Net Defender

Options

In light of the recent light being shed on the Superfish vulnerability and the use of Komodia for intercepting ssl certifficates to analyze ssl traffic I have a question.


How is BitDefender implementing the Net Defender interception and generation (issuing) of ssl certificates for the sites visited via ssl?


How can it be turned off and the certificate removed?


Is the private key that is used to generate the certificates residing on my local machine?


Is the private key unique to each machine or is it the same key across all machines?


On a side note, how does NetDefender handle the verification of revoked certificates?


How do I know that NetDefender is adequately verifying the validity of a certificate it receives?

Comments

  • In light of the recent light being shed on the Superfish vulnerability and the use of Komodia for intercepting ssl certifficates to analyze ssl traffic I have a question.


    How is BitDefender implementing the Net Defender interception and generation (issuing) of ssl certificates for the sites visited via ssl?


    How can it be turned off and the certificate removed?


    Is the private key that is used to generate the certificates residing on my local machine?


    Is the private key unique to each machine or is it the same key across all machines?


    On a side note, how does NetDefender handle the verification of revoked certificates?


    How do I know that NetDefender is adequately verifying the validity of a certificate it receives?


    You can disable BitDefender's SSL MITM by disabling "Scan SSL" under web protection settings. I would recommend doing so. Even if it's not as stupidly implemented as Komodia, it's vulnerable to various SSL downgrade attacks and disables browser security settings like HSTS and certificate pinning. After 5 months, BitDefender is still vulnerable to Poodle (https://www.poodletest.com/), and it's also vulnerable to the newly discovered Freak attack (https://freakattack.com/clienttest.html). Meanwhile Chrome without bitdefender had patches in place almost immediately.

  • Nesivos
    Options
    In light of the recent light being shed on the Superfish vulnerability and the use of Komodia for intercepting ssl certifficates to analyze ssl traffic I have a question.


    How is BitDefender implementing the Net Defender interception and generation (issuing) of ssl certificates for the sites visited via ssl?


    How can it be turned off and the certificate removed?


    Is the private key that is used to generate the certificates residing on my local machine?


    Is the private key unique to each machine or is it the same key across all machines?


    On a side note, how does NetDefender handle the verification of revoked certificates?


    How do I know that NetDefender is adequately verifying the validity of a certificate it receives?


    To my knowledge NetDefender is an open source presonal Firewall released under a Microsoft Permissive License and maintained by Codeplex an open source project. If you have any questions regarding the compatiblity of NetDefender and any Bitdender products I suggest you contact Codeplex and/or Bitdefender though a support ticket.

  • Nesivos
    Nesivos
    edited March 2015
    Options
    You can disable BitDefender's SSL MITM by disabling "Scan SSL" under web protection settings. I would recommend doing so. Even if it's not as stupidly implemented as Komodia, it's vulnerable to various SSL downgrade attacks and disables browser security settings like HSTS and certificate pinning. After 5 months, BitDefender is still vulnerable to Poodle (https://www.poodletest.com/), and it's also vulnerable to the newly discovered Freak attack (https://freakattack.com/clienttest.html). Meanwhile Chrome without bitdefender had patches in place almost immediately.


    Their is a patch for the Mac OS but not for Android Tracking the FREAK Attack

  • Their is a patch for the Mac OS but not for Android Tracking the FREAK Attack


    If you use BitDefender Internet Security, under the default settings, BitDefender intercepts all your SSL calls. This means that OS/browser patches don't matter. Chrome is already patched against both Poodle and Freak, but since BitDefender is MITMing the connections, BitDefender reintroduces the vulnerabilities.


    Given the age of Poodle, and that BitDefender is ostensibly a security product, this is kind of ridiculous.