Avast is actually listed among potential threats too
http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf
I wonder what Avast response will be to this research?
Avast is actually listed among potential threats too
http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf
I wonder what Avast response will be to this research?
I wonder what the date of this pdf reference you give is, this subject has previously been discussed in the avast forums.
As far as I’m aware (from previous topics) it is no longer the case.
EDIT: Typo
The pdf date is Feb 2016. Have seen so much debate on MITM I’m not sure what to believe now. Would love to see a response from Avast about this study.
I think not having an AV-solution is a far bigger potential risk, maybe your browser won’t last uncompromised longer than 20 minutes or so.
So what alternative do you have? Moreover with uBlock Origin and uMatrix in the browser I do not feel afraid,
polonus
That certainly older than the topics that were discussed, I don’t have a link but the outcome as I remember it is no longer an issue.
Hi,
we quite like the research because it shows that what we do in HTTPS scanner is pretty good job. However, it is somewhat older - we have added a bunch of improvements (including the mentioned CRL/OSCP/OSCP Stapling checks) since Avast 2015, and possibly others AV vendors also have.
We contacted all affected companies except Avast (as its lack of revocation checking is not serious enough)
Lukas.