Security researchers to AV vendors: “Stop intercepting HTTPS traffic”


#1

We’ve just posted the following news: Security researchers to AV vendors: “Stop intercepting HTTPS traffic”[newsimage]http://www.myce.com/wp-content/images_posts/2017/02/myce-antivirus-https-connections-95x75.gif[/newsimage]

Google, Mozilla, Cloudflare and researchers from two Universities have criticised the interception of HTTPS traffic by antivirus software. According to the researchers and companies this has far-reaching consequences for the safety of users and their internet connection.

            Read the full article here: [http://www.myce.com/news/security-researchers-av-vendors-stop-intercepting-https-traffic-81436/](http://www.myce.com/news/security-researchers-av-vendors-stop-intercepting-https-traffic-81436/)

            Please note that the reactions from the complete site will be synched below.

#2

[QUOTE=DoMiN8ToR;2788179]We’ve just posted the following news: Security researchers to AV vendors: “Stop intercepting HTTPS traffic”[newsimage]http://www.myce.com/wp-content/images_posts/2017/02/myce-antivirus-https-connections-95x75.gif[/newsimage]

            Read the full article here: http://www.myce.com/news/security-researchers-av-vendors-stop-intercepting-https-traffic-81436/

            Please note that the reactions from the complete site will be synched below.[/QUOTE]

Even worse, the virus scanners introduce all kinds of new vulnerabilities, according to a report released by the researchers and companies.
Really is that the best they can do??

For the report, the researchers analyzed 8 billion secured connections to the Firefox update servers, to several popular e-commerce websites and to Cloudflare’s content distribution network.
I notice no lags or lost connections or lost funds-this is a scare tactics to let them use their malware stealth installs on unsuspecting users to do data mining.

Thy hope that security vendors will start using alternatives to HTTPS interception as, “interception products drastically reduce connection security.”
They need to stop drinking the koolaid here…A/V is here to stay. :stuck_out_tongue:


#3

The AV vendors doing this truly should be ashamed of themselves. No one liked it when SuperFish weakened HTTPS, so why should AV programs do just that? It makes no sense for security supplement software to do something that has been known to degrade security.

@CoolColors: They aren’t asking AV vendors to stop making AV software. Rather, they’re asking AV vendors to stop interfering with HTTPS.


#4

[QUOTE=TSJnachos117;2788534]The AV vendors doing this truly should be ashamed of themselves. No one liked it when SuperFish weakened HTTPS, so why should AV programs do just that? It makes no sense for security supplement software to do something that has been known to degrade security.

@CoolColors: They aren’t asking AV vendors to stop making AV software. Rather, they’re asking AV vendors to stop interfering with HTTPS.[/QUOTE]
https has been fooled before so they have reason to protect their investments.


#5

Investments be darned, sure HTTPS has been fooled many times, but that’s no reason to weaken it. Of course, I’m never going to be much of a business manager, so I guess I’m not the best person to comment on protecting one’s investments, but honestly, I really don’t care.


#6

[QUOTE=coolcolors;2788536]https has been fooled before so they have reason to protect their investments.[/QUOTE]

Oh, so that makes it ok for any application to lower https security then? :disagree:

Fact is we don’t really need AV anymore unless we handle old software. How many virus infections have we seen lately? What we see is ransomware and other types of malware.

In other words, what we need is a more thorough approach including sandboxed environments, default outbound block in our firewall, mitigation to make sure no ransomwares can encrypt umpteen thousand files in our computers without being stopped and protect against process hollowing/hooking to make a mention of a few counter measures.

What we don’t need is security applications (any other application for that matter) that lowers our security and so the article is valid with no koolaid added.