Advice Request I've officially changed my stance on HTTPS scanning

Please provide comments and solutions that are helpful to the author of this topic.

ncage

Level 3
Thread author
Verified
May 20, 2017
103
I have officially changed my stance on https scanning. I used to believe that it was necessary because ever site these days as a cert and without it the AV would be partially handicap without it. Well I've been using kaspersky on mac for maybe 3 months or so and they https injection has caused so many issues. You would think kaspersky would have this figure out by now but no. The first issue is it broke homebrew. Homebrew uses curl. By the error i got out of curl it looks like kaspersky was trying to do a tls downgrade attach (to tls1):

curl: (35) error:1400443E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert inappropriate fallback
Error: Failed to download resource "ncurses_bottle_manifest"
Download failed: https://ghcr.io/v2/homebrew/core/ncurses/manifests/6.2

Kaspersky "partially" fixed it but it was a total pain in the rear. They required me to do so much work on my side for them to fix the issue (from logs, to memory dumps, ect...). Thankfully i'm technical or it would have been impossible. You would think Kaspersky would have this figured out by now.

I do TimeMachine backups over my network. I've been fighting for months with it continuously failing after 2 or 3 backups (time machine backups happen every hour). I'd have to reboot and it would start working again until it started failing again after 2-3 hours. Well guess what it was? Kaspersky!!! After my first experience with their tech support i'm not going to do it again.

So from here on out any product that has https scanning i will immediately disable it. If it interface is kind of screaming at you that you're insecure because you disabled it then i won't use it. The hardest thing to give up will be adguard.

I was using bitdefender that doesn't have https scanning (in its mac product that is) but the issues with bitdefender from windows follows it to the mac side (it uses WAYYYY to much memory) so i bought kaspersky. At this point i'm not sure if i'm going to back to bitdefender or start trying alternatives (SHP comes to mind).

As aside my work has used websense, wsa (cisco web security appliance), and fortinet and they have all sucked. Everything will be working fine and thing just randomly break all the time. It almost requires someone looking into these issues full time. Granted i have heard with TLS 1.3 you no longer MTM TLS
 

Minimalist

Level 9
Verified
Well-known
Oct 2, 2020
439
I agree. For me it's also more trouble than it's worth.
Setting up Kaspersky, I disable SSL scanning and script injection. It speeds up browsing.
With ESET I add browser and torrent client to protocol scanning exception as it shows warning if you disable component entirely.
Emsisoft doesn't perform MITM and it seems that F-Secure also doesn't.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
You would think kaspersky would have this figure out by now but no.
There is nothing to figure out, HTTPS scanning breaks HTTPS, period. You either get a secure HTTPS or you get HTTPS scanning. If you get a fake iphone, putting a fake stamp on it (fake certificate), will not make it act a as real one. Besides, network scanning is overrated. It is like a double realtime protection, AV realtime will catch it once it gets downloaded anyway.
 
F

ForgottenSeer 72227

I agree!

I too am against any form of HTTPS scanning. It has proven over and over again that it cause issues....it's more hassle that it's worth. HTTPS was designed to ensure you have a secure connection to the server with no one in between...that includes the "good guys" (aka AVs). Sad part is, AV vendors know this, but do it any ways, why?...well they have to "protect you".:rolleyes: Then they scare you by throwing up red warnings if you disable it. Quite frankly this is why I've stopped using 3rd party products. While they may offer good protection, they also cause problems by hooking into things they shouldn't, as well as scaring the user making them feel that they are un-protected. As it's already been mentioned, many other vendors seem to be able to offer good web protection without HTTPS scanning,...so it is possible, they just have to put to work into it.

Security vendors earn comparatively little from their Mac-supporting lines. So knowing that, your expectation should be that they are going to put a proportionately less effort into making their Mac lines polished. Then there is the lack of bug reports from Mac users. I would bet that for every Mac user like you that contacted a vendor to get them to fix it, there is probably 9,999 Mac users that do not report anything. On top of that security soft vendors perform very little Mac beta testing. Economically, it just isn't worth it for them to expend all the effort needed to make a bug-free Mac-compatible product.

