Wednesday, 27 May 2015

Avast: Virus Scanner To Scan HTTPS Traffic

As more Internet traffic over SSL is encrypted, it is important that virus scanners can inspect HTTPS traffic, even though they have here a "man-in-the-Middle" with self-signed certificates to perform. That leaves anti-virus company Avast know, the free virus scanner is one of the most widely used anti-virus programs in the world.

An SSL certificate is used to encrypt traffic between websites and visitors. Traffic is theoretically no longer available by third parties. To still analyze whether the traffic is free of malware or other malicious code, Avast installs on computers a self signed certificate that is accepted by the browser. Normally give self-signed certificates in the browser a warning, because the publisher is not trusted. To solve this Avast adds itself as a certificate authority to the browser so that certificate or trust.

Once the browser a SSL connection setup the virus will own this certificate to use that now causes no warning. This way you will find there is actually a man-in-the-Middle (MITM) attack place. According to Avast this is necessary to scan the traffic.There is also a difference with traditional MITM attacks, said the virus fighter. "The" man in the middle "that we use is on the same computer as the browser and uses the same Internet connection."

Avast also announced that it generates a different private key for each certificate. A user would with its own installation therefore can not intercept traffic from other Avast users. Yet recently proposed a security researcher that the process of virus scanners, including those from Avast, safety HTTPS undermine.

No comments:

Post a Comment