MobileRead Forums - View Single Post - Problem with Calibre security certificate

GeorgePP · 04-03-2016, 08:52 PM

Thank you for the interesting comments. For the sake of brevity I did not post everything from Kaspersky. Some of the issues raised may be explained by the further details below. While I am no expert my understanding is that basically letting Kaspersky scan encrypted connections does entail trading privacy for extra security.

In fairness to Kaspersky here are the further details. Under “Encrypted Connections scanning” is a link “websites” with a list pf perhaps 100+ sites and the warning “..may be inaccessible when scanning of encrypted connections is enabled” . Curiously many Kaspersky links including Kaspersky.com are listed.

On option 2, “Scan encrypted connections upon request from protection components”, the full explanation is :
” Kaspersky Internet Security uses the installed Kaspersky Lab certificate to verify the security of SSL connections only if this is required by the Web Anti-Virus, Parental Control, Kaspersky URL Advisor, and Safe Money protection components. If the Parental Control, Kaspersky URL Advisor, and Safe Money protection components are disabled, Kaspersky Internet Security does not verify the security of SSL connections. This option is selected by default.”

The comments on option 3 “Always scan encrypted connections” are helpful regarding how installing the Kaspersky Certificate helps (taken on trust of the statement as the mysteries of certificates are beyond me):
“If this option is selected, Kaspersky Internet Security always uses the installed Kaspersky Lab certificate to ensure that connections are secure.
Use of the Secure Sockets Layer (SSL) protocol for connections allows safely exchanging data on the Internet. The SSL protocol makes it possible to identify the parties exchanging data using electronic certificates, encrypt data during transfer, and ensure the integrity of data during transfer.
If Kaspersky Internet Security detects an invalid certificate when connecting to a server (for example, when the certificate has been replaced by someone with malicious intentions), the application displays a notification prompting you to accept or reject the certificate, or else to view information about the certificate. If Kaspersky Internet Security is operating in automatic protection mode, it automatically terminates any connection that uses an invalid certificate, without displaying any notification.”

As I understand it option 2 is a compromise - scanning sites referred as suspicious by the other modules but not all encrypted sites. Since the installation of the Kaspersky Lab certificate the calibre certificate is accepted as safe.

04-03-2016, 08:52 PM	#12
GeorgePP Junior Member Posts: 5 Karma: 10 Join Date: May 2012 Device: Kindle + Aldi	Thank you for the interesting comments. For the sake of brevity I did not post everything from Kaspersky. Some of the issues raised may be explained by the further details below. While I am no expert my understanding is that basically letting Kaspersky scan encrypted connections does entail trading privacy for extra security. In fairness to Kaspersky here are the further details. Under “Encrypted Connections scanning” is a link “websites” with a list pf perhaps 100+ sites and the warning “..may be inaccessible when scanning of encrypted connections is enabled” . Curiously many Kaspersky links including Kaspersky.com are listed. On option 2, “Scan encrypted connections upon request from protection components”, the full explanation is : ” Kaspersky Internet Security uses the installed Kaspersky Lab certificate to verify the security of SSL connections only if this is required by the Web Anti-Virus, Parental Control, Kaspersky URL Advisor, and Safe Money protection components. If the Parental Control, Kaspersky URL Advisor, and Safe Money protection components are disabled, Kaspersky Internet Security does not verify the security of SSL connections. This option is selected by default.” The comments on option 3 “Always scan encrypted connections” are helpful regarding how installing the Kaspersky Certificate helps (taken on trust of the statement as the mysteries of certificates are beyond me): “If this option is selected, Kaspersky Internet Security always uses the installed Kaspersky Lab certificate to ensure that connections are secure. Use of the Secure Sockets Layer (SSL) protocol for connections allows safely exchanging data on the Internet. The SSL protocol makes it possible to identify the parties exchanging data using electronic certificates, encrypt data during transfer, and ensure the integrity of data during transfer. If Kaspersky Internet Security detects an invalid certificate when connecting to a server (for example, when the certificate has been replaced by someone with malicious intentions), the application displays a notification prompting you to accept or reject the certificate, or else to view information about the certificate. If Kaspersky Internet Security is operating in automatic protection mode, it automatically terminates any connection that uses an invalid certificate, without displaying any notification.” As I understand it option 2 is a compromise - scanning sites referred as suspicious by the other modules but not all encrypted sites. Since the installation of the Kaspersky Lab certificate the calibre certificate is accepted as safe.