Advice Request I've officially changed my stance on HTTPS scanning

Please provide comments and solutions that are helpful to the author of this topic.

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
489
I've been using either Avast Free or Kaspersky Security Cloud Free with Adguard for Desktop, and with scanning on for both, and visit dozens of sites when I search for text, applications, videos, and pictures. I sometimes see sites that are blocked by either the security program or Adguard because they contain malware, etc.
 
  • Like
Reactions: Nevi

amirr

Level 27
Verified
Top Poster
Well-known
Jan 26, 2020
1,628
Most websites nowadays are under HTTPs and that includes malicious websites.

Is your choice if you wanna be secured on malicious HTTPs websites or not, Kaspersky won't fail to protect you with or without HTTPs scanning anyway.
What you said was regarding disabling those settings I mentioned in the screenshot, right? I mean this screenshot:
1637932281047-png.262231
 
  • Like
Reactions: Nevi
L

Local Host

Yes they are. The traffic is sent via SYSTEM or other low-level processes.

AppCrash dumps and system memory dumps, along with logs, have always been automatically uploaded to Microsoft.

You are the big expert here, and yet you don't even know about what Microsoft has documented for well over a decade ?
It is documented by Microsoft yes, but nothing is automatically sent, I'm sorry you constantly miss the Window that asks if you wanna send your crash logs to Microsoft to help solve the issue, cause I clearly haven't.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 92963

I have always disabled HTTPS scanning, even when browsers had no low rights containers. Since he Microsoft Nozzle and Sozzle javascript sanitizing studies (yes those projects really had those names) and the Chrome browser introduction with its internal sandbox and tthe need to stop bad stuff as early as possible also became less relevant IMO.

Also HTTPS scanning often was combined with injecting DLL in the browser. These modules were often so badly designed and tested that they contained serious security risks. It was so bad that Google even threathened to block DLL injection in its browser.

The AV-community turned that threat into an opportunity for Google to snoop on us (and launched the Google ID gossip). This made Google return on its tracks, because it had to deal with bad PR issues concerning the loss of privacy when using Chrome.

Chrome in its turn started project Zero (to find and prevent Zero days in the wild) and positioned Tavis Ormandy as the lead speaker to make security companies and programs ridiculous because of the bugs/vulnabilities/security holes those so called security vendors had in their own software. Anyone ever questioned why a company would waist time of a top notch researcher into debugging software from another company? The only feasible answer could be to create awareness and real world proof of Google's take on this matter.

The hilareous (or ashamingly sad depending on your take on it) twitter posts of Tavis Ormandy made clear to me that "NO MAN IN HIS RIGHT MIND SHOULD EVER PUNCH A HOLE IN A SECURITY MECHANISM USING THE EXCUSE OF INCREASED SECURITY".

To the OP and all agreeing with him: I am glad you have made the right choice.
 
Last edited by a moderator:
  • Like
Reactions: amirr and Nevi
L

Local Host

There is no prompt for file uploads except by Microsoft Defender on Windows 10.

All WER, BSOD default dumps as well as all telemetry are automatically uploaded. That includes both Kernel and User Mode dumps\telemetry. 3rd parties can program file uploads and telemetry that is far more extensive than Microsoft's defaults. It has been that way since, like, forever.

Try harder expert.
There is a prompt, you confusing crash logs with general telemetry is not helping your case, and honestly I don't have time to waste on this nonsense.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Avast uses a different method for HTTPS inspection, without injecting fake certificates into the browser. This doesn't seem to break HTTPS on the browser level, and even preferred by browser vendors over the widely used by AV vendor's MITM method. Privacy is still violated if that's your main concern because Avast sees and scans everything loaded by the browser, but this method is better and even faster in my experience. I mean, page loads faster for me with Avast than with Kaspersky/ESET/Bitdefender when they do HTTPS scanning.
Given the shortcomings of using a MITM proxy, it appears that Avast has moved on to a newer technique, using the SSLKeyLogFile to leak the secret keys HTTPS negotiates on each connection to encrypt the traffic. Firefox and Chromium support this feature, and it enables decryption of TLS traffic without using the MITM certificate generation technique. While browser vendors are wary of any sort of interception of HTTPS traffic, this approach is generally preferable to MITM proxies.
 
Last edited:

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
Avast uses a different method for HTTPS inspection, without injecting fake certificates into the browser. This doesn't seem to break HTTPS on the browser level, and even preferred by browser vendors over the widely used by AV vendor's MITM method. Privacy is still violated if that's your main concern because Avast sees and scans everything loaded by the browser, but this method is better and even faster in my experience. I mean, page loads faster for me with Avast than with Kaspersky/ESET/Bitdefender when they do HTTPS scanning.

Hope Adguard will use this if they haven't already.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top