Jump to content

Archived

This topic is now archived and is closed to further replies.

TJP

Ways anti-virus software lowers your HTTPS security

Recommended Posts

I found the following on Wilder's (reference: hxxp://www.wilderssecurity.com/threads/how-kaspersky-makes-you-vulnerable-to-the-freak-attack-and-other-ways-antivirus-software-lowers-your.375611/#post-2485713), so full credit to OP Gein.

 

It is worth reading the entire blog, here are some titbits/snippets:

 

"Kaspersky enables the HTTPS interception by default for sites it considers as especially sensitive, for example banking web pages. Doing that with a known security issue is extremely irresponsible.

I also found a number of other issues. ESET doesn't support TLS 1.2 and therefore uses a less secure encryption algorithm. Avast and ESET don't support OCSP stapling. Kaspersky enables the insecure TLS compression feature that will make a user vulnerable to the CRIME attack. Both Avast and Kaspersky accept nonsensical parameters for Diffie Hellman key exchanges with a size of 8 bit. Avast is especially interesting because it bundles the Google Chrome browser. It installs a browser with advanced HTTPS features and lowers its security right away.

These TLS features are all things that current versions of Chrome and Firefox get right. If you use them in combination with one of these Antivirus applications you lower the security of HTTPS connections.

There's one more interesting thing: It seems all three tested Antiviruses don't intercept traffic when Extended Validation (EV) certificates are used
".

 

Story link: https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html

Share this post


Link to post
Share on other sites

Thanks for sharing. I just wanted to post this too. :)

 

So to focus on ESET:

  • The issue with TLS 1.2 support is known, but it only affects Firefox and will be fixed soon.
  • The issue with EV certificates not being scanned I can't confirm. Here you can see that it will be scanned:
    post-3952-0-32928500-1430156071_thumb.png
  • About Key Pinning (HPKP) and OCSP stapling I think it would be a nice idea if ESET could implement this.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...