Is it possible for avast! to scan SSL traffic?

Hi I want your opinion on this…

I want that avast would install a certificate for the browser so that it could scan SSL traffic also which now it can’t. I saw this is done by eset,Bitdefender,Kaspersky to scan secure traffic and every SSL connection is shown verified by the AV, one using.( I mean like browser would say for gmail that connected to gmail.com verified by Kaspersky Lab/Eset spol s.r.o/Bitdefender) Also see screenshot.

I want every Secure website the browser would say connected to facebook.com verified by AVAST Software a.s
How is the suggestion?

In this way we will have SSl connection as well as avast protection also…

If i am wrong please correct me…

Ok, I correct you. :wink:
No secure connection can be scanned, otherwise it wouldn’t be a secure connection.

Also see screenshot.
The screenshot only show that Bitdefender is verifieing that you are connected using SSL...it is not scanning it

as Asyn say, if it did it would not be secure

Can someone explain me the screenshot then… …?

I don’t use bit defender otherwise I have posted its log also that it scans SSL traffic also…
Same for Kaspersky Also…It also has the option. If does not scan then I don’t understand that why they have given the option

Does ESET Smart Security scan SSL (Secure Sockets Layer) traffic?

By default, ESET Smart Security checks the POP3 protocol on TCP port 110 and the HTTP protocol on TCP ports 80, 8080 and 3128 for threats to your system.

Since all SSL communications are encrypted it is not possible for ESET Smart Security to scan them, even if the TCP port is listed above and has been manually entered.

ESET Smart Security is unable to check encrypted traffic (SSL, HTTPS, S/POP3, SSH and so forth). After encrypted traffic has been decrypted, it will be checked for threats by the antivirus components of NOD32. If you are not using a standard port for email, it is scanned by the antivirus component as soon as the mail touches the system, which will protect you from any threats.

I am confused. I just posted a HTTPS scanned page

What about this screenshot…?

The above posted is from ESET FAQ…

so why dont you send them a mail and ask how it works ? and tell us what they say

i already did…

Looks like they are playing fast and loose with the actual facts, they aren’t actually decrypting and scanning the ‘content’ of http traffic; that would require huge processing power and your browsing in https sites would grind to a halt. Seems nothing more than marketing hype.

So what it is showing in the image scan stats is somewhat misleading, whilst may be possible to scan that raw encrypted https traffic coming ‘in to’ your system; it is going to achieve very little as it is encrypted. Until that https traffic is decrypted in your system could any meaningful scan be done.

Looks like the Bit Defender writeups say they have developed Browser Plugins that allow them to scan the decrypted (by the browser) https data streams as the page is being assembled, but ???. Remember that a web page is actually a mosaic of html data assembled into a web page, and in the case of an https page the data must be decrypted first to form the viewable page.
Don’t know what the others do, but building a proxy that replicates the browser security functions on port 443 using something like openSSL for all the browsers seems much more cumbersome.
Maybe Avast! will have a comment?

I think this might help you people…

First one without installing Bitdefender traffic light

Second one after installing traffic light

Note: I have opened the same page

Also this,…
This is not only with Bitdefender its also with Kaspersky and ESET

A bit confusing… What could be the purpose of doing this and stating that it can scan SSL connection in all the three AV.

Marketing hype to sell products.

It isn’t actually scanning just confirming that your connection is HTTPS with a valid certificate, something that you can have your browser do if you change the settings.

Thanks David. You’re fully right. I hate hyping when the user is just fool with bla-bla-bla and promises.
BitDefender is on my blacklist in this point.

Just to set this clear.
Any connection can be scanned, but to scan a secure connection makes no sense at all. :wink:

I always thought Avast scanned SSL email. Guess I am wrong.

With phoney SSL certificates around, I think it would be a good idea. There are also phoney digital signatures on some programs.

avast scans your mails.
Don’t worry. ;D

http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458

maybe someone from avast should come in here and explain this SSL thing or this thread may be very very long ;D