BD & K intercept your HTTPS

I'm NOT saying it's in ANY malicious, but i wouldn't choose it !

 

So, what other ways is he talking about how to scan HTTPS without a HTTPS proxy? The only solution I can think of is a browser plugin and that is analysing the data AFTER it reached the browser.

 

Quite a few AV's have an HTTPS scanning option, to do this they must of course decrypt the traffic and then they encrypt it again and use their own installed certificate which has some side-effects as mentioned. With more and more content being served over HTTPS and a big part of threats coming through the browser it is disadvantageous not being able to scan it before it reaches the browser, however the trade-off is indeed quite a disadvantage as well. But I haven't seen any AV with HTTPS scanning enabled default, you have to check the option first.

 

Yeah and that's not better. Yuck plugins are a thing from the past. I have always avoided AV's that uses browser plugins for various reasons.

 

Plugins are most definitely not a thing from the past. Or at least extensions/addons aren't.

 

Sorry for being unclear, I was only talking about plugins being used in AV's, and not plugins in general as adblock plus and similar addons.

 

Should be disabled by default I think.

 

Plugins - Installed from other software. Flash and Java are best examples.
Extensions - Installed by itself, usually from browser marketplace.
Add-on - Can mean either and more (themes, DLC, etc.)

I personally don't mind too much, antivirus software already has access to all of your files. Why would you trust that over access to HTTPS content?

 

yep, it is. both Bitdefender and Kaspersky products require HTTPS scanning to be enabled by the user, e.g. it's disabled by default.

 

It was enabled by default when I installed Bitdefender antivirus plus 2014.

 

ok. then it changed from the 2013 product (and previous versions) as it wasn't enabled by default in those.

at any rate, steve gibson still gives me a headache. alarmist silliness.

 

So the question is to trust or not to trust.

 

According to him, it seems to break the extended validation certificates. If you use something like lastpass to remember passwords, it's ostensibly disabling this security feature. I guess it depends what you're more worried about -- someone getting in between you and the site you're visiting or becoming infected with malware from an HTTPS connection. The antivirus, I would think, should detect the malware once it's run on your local machine anyway, so the security trade off is not worth it for me. Especially considering I haven't run into any kind of malware on sites I visit for a few years running.

 

Well when you consider that security software has had its fare share of exploits, it could be possible for an attacker to start intercepting your HTTPS connections.

I'm glad MSE/Defender doesn't do this. I personally do not feel it's necessary as any content coming through an encrypted HTTPS source obviously then needs to be decrypted before it can be executed. Before it can be executed it has to be scanned. Maybe there is some benefit to stopping it earlier than that of which I'm unaware of.