Avast WEBforum
Other => General Topics => Topic started by: Ashish Singh on May 22, 2011, 12:54:00 PM
-
Hi I want your opinion on this..
I want that avast would install a certificate for the browser so that it could scan SSL traffic also which now it can't. I saw this is done by eset,Bitdefender,Kaspersky to scan secure traffic and every SSL connection is shown verified by the AV, one using.( I mean like browser would say for gmail that connected to gmail.com verified by Kaspersky Lab/Eset spol s.r.o/Bitdefender) Also see screenshot.
I want every Secure website the browser would say connected to facebook.com verified by AVAST Software a.s
How is the suggestion?
In this way we will have SSl connection as well as avast protection also...
If i am wrong please correct me...
-
If i am wrong please correct me...
Ok, I correct you. ;)
No secure connection can be scanned, otherwise it wouldn't be a secure connection.
-
Also see screenshot.
The screenshot only show that Bitdefender is verifieing that you are connected using SSL...it is not scanning it
as Asyn say, if it did it would not be secure
-
Can someone explain me the screenshot then.. ...?
-
I don't use bit defender otherwise I have posted its log also that it scans SSL traffic also...
Same for Kaspersky Also...It also has the option. If does not scan then I don't understand that why they have given the option
-
Does ESET Smart Security scan SSL (Secure Sockets Layer) traffic?
By default, ESET Smart Security checks the POP3 protocol on TCP port 110 and the HTTP protocol on TCP ports 80, 8080 and 3128 for threats to your system.
Since all SSL communications are encrypted it is not possible for ESET Smart Security to scan them, even if the TCP port is listed above and has been manually entered.
ESET Smart Security is unable to check encrypted traffic (SSL, HTTPS, S/POP3, SSH and so forth). After encrypted traffic has been decrypted, it will be checked for threats by the antivirus components of NOD32. If you are not using a standard port for email, it is scanned by the antivirus component as soon as the mail touches the system, which will protect you from any threats.
-
I am confused. I just posted a HTTPS scanned page
What about this screenshot........?
-
The above posted is from ESET FAQ...
so why dont you send them a mail and ask how it works ? and tell us what they say
-
The above posted is from ESET FAQ...
so why dont you send them a mail and ask how it works ? and tell us what they say
i already did...
-
Looks like they are playing fast and loose with the actual facts, they aren't actually decrypting and scanning the 'content' of http traffic; that would require huge processing power and your browsing in https sites would grind to a halt. Seems nothing more than marketing hype.
So what it is showing in the image scan stats is somewhat misleading, whilst may be possible to scan that raw encrypted https traffic coming 'in to' your system; it is going to achieve very little as it is encrypted. Until that https traffic is decrypted in your system could any meaningful scan be done.
-
Looks like the Bit Defender writeups say they have developed Browser Plugins that allow them to scan the decrypted (by the browser) https data streams as the page is being assembled, but ???. Remember that a web page is actually a mosaic of html data assembled into a web page, and in the case of an https page the data must be decrypted first to form the viewable page.
Don't know what the others do, but building a proxy that replicates the browser security functions on port 443 using something like openSSL for all the browsers seems much more cumbersome.
Maybe Avast! will have a comment?
-
I think this might help you people....
First one without installing Bitdefender traffic light
Second one after installing traffic light
Note: I have opened the same page
-
Also this,......
This is not only with Bitdefender its also with Kaspersky and ESET
A bit confusing... What could be the purpose of doing this and stating that it can scan SSL connection in all the three AV.
-
Marketing hype to sell products.
It isn't actually scanning just confirming that your connection is HTTPS with a valid certificate, something that you can have your browser do if you change the settings.
-
Marketing hype to sell products.
Thanks David. You're fully right. I hate hyping when the user is just fool with bla-bla-bla and promises.
BitDefender is on my blacklist in this point.
-
Just to set this clear.
Any connection can be scanned, but to scan a secure connection makes no sense at all. ;)
-
I always thought Avast scanned SSL email. Guess I am wrong.
-
Just to set this clear.
Any connection can be scanned, but to scan a secure connection makes no sense at all. ;)
With phoney SSL certificates around, I think it would be a good idea. There are also phoney digital signatures on some programs.
-
I always thought Avast scanned SSL email. Guess I am wrong.
avast scans your mails.
Don't worry. ;D
-
I always thought Avast scanned SSL email. Guess I am wrong.
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458
maybe someone from avast should come in here and explain this SSL thing or this thread may be very very long ;D
-
I always thought Avast scanned SSL email. Guess I am wrong.
