kamo_jisan

Level 1
Hello everyone. Thanks for your access to this thread.
Today, I want to ask you about HTTPS Scanning feature provided by anti-malware solutions for consumer.

For example, Bitdefender Internet Security 2018 has a feature which was named "HTTPS Scanning" for scanning malware incoming through HTTPS (SSL) traffic of browsers.
I am using Bitdefender on one of the my PC and this feature is working correctly on my PC now.

By the way, when I turn on this feature, the SSL certificates of each websites are replaced with a fake certificate provided by Bitdefender.
This is not good for me to confirm correctness of the website.
Especially, the websites, which are having EV-SSL including corporate name are not able to be confirmed by me.

But some anti-malware solutions (e.g. Avast Free, F-secure, and more) are providing HTTPS Scanning feature without replacing with the fake certificates by them.
These solutions are not preventing original certificates like EV-SSL.
It is very good for me to confirm the web site.

AV-Comparatives's Real-World Test is judging some security solutions on default configure of them.
And, "HTTPS Scanning" feature of Bitdefender is enabled as default setting.

Question 1:
Should I turn on "HTTPS Scanning" provided by anti-malware solutions for consumer PC?

In these days, many websites (... even dangerous and fraud websites) are preparing HTTPS (SSL) connection for access users.
If the user disable HTTPS Scanning feature, will many websites be connecting with my browser/PC without any malware scanning?

Question 2:
Bitdefender Paid is winning nice score at this test. But if HTTPS Scanning is disabled, the protection score will decrease than Avast with aggressive security setting?



Please teach me about it.
It may be that I will be delayed too much to post replies, but I will read all opinions from you!
Thank you.
ーーーーーーーーーーーーーー
Windows10 Home 64bit / Updated correctly every time
8GB RAM / Core i7
Bitdefedner Internet Security 2018 (without only "HTTPS Scanning")
 

orthonovum

Level 3
I would say that there is no need to enable it unless you are either curious, paranoid, or running a multi user environment that you cannot always guarantee is going to be clean.

doing SSL decryption can be a bit janky at times. some non browser based apps use built in cert chains that do not like to be MitM'ed and may cause the application to fail. Other things to consider are laws in your area for example if you have multiple users on your network and you setup decryption/SSL inspection then you may not legally be able to decrypt or inspect health care information over the wire for example.

it can be a very useful feature tho, because if you cannot see whats in the packets then you have no idea if it is a threat or not. Any attacker that is not lazy is going to send their payload or reverse shells, etc over an encryption connection whenever possible.
 

shmu26

Level 85
Verified
Trusted
Content Creator
If you have a good browser extension that scans for bad sites, then you don't need your AV to do it, too. In such a case, you can disable HTTPS scanning.
 
Top