Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
HTTPS scan: should you enable it?
Message
<blockquote data-quote="MacDefender" data-source="post: 917754" data-attributes="member: 83059"><p>Well it increases your protection against some threats and exposes you to others. For example if there's any flaws in how your AV inspects SSL certificates versus your browser, you could be more vulnerable to those issues. It would also allow drive-by attacks if there's exploitable certificate parsing bugs in your AV.</p><p></p><p>It's absolutely a trade off, whether you expect to encounter more HTTPs malware served from neutral/good reputation hostnames, or if the privacy of having a system wide service be able to intercept end-to-end encrypted services slightly before it reaches the intended client service is acceptable.</p><p></p><p>This was back in 2015-2017, but several AVs had known weaknesses when HTTPS scanning were enabled: <a href="https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html" target="_blank">How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog</a></p><p></p><p></p><p>And that's what scares me a bit about SSL inspection. Some of these AV implementations used to be worse than the browser.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 917754, member: 83059"] Well it increases your protection against some threats and exposes you to others. For example if there's any flaws in how your AV inspects SSL certificates versus your browser, you could be more vulnerable to those issues. It would also allow drive-by attacks if there's exploitable certificate parsing bugs in your AV. It's absolutely a trade off, whether you expect to encounter more HTTPs malware served from neutral/good reputation hostnames, or if the privacy of having a system wide service be able to intercept end-to-end encrypted services slightly before it reaches the intended client service is acceptable. This was back in 2015-2017, but several AVs had known weaknesses when HTTPS scanning were enabled: [URL="https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html"]How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog[/URL] And that's what scares me a bit about SSL inspection. Some of these AV implementations used to be worse than the browser. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
