NOD SSL scanner in conflict with latest Chrome 7 builds

Discussion in 'ESET NOD32 Antivirus' started by vtol, Oct 6, 2010.

Thread Status:
Not open for further replies.
  1. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    since Chrome b 7.0.536.2 SSL pages are not loading in that browser anymore whilst NOD SSL scanner is enabled, that on WIN 7 64bit. Excluding that application from NOD's SSL scanner would work around that issue.

    Not certain whether this is a glitch or by design, if however latter it would become the second browser incompatible with NOD SSL scanning, that after FF. And perhaps a bit of a worrisome development for the SSL scanner.

    Could Eset please test this and/or get in touch with Google to check this out? And let the users know where the development is heading on this?

    4.2.64.12
    Virus signature database: 5508 (20101006)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1285 (20100820)
    Advanced heuristics module: 1114 (20100827)
    Archive support module: 1122 (20100826)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1022 (20100812)
    SysInspector module: 1217 (20100907)
    Self-defense support module : 1018 (20100812)
    Real-time file system protection module: 1004 (20100727)
     
  2. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    is the lack of response from Eset indicating disinterest?

    from this thread http://code.google.com/p/chromium/issues/detail?id=58152 at the chromium board it seems that the change is by design and that it will be recommended by the developers to turn off NOD SSL scanning for Chrome 7.

    That would be after Firefox the next browser where https scanning by NOD would be rendered obsolete. Perhaps a matter of time until Safari, IE and Opera will follow suit, leaving NOD SSL scanning just for the pop protocol.

    Why is there a lack of interest by Eset to look into the matter and eventually commence a dialogue with the browser developers in order to continue scanning of https traffic, considering how easy it is for malicious websites to get proper SSL certificates to fool browsers/users?
     
  3. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    http://codereview.chromium.org/3723001 is an update of the chromium dev branch, showing that NOD https scanning in the upcoming 7 branch of chrome will not work. wonder how long it takes for Safari to follow then.

    if it continues that way until finally no browser is left then NOD code perhaps can be marginalized by that part facilitating the https scans
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'll check it out. Had an older version of Chrome installed earlier today and pages were opened and scanned fine with SSL checking enabled, with the latest version 7.0.544 they don't.
     
  5. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The developers found out there's a new SSL functionality in recent builds of Chrome. It has been noted and support for the new functionality will be added which may take some time, however, as it's not a trivial thing.
     
Thread Status:
Not open for further replies.