You Have HTTPS/SSL Scan Enabled/Disabled?

[Deleted member 2913]

You have HTTPS/SSL scan enabled/disabled?

1. Please vote
2. Please mention your product
3. Please mention enabled/disabled And why?

If enabled - You face any issues like some sites not working, issues on some bank sites, issues on some shopping sites, etc...?

 

[Alikhan]

I've got it enabled and currently using Avast Internet Security since some malware does tend to come from HTTPs.

I haven't faced any issues yet of sites having issues but it could be the way Avast have implemented the EV certificates.

This may be an interesting read - Explaining Avast’s HTTPS scanning feature

 

[jamescv7]

Since I'm not using any third party AV still I have a presumption plan for that scenario.

I will activate HTTPS/SSL Scan because it will give another range of protection against possible malicious content over secured connection.

Remember that HTTPS does not mean it is safe, yes additional factor that information are encrypted however many techniques can bypassed it. So everything we heading to web is full of risk.

 

[viktik]

HTTPS scan enabled in KIS 2016.

Issues : Unable to upload photos in wordpress.com (Firefox 47 x64)

 

[harlan4096]

1.- Voted Enabled.
2.- Products: KTS2016MR1c & KTS2017beta 17.0.0.577 (NetWork -> always scan encrypted connections)
3.- Some issues with some applications, but creating an exclusion for encrypted traffic in KTS does the trick.

@viktik: which version of KIS2016? MR0 or MR1?. If 2016MR1, did You import manually "Kaspersky Root Certificate" into FF x64?

 

[viktik]

1.- Voted Enabled.
2.- Products: KTS2016MR1c & KTS2017beta 17.0.0.577 (NetWork -> always scan encrypted connections)
3.- Some issues with some applications, but creating an exclusion for encrypted traffic in KTS does the trick.

@viktik: which version of KIS2016? MR0 or MR1?. If 2016MR1, did You import manually "Kaspersky Root Certificate" into FF x64?

Yes I added the Kaspersky certificate manually.

 

[Logethica]

I have HTTPS Scanning disabled.
I use AVAST Free Antivirus.
I have disabled this feature because IMO I am safer without it....
I am aware that HTTPS does not mean safe by default,and also that it is too easy for an unsafe site to become HTTPS,
but despite these facts I do not feel comfortable with my AV carrying out what equates to a "MitM" HTTPS decryption attack like "Superfish" minus the ad-injections,whether this is meant to be for my benefit or not!
I am prepared to make the trade-off that any unsafe HTTPS sites remain unscanned as I believe that by adopting this approach I am also making genuinely safe HTTPS sites LESS vulnerable....and considering that these sites could be used for Banking I consider this a must.
My primary goal is to prevent any vulnerability in Genuine,Safe,Important HTTPS sites.
The secondary goal of Safety on less important HTTPS sites (that do not house financial transactions) is left to a combination of Browser-Rules ,Extensions and Software...
No Flash,Java,or Auto Downloads...Trafficlight/uBlock Origin/...Sandboxie.
I do not see the Logic in making an unimportant site stronger if this could possibly result in making an important site weaker.

 

[harlan4096]

Yes I added the Kaspersky certificate manually.

If You have FF x64 this is not enough... that procedure only adds certificate to FF x86 browsers...

Only if You have Kaspersky 16.0.1.445, You should import "Kaspersky Root Certificate" in Your FF(Pale Moon/WaterFox, etc.) x64 from:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total/InterNet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi

 

[DardiM]

HTTPS / SSL Scanning enabled (KTS 2016) "Because I'm Worth It"

 

[Logethica]

Am I the only person that thinks that using a 3rd party software for the needless decryption of a websites encrypted safety mechanism is not a million miles away from having trusted.....

• iCloud to keep personal photos safe?
• Lastpass to keep all Passwords secure?
• The Net to keep National Secrets safe?

Is allowing an AV "Man in the Middle" leverage absolutely necessary for this? ... IMO it is not.
I would personally be happy with authentication of the websites identity,along with information gleaned from my browser extensions.
Logic should trump technology (at least until A.I peaks & Machines take over the Earth)

I Would choose...

