Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Hitman III: PC graphics perf benchmark review
TeamGroup CX2 1TB SATA3 SSD review
EVGA GeForce RTX 3070 FTW3 Ultra review
Corsair 5000D PC Chassis Review
NZXT Kraken X63 RGB Review
ASUS Radeon RX 6900 XT STRIX OC LC Review
TerraMaster F5-221 NAS Review
MSI Radeon RX 6800 XT Gaming X TRIO Review
Sapphire Radeon RX 6800 NITRO+ review
Corsair HS70 Bluetooth Headset Review

New Downloads
SiSoft Sandra 20/20 download v30.92
AMD Radeon Adrenalin Edition 21.1.1 driver download
CPU-Z download v1.95
Intel HD graphics Driver Download Version: DCH 27.20.100.9168
HWiNFO Download v6.41 (4355 Beta)
GeForce 461.33 hotfix driver download
Prime95 download version 30.4 build 7
AIDA64 Download Version 6.32.5620 beta
3DMark Download v2.16.7117 + Time Spy
Crystal DiskMark 8.0.1 Download


New Forum Topics
December 2020 Guru3D Contest Winner Announcements EU fines Valve and 5 other gaming companies for geo-blocking PC games NVIDIA Profile Inspector 2.3.0.13 GeForce Hotfix Driver Version 461.33 Solution for stuck VRAM mem at max clocks on AMD Navi10 ASUS RT-AX89X 10 Gigabit LAN compatible Wi-Fi 6 router Radeon Software Adrenalin 2020 Edition 21.1.1 Download & Discussion AMD Radeon 21.1.1 drivers confirmed to bring Radeon cards a massive boost in Hitman III Colorful releases two new GeForce RTX 3060 Ti graphics cards Intel is satisfied about 7nm progress




Guru3D.com » News » Anti-virus vendors are intercepting and analyzing your HTTPS traffic

Anti-virus vendors are intercepting and analyzing your HTTPS traffic

by Hilbert Hagedoorn on: 02/09/2017 09:06 AM | source: | 50 comment(s)
Anti-virus vendors are intercepting and analyzing your HTTPS traffic

Parties like Google, Mozilla, Cloudflare, and researchers from two Universities are criticising interception of HTTPS traffic by antivirus software. By installing an own root certificate on the user’s computer the antivirus applications have found a way to be able to analyze the content of encrypted internet connections. 

The method is frequently used by antivirus vendors reports myce.com today. The way the software intercepts HTTPS traffic decreases the security of it. The virus scanners can introduce all kinds of new vulnerabilities, according to a report released by the researchers and companies:

For the report, the researchers analyzed 8 billion secured connections to the Firefox update servers, to several popular e-commerce websites and to Cloudflare’s content distribution network. About 4% of the connections to the Firefox servers was intercepted, 6.2% of the e-commerce websites and 10.9% of the connections to Cloudflare was intercepted.

The researchers also analyzed the security impact of the intercepted connections. About 97% of Firefox, 32% of e-commerce, and 54% of Cloudflare connections that were intercepted became less
secure.

“Alarmingly, not only did intercepted connections use weaker cryptographic algorithms, but 10–40% advertised support for known-broken ciphers that would allow an active man-in-the-middle attacker to later intercept, downgrade, and decrypt the connection,” according to the researchers.

While it was already known that security software intercepted HTTPS traffic, the researchers were still surprised, “while the security community has long known that security products intercept connections, we have largely ignored the issue, believing that only a small fraction of connections are affected. However, we find that interception has become startlingly widespread and with worrying consequences.”

Thy hope that security vendors will start using alternatives to HTTPS interception as, “interception products drastically reduce connection security.”



Anti-virus vendors are intercepting and analyzing your HTTPS traffic




« Sony's Fabs Camera Sensor that Captures 1000fps Super Slow-Mo · Anti-virus vendors are intercepting and analyzing your HTTPS traffic · Lian Li PC-O11 Dual-Chambered Case Available »

Related Stories

Intel hardware-based anti-virus feature - 01/27/2011 12:26 PM
An interesting comment originates from Intel CTO Justin Rattner who claims that a new hardware-based security technology under development by Intel researchers will stop zero-day attacks in their trac...

AVG anti-virus mistakenly tags user32.dll - 11/12/2008 10:23 AM
Oohhhoow man, a recent definition update for the popular AVG Free 7.5 and 8.0 anti-virus apps mistakenly tagged a Windows system file and told users to delete it: "An update for the AVG virus sca...


10 pages 1 2 3 4 > »


KissSh0t
Senior Member



Posts: 8510
Joined: 2011-10-22

#5390418 Posted on: 02/09/2017 09:33 AM
The plot thickens.

sverek
Senior Member



Posts: 6097
Joined: 2011-01-02

#5390425 Posted on: 02/09/2017 09:51 AM
I have feeling antiviruses becoming obsolete. Antivirus doesn't defend you, they scare you, collect your data, break your programs and back to scaring. All for greater profit.

Customers just happy to have antivirus as a morale support.

Unfortunately, antivirus also doesn't cure stupidity. Customer can't just be stupid and rely on antivirus to cover up while it do all stupid things on PC.
21th century is about not being stupid online. Sharing USBs and CDs with your friends as we did in 20th century is not very common anymore. So there less and less work for antivirus to actually cover.

Extraordinary
Senior Member



Posts: 19503
Joined: 2010-04-21

#5390427 Posted on: 02/09/2017 09:54 AM
Mozilla really want you to uninstall your AV lately, makes me suspicious of Mozilla not my AV

lucidus
Senior Member



Posts: 11860
Joined: 2011-12-31

#5390430 Posted on: 02/09/2017 10:06 AM
About 4% of the connections to the Firefox servers was intercepted, 6.2% of the e-commerce websites and 10.9% of the connections to Cloudflare was intercepted.


That's it? Despite the sample size that seems pretty low. The degradation of security stuff is higher within those stats but still. Why is it so low? Upto 89.1% connections didn't use third party security software?

Mozilla really want you to uninstall your AV lately, makes me suspicious of Mozilla not my AV


That was one ex-Mozzarella.

Extraordinary
Senior Member



Posts: 19503
Joined: 2010-04-21

#5390435 Posted on: 02/09/2017 10:24 AM

That was one ex-Mozzarella.

I'm suspicious of all pizzerias advising the removal of security software too

10 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021