Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
ESET
Eset 13.0.22.0 Final
Message
<blockquote data-quote="MacDefender" data-source="post: 842498" data-attributes="member: 83059"><p>Yeah I am still not a fan of MiTM SSL interception. Browsers go out of their way to do extended certificate validation (such as pinning for popular services in Chrome and supplementing the revocation list) and enforce policies around mixed SSL content. By presenting to a browser a manually force-trusted certificate it not only bypasses all the browser provided security features (which I guarantee is better than what any 3rd party AV has implemented), but it also leaves on disk a private cert that any attacker can use to generate HTTPS pages that the browser trusts.</p><p></p><p>I understand the things they gain out of SSL inspection but that's something I'm never willing to go with, and it automatically erodes my trust when an AV program <strong>automatically</strong> opts me into this kind of feature without explicitly asking for consent while explaining the pros and cons to SSL inspection.</p><p></p><p></p><p>BTW, Cisco has been working on malware inspection techniques that don't involve SSL decryption: <a href="https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption" target="_blank">Detecting Encrypted Malware Traffic (Without Decryption)</a> </p><p>This was productized last year as Encrypted Traffic Analysis on their high end equipment: <a href="https://www.darkreading.com/vulnerabilities---threats/cisco-adds-encrypted-traffic-analysis-function/d/d-id/1330799" target="_blank">Cisco Adds Encrypted Traffic Analysis Function</a></p></blockquote><p></p>
[QUOTE="MacDefender, post: 842498, member: 83059"] Yeah I am still not a fan of MiTM SSL interception. Browsers go out of their way to do extended certificate validation (such as pinning for popular services in Chrome and supplementing the revocation list) and enforce policies around mixed SSL content. By presenting to a browser a manually force-trusted certificate it not only bypasses all the browser provided security features (which I guarantee is better than what any 3rd party AV has implemented), but it also leaves on disk a private cert that any attacker can use to generate HTTPS pages that the browser trusts. I understand the things they gain out of SSL inspection but that's something I'm never willing to go with, and it automatically erodes my trust when an AV program [B]automatically[/B] opts me into this kind of feature without explicitly asking for consent while explaining the pros and cons to SSL inspection. BTW, Cisco has been working on malware inspection techniques that don't involve SSL decryption: [URL="https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption"]Detecting Encrypted Malware Traffic (Without Decryption)[/URL] This was productized last year as Encrypted Traffic Analysis on their high end equipment: [URL="https://www.darkreading.com/vulnerabilities---threats/cisco-adds-encrypted-traffic-analysis-function/d/d-id/1330799"]Cisco Adds Encrypted Traffic Analysis Function[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