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458
maybe someone from avast should come in here and explain this SSL thing or this thread may be very very long ;D
Thanks, I was searching for something like that. Perhaps HTTPS comes in on varying ports in browsers, so aren't scanned like HTTP on port 80. Just a guess.
-
Perhaps HTTPS comes in on varying ports in browsers, so aren't scanned like HTTP on port 80. Just a guess.
Bad guess. ;)
-
Perhaps HTTPS comes in on varying ports in browsers, so aren't scanned like HTTP on port 80. Just a guess.
Bad guess. ;)
Well, do you have a better guess, or are you just another Evangelist with 4 million inane posts? ???
-
Well, do you have a better guess, or are you just another Evangelist with 4 million inane posts? ???
443
And that's no guess..!! :P
-
I always thought Avast scanned SSL email. Guess I am wrong.
The email is decrypted by avast and scanned.
It makes no sense scan an encrypted email (SSL) connection. It's encrypted.
-
I always thought Avast scanned SSL email. Guess I am wrong.
The email is decrypted by avast and scanned.
It makes no sense scan an encrypted email (SSL) connection. It's encrypted.
Thanks for a reasonable answer, Tech. Why then can't Avast decrypt and scan SSL traffic in browsers?
-
Why then can't Avast decrypt and scan SSL traffic in browsers?
Ahhh... :(
You don't get it, do you.
What would be the sense of an encrypted connection, when any program can decrypt it..!!!
Please think about that.
Edit: Read this: http://en.wikipedia.org/wiki/HTTP_Secure
-
Simion, the encryption is to prevent any eye on it. If a program can decrypt it, it won't be secure. Think in your banking transactions over https.
-
Simion, the encryption is to prevent any eye on it. If a program can decrypt it, it won't be secure. Think in your banking transactions over https.
I guess I'm not making myself clear here, so I'll rephrase the question: If Avast can decrypt and scan SSL emails, why can't Avast decrypt and scan SSL webpages?
-
If Avast can decrypt and scan SSL emails, why can't Avast decrypt and scan SSL webpages?
avast! can't scan ssl mails, it works in between the client and the server.
-
Simion, the encryption is to prevent any eye on it. If a program can decrypt it, it won't be secure. Think in your banking transactions over https.
I guess I'm not making myself clear here, so I'll rephrase the question: If Avast can decrypt and scan SSL emails, why can't Avast decrypt and scan SSL webpages?
Technically it doesn't decrypt your SSL email. The Mail Shield redirects your email traffic through its local host proxy, that is good for either sent email or received SSL email. But you must allow avast to handle the secure encrypted SSL connection.
So you using your email program want to check your email, the mail shield redirects that connection through its localhost proxy and the secure email comes back in to the localhost proxy at which point it is no longer encrypted and avast can scan it. If the email is clean then it is passed on to your email program/inbox, etc.
The same if you want to send email, that too gets redirected through the localhost proxy (at this point it isn't a secure encrypted connection) and avast can scan it. If it is clean then avast established the secure connection to transmit your email.
If you failed to uncheck the email accounts SSL requirement in your email program, then avast can't intercept and scan the encrypted traffic.
-
What BitDefender appeared to say they were doing was providing browser plug-ins that wouuld scan the incoming SSL traffic after it had already been decrypted by the browser. So the browser handles all the SSL processes as usual. But avast! is already scanning the downloads with File System Shield when executed or opened, so may not be much value added ??? Not really scanning SSL traffic, just scanning the decrypted result before it is used by the browser for display or ?.
Maybe you could also do something like Avast! does with email. Set up your browser so it never encrypts anything, but just sends it along to avast! to do the scanning and then set up the SSL sessions and pass the encrypted traffic back and forth to the server, where encryption/decryption is actually done by a proxy using something like openSSL. But that sounds a lot more complicated than email, so ???
-
Sorry to bother you people again...
Just confused to see this.....
What is this if its not scanning it...
As I already posted the encryption method also changes and also the encrption key length...
Without anything its 128bit encryption public key and after bitdefender its 256 bit public encryption key...
Also method changes to something Calibia
-
Hi
I got reply from eset people here it is from facebook page
-
I think you need a follow-up question/s, such as.
OK, so are you saying it actually decrypts the SSL traffic so it can be scanned, as I thought the whole idea of SSL, secure encrypted connections was to keep prying eyes out including AVs ?
So what is it actually scanning ?
-
Well, it is possible - but not by decrypting the crypted stream (i.e. not via a proxy).
