Avast's AntiTrack promised to protect your privacy. Instead, it opened you to miscreant-in-the-middle snooping

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
You'd think HTTPS certificate checking would be a cinch for a computer security toolkit – but no so for Avast's AntiTrack privacy tool.

Web researcher David Eade found and reported CVE-2020-8987 to Avast: this is a trio of blunders that, when combined, can be exploited by a snooper to silently intercept and tamper with an AntiTrack user's connections to even the most heavily secured websites.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
HTTPS scanning is always gonna be a risky approach for any AV that does this. Only one bug can lead to catastrophic damages and they would have none but to blame themselves only.
This is why I now lean toward DNS/IP based filtering. I liked ESET and their web filter a lot, but don’t like the risk of compromising TLS. But DNS/IP filtering is tricky for network level filtering if DoH or DoT becomes integrated into the OS.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
This is why I now lean toward DNS/IP based filtering. I liked ESET and their web filter a lot, but don’t like the risk of compromising TLS. But DNS/IP filtering is tricky for network level filtering if DoH or DoT becomes integrated into the OS.
Right, Microsoft have plans to integrate into the OS. It would be interesting to see how AVs deal with this issue.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top