Jump to content

HTTPS Monitoring


howardagoldberg
 Share

Recommended Posts

I came across this article today via "Ask Woody" ...

https://textslashplain.com/2019/08/11/spying-on-https/

The article specifically calls out AVAST, and I have not seen this warning in Chrome or other browsers (on the stable/release channel) using ESET.

Can any of ESET's staff can comment on how ESET monitors HTTPS traffic, and if the 'issue' with AVAST is something ESET users need to be aware of vis-a-vis browser warnings/compatibility?

Again, I've encountered no issues on this front ... I am simply curious!Β πŸ™‚

Β 

Β 

Link to comment
Share on other sites

  • Administrators

We intercept network communication, decrypt the SSL communication (not all SSL communication) and encrypt it again after scanning. It's done in a safely manner; if there was a risk of data leak, we wouldn't do it.

Link to comment
Share on other sites

41 minutes ago, Marcos said:

We intercept network communication, decrypt the SSL communication (not all SSL communication) and encrypt it again after scanning. It's done in a safely manner; if there was a risk of data leak, we wouldn't do it.

How does that compare to AVAST's method?

Link to comment
Share on other sites

Interesting article. I checked the environment variables for FireFox; I don't use Chrome, and Eset does not use or need to use this baloney.

Both Avast and Kaspersky were having issues with use of their root CA certificates in Chrome a while back to decrypt SSL/TLS traffic. Appears this is Avast's solution to the problem and a very insecure one at that.

Link to comment
Share on other sites

This is also worth a read and very much indicates that what Avast/AVG is doing is something Google doesn't approve of:

Quote

Chromium team wants users to aware of this variable set in the Chrome browser. Apparently, the team expresses concern this variable has already been used by bad actors and thus, added SSL key log file to bad flags.

https://techdows.com/2019/08/chrome-you-are-using-an-unsupported-environment-variable-sslkeylogfile.html

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...