Using a browser plugin (or possibly some nasty hack of the browser itself), it's necessary to intercept the data which the browser itself already decrypted.
-
Simion, the encryption is to prevent any eye on it. If a program can decrypt it, it won't be secure. Think in your banking transactions over https.
I guess I'm not making myself clear here, so I'll rephrase the question: If Avast can decrypt and scan SSL emails, why can't Avast decrypt and scan SSL webpages?
<snip>
Technically it doesn't decrypt your SSL email. The Mail Shield redirects your email traffic through its local host proxy, that is good for either sent email or received SSL email. But you must allow avast to handle the secure encrypted SSL connection.
Thank you, I think that fine line distinction was the missing piece of the puzzle for me. To paraphrase: Avast, through the local host proxy, establishes and decrypts the SSL connection as opposed to the individual emails. Is that correct?
-
Well it established the SSL connection but it still doesn't decrypt/encrypt that is done outside of the localhost proxy as part of the regular SSL communication. what is in the localhost proxy isn't encrypted (as it is still local).
So it goes something like this for outbound email, email client > avast Mail Shield redirects to localhost proxy and scans > SSL connection > email server. That is essentially the same for inbound or outbound email, as the request originates from your email client.
So any pop3 email coming back would be returned in the same manner, email server, SSL connection > avast! localhost proxy (at this point it is on your system and the SSL communication has ended) so it can be scanned > email client, inbox.
-
So, is it correct to say that Windows plays an integral part in the actual encryption/decryption, as part of the SSL communication?
-
I don't know the exact process that handles the encryption/decryption but yes I believe it would have to be windows and not your email client (and definitely not avast!).
-
again I come to my question. Can we implement this method to avast to scan SSL connections?
Because only thing I have seen in all the three AVs to scan SSL connections is that they only install a certificate in the browsers... I mean eset, Kaspersky,Bitdefender which I have tested.
I didn't find any other changes in my browser or system
-
I don't know the exact process that handles the encryption/decryption but yes I believe it would have to be windows and not your email client (and definitely not avast!).
OK Many thanks, DavidR. :)
-
Hi Ashish, sorry I hijacked your thread, but it is related. :)
-
again I come to my question. Can we implement this method to avast to scan SSL connections?
Because only thing I have seen in all the three AVs to scan SSL connections is that they only install a certificate in the browsers... I mean eset, Kaspersky,Bitdefender which I have tested.
I didn't find any other changes in my browser or system
How is it possible to implement something which is totally unclear what it is that they are doing. All I have seen so far is smoke and mirrors, saying it scans SSL, without any idea of how or what it is actually doing.
I guess any idiot AV can scan encrypted files, but what they can't do is decrypt them and scan the contents. Scanning an encrypted file is unlikely to find anything because of the encryption; essentially this is no different if they are going to try and scan an https traffic stream.
If it were so good, why is it disabled by default ?
Wild-assed guess:
Either it is unlikely to detect anything because it is encrypted, which falls into the smoke and mirrors marketing hype. Or there is a huge overhead in doing so.
-
Thank you, I think that fine line distinction was the missing piece of the puzzle for me. To paraphrase: Avast, through the local host proxy, establishes and decrypts the SSL connection as opposed to the individual emails. Is that correct?
No (or maybe yes, I'm not sure how exactly the question is meant). The connection from the mail client to avast! proxy must not be crypted (i.e. it's necessary to disable SSL in the mail client).
Later, avast! performs an encrypted communication with the e-mail server itself.
Doing the same for web browsers would be a problem (as the browser wouldn't see the remote certificates, wouldn't show you the "encryption" icon, etc.)
But yes, it's possible that avast! will implement a browser plugin for specific browser(s?) in the future which would be able to extract the already-decrypted data from the browser and scan them, before the browser really uses them. No promises though :)
-
No (or maybe yes, I'm not sure how exactly the question is meant). The connection from the mail client to avast! proxy must not be crypted (i.e. it's necessary to disable SSL in the mail client).
Later, avast! performs an encrypted communication with the e-mail server itself.
Doing the same for web browsers would be a problem (as the browser wouldn't see the remote certificates, wouldn't show you the "encryption" icon, etc.)
But yes, it's possible that avast! will implement a browser plugin for specific browser(s?) in the future which would be able to extract the already-decrypted data from the browser and scan them, before the browser really uses them. No promises though :)
Oh yes, that would be great.Hope we can see this feature in "avast! 7".
Many thanks for your reply igor, also for throughing light on this
Regards
Ashish
-
I got one more reply today from eset. Just wanted to share with you all