Many antivirus programs monitor encrypted HTTPS connections, causing security problems. This includes products from Bitdefender, Kaspersky and Avast.
Just
recently, the former Firefox developer Robert O'Callahan warned in a
blog post before antivirus software, which deeply in the systems nestles
and rather damages than protection offers. A researcher has now found that antivirus programs and company proxies
often interrupt TLS encryption, thereby reducing their security when
scanning content from web pages for malicious software.
As
the colleagues of heise.de write in a report, the researchers showed
that 13 out of 29 investigated anti-virus programs in the encrypted TLS
connections. Almost all of them worsened the security of the connection, often even massive security problems could be detected. Avast software, BitDefender, BullGuard, Dr.Web, Eset, G Data and
Kaspersky even allowed direct attacks on the secure connections.
Security
applications for the inspection of TLS connections were similar in the
study - 11 out of 12 products weakened the connection security, partly
because some of them still use the obsolete cryptostandard RC4. In addition, the number of monitored connections was much higher than the researchers expected.
Around eight billion TLS connections with the Firefox update service,
with several popular e-commerce sites and with cloudflare investigated
the researchers.
Antivirus manufacturers must improve
In
their publication the researchers write that the problem is well known
in the security industry, but is largely ignored and underestimated. They also call on the manufacturers of anti-virus software to adapt their security precautions.
No comments:
Post a Comment