Scan https or not ?

Scan https or not ?

  • Yes

  • No

Results are only viewable after voting.
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
Count my "No" vote. I didn't like it when using Bitdefender because it blocked legitimate sites. OTOH, Edge Chromium warned in the address bar about the script you encountered in the referenced thread but I'm not clear on the process that generated the alert.

Smartscreen doesn't scan HTTPS but rather lets the page load and then blocks, etc.,
 
  • Like
Reactions: brambedkar59, Venustus, [correlate] and 8 others
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,639
So the question is: Disable SSL or not? I think, that the answer is pretty obvious. Crippling SSL and allowing MITM because ...? Not worth it in my book. (n)

www.eff.org

Dear Software Vendors: Please Stop Trying to Intercept Your Customers’ Encrypted Traffic

Over the past week many more details have emerged about the HTTPS-breaking Superfish software that Lenovo pre-installed on its laptops for several months. As is often the case with breaking security incidents, most of what we know has come from security engineers volunteering their time to study...
www.eff.org www.eff.org
It causes issues and they even had to include it in FAQ. The message is clear: The connection is not protected, since AV replaces it with its own fake certificate.

support.postbox-inc.com

Invalid Security Certificate Error when using Kaspersky, AVAST, or other Security Apps

Overview If you use anti-virus software, you may see an error message about an invalid security certificate when you're setting up an account or when you're fetching mail from an account. The issu...
support.postbox-inc.com support.postbox-inc.com

Messages "Certificate verification problem detected" and "Cannot guarantee authenticity of the domain to which encrypted connection is established" when trying to open a website

Overview of settings and features available in a Kaspersky application and guides on how to use them.
support.kaspersky.com support.kaspersky.com
 
Last edited:
  • Like
Reactions: brambedkar59, Venustus, [correlate] and 10 others
F

ForgottenSeer 72227

Interesting discussion!

Count me as a No also. I am of the opinion that HTTPS was always designed to be a secure connection between you and the server with no one (good, or bad) in between. While I understand what the good guys are trying to do, it still defeats the purpose of how HTTPS was designed to work. If anything, there are plenty of examples of where this MITM scanning has caused more issues than what it's worth IMO. How many times is the solution from AV companies to disable HTTPS scanning if people are running in to browser/surfing issues? I see it quite often, which to me just proves the point that it causes more harm than it prevents.;)
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: RoboMan, brambedkar59, Venustus and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
I'm not completely sure, is there an option to vote that?
If you see how well Kaspersky is doing in protection it's user through https scanning it's tempting to say yes.
It was Kaspersky through HTTPS scanning and Netcraft by extension who blocked the skimmer script.
Now that the skimmer script is removed Kaspersky allows the site but the site is still on the blacklist of Netcraft.
In this example the approach from Kaspersky is the best.
But as general principle I'm against crippling SSL and allowing MITM.
So still not sure... :unsure:
 
  • Like
Reactions: brambedkar59, Venustus, [correlate] and 10 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
TairikuOkami said:
So the question is: Disable SSL or not? I think, that the answer is pretty obvious. Crippling SSL and allowing MITM because ...? Not worth it in my book. (n)

www.eff.org

Dear Software Vendors: Please Stop Trying to Intercept Your Customers’ Encrypted Traffic

Over the past week many more details have emerged about the HTTPS-breaking Superfish software that Lenovo pre-installed on its laptops for several months. As is often the case with breaking security incidents, most of what we know has come from security engineers volunteering their time to study...
www.eff.org www.eff.org
It causes issues and they even had to include it in FAQ. The message is clear: The connection is not protected, since AV replaces it with its own fake certificate.

support.postbox-inc.com

Invalid Security Certificate Error when using Kaspersky, AVAST, or other Security Apps

Overview If you use anti-virus software, you may see an error message about an invalid security certificate when you're setting up an account or when you're fetching mail from an account. The issu...
support.postbox-inc.com support.postbox-inc.com

Messages "Certificate verification problem detected" and "Cannot guarantee authenticity of the domain to which encrypted connection is established" when trying to open a website

Overview of settings and features available in a Kaspersky application and guides on how to use them.
support.kaspersky.com support.kaspersky.com
Click to expand...
A lot of the critics of these security vendors don’t even know how they currently work. ESET for example flags potential MITM certificate errors. I still lean towards not using it, but I believe the threat is overblown by privacy gurus.
 
