Should I enable HTTPS Scan and URL Block Feature?

[kamo_jisan]

Good morning All. Thank you for your access.
If you have a time for me, please tell me about this question.

Question 1.
Should I use HTTPS Scan feature (SSL Scanning)?

For example, Bitdefender's anti-malware solutions are including "HTTPS Scan" feature.
But, when this feature is enable, the website's SSL certificate is replaced by the certificate of Bitdefender.
So users are not able to confirm original SSL certificates of websites.
If there are not any problems even if I disable HTTPS Scanning, I want to disable HTTPS Scanning.
I can not decide about it. Which should I do? Did you think about above case?​

Question 2.
Should I use Websites Blocker feature of anti-malware solutions?

For example, F-secure SAFE is including "Browsing Protection" feature. This feature is explained that "Accessing to dangerous websites are blocked by this feature".
But this feature has been rating many websites as "Dangerous websites". I am feeling that so many judges are false ratings.

If the user disable Websites Blocker like the F-Secure's "Browsing Protection", the users are exposed to danger situation? Did you think about it?​

Please tell me about above questions.
I want to note that I may dilayed to reply to answers, but I will read all messages.

Thank you very much.

 

[XhenEd]

As long as you have file level protection in place, then you don't have to enable HTTPS Scanning.
Website blocker has more benefit than HTTPS Scanning, as it blocks malicious or potentially malicious sites. Yes, there are FPs, but they should be reported as FPs by the users who see. But if HTTPS Scanning is disabled, website blocker only works in HTTP-based websites. But at least, you have its protection, unlike if you completely disable it.

I chose "The user should enable 'Webisites Blocker' feature. But you don't have to enable 'HTTPS Scan'."

 

[Deleted member 2913]

I selected 3rd option........

I think website blocker are useful.........

I dont use HTTPS scan feature of security software BUT I use HTTPS feature in Adguard Desktop coz it gives me an option to "not filter" websites with EV certs.......I like this coz mostly sensitive websites like banks, etc have EV certs & those will not be filtered PLUS by default Adguard exclude other HTTPS websites like banks, etc that dont have EV certs & other good websites.

I think security software too should provide options like Adguard THEN users may use HTTPS scan.

 

[Ink]

Personally I don't agree wth HTTPS Scanning by Antivirus software, I leave it turned off. If the Web Shield (Blocks malicious connections) is included in the Antivirus without the need for a browser extension, then I'll use it.

Those extensions such as; Avira Browser Safety, Avast Online Security, Bitdefender TrafficLight etc.. are a waste of resources and battery life.

Modern Browser software have come a long way since the days of IE6; they can warn about unsafe sites, block malicious downloads, prevent sites taking over your computer.

Depending on what software, voted last option.

 

[_CyberGhosT_]

I selected 3rd option

Personally I don't agree wth HTTPS Scanning by Antivirus software

These two hit the nail on the head
3rd option for me as well.

 

[Wingman]

I will have to go with option 1

Question 1.
Should I use HTTPS Scan feature (SSL Scanning)?

For example, Bitdefender's anti-malware solutions are including "HTTPS Scan" feature.
But, when this feature is enable, the website's SSL certificate is replaced by the certificate of Bitdefender.
So users are not able to confirm original SSL certificates of websites.
If there are not any problems even if I disable HTTPS Scanning, I want to disable HTTPS Scanning.
I can not decide about it. Which should I do? Did you think about above case?​

If you think HTTP traffic should be inspected, then HTTPS should be, too. HTTPS just secures the connection, it doesn't verify that the website owner has good intentions and their site wasn't compromised.

Anyone can have a certificate on their website (aka let's encrypt) and it would be a perfectly legitimate certificate Serving malware over HTTPS has advantages for adversaries. If you have an option to have https inspection either through your AV or 3rd party solution (aka proxy) then I would have that enable. It all depends of what you are trying to protect and their value

Question 2.
Should I use Websites Blocker feature of anti-malware solutions?

