Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
HTTPS scan: should you enable it?
Message
<blockquote data-quote="RoboMan" data-source="post: 909606" data-attributes="member: 53544"><p>HTTPS scanning has been a <strong><u>hot topic</u></strong> in the industry for a long time now, and reciently a lot in this forum. The objective of this thread is to post enough information to help users decide wether they should enable or disable this function within their antivirus.</p><p></p><p>[ATTACH=full]247435[/ATTACH]</p><p></p><p><strong><span style="font-size: 15px">WHAT IS HTTPS</span></strong></p><p></p><p>HTTPS stand for Hypertext Transfer Protocol Secure and is a protocol based on HTTP, with the difference that the first one allows safe data transfer, meaning the connecting between you and the host is "encrypted".</p><p></p><p><strong><span style="font-size: 15px">WHAT IS THE ADVANTAGE OF HTTPS</span></strong></p><p></p><p>Using an encrypted connection allows your information to be safe from cybercriminals on its way from point A to point B. For example, when banking, your bank site will probably force HTTPS to make sure all your credentials and moves remain private, encrpyted and unreadable from the outside (for example, from a hacker trying to use a MitM attack).</p><p></p><p><strong><span style="font-size: 15px">WHAT IS A MitM ATTACK</span></strong></p><p></p><p>Man-in-the-middle attacks are pretty much self-explanatory. These are attacks designed to stand the cybercriminal between you and the host you're trying to connect. If you're using an HTTP connection, meaning an unencrypted, unsafe connection, somebody could place an attack on such connection to intercept and read all your traffic and information being transmitted. This usually is not possible if you're using an HTTPS connection (encrypted).</p><p></p><p><strong><span style="font-size: 15px">ANTIVIRUS AND THEIR PROBLEM WITH HTTPS</span></strong></p><p></p><p>Despite how great it sounds, HTTPS is just about privacy and encryption, but it's still "vulnerable" to malware. An encrypted connection will not stop malware from being delivered, since HTTPS hosts can also send malware (this include browser sites, mail, messaging apps). Since antivirus do not like this idea, they must protect you from malware delivered within encrypted connections. But here's the issue: how can they scan for malware in an encrypted connection, if it's encrpyted and they can't read it?</p><p></p><p><strong><span style="font-size: 15px">HTTPS SCANNING</span></strong></p><p></p><p>The only way to protect you in these scenarios is by scanning/filtering HTTPS. Since they can't read the encrypted information, they must place themselves in between you and the host (exactly as a cybercriminal would). This is obtained by installing a self-signed root CA certificate on computers and using it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This way, an antivirus can read the information being delivered on encrypted connections, scan it, and make sure it's totally safe, therefore protecting you from dangers in HTTPS sites.</p><p></p><p><strong><span style="font-size: 15px">USER'S CONCERN</span></strong></p><p></p><p>This is a "concern" for many users because it breaks the idea of "encryption". Encrypted connections were designed to avoid MitM attacks, and antivirus basically perform MitM attacks to "break" HTTPS and stand between both points, for the "sake of security". Also, many users believe that you stand for greater risks, since if a scenario took place where somebody could take control over your antivirus, the whole thing could be used to intercept the traffic and expose you.</p><p></p><p><strong><span style="font-size: 15px">THE CHOICE</span></strong></p><p></p><p>Wether you should enable it or not comes up to each user. Enabling it means putting your trust in the antivirus you chose, just as you put your trust on the VPN you have. Disabling it will "reduce" protection at an extent where HTTPS malware won't be detected until it has been downloaded. In order to make a choice you should take into account what your daily habits are, if you do home banking, purchasing online, or any other activity which would benefict from some extra antivirus protection.</p></blockquote><p></p>
[QUOTE="RoboMan, post: 909606, member: 53544"] HTTPS scanning has been a [B][U]hot topic[/U][/B] in the industry for a long time now, and reciently a lot in this forum. The objective of this thread is to post enough information to help users decide wether they should enable or disable this function within their antivirus. [ATTACH type="full" alt="1602957175097.png"]247435[/ATTACH] [B][SIZE=4]WHAT IS HTTPS[/SIZE][/B] HTTPS stand for Hypertext Transfer Protocol Secure and is a protocol based on HTTP, with the difference that the first one allows safe data transfer, meaning the connecting between you and the host is "encrypted". [B][SIZE=4]WHAT IS THE ADVANTAGE OF HTTPS[/SIZE][/B] Using an encrypted connection allows your information to be safe from cybercriminals on its way from point A to point B. For example, when banking, your bank site will probably force HTTPS to make sure all your credentials and moves remain private, encrpyted and unreadable from the outside (for example, from a hacker trying to use a MitM attack). [B][SIZE=4]WHAT IS A MitM ATTACK[/SIZE][/B] Man-in-the-middle attacks are pretty much self-explanatory. These are attacks designed to stand the cybercriminal between you and the host you're trying to connect. If you're using an HTTP connection, meaning an unencrypted, unsafe connection, somebody could place an attack on such connection to intercept and read all your traffic and information being transmitted. This usually is not possible if you're using an HTTPS connection (encrypted). [B][SIZE=4]ANTIVIRUS AND THEIR PROBLEM WITH HTTPS[/SIZE][/B] Despite how great it sounds, HTTPS is just about privacy and encryption, but it's still "vulnerable" to malware. An encrypted connection will not stop malware from being delivered, since HTTPS hosts can also send malware (this include browser sites, mail, messaging apps). Since antivirus do not like this idea, they must protect you from malware delivered within encrypted connections. But here's the issue: how can they scan for malware in an encrypted connection, if it's encrpyted and they can't read it? [B][SIZE=4]HTTPS SCANNING[/SIZE][/B] The only way to protect you in these scenarios is by scanning/filtering HTTPS. Since they can't read the encrypted information, they must place themselves in between you and the host (exactly as a cybercriminal would). This is obtained by installing a self-signed root CA certificate on computers and using it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This way, an antivirus can read the information being delivered on encrypted connections, scan it, and make sure it's totally safe, therefore protecting you from dangers in HTTPS sites. [B][SIZE=4]USER'S CONCERN[/SIZE][/B] This is a "concern" for many users because it breaks the idea of "encryption". Encrypted connections were designed to avoid MitM attacks, and antivirus basically perform MitM attacks to "break" HTTPS and stand between both points, for the "sake of security". Also, many users believe that you stand for greater risks, since if a scenario took place where somebody could take control over your antivirus, the whole thing could be used to intercept the traffic and expose you. [B][SIZE=4]THE CHOICE[/SIZE][/B] Wether you should enable it or not comes up to each user. Enabling it means putting your trust in the antivirus you chose, just as you put your trust on the VPN you have. Disabling it will "reduce" protection at an extent where HTTPS malware won't be detected until it has been downloaded. In order to make a choice you should take into account what your daily habits are, if you do home banking, purchasing online, or any other activity which would benefict from some extra antivirus protection. [/QUOTE]
Insert quotes…
Verification
Post reply
Top