  • Like
Reactions: Venustus, [correlate], roger_m and 6 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
I share the same view as Gandalf_The_Grey. In general I'm against the principle of HTTPS scanning and allowing MITM because it's kind of security through obscurity but seeing it's advantages tempting me to accept it. So, it's tricky to simply say Yes or No on this. It's nice to have this feature but it's not a must have feature. Kaspersky, Avast, ESET, Bitdefender they're doing this for more than 4-5 years now but many other reputable AVs haven't implemented this. Norton is one of many great products which doesn't have this feature but they're doing just fine without it. Emsisoft is reluctant to ever do this. One thing to remember is that, whether your AV does SSL scanning or not, if a malware touches your hard drive it should be detected. So, in normal day to day browsing for an average user SSL scanning won't be very beneficial. In terms of security regarding SSL scanning, AVs have become better at it and the last time vulnerability regarding this was discovered in 2017 and since then nothing worrying has happened.
So, I think in general users can avoid SSL scanning by AVs but if the AV they use have this option then enabling it for online purchasing, transaction might provide a bit extra protection. But in your worst day this can actually be the total opposite but that would be extremely rare.
I think it's more important to invest in security products, extensions that are good at detecting phishing and malicious websites.
 
  • Like
  • +Reputation
Reactions: Venustus, [correlate], plat and 10 others
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,639
The problem is also, that AVs fails to properly implement it, obviously, since they breaking the way https is supposed to work.
For example Kaspersky 2020 still struggles and some users have to deal with webpages that fail to load properly or at all.
SeriousHoax said:
In terms of security regarding SSL scanning, AVs have become better at it and the last time vulnerability regarding this was discovered in 2017
Click to expand...
This one is pretty fresh and only recently "fixed".
Kaspersky Internet Security 2019 Patch F replaced the timestamp in the links by a randomly generated GUID. This makes sure that the links aren’t predictable, so the attack no longer works. It doesn’t fully address the clickjacking scenario however, which is probably why Kaspersky Internet Security 2020 for a while stopped displaying certificate warning pages altogether. Instead, there was a message displayed outside the browser. Probably a good choice, but this change was reverted for some reason.

Interestingly, I’ve since looked at Avast/AVG products which also break up HTTPS connections. These managed to do it without replacing browser’s certificate warning pages however. Their approach: don’t touch connections with invalid certificates, let the browser reject them instead. Also, when replacing valid certificates by their own, keep certificate subject unchanged so that name mismatches will be flagged by the browser. Maybe Kaspersky could consider that approach as well?
Click to expand...
palant.de

Assorted Kaspersky vulnerabilities

More vulnerabilities in Kaspersky software: websites removing Chrome extensions, user tracking with unique identifiers and predictable links.
palant.de palant.de
palant.de

Kaspersky in the Middle – what could possibly go wrong?

Despite many warnings, Kaspersky products will still snoop inside HTTPS connections. This weakens security considerably, with some fallout presented here.
palant.de palant.de
 
  • Like
  • +Reputation
Reactions: ForgottenSeer 72227, Venustus, [correlate] and 8 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
@TairikuOkami Thanks for the links. I actually read those article at the time publishing but totally forgot. Judging from past incidents, Kaspersky has been the worst at dealing with their HTTPS scanning and also their injecting of script into web pages. Like @BlackIce mentioned above comparatively ESET has been better at this and by default they also don't do SSL scanning on some trusted sites like google, bing, etc.
@geminis I've noticed the slowdowns sometimes but I thought it's because of my internet connection or placebo effect because I was expecting some slowdowns. Thanks for the heads up. Didn't know about the badssl.com either.
 
