back to article Kaspersky fixing serious certificate slip

Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted …

Silver badge

Good enough

32 bits keep honest hackers honest.

0
0
Anonymous Coward

Re: Good enough

32 bits keep honest hackers honest.

.. and intercept alive ..

2
0
Silver badge

Which is in error, the first or the last line of the story?

The story came out on the 4th and says Kaspersky is going to fix the problem.

But the last line of the story says Kaspersky fixed the problem on December 28th.

Which is it? They can't both be correct.

2
0
Silver badge

Re: Which is in error, the first or the last line of the story?

The original forum post was on Nov 1st, and the fix was on Dec 28th.

Hello, El Reg, timely articles are good! It doesn't make sense to post an article about news that's two months old, about a problem that's been fixed.

(Personally, I disabled the Kaspersky certificate replacement "feature," because replacing the certificate means that the browser can't check if the original certificate changes.)

1
0
Silver badge
Coat

[Sigh...]

You had one job, Kaspersky! One job...

4
0
Anonymous Coward

OK

It's time to renew my AV, who do I choose instead of Kaspersky?

0
0
Silver badge

Re: OK

From personal experience, F-Secure seems fine.

1
0
Anonymous Coward

Re: OK

the question to ask is "How do I pick the AV vendor who isn't about to have the next highly-public problem?"

2
0
Trollface

Re: OK

They all seem fine until they are not. Has anyone actually tested the other offerings? The whole internet security industry is just a herd of mindless cattle following each other when one of the crowd gets spooked.

1
0
Anonymous Coward

Re: OK

I'll just leave this here:

"The F-Secure Policy Manager server app could do with a good comprehensive thrashing by an experienced vuln dev / software security auditor. "

* strolls away whistling innocently

2
0
Anonymous Coward

Re: OK

Buy a mac.

2
3

Re: OK

I've managed nearly a dozen AV tools over the last 19 years. they all change nearly completely every 5 to 10. Some that were great at one time became system hogs, others just missed to many things and then the worse were false positives that brought a company to a stop for a day or so.

So pick your poison. Today I'll stick with Kaspersky, in 5 years who knows.

Try the free version of some, or just move to a live CD as an OS and reboot before you make a purchases. but that's a PITA.

Wish for the old days of simple viruses, when Panda and AVG were the top performers.

1
0

Re: OK

You should take a serious look Malwarebytes 3.0 as they have some really great new things they have added to the latest version.

0
1
Bronze badge

Re: OK

I _really_ don't want any 'great new things' in an AV tool, just stick to the basics and try to keep it lean.

0
0

Re: OK

"Malwarebytes 3.0"

You are joking aren't you? This version is full of horrendous bugs and detection rate from the independent MRG Effitas shows a jaw dropping 70. It's massively worse than just free Windows Defender on its own, nevermind the better paid-for software.

0
0

Browsers vs Antivirus

Avast had a security problem with their SafeZone browser last year too. Comodo’s Chromodo also had a security issue. I personally trust the dedicated makers of browsers over the products supplied by AV vendors. I use Avast on the PCs I look after but use a custom install to exclude SafeZone.

1
0

Re: Browsers vs Antivirus

"I personally trust the dedicated makers of browsers over the products supplied by AV vendors"

Yes but they still screw up. I had an issue with Vivaldi which was bouncing a perfectly good certificate which was fine by every other browser I could lay my hands on. The suddenly within a day it started accepting it again.

What really annoys me is when browsers block rather than warn about certificates, If I wish to take a risk of browsing my own website with my own certificate - that is my business. Especially if it is a place Let's Encrypt can't go.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017