Avast Anti-Virus for Mac Uses “Man in the Middle” Scheme to “Protect” You (opens in new tab)

(itnerd.wordpress.com)

2 pointslsmod10y ago5 comments

5 comments

Er... yes. That's how nearly all web security products work. The only way for them to monitor (and filter) HTTPs content is the MITM + fake cert. This is done everywhere: from that websense or bluecoat proxy appliance at the office, to the boxes by someone like a Sandvine doing DPI on telco core networks.

Of course, this is unacceptable - but there are very few alternatives. For the record, we - rawstream - don't do this as its crazy to compromise security like this. So we had to find other means.

justinschuh10y ago

> Of course, this is unacceptable - but there are very few alternatives. For the record, we - rawstream - don't do this as its crazy to compromise security like this. So we had to find other means.

So, then you're using extensions, BHOs, API hooking, or some combination thereof depending on platform?

noir-york10y ago

Yes - any method that allows us access to HTTPs page content without compromising security.

Setting up MITM + certs is a PITA for most admins so we've tried (and I believe succeeded) in making deployment faster/simpler.

noir-york10y ago

I see that you work on Chrome security - you guys do great work! You have to; one helluva of an attack surface + billion deployments.

lsmodOP10y ago

Found this from this[0] post, which contains the second part[1]

[0]https://news.ycombinator.com/item?id=9643857

[1]https://itnerd.wordpress.com/2015/05/21/avast-responds-to-my...

j / k navigate · click thread line to collapse

5 comments

noir-york10y ago

Of course, this is unacceptable - but there are very few alternatives. For the record, we - rawstream - don't do this as its crazy to compromise security like this. So we had to find other means.

justinschuh10y ago

> Of course, this is unacceptable - but there are very few alternatives. For the record, we - rawstream - don't do this as its crazy to compromise security like this. So we had to find other means.

So, then you're using extensions, BHOs, API hooking, or some combination thereof depending on platform?

noir-york10y ago

Yes - any method that allows us access to HTTPs page content without compromising security.

Setting up MITM + certs is a PITA for most admins so we've tried (and I believe succeeded) in making deployment faster/simpler.

noir-york10y ago

I see that you work on Chrome security - you guys do great work! You have to; one helluva of an attack surface + billion deployments.

lsmodOP10y ago

Found this from this[0] post, which contains the second part[1]

[0]https://news.ycombinator.com/item?id=9643857

[1]https://itnerd.wordpress.com/2015/05/21/avast-responds-to-my...

j / k navigate · click thread line to collapse