Jump to content

Recommended Posts

I came across this article today via "Ask Woody" ...

https://textslashplain.com/2019/08/11/spying-on-https/

The article specifically calls out AVAST, and I have not seen this warning in Chrome or other browsers (on the stable/release channel) using ESET.

Can any of ESET's staff can comment on how ESET monitors HTTPS traffic, and if the 'issue' with AVAST is something ESET users need to be aware of vis-a-vis browser warnings/compatibility?

Again, I've encountered no issues on this front ... I am simply curious! 🙂

 

 

Share this post


Link to post
Share on other sites

We intercept network communication, decrypt the SSL communication (not all SSL communication) and encrypt it again after scanning. It's done in a safely manner; if there was a risk of data leak, we wouldn't do it.

Share this post


Link to post
Share on other sites
41 minutes ago, Marcos said:

We intercept network communication, decrypt the SSL communication (not all SSL communication) and encrypt it again after scanning. It's done in a safely manner; if there was a risk of data leak, we wouldn't do it.

How does that compare to AVAST's method?

Share this post


Link to post
Share on other sites

Interesting article. I checked the environment variables for FireFox; I don't use Chrome, and Eset does not use or need to use this baloney.

Both Avast and Kaspersky were having issues with use of their root CA certificates in Chrome a while back to decrypt SSL/TLS traffic. Appears this is Avast's solution to the problem and a very insecure one at that.

Share this post


Link to post
Share on other sites

This is also worth a read and very much indicates that what Avast/AVG is doing is something Google doesn't approve of:

Quote

Chromium team wants users to aware of this variable set in the Chrome browser. Apparently, the team expresses concern this variable has already been used by bad actors and thus, added SSL key log file to bad flags.

https://techdows.com/2019/08/chrome-you-are-using-an-unsupported-environment-variable-sslkeylogfile.html

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...