  • Like
Reactions: ForgottenSeer 72227, Venustus, plat and 8 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
SeriousHoax said:
@TairikuOkami Thanks for the links. I actually read those article at the time publishing but totally forgot. Judging from past incidents, Kaspersky has been the worst at dealing with their HTTPS scanning and also their injecting of script into web pages. Like @BlackIce mentioned above comparatively ESET has been better at this and by default they also don't do SSL scanning on some trusted sites like google, bing, etc.
@geminis I've noticed the slowdowns sometimes but I thought it's because of my internet connection or placebo effect because I was expecting some slowdowns. Thanks for the heads up. Didn't know about the badssl.com either.
Click to expand...
Yeah I think ESET doesn’t scan anything with an EV Certificate.
 
  • Like
Reactions: ForgottenSeer 72227, Venustus, roger_m and 4 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
blackice said:
Yeah I think ESET doesn’t scan anything with an EV Certificate.
Click to expand...
On Kaspersky it's an option to exclude sites with an EV certificate.
However with Ziggo Safe Online / F-Secure Safe all is good on on badssl.com, but it's web protection is good but not in the same league as Kaspersky.
 
Last edited:
  • Like
Reactions: ForgottenSeer 72227, Venustus, [correlate] and 9 others
bayasdev

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
SeriousHoax said:
@geminis I've noticed the slowdowns sometimes but I thought it's because of my internet connection or placebo effect because I was expecting some slowdowns. Thanks for the heads up. Didn't know about the badssl.com either.
Click to expand...
I have a 70 mbps connection, disabling HTTPS scanning makes websites load instantly. So I guess the problem was Kaspersky itself.
 
  • Like
Reactions: ForgottenSeer 72227, TairikuOkami, SeriousHoax and 3 others
fabiobr

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
569
TairikuOkami said:
The problem is also, that AVs fails to properly implement it, obviously, since they breaking the way https is supposed to work.
For example Kaspersky 2020 still struggles and some users have to deal with webpages that fail to load properly or at all.

This one is pretty fresh and only recently "fixed".

palant.de

Assorted Kaspersky vulnerabilities

More vulnerabilities in Kaspersky software: websites removing Chrome extensions, user tracking with unique identifiers and predictable links.
palant.de palant.de
palant.de

Kaspersky in the Middle – what could possibly go wrong?

Despite many warnings, Kaspersky products will still snoop inside HTTPS connections. This weakens security considerably, with some fallout presented here.
palant.de palant.de
Click to expand...

"2019-11-15: Evaluated the fixes and notified Kaspersky about extension uninstall being still possible to trigger via Man-in-the-Middle attack.
2019-11-22: Kaspersky notifies me about the remaining attack surface being removed in the patch supposed to become available by 2019-11-28."

They provided these patches? Is patch F (2020)? Otherwise, they're still vulnerable.
 
Last edited:
  • Like
Reactions: Venustus, roger_m, bayasdev and 1 other person
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Umbra said:
1- The problem isn't if it is required or not for increasing security (it probably does), but how it is done, and at the moment few do it properly.

2- also by allowing such feature, you put your trust on the AV vendor the same way you put your trust on a VPN.
Click to expand...
If you have an AV on your machine I hope to God you already trust them Https scanning or not. :ROFLMAO:
 
  • Like
Reactions: ForgottenSeer 72227, Venustus, [correlate] and 2 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Threadripper said:
Solutions like Malwarebytes and Emsisoft use DNS blocking, which is how it should be done. No software should ever MiTM HTTPS connections, there's so much that could go wrong.
Click to expand...
The problem with DNS scanning is with DoT and DoH, it becomes very difficult for whole home or enterprise solutions to block bad sites via DNS. Such as at the router level, which is currently very easy to do but soon will not be.
 
  • Like
  • +Reputation
Reactions: roger_m, fabiobr, harlan4096 and 3 others

Similar threads

eroniko
    • +Reputation
    • Like
Serious Discussion Looking for Help with YARA Rules for My Open-Source Antimalware Scanner
Replies
4
Views
414
General Security Discussions
eroniko
eroniko
vtqhtr413
    • Like
    • +Reputation
    • Sad
Privacy News EU chat control law proposes scanning your messages
Replies
0
Views
1,816
Security News
vtqhtr413
vtqhtr413
Victor M
    • Like
  • Poll
Serious Discussion Malware or Hacking ?
Replies
0
Views
421
General Security Discussions
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top