BD & K intercept your HTTPS

Discussion in 'other anti-virus software' started by CloneRanger, Jul 17, 2013.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I'm NOT saying it's in ANY malicious, but i wouldn't choose it !

     
  2. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    So, what other ways is he talking about how to scan HTTPS without a HTTPS proxy? The only solution I can think of is a browser plugin and that is analysing the data AFTER it reached the browser.
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Quite a few AV's have an HTTPS scanning option, to do this they must of course decrypt the traffic and then they encrypt it again and use their own installed certificate which has some side-effects as mentioned. With more and more content being served over HTTPS and a big part of threats coming through the browser it is disadvantageous not being able to scan it before it reaches the browser, however the trade-off is indeed quite a disadvantage as well. But I haven't seen any AV with HTTPS scanning enabled default, you have to check the option first.
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yeah and that's not better. Yuck :gack: plugins are a thing from the past. I have always avoided AV's that uses browser plugins for various reasons.
     
  5. AVusah

    AVusah Registered Member

    Joined:
    Dec 24, 2012
    Posts:
    274
    Plugins are most definitely not a thing from the past. Or at least extensions/addons aren't.
     
  6. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Sorry for being unclear, I was only talking about plugins being used in AV's, and not plugins in general as adblock plus and similar addons.
     
  7. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    Should be disabled by default I think.
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Plugins - Installed from other software. Flash and Java are best examples.
    Extensions - Installed by itself, usually from browser marketplace.
    Add-on - Can mean either and more (themes, DLC, etc.)

    I personally don't mind too much, antivirus software already has access to all of your files. Why would you trust that over access to HTTPS content?
     
  9. m0unds

    m0unds Guest

    yep, it is. both Bitdefender and Kaspersky products require HTTPS scanning to be enabled by the user, e.g. it's disabled by default.
     
  10. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    693
    Location:
    Hogwarts.
    It was enabled by default when I installed Bitdefender antivirus plus 2014.
     
  11. m0unds

    m0unds Guest

    ok. then it changed from the 2013 product (and previous versions) as it wasn't enabled by default in those.

    at any rate, steve gibson still gives me a headache. alarmist silliness.
     
  12. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    So the question is to trust or not to trust. :rolleyes:
     
  13. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    According to him, it seems to break the extended validation certificates. If you use something like lastpass to remember passwords, it's ostensibly disabling this security feature. I guess it depends what you're more worried about -- someone getting in between you and the site you're visiting or becoming infected with malware from an HTTPS connection. The antivirus, I would think, should detect the malware once it's run on your local machine anyway, so the security trade off is not worth it for me. Especially considering I haven't run into any kind of malware on sites I visit for a few years running.
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Well when you consider that security software has had its fare share of exploits, it could be possible for an attacker to start intercepting your HTTPS connections.

    I'm glad MSE/Defender doesn't do this. I personally do not feel it's necessary as any content coming through an encrypted HTTPS source obviously then needs to be decrypted before it can be executed. Before it can be executed it has to be scanned. Maybe there is some benefit to stopping it earlier than that of which I'm unaware of.
     
  15. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    :thumb:
     
Loading...
Thread Status:
Not open for further replies.