• A Photo Album instead of iCloud
• A Pen & Paper instead of Lastpass
• A Strong-Room with a Locked Door & Armed Guard instead of the Net to store National Secrets.

 

[DardiM]

Am I the only person that thinks that using a 3rd party software for the needless decryption of a websites encrypted safety mechanism is not a million miles away from having trusted.....
......
A Strong-Room with a Locked Door & Armed Guard instead of the Net to store National Secrets
...

You forgot to speak about the 4 pit-bulls

N.B.: I use "HTTPS Everywhere"

 

[DJ Panda]

1. Enabled
2. Using Avast Free
3. As HTTPS is one of the most secure ways to browse I would hope it would mean less malware but I would never risk it. No issues concerning while browsing.

 

[Logethica]

You forgot to speak about the 4 pit-bulls

N.B.: I use "HTTPS Everywhere"

Yes..the Pit-bulls are a good idea..
I also have HTTPS Everywhere...
I believe that forcing a webpage to a HTTPS connection rather than a plain HTTP one (if that possibility is an option) is a good thing..
but I dont really have my AV for it's "Web Shield" Capability as much as it's "File Shield" and system protection..
IMO the scanning of "EITHER" HTTP or HTTPS sites by my AV is not really needed.I think that option is there more for "Set & Forget" users that may not be familiar with Social-Engineering techniques,or additional security Software/Browser settings+Extensions etc..
If I was a basic user that had no 3rd party security software other than an AV (that maybe a son/daughter installed on my behalf) then AV site scanning would probably be advantageous.

 

[Ink]

Avast Free Antivirus
HTTPS Scanning: Disabled
No tampering with HTTPS/SSL.

 

[Logethica]

BTW....Has anybody else noticed the Irony that this specific page has the HTTPS greyed out,with the reason being that despite connection to the site being private,someone on the network may be able to change the look of the page?

 

[DardiM]

BTW....Has anybody else noticed the Irony that this specific page has the HTTPS greyed out,with the reason being that despite connection to the site being private,someone on the network may be able to change the look of the page?

Lol that's right ! And have you noticed which organisation delivered the certificate (I love it! ) ?

 

[Ink]

BTW....Has anybody else noticed the Irony that this specific page has the HTTPS greyed out,with the reason being that despite connection to the site being private,someone on the network may be able to change the look of the page?

Mixed content displayed. The image in post 6 comes from a HTTP:// address, and my Imgur image is unknown.

Spoiler: Mixed content on webpage

 

[Deleted member 2913]

I have HTTPS Scanning disabled.
I have disabled this feature because IMO I am safer without it....
I am aware that HTTPS does not mean safe by default,and also that it is too easy for an unsafe site to become HTTPS,
but despite these facts I do not feel comfortable with my AV carrying out what equates to a "MitM" HTTPS decryption attack like "Superfish" minus the ad-injections,whether this is meant to be for my benefit or not!
I am prepared to make the trade-off that any unsafe HTTPS sites remain unscanned as I believe that by adopting this approach I am also making genuinely safe HTTPS sites LESS vulnerable....and considering that these sites could be used for Banking I consider this a must.
My primary goal is to prevent any vulnerability in Genuine,Safe,Important HTTPS sites.
The secondary goal of Safety on less important HTTPS sites (that do not house financial transactions) is left to a combination of Browser-Rules ,Extensions and Software...
I do not see the Logic in making an unimportant site stronger if this could possibly result in making an important site weaker.

Kaspersky Internet Security 2016
HTTPS/SSL Scanning Disabled

Reasons - As mentioned above by Logethica

 

[Andytay70]

Disabled!
I found it slowed my web browser down.

 

[spaceoctopus]

There is a lot of mixed feelings about Https scanning. Some find it useful, others find it intrusive. Even if the https connection is infected in some ways, once decrypted, the antivirus will block the malware or infection.
Actually https scanning involves decrypting the encrypted connection to be scanned,almost the same way your browser do it. Some products such as Emsisoft or Panda don't use https scanning.
From what i understand HTTPS scanning blocks the malware in some ways 'INSIDE' the encrypted connection while without HTTPS connection the malware is blocked after the connection is decrypted by the browser.While not forgetting HTTPs scanning involves decryption.....all the same in the end.