You Have HTTPS/SSL Scan Enabled/Disabled?

  • Thread starter Thread starter Deleted member 2913
  • Start date Start date

You Have HTTPS/SSL Scan Enabled/Disabled?

  • Enabled

    Votes: 9 52.9%

  • Disabled

    Votes: 8 47.1%
  • Total voters
    17
D

Deleted member 2913

Thread author
You have HTTPS/SSL scan enabled/disabled?

1. Please vote
2. Please mention your product
3. Please mention enabled/disabled And why?

If enabled - You face any issues like some sites not working, issues on some bank sites, issues on some shopping sites, etc...?
 
  • Like
Reactions: DardiM, silversurfer and harlan4096
Since I'm not using any third party AV still I have a presumption plan for that scenario.

I will activate HTTPS/SSL Scan because it will give another range of protection against possible malicious content over secured connection.

Remember that HTTPS does not mean it is safe, yes additional factor that information are encrypted however many techniques can bypassed it. So everything we heading to web is full of risk.
 
  • Like
Reactions: DardiM, silversurfer, _CyberGhosT_ and 1 other person
1.- Voted Enabled.
2.- Products: KTS2016MR1c & KTS2017beta 17.0.0.577 (NetWork -> always scan encrypted connections)
3.- Some issues with some applications, but creating an exclusion for encrypted traffic in KTS does the trick.

@viktik: which version of KIS2016? MR0 or MR1?. If 2016MR1, did You import manually "Kaspersky Root Certificate" into FF x64?
 
  • Like
Reactions: DardiM, silversurfer, Deleted member 2913 and 1 other person
harlan4096 said:
1.- Voted Enabled.
2.- Products: KTS2016MR1c & KTS2017beta 17.0.0.577 (NetWork -> always scan encrypted connections)
3.- Some issues with some applications, but creating an exclusion for encrypted traffic in KTS does the trick.

@viktik: which version of KIS2016? MR0 or MR1?. If 2016MR1, did You import manually "Kaspersky Root Certificate" into FF x64?
Click to expand...

Yes I added the Kaspersky certificate manually.

2037173.jpg
 
  • Like
Reactions: DardiM and Deleted member 2913
I have HTTPS Scanning disabled.
I use AVAST Free Antivirus.
I have disabled this feature because IMO I am safer without it....
I am aware that HTTPS does not mean safe by default,and also that it is too easy for an unsafe site to become HTTPS,
but despite these facts I do not feel comfortable with my AV carrying out what equates to a "MitM" HTTPS decryption attack like "Superfish" minus the ad-injections,whether this is meant to be for my benefit or not!
I am prepared to make the trade-off that any unsafe HTTPS sites remain unscanned as I believe that by adopting this approach I am also making genuinely safe HTTPS sites LESS vulnerable....and considering that these sites could be used for Banking I consider this a must.
My primary goal is to prevent any vulnerability in Genuine,Safe,Important HTTPS sites.
The secondary goal of Safety on less important HTTPS sites (that do not house financial transactions) is left to a combination of Browser-Rules ,Extensions and Software...
No Flash,Java,or Auto Downloads...Trafficlight/uBlock Origin/...Sandboxie.
I do not see the Logic in making an unimportant site stronger if this could possibly result in making an important site weaker.
 
  • Like
Reactions: conceptualclarity, silversurfer, Deleted member 2913 and 1 other person
viktik said:
Yes I added the Kaspersky certificate manually.

2037173.jpg
Click to expand...
If You have FF x64 this is not enough... that procedure only adds certificate to FF x86 browsers...

Only if You have Kaspersky 16.0.1.445, You should import "Kaspersky Root Certificate" in Your FF(Pale Moon/WaterFox, etc.) x64 from:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total/InterNet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
Click to expand...
 
  • Like
Reactions: Deleted member 2913 and DardiM
HTTPS / SSL Scanning enabled (KTS 2016) "Because I'm Worth It" :p
 
Last edited:
  • Like
Reactions: harlan4096
Am I the only person that thinks that using a 3rd party software for the needless decryption of a websites encrypted safety mechanism is not a million miles away from having trusted.....
  • iCloud to keep personal photos safe?
  • Lastpass to keep all Passwords secure?
  • The Net to keep National Secrets safe?
Is allowing an AV "Man in the Middle" leverage absolutely necessary for this? ... IMO it is not.
I would personally be happy with authentication of the websites identity,along with information gleaned from my browser extensions.
Logic should trump technology (at least until A.I peaks & Machines take over the Earth:D)

