Stealth Mode has not been enabled. Cuz it has a greyed-out check mark I had assumed it was enabled by default. What type of background job would require constant use 24/7 ??\ v. 6.1.331.1732
you can't enable it? (see screenshot) no idea, maybe @avatar may explain us. btw, all my favorite sites are either on TLS 1.2 or no SSL at all. So Adguard is still good to me. As if i will ditch blocking ads and securing my traffic because few sites (i don't even visit) are using TLS1.3... no way.
malwaretips where you are staff uses both SSL & TLS 1.3. So, going by your statement it ain't one of your favorite site Also, as already told it's not just about TLS(which btw is a huge component in itself).
Huh, I apologize, but these are alternative facts. The current state of things: https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ * As of the time of writing TLSv1.3 is still in draft. * OpenSSL 1.1.1 will not be released until (at least) TLSv1.3 is finalised. * Currently OpenSSL has implemented the “draft-20” version of TLSv1.3. Many other libraries are still using older draft versions in their implementations. Notably many popular browsers are using “draft-18”. This is a common source of interoperability problems. On the server-side one can easily experiment with different TLS versions as you can promptly upgrade/update it if a problem emerges. Things are not that easy on a client-side as updating software takes quite some time. So, what you call an urgent issue is that AG does not currently support the experimental protocol. I'd like to point out a few things about it: 1. TLSv1.2 does not lower your security at all. TLSv1.3 is all about performance and not about security as every security improvement it brings was already covered on the client side (compression and insecure ciphers are no more used). 2. Even Chrome beta does not support it yet, simply because it is still a draft. That's true in general for any product which filters HTTPS. That's why there are websites like ssllabs, which help you understand is everything okay with https: https://www.ssllabs.com/ssltest/viewMyClient.html It is quite okay to have it enabled.
It is not an HDD writes/reads. Service communicates with the driver through a virtual device which looks like IO read/writes in the task manager.
it is what i guessed, i saw on a table comparing the different features, TLS1.3 had nothing new in term of security compared to TLS1.2
Let's continue the discussion about HTTPS filtering in general. First of all, this is all about your control over your data. Let's imagine a situation when HTTPS is completely "unfilterable" (as Google tries to do on Android for instance). 1. Would it improve your security in any way? Maybe it would, but just a bit. There are a couple of products with flawed https filtering implementation, which considerably lowers HTTPS security. It's worth noticing, though, that those products are already marked as vulnerable by major AVs. So, this vector will be completely eliminated and 0.0001% of users will be now secure. 2. It would improve my privacy as nobody can snoop on me, right? Yeah, nobody. Even you won't be able to snoop on yourself. The apps installed on your device, your browsers, they all become a complete black box for you in the first place. You will never learn what exact data is being sent over to their servers, you will never be able to control it. So, the answer is NO, having a completely secured and encrypted end-to-end channel is not good at all for your privacy. 3. So, is filtering HTTPS a good thing after all? The answer is NO, again. It is not a good thing, and we do it because there is no better solution. Instead of doing our job and looking for better ways to block tracking and ads, we have to spend quite some time racing after the browsers, securing https filtering and arguing about TLSv1.3.
Try to monitor Disk I/O to see actual hard disk-access, not regular I/O For some programs constant I/O can be seen, but this doesn't mean that it is actual hard disk-access.
TLS 1.3 is a working draft which means it's already done but smaller changes can still happen. Since internet has changed this is time of things and it's good otherwise you sit on a timebomb because 'final' doesn't exist anymore - We saw what happened if someone use 'final' products, attackers have all the time to abuse vulnerabilities. I consider this as final since only new function are changed not the backward compatibility ones. The new OpenSSL is only required for the new ciphers, cloudflare already use this and they saying it's an huge step forwards the security. This is wrong too, and shows AdGuard Devs. having no clue what they talking about. TLS 1.3. is a huge step, they remove old and deprecated ciphers (which e.g. are reasonable to attacks like BEAST, Lucky 13 and others). Entire RC4 stream cipher function will be obsolete. SHA1 for the hash-function is also replaced by SHA-2. That there exist already SHA1 attacks is proven by google. That's a lie. Chrome does support TLS 1.3 since (final Chrome v56+) and it's enabled by default. Firefox got it since v52. You can check it with your mentioned page here. Don't get me wrong but this is urgent, you as developer use an excuse now. The draft exist now years and no work was done in AdGuard or showing people a warning. You spread wrong and false information here. When HTTPS is not a good thing why AdGuard offer this function - instead warn user and remove the function. It's is new, speed and security are enhanced a lot.
It's like saying http and https site offer the same security :facepalm: TLS 1.3 not only is faster but is more secure over TLS 1.2 itself(forget even the comparison with http/unencrypted sites). A quick google search will show you the mechanism at work in TLS 1.3 and why its being touted as faster and secure over TLS 1.2 If there is a http version and https version of a site- what would you prefer? Most of us sane person would say the later. The same is true when comparing TLS 1.2 and TLS 1.3.(Some people have https everywhere addon in their setup *cough*) Wow, and what source would that be? Forget about beta even stable version of major browser supports TLS 1.3
just briefly looked at a comparison table comparing SSL, TLS1, TSL1.2, TLS1.3 there: https://en.wikipedia.org/wiki/Transport_Layer_Security now if you can give me a link which show clearly the improvements , i'm all open.
