Good enough
32 bits keep honest hackers honest.
Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted …
The original forum post was on Nov 1st, and the fix was on Dec 28th.
Hello, El Reg, timely articles are good! It doesn't make sense to post an article about news that's two months old, about a problem that's been fixed.
(Personally, I disabled the Kaspersky certificate replacement "feature," because replacing the certificate means that the browser can't check if the original certificate changes.)
I've managed nearly a dozen AV tools over the last 19 years. they all change nearly completely every 5 to 10. Some that were great at one time became system hogs, others just missed to many things and then the worse were false positives that brought a company to a stop for a day or so.
So pick your poison. Today I'll stick with Kaspersky, in 5 years who knows.
Try the free version of some, or just move to a live CD as an OS and reboot before you make a purchases. but that's a PITA.
Wish for the old days of simple viruses, when Panda and AVG were the top performers.
Avast had a security problem with their SafeZone browser last year too. Comodo’s Chromodo also had a security issue. I personally trust the dedicated makers of browsers over the products supplied by AV vendors. I use Avast on the PCs I look after but use a custom install to exclude SafeZone.
"I personally trust the dedicated makers of browsers over the products supplied by AV vendors"
Yes but they still screw up. I had an issue with Vivaldi which was bouncing a perfectly good certificate which was fine by every other browser I could lay my hands on. The suddenly within a day it started accepting it again.
What really annoys me is when browsers block rather than warn about certificates, If I wish to take a risk of browsing my own website with my own certificate - that is my business. Especially if it is a place Let's Encrypt can't go.