Mozilla enables unsafe encryption algorithm again to resolve issues with antivirus software

vbimport

#1

We’ve just posted the following news: Mozilla enables unsafe encryption algorithm again to resolve issues with antivirus software[newsimage]http://static.myce.com//images_posts/2011/11/FirefoxLogo1.jpg[/newsimage]

A new version of Mozilla’s Firefox browser solves an issue that made the antivirus software of G Data crash. A component of the antivirus software that should protect users against malware during internet banking didn’t work as intended with Firefox 43.0.3.

            Read the full article here: [http://www.myce.com/news/mozilla-enables-unsafe-encryption-algorithm-again-to-resolve-issues-with-antivirus-software-78323/](http://www.myce.com/news/mozilla-enables-unsafe-encryption-algorithm-again-to-resolve-issues-with-antivirus-software-78323/)

            Please note that the reactions from the complete site will be synched below.

#2

Got FF 43.0.3 and have MSE installed and haven’t noticed any problems that is described here?? Go figure…oh yeah I do have my own custom PC hosts edit so that also blocks adware and pops and redirects to prevent further MSE detection problems. In this day and age you need to have a trusted Savvy PC user to help fix problems as a safe measure.


#3

Yep, no issues either, MSE apparently has no issues with that certificate frenzy and I don’t poke around with the hosts file :flower:


#4

So the security of G Data users comes at the expense of everyone else? Seems fair. /s

There are multiple ways Mozilla could have handled this better.
[ol][li]Hardball. Tell the users to use another browser until the AV company fixes their shit.
[/li][li]Leave SHA-1 in, but disable it. Throw up an error message each time a SHA-1 certificate is encountered, explaining the likely cause and how to re-enable them.
[/li][li]Check for the AV program during startup and disable SHA-1 if it isn’t found.[/ol]
[/li]
I think number two would be the best for everyone. AV programs probably aren’t the only things using SHA-1 for certs. Annoying error messages will let us know what else needs to be fixed (and let us make temporary exceptions in the meantime).


#5

I can confirm, no issues here as far as I can see (then again, FF is not alone in the game, but nothing and I am up to date - the few times I use the very engine and frontend together :slight_smile:
Split horizon is a clue here… I know it is from the infrastructure world, but I think it is for the better for all, but the malware coders :flower: