Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is HTTPS more secure than HTTP if Anti-Virus by default does not scan it?


  • Please log in to reply
3 replies to this topic

#1 midimusicman79

midimusicman79

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:01:08 PM

Posted 08 November 2016 - 10:04 AM

Hi all!

 

I have been reading about the encrypted HTTPS protocol and its associated TCP port 443, and noticed that Anti-Virus by default does not scan it.

 

And therefore, my question is as follows;

 

Is HTTPS more secure than HTTP if Anti-Virus by default does not scan it?

 

Thank you very much in advance!

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:08 AM

Posted 08 November 2016 - 05:04 PM

Malware can be transported over HTTPS

http://blogs.cisco.com/security/malwares-use-of-tls-and-encryption


How Can I Reduce My Risk to Malware?


#3 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:01:08 PM

Posted 09 November 2016 - 09:14 AM

Hi, shelf life!

 

Thank you for the prompt and insightful reply, as well as the heads-up! :)

 

Your link makes for interesting reading! :busy:

 

Indeed, this is an aspect of malware that should not be overlooked, however I suppose generally most, if not all Anti-Virus vendors do already know. :whistle:

 

It is possible to manually check open TCP and UDP ports by running NETSTAT -a from an elevated command prompt (CMD). B)

 

BTW, as for AV/AM/AE/AR, I personally have EAM Pro, SpywareBlaster, WinPatrol PLUS, HitmanPro.Alert with CryptoGuard, MBAM Free, Acronis True Image 2017 and Secunia PSI as my real-time multi-layered software defence security against malware. :thumbsup:

 

Thank you very much for the help! :)

 

Regards,

midimusicman79


Edited by midimusicman79, 10 November 2016 - 07:01 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:08 AM

Posted 09 November 2016 - 05:00 PM

​Your Welcome. I think with some AV you may be able to toggle that feature on/off, scanning HTTPS traffic that is.

 

​check open TCP and UDP ports by running NETSTAT -a

​-a:  Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users