Advice Request AVs without HTTPS interception/filtering + browser extensions

[nickoftime]

Hello everyone,

Looking for a solid AV that does not rely on HTTPS interception and browser extensions. It would need of course to monitor network activity, but ideally on DNS level.

I know Emsisoft Anti-Malware Home fits the bill, but looking for an alternative and know of no others. EAM also has a great 'import hosts" feature where custom entries/lists can be added. This would be most welcome. The new Intego Antivirus for example, looks similar to EAM but I've read here its web filter is not that effective.

It'd be nice to have an updated list of software does NOT resort to HTTPS filtering. As for browser extensions, they will always restrict you to a few specific browsers (which for me is unacceptable) and can introduce security problems of their own.

No need for additional features like VPN, Password Manager etc. It'd consider software that offer HTTPS Filtering as an optional setting, but only if this does not degrade their effectiveness.

Thanks for any help.

Do no evil with Avira (or nasty HTTPS handshakes) (it seems they ARE doing evil now?)
HTTPS interception: What Emsisoft customers need to know
Why do you recommend not using HTTPS/TLS filtering?
The Security Impact of HTTPS Interception (older study/comparison)
Killed by Proxy: Analyzing Client-end TLS Interception Software (older study)

 

[HarborFront]

If the AV has the 2 features mentioned then disable or not use them will do, right?

 

[Arequire]

As far as I'm aware, the only other AV vendor that doesn't use utilize HTTPS interception is Microsoft.

 

[ForgottenSeer 95367]

Hello everyone,

Looking for a solid AV that does not rely on HTTPS interception and browser extensions.

Disable HTTPS interception and do not install browser extensions. This is the preferable choice\method. All of them allow you to do so.

DrWeb does not have HTTPS interception enabled by default and it uses no browser extension.

 

[oldschool]

M$ Defender and WiseVector come to mind, although I'm not sure of the latter's current state of development re: web filtering.

If the AV has the 2 features mentioned then disable or not use them will do, right?

Correct, if you object to HTTPS filtering. Many on this forum prefer not to use these types of AV.

 

[HarborFront]

M$ Defender and WiseVector come to mind, although I'm not sure of the latter's current state of development re: web filtering.

Correct, if you object to HTTPS filtering. Many on this forum prefer not to use these types of AV.

There's no need to not use the AV. Just don't use the mentioned feature and extension will do. I'm using AVAST and I don't enable the https nor use its extension.

 

[HarborFront]

As far as I'm aware, the only other AV vendor that doesn't use utilize HTTPS interception is Microsoft.

And you can set DNS in Windows OS.

 

[nickoftime]

If the AV has the 2 features mentioned then disable or not use them will do, right?

Yes, but if they are offering these features it's probably safe to assume that disabling them will greatly reduce their effectiveness. It depends on how their HTTPS Filtering is implemented, and what alternative protection they offer when disabled.

As far as I'm aware, the only other AV vendor that doesn't use utilize HTTPS interception is Microsoft.

Well, that's quite worrying if true. Unless I'm mistaken, Microsoft Defender's full protection is only available when paired with Microsoft Edge. It's even worse than browser-specific extensions: it's a single-browser AV. In any case, it's not an option - forgot to mention it in my first post.

 

[HarborFront]

Yes, but if they are offering these features it's probably safe to assume that disabling them will greatly reduce their effectiveness. It depends on how their HTTPS Filtering is implemented, and what alternative protection they offer when disabled.


Well, that's quite worrying if true. Unless I'm mistaken, Microsoft Defender's full features are only available when paired with Microsoft Edge. It's even worse than browser-specific extensions: it's a single-browser AV. In any case, it's not an option - forgot to mention it in my first post.

Nowadays, almost all websites have converted from http to https. So your https will not be filtered if you disable this feature. Yes, there are downsides to using this feature. So, you the user, has to make the decision whether to use or not when surfing https sites

 

[nickoftime]

Nowadays, almost all websites have converted from http to https. So your https will not be filtered if you disable this feature.

Understood, but surely there must be a few others that do what Emsisoft does? There IS an alternative to HTTPS Interception.