@the commissionier Maybe AdGuard dev should read my cloudflare link, it even links and explains what it really changes and improves. There are two big factors security and speed. But I give up here, for me that are excuses because they not want accept that they provide (useless) functions/features which none of the own developers are able to handle correctly. Instead they making it worse with lies and confusing statements and GitHub edits. When it comes to http/https security you have to use latest versions especially because even stable Browser release and enable such features by default - it was not even mentioned or warned by AdGuard devs that it use as fallback a 'weaker' tls/ssl then. This was all in background and without users knowledge. I expect transparency when a tool intercept in my traffic. I already did, here again just for you my friend. And another link. AGAIN wikipedia IS NOT A SOURCE. They referred links are sources but not the wikipedia page itself - because everyone can write/edit everything in it.
TLS and encrypted connections have always added a slight overhead when it comes to web performance. HTTP/2 definitely helped with this problem, but TLS 1.3 helps speed up encrypted connections even more. To put it simply, with TLS 1.2, two round-trips have been needed to complete the TLS handshake. With 1.3, it requires only one round-trip, which in turn cuts the encryption latency in half. This helps those encrypted connections feel just a little bit snappier than before. Another advantage of is that in a sense, it remembers! On sites you have previously visited, you can now send data on the first message to the server. This is called a “zero round trip.” (0-RTT). And yes, this also results in improved load time times. Spoiler https://s2.postimg.org/3rfv1h60p/tls-1.3-handshake-performance.png kinsta.com There are other sources as well but this explains it well and easy for all to understand. Hence, the statement that TLS 1.3 is not only faster but more secured as well.
ok i see , more secure by removing obsolete protocols and encryption methods, i thought they added things. thx.
@Comish Please can you check/verify this. Sorry I don't believe that. I already had my doubts when the developer answered when it came to the questions 'why adguard.exe needs constantly i-net connection'. I also will do later some tests cause virtual device should communicate in memory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ That's why I was saying for me the 'it's a working process draft' sounds like an excuse. Google uses Draft 18 for TLS 1.3. and I expect as an 'stable' Chrome/Chromium user that AdGuard stay in line/sync with such 'important' changes. Instead the Developer using this as argument now to not supporting it, the user without bigger knowledge never gets warned or an information. That is (for me) a no go. AdGuard offers and feature here which is very very important (if enabled) and it needs a lot of changes and improvements. I now want to hear xyz it maybe only gets smaller changes we not support do anything here. I want to hear solutions or warnings that 'we are working on it'. I (personally) think AdGuard needs more man-power because such things aren't things for only one or two people , it needs experts. My last words on this, I recommend (again) everyone to NOT use/disable SSL filtering in AdGuard (for now). That is in name of security. Not because I want to complaining about AdGuard (I'm long time tester here) it's to inform people. This little example shows how dangerous it is to trust third-party developers/tools/software when it comes to security/filtering.
Sorry, can't - disabled Adguard for now. I have found a bug which causes Adguard (in WFP mode) to crash the system whenever you would visit a https encrypted site. And its not related to TLS 1.3 before the guys try and bow me down.
So it is a draft after all, why saying otherwise? RC4 and SHA1 are deprecated for a while and not used by modern browsers. That was my point, all the security improvements you can mention are already covered by the browsers no matter what TLS version you use. Calling TLSv1.2 (or even TLSv1.0) insecure is just wrong. It is true that you can use it in an insecure manner, though. Not really, they rolled it back. I guess you can enable it with a chrome://flag, though. OpenSSL guys have already pointed out that differences between draft 18 and draft 20 may lead to compatibility issues (connections hanging for instance). That's why we won't enable 1.3 by default unless it is finalized. Why, who said that we are not working on it? What I said is that we won't enable it by default unless it is released. We've decided to get rid of different programming languages zoo and have a single core library implementing all the crucial functionality, which will be reused by all the products. You can keep track of the issues in a separate repo: https://github.com/AdguardTeam/CoreLibs
Antivirus not able to scan HTTPS is quite weird. HTTPS won't protect you from malware or phishing attacks and it in no way improves trust to a website. Nowadays literally anybody can acquire a certificate for their domain.
This debate is not a big deal , few sites are TLS1.3 , and if they are, AdG users just have to add them to the HTTPS exclusions. So there is no valid reason to disable HTTPS filters in AdG, especially when some sites like Wilders doesn't even use SSL/TLS. Better TLS1.2 than nothing.
To emphasize that we care about your important financial and personal data and not want to filter it.
So, what does that antivirus plan to do with malware/phishing https websites? Also, I am well aware of the research and what it points out is that besides browsers, HTTPS implementation should be inspected and improved in all the products which do scan HTTPS, and which were previously ignored for no reason.
We cover malware detection with other technologies like FileGuard and the AUC based URL protection in the ABS extension contributes to your protection. AV scanning may also be incorporated into our Scout Browser in the future if we see a security benefit there. Given the recent test results (Avira just won AV-Comparatives Product of the Year award), the lack of interception has visibly not hurt Avira’s ability to provide top-level security. Please take a look at the report footnotes on page 4 for the names of other AV firms that are not doing interceptions. https://blog.avira.com/evil-nasty-https-handshakes/ ------------- https://www.avira.com/en/press-details?nid=1142&news=best-in-class-protection-for-your-digital-life