For example, F-secure SAFE is including "Browsing Protection" feature. This feature is explained that "Accessing to dangerous websites are blocked by this feature".
But this feature has been rating many websites as "Dangerous websites". I am feeling that so many judges are false ratings.

If the user disable Websites Blocker like the F-Secure's "Browsing Protection", the users are exposed to danger situation? Did you think about it?​

I would still enable this feature to protect me from redirects or iframes on pages that I would never see otherwise (it's always a good thing to have browser plugins to do this but they do not offer the same protection). However, this can be easily bypassed by adversaries since it relies on signatures and/or cloud lookups.

 

[Ink]

HTTPS just secures the connection, it doesn't verify that the website owner has good intentions and their site wasn't compromised.

For some websites, when searched with Google, you see the "This site may be hacked". It may not be completely foolproof or accurate , but it's something Google does to protect users. If you use Google search engine.

You do speak sense, but I don't agree with the methods Antivirus use to Hijack the Secure connection with their own Certs.

 

[Wingman]

For some websites, when searched with Google, you see the "This site may be hacked". It may not be completely foolproof or accurate , but it's something Google does to protect users. If you use Google search engine.

You do speak sense, but I don't agree with the methods Antivirus use to Hijack the Secure connection with their own Certs.

Yeah this is good that google does that ,I will def agree with this. Unfortunately many users have to rely on AV doing the HTTPS decryption as they do not have the budget to have a separate HTTP decryption/MITM box.

 

[kamo_jisan]

Hello All! Thank you very much for your opinion. I have read all messages.

Hmm... Especially, there are different opinions about HTTPS Scanning Feature.

For few years, so many websites are having SSL Certificate and enable HTTPS connection on them websites. I guess that some "bad-site" are included at web sites,which are enabling SSL connection.
So the opinion that "users should be careful at even if SSL websites" is right.

But I am also worrying about broken connections/pages by HTTPS Scanning feature.
Especially, connections when the important situations (e.g. treat with the bank, shopping, and more...) should be ensured safety and non-broken connections. This problem is difficult for me to make conclusion.

By the way, I have tow additional questions to all.

Additional Question 1.
Is the dangerous contents blocker provided by Mozilla Firefox enough for instead of the anti-malware's site blocker?

I am using Mozilla Firefox 52 as default browser of my PC. Firefox is including the feature of "Contents Blocker" by default.
It is named that "Block dangerous and deceptive content".
I checked all check-box ("Block dangerous downloads" and "Warn me about unwanted and uncommon software").

Now, I am using F-secure SAFE on my note-PC for move to out of the house.
F-secure is good for me because it provides high-power protection like Bitdefender with light-load.

But F-secure's Browsing Protection is too many false ratings about websites. I had sent some reports about false positive rates by Borwsing Protection Feature to F-secure labs, but this problem is not resolved basically.

If the user will not be exposed threats by browsing even if I turn off access-blocker of anti-malware solution, I want to turn off F-secure's Browsing Protection Feature (not "Browser Extension for scanning traffic by F-secure" ).

How should I do and what did you think about it?


Additional question 2.
Why there are the feature like "Web Protection" provided by anti-malware solutions?

Many anti-malware solutions(e.g. Bitdefender, Avast, Avira...) are having "Web Protection" feature.
As saying by @XhenEd that if the user enable "file level protection" properly, there are no necessary to use HTTPS Scanning.
But I have a question about this sentence. If there are not enough reason of using HTTS Scanning when enable file level protection, what purpose are many vendor providing BrowserProtection Feature with HTTPS Scanning? I can not understand about it.


Thank you very much for your opinion.

 

[XhenEd]

As saying by @XhenEd that if the user enable "file level protection" properly, there are no necessary to use HTTPS Scanning.
But I have a question about this sentence. If there are not enough reason of using HTTS Scanning when enable file level protection, what purpose are many vendor providing BrowserProtection Feature with HTTPS Scanning? I can not understand about it.

I believe the reason is that it's better for a malware or malware site to be blocked on first sight than block it when it is partially or fully downloaded.

 

[larry goes to church]

You 100% should have the URL blocker on.
It will block known bad domains and WILL be an easy line of defense to set up.