Google and Mozilla's message to AV and security firms: Stop trashing HTTPS

itman · Apr 7, 2017

Another point that is not mentioned in these periodic SSL scanning "bashing" studies is if all SSL/TLS traffic is scanned by the AV vendors that do so. The answer is no for the majority of the vendors. Almost all do not scan web sites that use EV certificates as most banking and major financial orgs. employ. AV vendors such as Eset also employ whitelists where known "safe" web sites are also excluded from scanning. The vast majority of these sites use certificates issued by the major CA certificate authorities.

elapsed · Apr 7, 2017

itman said: ↑

Another point that is not mentioned in these periodic SSL scanning "bashing" studies is if all SSL/TLS traffic is scanned by the AV vendors that do so. The answer is no for the majority of the vendors. Almost all do not scan web sites that use EV certificates as most banking and major financial orgs. employ. AV vendors such as Eset also employ whitelists where known "safe" web sites are also excluded from scanning. The vast majority of these sites use certificates issued by the major CA certificate authorities.
Click to expand...

Sounds great, I'll go pay some money to reduce my security right away, now that you've assured everyone is safer in the hands of 3rd party AV vendors!

Log in or Sign up

Google and Mozilla's message to AV and security firms: Stop trashing HTTPS

itman Registered Member

elapsed Registered Member

Log in or Sign up

Google and Mozilla's message to AV and security firms: Stop trashing HTTPS

itman Registered Member

elapsed Registered Member

Useful Searches