Jump to content

Archived

This topic is now archived and is closed to further replies.

howardagoldberg

HTTPS Monitoring

Recommended Posts

I came across this article today via "Ask Woody" ...

https://textslashplain.com/2019/08/11/spying-on-https/

The article specifically calls out AVAST, and I have not seen this warning in Chrome or other browsers (on the stable/release channel) using ESET.

Can any of ESET's staff can comment on how ESET monitors HTTPS traffic, and if the 'issue' with AVAST is something ESET users need to be aware of vis-a-vis browser warnings/compatibility?

Again, I've encountered no issues on this front ... I am simply curious! 🙂

 

 

Share this post


Link to post
Share on other sites

We intercept network communication, decrypt the SSL communication (not all SSL communication) and encrypt it again after scanning. It's done in a safely manner; if there was a risk of data leak, we wouldn't do it.

Share this post


Link to post
Share on other sites
41 minutes ago, Marcos said:

We intercept network communication, decrypt the SSL communication (not all SSL communication) and encrypt it again after scanning. It's done in a safely manner; if there was a risk of data leak, we wouldn't do it.

How does that compare to AVAST's method?

Share this post


Link to post
Share on other sites

Interesting article. I checked the environment variables for FireFox; I don't use Chrome, and Eset does not use or need to use this baloney.

Both Avast and Kaspersky were having issues with use of their root CA certificates in Chrome a while back to decrypt SSL/TLS traffic. Appears this is Avast's solution to the problem and a very insecure one at that.

Share this post


Link to post
Share on other sites

This is also worth a read and very much indicates that what Avast/AVG is doing is something Google doesn't approve of:

Quote

Chromium team wants users to aware of this variable set in the Chrome browser. Apparently, the team expresses concern this variable has already been used by bad actors and thus, added SSL key log file to bad flags.

https://techdows.com/2019/08/chrome-you-are-using-an-unsupported-environment-variable-sslkeylogfile.html

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...