While I agree, I am also of the opinion that if you are going to offer a product to another OS, then you need to offer the same level of polish. If you don't care as much, or you don't feel that you make enough from it, then stop offering that product and put all that extra effort into your more successful products. Problem is...the security software industry is full of copy cats and marketing check boxes then companies actually willing to try to differentiate themselves. That's just my opinion....:emoji_beer:
 
Last edited by a moderator:

amirr

Level 27
Verified
Top Poster
Well-known
Jan 26, 2020
1,628
Setting up Kaspersky, I disable SSL scanning and script injection. It speeds up browsing.
Thanks for the tip. Do I need to disable that in the settings in the screenshot below?
1637932281047.png
 
Last edited:

amirr

Level 27
Verified
Top Poster
Well-known
Jan 26, 2020
1,628
Thahks @Local Host a lot. Mostly I meant to know if those two settings are exactly the SSL scanning settings. I wanted to be sure of that.
So if you confirm this, I will go and disable them.
 
  • Like
Reactions: DDE_Server

JasonUK

Level 5
Apr 14, 2020
232
The hardest thing to give up will be adguard.
Why give it up? You can disable https scanning by unchecking the relevant box in settings > network > https filtering.

You get one warning that you may see ads on certain sites and that's it.

I must admit I've been weighing up whether to do so or not lately (on AdGuard) and would certainly disable it if AV was also https scanning!
 
Last edited:

JasonUK

Level 5
Apr 14, 2020
232
@JasonUK I did disable https scanning in KIS but had to keep https scanning on in my Adguard for Windows to get most of the ads blocked. Was that, ok?
There are far more qualified posters to answer that @amirr but I think that if any software is using https scanning you're potentially breaking the security of https. That said I've run both AdGuard for WIndows & Avast Free AV for months (both with https scanning enabled) with no obvious issues at all so disabling either / both would possibly be a bit paranoid for an average user :)
 

amirr

Level 27
Verified
Top Poster
Well-known
Jan 26, 2020
1,628
There are far more qualified posters to answer that @amirr but I think that if any software is using https scanning you're potentially breaking the security of https. That said I've run both AdGuard for WIndows & Avast Free AV for months (both with https scanning enabled) with no obvious issues at all so disabling either / both would possibly be a bit paranoid for an average user :)
Yes, I read some stuff written by those people, but right now wanted to again evaluate.
So, in KIS, now I have HTTPS scanning disabled. And keep the HTTPS scanning on in Adguard for Windows. So you confirm this way, it is ok?
 

JasonUK

Level 5
Apr 14, 2020
232
@amirr ~ if you're worried about https scanning potentially breaking https then you probably wouldn't enable either. If you're not that concerned but have had issues with KIS with https scanning enabled but feel more Ads are blocked enabling it in AdGuard then your solution seems reasonable.

I'm trying out Windows Defender (hardened) + the AdGuard extension at the moment so https scanning isn't an issue... at least as far as I'm aware!!
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
i am thinking to disable it also in Bitdefender however it did not break anything yet but slow browsing however i am using Adguard desktop which has https filtering so may be enough. i keep it as second layer but sacrificing some performance in browsing
 
L

Local Host

That is a psychological issue, and not one based upon reality. If you weren't aware of it, Windows automatically uploads logs and memory dumps to Microsoft, along with a whole bunch more. Moreover security software like Kaspersky automatically upload files, logs and other files to Kaspersky for analysis. That is to say nothing of a whole range of 3rd party software that do it to some extent.
Yeah this is false, I would know considering I monitor my traffic closely, no logs are automatically sent anywhere.

Max I've seen sent without consent was system information to pull the right updates on Windows Update, which doesn't carry any personal information anyway.
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
That is a psychological issue, and not one based upon reality. If you weren't aware of it, Windows automatically uploads logs and memory dumps to Microsoft, along with a whole bunch more. Moreover security software like Kaspersky automatically upload files, logs and other files to Kaspersky for analysis. That is to say nothing of a whole range of 3rd party software that do it to some extent.
I don't use Windows or Kaspersky anymore for that reason. I am keeping a tight lid on what leaves my macbook
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
Bad news. Mac OS does the same.

You can't get away with real control over your local data unless you go with an OS such BSD. Remember that 3rd parties that create drivers and software for any OS typically have a much more loose privacy policy that is to their benefit. That means if you use products such as Adobe, VMWare or even open source, they are collecting your data regardless of what the OS is doing.
We are on MT lol. I know how to contain and restrict logging unless Apple is using a secretive relay and obfuscates logs. Please don't compare harmless developers to AV companies that are in the business of literally data hoarding and processing every bit of your information on unsecured servers.
 
  • Like
Reactions: Nevi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top