I Would choose...
  • A Photo Album instead of iCloud
  • A Pen & Paper instead of Lastpass
  • A Strong-Room with a Locked Door & Armed Guard instead of the Net to store National Secrets.
:rolleyes:;):)
 
  • Like
Reactions: Deleted member 2913 and DardiM
Logethica said:
Am I the only person that thinks that using a 3rd party software for the needless decryption of a websites encrypted safety mechanism is not a million miles away from having trusted.....
......
A Strong-Room with a Locked Door & Armed Guard instead of the Net to store National Secrets
...
Click to expand...
You forgot to speak about the 4 pit-bulls ;)

N.B.: I use "HTTPS Everywhere" :oops:
 
Last edited:
  • Like
Reactions: harlan4096
1. Enabled
2. Using Avast Free
3. As HTTPS is one of the most secure ways to browse I would hope it would mean less malware but I would never risk it. No issues concerning while browsing.
 
  • Like
Reactions: Deleted member 2913 and DardiM
DardiM said:
You forgot to speak about the 4 pit-bulls ;)

N.B.: I use "HTTPS Everywhere" :oops:
Click to expand...

:DYes..the Pit-bulls are a good idea..
I also have HTTPS Everywhere...:)
I believe that forcing a webpage to a HTTPS connection rather than a plain HTTP one (if that possibility is an option) is a good thing..
but I dont really have my AV for it's "Web Shield" Capability as much as it's "File Shield" and system protection..
IMO the scanning of "EITHER" HTTP or HTTPS sites by my AV is not really needed.I think that option is there more for "Set & Forget" users that may not be familiar with Social-Engineering techniques,or additional security Software/Browser settings+Extensions etc..
If I was a basic user that had no 3rd party security software other than an AV (that maybe a son/daughter installed on my behalf) then AV site scanning would probably be advantageous.:)
 
  • Like
Reactions: DardiM and Deleted member 2913
Logethica said:
BTW....Has anybody else noticed the Irony that this specific page has the HTTPS greyed out,with the reason being that despite connection to the site being private,someone on the network may be able to change the look of the page?:rolleyes:
Click to expand...
Lol that's right ! And have you noticed which organisation delivered the certificate (I love it! ) ? :cool:
 
Last edited:
  • Like
Reactions: Deleted member 2913
Logethica said:
BTW....Has anybody else noticed the Irony that this specific page has the HTTPS greyed out,with the reason being that despite connection to the site being private,someone on the network may be able to change the look of the page?:rolleyes:
Click to expand...

Mixed content displayed. The image in post 6 comes from a HTTP:// address, and my Imgur image is unknown.
upload_2016-6-27_0-12-9.png


upload_2016-6-27_0-13-34.png
 
  • Like
Reactions: Deleted member 2913
Logethica said:
I have HTTPS Scanning disabled.
I have disabled this feature because IMO I am safer without it....
I am aware that HTTPS does not mean safe by default,and also that it is too easy for an unsafe site to become HTTPS,
but despite these facts I do not feel comfortable with my AV carrying out what equates to a "MitM" HTTPS decryption attack like "Superfish" minus the ad-injections,whether this is meant to be for my benefit or not!
I am prepared to make the trade-off that any unsafe HTTPS sites remain unscanned as I believe that by adopting this approach I am also making genuinely safe HTTPS sites LESS vulnerable....and considering that these sites could be used for Banking I consider this a must.
My primary goal is to prevent any vulnerability in Genuine,Safe,Important HTTPS sites.
The secondary goal of Safety on less important HTTPS sites (that do not house financial transactions) is left to a combination of Browser-Rules ,Extensions and Software...
I do not see the Logic in making an unimportant site stronger if this could possibly result in making an important site weaker.
Click to expand...

Kaspersky Internet Security 2016
HTTPS/SSL Scanning Disabled

Reasons - As mentioned above by Logethica
 
  • Like
Reactions: harlan4096
There is a lot of mixed feelings about Https scanning. Some find it useful, others find it intrusive. Even if the https connection is infected in some ways, once decrypted, the antivirus will block the malware or infection.
Actually https scanning involves decrypting the encrypted connection to be scanned,almost the same way your browser do it. Some products such as Emsisoft or Panda don't use https scanning.
From what i understand HTTPS scanning blocks the malware in some ways 'INSIDE' the encrypted connection while without HTTPS connection the malware is blocked after the connection is decrypted by the browser.While not forgetting HTTPs scanning involves decryption.....all the same in the end.:p
 
  • Like
Reactions: Deleted member 2913
You must log in or register to reply here.

You may also like...