Intercept safe traffic - errors and limitations.

Status
Not open for further replies.
Piteko21

Piteko21

Level 18
Thread author
Verified
Top Poster
Well-known
Sep 13, 2014
874
Content source
https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html
Good to Know...

*"Despite good intentions, software can make more insecure access.

Antivirus programs offer protection mechanisms with traffic analysis, including sites traffic "safe". To offer this protection, they constitute a new "authority" on your computer and redirect reliable access to secure sites through the antivirus.
This technique, however, is dangerous and can leave the most vulnerable users, according to a text published by journalist Hanno Böck in his blog": https://blog.hboeck.de/archives/869...irus-software-lowers-your-HTTPS-security.html


*from: http://seumicroseguro.com/2015/05/0...o-de-antivirus-pode-aumentar-vulnerabilidade/
 
  • Like
Reactions: LabZero, Cats-4_Owners-2, Sr. Normal and 1 other person
D

Deleted member 21043

From the post:

"Antivirus software lowers your HTTPS security" - this is not true in all cases (see below).

Only if the product performs HTTPS scanning, should it lower your HTTPS security. Some products which support it allow the feature to be disabled. Avast for example have a feature on the Settings for this which the user can toggle.
 
  • Like
Reactions: Cats-4_Owners-2 and Piteko21
darko999

darko999

Level 17
Verified
Well-known
Oct 2, 2014
805
kram7750 said:
From the post:

"Antivirus software lowers your HTTPS security" - this is not true in all cases (see below).

Only if the product performs HTTPS scanning, should it lower your HTTPS security. Some products which support it allow the feature to be disabled. Avast for example have a feature on the Settings for this which the user can toggle.
Click to expand...

What about Kaspersky, I have it installed on one computer, occasionally used for banking. Ty in advance.
 
  • Like
Reactions: Cats-4_Owners-2, Deleted member 21043 and Piteko21
Cats-4_Owners-2

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
darko999 said:
What about Kaspersky, I have it installed on one computer, occasionally used for banking. Ty in advance.
Click to expand...
Hello @darko999. Here's an excerpt from the linked article:
  • Kaspersky vulnerable to FREAK and CRIME

    "Having a look at Kaspersky, I saw that it is vulnerable to the FREAK attack, a vulnerability in several TLS libraries that was found recently. Even worse: It seems this issue has been reported publicly in the Kaspersky Forums more than a month ago and it is not fixed yet. Please remember: Kaspersky enables the HTTPS interception by default for sites it considers as especially sensitive, for example banking web pages. Doing that with a known security issue is extremely irresponsible."
 
  • Like
Reactions: Deleted member 21043 and LabZero
Status
Not open for further replies.

Similar threads

Parsh
    • +Reputation
    • Like
    • Thanks
Bitdefender Internet Security 2020 — a revisit to the autopilot
Replies
93
Views
24,632
Review Archive
Parsh
Parsh
Tony Cole
    • Like
  • Locked
Updated: Kaspersky leaves users open to FREAK attack
Replies
0
Views
1,256
News Archive
Tony Cole
Tony Cole
Terry Ganzi
    • Like
  • Locked
How Kaspersky makes you vulnerable
Replies
2
Views
3,510
News Archive
Enju
Enju

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top