HTTPS/SSL Scanning by security software good or bad?

  • Thread starter Deleted member 2913
  • Start date
Status
Not open for further replies.
D

Deleted member 2913

Thread author
I dont know HTTPS/SSL scanning by security software good or bad as I am not that technical sound. Few security software like Avast, Eset, etc... have HTTPS/SSL scanning enabled by default...Install their own certificates.

Few months back when the issue came to light or I got to know I was running Avast & disabled HTTPS/SSL scanning in Avast.
Software I install if has HTTPS/SSL scanning I disable it or use other software. Like I replaced Avast & currently running Windows Defender on Win 10 & replaced Adguard with uBlock Origin.

Do you keep HTTPS/SSL scanning enabled/disabled or use other software?

Whats you guys take on this?
 
  • Like
Reactions: Logethica

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
I run everything on AV/IS by default mostly. Is it that a concern? or Should that be a concern?
 
D

Deleted member 178

Thread author
I run everything on AV/IS by default mostly. Is it that a concern? or Should that be a concern?

This is not bad but not good :D

Every piece of software you run "should" be tweaked to fit your system; especially AVs , their default setting is made to avoid any complications during install and first use but later you will see that the protection it offers is at best "average" and can't protect you efficiently against sophisticated malwares.

Do you keep HTTPS/SSL scanning enabled/disabled or use other software?
Whats you guys take on this?

i always use it if possible. They are made to protect against MITM attacks.
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
This is not bad but not good :D

Every piece of software you run "should" be tweaked to fit your system; especially AVs , their default setting is made to avoid any complications during install and first use but later you will see that the protection it offers is at best "average" and can't protect you efficiently against sophisticated malwares.

I'm using EAM/EIS..... :(
Nothing much to tweak except tick here and there... bored AV/IS. :p
 
  • Like
Reactions: XhenEd
D

Deleted member 2913

Thread author
i always use it if possible. They are made to protect against MITM attacks.
What happens if you use 2 software that filter HTTPS/SSL/Install their certificates like suppose you have Eset & Adguard?
 
  • Like
Reactions: Logethica

Khairul

Level 2
Verified
Feb 3, 2015
90
Well in terms of security, its good,

but in terms of "a must have features" i dont think so,

And in terms of stability I vote for BAD, no matter which security products you used, some times it even slow down your web surfing experiences.
 
D

Deleted member 178

Thread author
I'm using EAM/EIS..... :(
Nothing much to tweak except tick here and there... bored AV/IS. :p

hahaha i know how you feel ^^

What happens if you use 2 software that filter HTTPS/SSL/Install their certificates like suppose you have Eset & Adguard?

better use one

Well in terms of security, its good,

but in terms of "a must have features" i dont think so,

And in terms of stability I vote for BAD, no matter which security products you used, some times it even slow down your web surfing experiences.

indeed , not a must have , but it has its usefulness. of course it slowdown (delay for scanning) but for me not so much.
 

Shran

Level 5
Verified
Well-known
Jan 19, 2015
230
Sir @Umbra the great, could you please explain to us how SSL scanning/filtering helps protect against MiTM attacks? Example Adguard filtering HTTPS/SSL, how does this protect me from MiTM?

:D
 
  • Like
Reactions: Logethica

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
D

Deleted member 2913

Thread author
Umbra,

Why does the article about Kaspersky, Bitdefender, Avast, etc... say HTTPS/SSL filtering by those is a security risk?
 
  • Like
Reactions: Logethica
H

hjlbx

Thread author
This subject is widely debated. There are both privacy and security concerns, but on the whole, it is a widely adopted safe practice. Of course there is always potential for abuse or vulnerabilities - but this is true of every single soft we use - from notepad.exe to satellite controls.

Some of the debate is all about this or that could potentially happen. Same applies to all softs.

Unless a security soft vendor all of sudden goes rogue - and turns to the Dark Side - then it is possible, but extremely unlikely.

The only security soft that I know of that does not use certificates to monitor SSL\TLS is Emsisoft. Emsisoft refuses to do it.

As far as I know, all the others do it.

I think avoiding security soft certificates needed for traffic monitoring, on the whole, diminished overall security.
 
  • Like
Reactions: conceptualclarity

Shran

Level 5
Verified
Well-known
Jan 19, 2015
230
@hjlbx

Norton does not filter SSL also, only HTTP traffic on the network level. Any other traffic is "filtered" using the toolbar, which doesn't use certificates
 

avatar

From ADGuard
Verified
Developer
May 23, 2014
96
i dont know if Adguard filter against MITM , i think it does for ads only; @avatar can tell us more about that.

No, AG does not protect you from mitm, in fact I don't understand how user can be protected from it.

Key points.
1. First of all, HTTPS/SSL scanning is a mitm attack :). When you enable it in KIS, Avast, Adguard, whatever, it is done through a MITM.
2. If you become a victim of a malicious MITM attack, then it is very likely that your AV has already failed.

Possible exceptions: some known issues with superfish and dell, AV should detect these root certs. But even so, your AV does not need to scan HTTPS to detect&remove these certs.

3. Today it is very easy to obtain a valid and free HTTPS certificate. This is good for everybody including malware/phishing authors. A few years ago if you saw that website uses https, you could be sure that it is legit and safe. But today the use of https gives you nothing. I've seen a lot of phishing websites with a free http cert.

Summary.
I don't think that you need an SSL scan as a protection against MITM. On the other hand, it may be useful as a protection against good&old malware and phishing.
 

Shran

Level 5
Verified
Well-known
Jan 19, 2015
230
Is Adguard filtering SSL/HTTPS, etc... a security risk then since it uses a MiTM technique to do so?
 
  • Like
Reactions: Logethica

avatar

From ADGuard
Verified
Developer
May 23, 2014
96
Is Adguard filtering SSL/HTTPS, etc... a security risk then since it uses a MiTM technique to do so?

Let me link my answer on the same question from another thread:
Beta Release - Adguard v6 RC1 Released

In general, I think that SSL scan does not lowers your security if remote certificate is verified properly. When you install a software that does an SSL scan, you'd better check it using Qualys SSL Labs - Projects / SSL Client Test. But that's not all. To do it properly we, developers, should keep up with browsers in terms of TLS security. For instance, last year a few vulnerabilities were discovered in TLS. We should promptly react on such things and fix it in our software asap.
 
  • Like
Reactions: Shran

Shran

Level 5
Verified
Well-known
Jan 19, 2015
230
Hello @Linnn Gilly ,

I'm not sure what software you are talking about, as Adguard (the software which is being referred to in this thread) is on version 5.

Perhaps you meant to post this somewhere else? Please let us know what program you are talking about.

Thanks,
Shran
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top