 

[nickoftime]

Let me also ask this: when AV software essentially decrypts HTTPS traffic, do they check for malware locally on the user's PC or do they send all traffic back to their servers? Or it depends on the AV vendor and there are different implementations of this?

I think this might make a difference, but none of these important privacy AND security matters are ever mentioned in the usual AV reviews.

 

[HarborFront]

Understood, but surely there must be a few others that do what Emsisoft does? There IS an alternative to HTTPS Interception.

If you are referring to Emsisoft's new Content Filtering feature below

New in 2022.3: Content Filtering

Our new Content Filtering feature allows you to block unwanted porn, gambling, social media and fake news websites.

blog.emsisoft.com

I would say this is not new. Some AVs do have such a feature (and some filters more). I think the top few AVs do not have content filtering feature. K9 and Webroot have content filtering but they are not in the best AVs

 

[HarborFront]

Let me also ask this: when AV software essentially decrypts HTTPS traffic, do they check for malware locally on the user's PC or do they send all traffic back to their servers? Or it depends on the AV vendor and there are different implementations of this?

I think this might make a difference, but none of these important privacy AND security matters are ever mentioned in the usual AV reviews.

When the AV decrypts the https traffic it's already a privacy concern. It depends on how much you have trust in that AV company

 

[nickoftime]

No, I don't believe that's HTTPS Filtering. That's just a new feature that allows you to choose what category to block - or allow. They still do DNS level blocking - check the Emsisoft link on my first post.

When the AV decrypts the https traffic it's already a privacy concern. It depends on how much you have trust in that AV company

I totally agree - that's why I made this thread! Even if an AV tells you it does everything locally, you'd still have to put a lot of trust to allow them full decryption of... everything.

 

[HarborFront]

No, I don't believe that's HTTPS Filtering. That's just a new feature that allows you to choose what category to block - or allow. They still do DNS level blocking - check the Emsisoft link on my first post.


I totally agree - that's why I made this thread! Even if an AV tells you it does everything locally, you'd still have to put a lot of trust to allow them full decryption of... everything.

Btw Emsisoft do have an extension

And isn't DNS filtering also uses filterlists which are basically lists of filters?

 

[mkoundo]

i believe kaspersky lets you disable https scanning

 

[nickoftime]

Does Emsisoft do DNS filtering? Btw Emsisoft do have an extension

Yes, that is all they do in the main Web Protection module. They later introduced optional browser extensions back in 2018, but implemented them in a privacy-conscious way detailed in the post below. Of course, they are restricted to the few common browsers.

Safe web-browsing with Emsisoft Browser Security

i believe kaspersky lets you disable https scanning

That's good to know, but does it offer alternative protection when HTTPS scanning is disabled, or all web protection becomes disabled? This would make it useless. HTTP-only protection, is the same as no protection nowadays.

 

[HarborFront]

Yes, that is all they do in the main Web Protection module. They later introduced optional browser extensions back in 2018, but implemented them in a privacy-conscious way detailed in the post below. Of course, they are restricted to the few common browsers.

Safe web-browsing with Emsisoft Browser Security

That's good to know, but does it offer alternative protection when HTTPS scanning is disabled, or all web protection becomes disabled? This would make it useless. HTTP-only protection, is the same as no protection nowadays.

Basically, AVs do offer some kind of web protection/browsing security/content filtering/dns filtering etc which, IMO, uses filterlists to get the job done

Emsisoft Browsing Security is an extension. And you said

Quote

Looking for a solid AV that does not rely on HTTPS interception and browser extensions

Unquote

 

[nickoftime]

Yes, and it's completely optional. Their main Web protection does not do HTTPS filtering or require extensions.

I also specified I'm looking for an alternative to Emsisoft.

 

[HarborFront]

Yes, that is all they do in the main Web Protection module. They later introduced optional browser extensions back in 2018, but implemented them in a privacy-conscious way detailed in the post below. Of course, they are restricted to the few common browsers.

Safe web-browsing with Emsisoft Browser Security

That's good to know, but does it offer alternative protection when HTTPS scanning is disabled, or all web protection becomes disabled? This would make it useless. HTTP-only protection, is the same as no protection nowadays.

Https scanning and web/surf protection are 2 different features. I'm using AVAST. Disabling one will not disable the other.