?", click No. Webroot SecureAnywhere reinstalls itself. 

A scan may begin automatically, depending on how recently a scan was completed. 

This should resolve the issue you reported. If not, please send us another message to let us know so that we can assist you further. 

Thank you, 

The Webroot Technical Support Team 
 
 
 
Your Message (Oct 26, 2013 15:59)RE:Green padlocks with Chrome extensionWebsites: 
this one (webrootanywhere.com)... 
also facebook, gmail, twitter, ... 

I'm running Windows 8 Pro 
Chome Version 30.0.1599.101 m
 
 
 
Webroot Support (Oct 26, 2013 5:31)RE:Green padlocks with Chrome extensionHello, 

I have tested your issue on my end and I cannot replicate the results you reported in the Community. What sites are you seeing this one? 

Regards, 

Webroot Support
 
 
Your Message (Oct 25, 2013 18:04) Green padlocks with Chrome extensionI described the issue and uploaded a picture on the forum: 

https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Webroot-Filtering-Extension-Chrome-no-more-Green-Padlocks/td-p/63825#.UmqyWfnNmU4
Userlevel 7
Support referred you to create a post in the Ideas section of the Community.  Have you done so?  They did not suggest to move the discussion from Support to the Community for discussion in general or for technical help: the Ideas area is specifically for requests to add or change product features.  You can find it HERE.
 
@ , Can you take a look to see if any new or updated Trouble Ticket has been filed for this by the member above? 
 
 
Userlevel 3
Thanks everyone.  I just posted this issue in the ideas forum.
 
Could you all please visit this link and Kudos the issue to bring it to Webroot's attention?
 
https://community.webroot.com/t5/Ideas-Exchange/Bug-fix-for-Webroot-Filtering-Extension-on-Google-Chrome/idi-p/121588
 
 
Thanks again, and sorry I was being so negative.  I was quite frustrated at what I had assumed were company responses to the problem.
 
Kind regards,
David
 
Userlevel 7
I already did.  Good post over there!

Reply