- Jun 24, 2016
- 2,483
HTTPS scanning has been a hot topic in the industry for a long time now, and reciently a lot in this forum. The objective of this thread is to post enough information to help users decide wether they should enable or disable this function within their antivirus.
WHAT IS HTTPS
HTTPS stand for Hypertext Transfer Protocol Secure and is a protocol based on HTTP, with the difference that the first one allows safe data transfer, meaning the connecting between you and the host is "encrypted".
WHAT IS THE ADVANTAGE OF HTTPS
Using an encrypted connection allows your information to be safe from cybercriminals on its way from point A to point B. For example, when banking, your bank site will probably force HTTPS to make sure all your credentials and moves remain private, encrpyted and unreadable from the outside (for example, from a hacker trying to use a MitM attack).
WHAT IS A MitM ATTACK
Man-in-the-middle attacks are pretty much self-explanatory. These are attacks designed to stand the cybercriminal between you and the host you're trying to connect. If you're using an HTTP connection, meaning an unencrypted, unsafe connection, somebody could place an attack on such connection to intercept and read all your traffic and information being transmitted. This usually is not possible if you're using an HTTPS connection (encrypted).
ANTIVIRUS AND THEIR PROBLEM WITH HTTPS
Despite how great it sounds, HTTPS is just about privacy and encryption, but it's still "vulnerable" to malware. An encrypted connection will not stop malware from being delivered, since HTTPS hosts can also send malware (this include browser sites, mail, messaging apps). Since antivirus do not like this idea, they must protect you from malware delivered within encrypted connections. But here's the issue: how can they scan for malware in an encrypted connection, if it's encrpyted and they can't read it?
HTTPS SCANNING
The only way to protect you in these scenarios is by scanning/filtering HTTPS. Since they can't read the encrypted information, they must place themselves in between you and the host (exactly as a cybercriminal would). This is obtained by installing a self-signed root CA certificate on computers and using it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This way, an antivirus can read the information being delivered on encrypted connections, scan it, and make sure it's totally safe, therefore protecting you from dangers in HTTPS sites.
USER'S CONCERN
This is a "concern" for many users because it breaks the idea of "encryption". Encrypted connections were designed to avoid MitM attacks, and antivirus basically perform MitM attacks to "break" HTTPS and stand between both points, for the "sake of security". Also, many users believe that you stand for greater risks, since if a scenario took place where somebody could take control over your antivirus, the whole thing could be used to intercept the traffic and expose you.
THE CHOICE
Wether you should enable it or not comes up to each user. Enabling it means putting your trust in the antivirus you chose, just as you put your trust on the VPN you have. Disabling it will "reduce" protection at an extent where HTTPS malware won't be detected until it has been downloaded. In order to make a choice you should take into account what your daily habits are, if you do home banking, purchasing online, or any other activity which would benefict from some extra antivirus protection.
WHAT IS HTTPS
HTTPS stand for Hypertext Transfer Protocol Secure and is a protocol based on HTTP, with the difference that the first one allows safe data transfer, meaning the connecting between you and the host is "encrypted".
WHAT IS THE ADVANTAGE OF HTTPS
Using an encrypted connection allows your information to be safe from cybercriminals on its way from point A to point B. For example, when banking, your bank site will probably force HTTPS to make sure all your credentials and moves remain private, encrpyted and unreadable from the outside (for example, from a hacker trying to use a MitM attack).
WHAT IS A MitM ATTACK
Man-in-the-middle attacks are pretty much self-explanatory. These are attacks designed to stand the cybercriminal between you and the host you're trying to connect. If you're using an HTTP connection, meaning an unencrypted, unsafe connection, somebody could place an attack on such connection to intercept and read all your traffic and information being transmitted. This usually is not possible if you're using an HTTPS connection (encrypted).
ANTIVIRUS AND THEIR PROBLEM WITH HTTPS
Despite how great it sounds, HTTPS is just about privacy and encryption, but it's still "vulnerable" to malware. An encrypted connection will not stop malware from being delivered, since HTTPS hosts can also send malware (this include browser sites, mail, messaging apps). Since antivirus do not like this idea, they must protect you from malware delivered within encrypted connections. But here's the issue: how can they scan for malware in an encrypted connection, if it's encrpyted and they can't read it?
HTTPS SCANNING
The only way to protect you in these scenarios is by scanning/filtering HTTPS. Since they can't read the encrypted information, they must place themselves in between you and the host (exactly as a cybercriminal would). This is obtained by installing a self-signed root CA certificate on computers and using it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This way, an antivirus can read the information being delivered on encrypted connections, scan it, and make sure it's totally safe, therefore protecting you from dangers in HTTPS sites.
USER'S CONCERN
This is a "concern" for many users because it breaks the idea of "encryption". Encrypted connections were designed to avoid MitM attacks, and antivirus basically perform MitM attacks to "break" HTTPS and stand between both points, for the "sake of security". Also, many users believe that you stand for greater risks, since if a scenario took place where somebody could take control over your antivirus, the whole thing could be used to intercept the traffic and expose you.
THE CHOICE
Wether you should enable it or not comes up to each user. Enabling it means putting your trust in the antivirus you chose, just as you put your trust on the VPN you have. Disabling it will "reduce" protection at an extent where HTTPS malware won't be detected until it has been downloaded. In order to make a choice you should take into account what your daily habits are, if you do home banking, purchasing online, or any other activity which would benefict from some extra antivirus protection.
Last edited: