Is it possible for avast! to scan SSL traffic?

[Ashish Singh]

Hi I want your opinion on this..

I want that avast would install a certificate for the browser so that it could scan SSL traffic also which now it can't. I saw this is done by eset,Bitdefender,Kaspersky to scan secure traffic and every SSL connection is shown verified by the AV, one using.( I mean like browser would say for gmail that connected to gmail.com verified by Kaspersky Lab/Eset spol s.r.o/Bitdefender) Also see screenshot.

I want  every Secure website the browser would say connected to facebook.com verified by AVAST Software a.s
How is the suggestion?

In this way we will have SSl connection as well as avast protection also...

If i am wrong please correct me...

[Asyn]

If i am wrong please correct me...

Ok, I correct you.
No secure connection can be scanned, otherwise it wouldn't be a secure connection.

[Pondus]

Also see screenshot.

The screenshot only show that Bitdefender is verifieing that you are connected using SSL...it is not scanning it

as Asyn say, if it did it would not be secure

[Ashish Singh]

Can someone explain me the screenshot then.. ...?

[Ashish Singh]

I don't use bit defender otherwise I have posted its log also that it scans SSL traffic also...
Same for Kaspersky Also...It also has the option. If does not scan then I don't understand that why they have given the option

[Pondus]

Does ESET Smart Security scan SSL (Secure Sockets Layer) traffic?

By default, ESET Smart Security checks the POP3 protocol on TCP port 110 and the HTTP protocol on TCP ports 80, 8080 and 3128 for threats to your system.

Since all SSL communications are encrypted it is not possible for ESET Smart Security to scan them, even if the TCP port is listed above and has been manually entered.

ESET Smart Security is unable to check encrypted traffic (SSL, HTTPS, S/POP3, SSH and so forth). After encrypted traffic has been decrypted, it will be checked for threats by the antivirus components of NOD32. If you are not using a standard port for email, it is scanned by the antivirus component as soon as the mail touches the system, which will protect you from any threats.

[Ashish Singh]

I am confused. I just posted a  HTTPS scanned page

What about this screenshot........?

[Pondus]

The above posted is from ESET FAQ...

so why dont you send them a mail and ask how it works ?  and tell us what they say

[Ashish Singh]

The above posted is from ESET FAQ...

so why dont you send them a mail and ask how it works ?  and tell us what they say

i already did...

[DavidR]

Looks like they are playing fast and loose with the actual facts, they aren't actually decrypting and scanning the 'content' of http traffic; that would require huge processing power and your browsing in https sites would grind to a halt. Seems nothing more than marketing hype.

So what it is showing in the image scan stats is somewhat misleading, whilst may be possible to scan that raw encrypted https traffic coming 'in to' your system; it is going to achieve very little as it is encrypted. Until that https traffic is decrypted in your system could any meaningful scan be done.

[sded]

Looks like the Bit Defender writeups say they have developed Browser Plugins that allow them to scan the decrypted (by the browser) https data streams as the page is being assembled, but .  Remember that a web page is actually a mosaic of html data assembled into a web page, and in the case of an https page the data must be decrypted first to form the viewable page.
Don't know what the others do, but building a proxy that replicates the browser security functions on port 443 using something like openSSL for all the browsers seems much more cumbersome.
Maybe Avast! will have a comment?

[Ashish Singh]

I think this might help you people....

First one without installing Bitdefender traffic light

Second one after installing traffic light

Note: I have opened the same page

[Ashish Singh]

Also this,......
This is not only with Bitdefender its also with Kaspersky and ESET

A bit confusing... What could be the purpose of doing this and stating that it can scan SSL connection in all the three AV.

[DavidR]

Marketing hype to sell products.

It isn't actually scanning just confirming that your connection is HTTPS with a valid certificate, something that you can have your browser do if you change the settings.

[Lisandro]

Marketing hype to sell products.

Thanks David. You're fully right. I hate hyping when the user is just fool with bla-bla-bla and promises.
BitDefender is on my blacklist in this point.