where is the option to block SSL communication with untrusted certificates?

Discussion in 'ESET NOD32 Antivirus' started by vtol, May 1, 2010.

Thread Status:
Not open for further replies.
  1. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    I can either exclude certificates, SSL will be still going through but not being scanned by NOD to trust a certificate and thence getting the SSL traffic scanned by NOD.
    Yet looking for the option of NOD to block traffic generating through certificates I mark as suspicious/unwanted/unsafe - what do I miss, where do I look?
     
  2. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    zero reply = zero option (assumed)

    too bad, that forces me to frequently change the settings in NOD, and since the setup is password protected as well as a simple APPPLY button missing I have to inconciently go through a bit of proceedure. same also for updating FF Minefield, which I mentioned in a different thread...
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, i don't quite follow you. If you mark a certificate as untrusted on the client and exclude the it from NOD, then you can block that traffic pretty much at the client directly without needing any such feature. What am I missing here?
     
  4. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    the exclusion does not stop the SSL traffic with untrusted certificates, it excludes it from being scanned by NOD and thus taking out a fuse

    certicate exclusion.png

    the malformation with FF Minefield is different, as NOD messes it up, mentioned that in the other thread but seem to be of no interest to Eset
     
  5. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, I don't know but when I mark certificate as untrusted in my browser it refuses to talk to the site via HTTPS without quite a bit of manual intervention. Besides that, it wouldn't help you in any way since you could still connect via normal HTTP this way. If you want to block a traffic from somewhere, block the IPs and/or hostnames.
     
  6. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    sorry, but you are talking different things here, I am about NOD, you about browsers. I am about SSL and certificates, you about htttp and ip.
    there is also non-http traffic basis SSL...
    All of yours is not related to matter of missing the option to block SSL traffic basis untrusted certificates at NOD level.
     
  7. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Sorry, I really don't get it. Maybe if you could explain what exactly are you trying to do and why it'd make more sense. It takes about a minute to change server certificate so what are you trying to block here? You won't block any malware at all like this. On a side note, NOD32 supports checking SSL-encrypted traffic for HTTPS and POP3S only. And finally this is an antivirus and not a firewall.
     
  8. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    alright, fair enough. let's see, e.g. TOR, where I can opt that besides http traffic also SSL traffic and mail of other parties is routed through my machine, though supporting TOR I do not malicious traffic, which in large parts is using their own unverified and unsafe SSL certificates. As precaution I am already using certain blocklists via hostfile.
    So my browser is not involved but NOD, hence the option to block SSL traffic at NOD level
     
  9. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, this is essentially a lost cause, even more so w/ tor. The exclusion from filtering makes sense as a whitelist, not as a blacklist, and same thing applies here. You can use server certificates for whitelisting something in a meaningful way, not for blaclisting.

    Also note that as for malicious traffic, once again - this in an antivirus, not a firewall. So if someone launches a DoS and uses your computer for that, or uses your computer for hacking, NOD32 won't give a damn about it.
     
  10. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    black-listing is not meaningful?
     
  11. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, IMHO not with server certificates which are extremely easy to change. Even if you blocked all self-signed stuff, there are still many CAs that happily issue certs to anyone who pays the $$$.
     
  12. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    and those CA and/or certificates are ok then for NOD?
     
Thread Status:
Not open for further replies.