Why do you recommend not using HTTPS/TLS filtering?

General discussion and chat (archived)
User avatar
back2themoon
Moon Magic practitioner
Moon Magic practitioner
Posts: 2372
Joined: 2012-08-19, 20:32

Re: Why do you recommend not using HTTPS/TLS filtering?

Unread post by back2themoon » 2017-02-25, 14:16

Moonchild wrote:If that's your argument...
No, it was my counter-argument. Yes, there are many bad A/V software "suites" out there but not ALL of them -except Microsoft's- are bad, as Robert O'Callahan implies.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Why do you recommend not using HTTPS/TLS filtering?

Unread post by Moonchild » 2017-02-25, 14:47

What RoC said, and you should read carefully, is that he recommends using Microsoft's as the only real-time antivirus solution. And I have to agree with him that it's a good solution because it is native to the OS and doesn't need to use any dirty tricks or dangerous hooks to get that kind of access to the system.

Only sideways related to the topic at hand though, although https filtering can be classified as "real-time" too, that's where the analogy mostly ends.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Cavehomme

Re: Why do you recommend not using HTTPS/TLS filtering?

Unread post by Cavehomme » 2017-04-06, 11:01

dark_moon wrote:Here a overview:
Image
(Source: http://t3n.de/news/antivirus-https-verb ... -broken_2/)

I dont know if the table is correct but all AVs on the list manipulate your TLS.
Thanks very much for this dark_moon, much appreciated and apologies for not replying sooner, I did not receive an email notification of a reply, will check my settings.

moon convert

Re: Why do you recommend not using HTTPS/TLS filtering?

Unread post by moon convert » 2017-05-29, 01:32

I was directed to this extremely helpful forum thread, after having some problems related to HTTPS filtering in my AV. I just finished reading through (Durumeric et al., 2017), linked in this thread. I realized there's a footnote on page 4, that describes the antivirus programs that don't engage in this behavior at all. I think it helps answer the initial question.
Cavehomme wrote:Can you please point us in the direction of learning which current antivirus / internet security products do and don't use https/tls filtering?
Durumeric et al., 2017 wrote:We found that the following products did not intercept HTTPS: 360 Total,
Ahnlabs V3 Internet Security, Avira AV 2016, Comodo Internet Security, F-
Secure Safe, G DATA products, K7 Total Security, Malwarebytes, McAfee
Internet Security, Microsoft Windows Defender, Norton Security, Panda Internet
Security 2016, Security Symantec Endpoint Protection, Tencent PC Manager,
Trend Micro Maximum Security 10, and Webroot SecureAnywhere.
A preprint of this paper incorrectly listed G DATA products in Figure 4.
I don't think anyone has directly referenced that footnote before, and I hope displaying it in the thread is helpful to someone.
As an aside, I spent three painful years using McAfee, so if you're looking to switch to an antivirus that doesn't use HTTPS filtering, I would recommend choosing one of the others.

hackerman1
Lunatic
Lunatic
Posts: 385
Joined: 2013-12-19, 15:12
Location: Sweden

Re: Why do you recommend not using HTTPS/TLS filtering?

Unread post by hackerman1 » 2017-05-29, 01:53

moon convert wrote:I was directed to this extremely helpful forum thread, after having some problems related to HTTPS filtering in my AV. I just finished reading through (Durumeric et al., 2017), linked in this thread. I realized there's a footnote on page 4, that describes the antivirus programs that don't engage in this behavior at all. I think it helps answer the initial question.
Cavehomme wrote:Can you please point us in the direction of learning which current antivirus / internet security products do and don't use https/tls filtering?
Durumeric et al., 2017 wrote:We found that the following products did not intercept HTTPS: 360 Total,
Ahnlabs V3 Internet Security, Avira AV 2016, Comodo Internet Security, F-
Secure Safe, G DATA products, K7 Total Security, Malwarebytes, McAfee
Internet Security, Microsoft Windows Defender, Norton Security, Panda Internet
Security 2016, Security Symantec Endpoint Protection, Tencent PC Manager,
Trend Micro Maximum Security 10, and Webroot SecureAnywhere.
A preprint of this paper incorrectly listed G DATA products in Figure 4.
I don't think anyone has directly referenced that footnote before, and I hope displaying it in the thread is helpful to someone.
As an aside, I spent three painful years using McAfee, so if you're looking to switch to an antivirus that doesn't use HTTPS filtering, I would recommend choosing one of the others.
Add Emsisoft AntiMalware to that list of antimalware-programs not intercepting HTTPS.
Administrator on Windows Server to Workstation
Moderator (and "undercover" Admin) on The Windows Club Forum

Security: EAM, Comodo Firewall and HIPS, WinPatrol+, HOSTS-file, UAC (max), Sandboxie, NoScript and ADBlock.

Falna
Astronaut
Astronaut
Posts: 511
Joined: 2015-08-23, 17:56
Location: UK / France

Re: Why do you recommend not using HTTPS/TLS filtering?

Unread post by Falna » 2017-05-29, 13:42

Durumeric et al., 2017 wrote:We found that the following products did not intercept HTTPS: 360 Total,
Ahnlabs V3 Internet Security, Avira AV 2016, Comodo Internet Security, F-
Secure Safe, G DATA products, K7 Total Security, Malwarebytes, McAfee
Internet Security, Microsoft Windows Defender, Norton Security, Panda Internet
Security 2016, Security Symantec Endpoint Protection, Tencent PC Manager,
Trend Micro Maximum Security 10, and Webroot SecureAnywhere.
A preprint of this paper incorrectly listed G DATA products in Figure 4.
...but note that there some other products in which interception can be switched on or off; some are configured by default to off (such as ESET, which I use on my Windows machines), in others it's switched on by default...

Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything

Hint: If you expect a reply to your PM, allow replies...

Locked