Intercept safe traffic - errors and limitations.

[Piteko21]

Content source

https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html

Good to Know...

*"Despite good intentions, software can make more insecure access.

Antivirus programs offer protection mechanisms with traffic analysis, including sites traffic "safe". To offer this protection, they constitute a new "authority" on your computer and redirect reliable access to secure sites through the antivirus.
This technique, however, is dangerous and can leave the most vulnerable users, according to a text published by journalist Hanno Böck in his blog": https://blog.hboeck.de/archives/869...irus-software-lowers-your-HTTPS-security.html


*from: http://seumicroseguro.com/2015/05/0...o-de-antivirus-pode-aumentar-vulnerabilidade/

 

[Deleted member 21043]

From the post:

"Antivirus software lowers your HTTPS security" - this is not true in all cases (see below).

Only if the product performs HTTPS scanning, should it lower your HTTPS security. Some products which support it allow the feature to be disabled. Avast for example have a feature on the Settings for this which the user can toggle.

 

[darko999]

From the post:

"Antivirus software lowers your HTTPS security" - this is not true in all cases (see below).

Only if the product performs HTTPS scanning, should it lower your HTTPS security. Some products which support it allow the feature to be disabled. Avast for example have a feature on the Settings for this which the user can toggle.

What about Kaspersky, I have it installed on one computer, occasionally used for banking. Ty in advance.

 

[Cats-4_Owners-2]

What about Kaspersky, I have it installed on one computer, occasionally used for banking. Ty in advance.

Hello @darko999. Here's an excerpt from the linked article:

• Kaspersky vulnerable to FREAK and CRIME
  
  "Having a look at Kaspersky, I saw that it is vulnerable to the FREAK attack, a vulnerability in several TLS libraries that was found recently. Even worse: It seems this issue has been reported publicly in the Kaspersky Forums more than a month ago and it is not fixed yet. Please remember: Kaspersky enables the HTTPS interception by default for sites it considers as especially sensitive, for example banking web pages. Doing that with a known security issue is extremely irresponsible."

 

[Deleted member 21043]

What about Kaspersky, I have it installed on one computer, occasionally used for banking. Ty in advance.

Check @Cats-4_Owners-2 reply above this post, it should answer your question. Thank you @Cats-4_Owners-2!