Author Topic: Security software: possible issues with scanning of secure web pages  (Read 2344 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Says the Daily Mail (UK) newspaper: -
Quote
Normally, browsers check the certificate delivered by a website and verify it has been issued by a proper entity, called a Certification Authority (CA). Security products make the computer 'think' they are themselves a fully entitled CA, thus allowing them to fool browsers into trusting any certificate issued.

Please read this: -
http://www.dailymail.co.uk/sciencetech/article-3574724/Is-antivirus-software-putting-risk-Programs-offer-lower-levels-security-browsers.html

I believe that Avast scans secure pages and checks security certificates but does it actually do what is alleged by the Daily Mail newspaper?

If what is alleged about Avast software is correct, which Avast software is affected?  Is Avast Free affected, for example?
« Last Edit: May 05, 2016, 06:25:22 PM by hake »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
The news media are generally months behind as far as technical security stuff.

This may have been the case at one time but this article is virtually ancient history. Just look at the program versions image in the post for avast 2015 versions of avast 10.2.2218 & 10.3.2225.

The same appears to be true of other AV versions 2015 or even some 2014.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
It's also the reason why it's important to update the program not just the VPS database. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

REDACTED

  • Guest
All I did was to submit the report to the attention of the forum.  It is a very plausible scenario and any such report should be given some credence.  It would not surprise me that it is not a problem with Avast but until I see justified statements to that effect, I am not going to be complacent.  I note that Agnitum Outpost Security Suite and Panda Security are not said to be a problem.  This does not surprise me since neither checks on security certificates.  I know that Avast Free does and so I seek authoritative reassurance that Avast, especially Avast Free AV, is not afflicted with the problem.

My understanding is that the issue is that some security products make themselves proxies for https certification when that apparently should be the responsibility of the browser.  I note that on my Windows 7 system on which Avast Free 11.2.2262 is installed, the browsers (Google Chrome and Mozilla Firefox) do attribute the certificates to authorities that are not Avast so I guess that Avast is not culpable.  It would be a relief to me to be sure that this is so since I have installed Avast Free as the malware protection of preference on a number of Windows computers used by friends and relatives.  They do online transactions so the matter is of direct concern to me.

I am by no means knowledgeable on the subject of web security but am aware of its vital importance.