Certificate Scan

Just ran a certificate scan and detected 1 threat. Being Comodo, I guess it’s ok to ignore. Just thought I would check first.

Is anybody else seeing this? Is this normal?

Yes it is normal and expected behavior from any adblockers.
They have to use certificates. Did you remember PrivDog? It is something like that, they have to use this on “HTTPS” sites to block ads on them.
Without this certificate, you cannot block ads on Youtube, Facebook etc.

Lets go to a website with SSL Security (https)… and check the certificate You should see this Comodo Adblocker certificate on them.
Avast also using such tactics to scan malwares on https websites (by default), you can disable https scannin from the settings.
Many AV also using this (Kaspersky, ESET, Adguard too)

I hope I could explain some things.

Yes, I remember PrivDog well. Whatever happened to that product? Should Comodo’s certificate be detected as a threat though? The description (under certificate scan) mentions “scans for untrusted root certificates in the computer”. To me, this sounds like Comodo’s certificate is untrusted.

Lets go to a website with SSL Security (https).. and check the certificate ;) You should see this Comodo Adblocker certificate on them. Avast also using such tactics to scan malwares on https websites (by default), you can disable https scannin from the settings. Many AV also using this (Kaspersky, ESET, Adguard too)

Could you point me in the right direction for viewing this information? For example, https://html5test.com.

I hope I could explain some things. :)

You explain well :-TU. Whether I understand what you are saying is another thing :-[. Thanks.

For example,

Go to https://www.youtube.com/

Here is my screenshot: https://s11.postimg.org/hvpttxfpv/screenshot.png

Please follow the numbers and check your certificate. On youtbe normally, there is a “Google certificate”

With your “Comodo Windows Adblocker” enabled, you should see Comodo’s certificate from your adbocker (which is also detected by CCAV )

That’s for you to decide. I would not allow any such certificate. There are several issues with MitM-software.

One is that the intended end-to-end-encryption is broken, as the software decrypts all data before it reaches the browser, which makes it possible to intercept and modify¹ the content before it gets encrypted again and served to the browser.

Another is that all sites’ certificates get replaced by a locally issued (by the software in your computer) certificate. Expect to see a green security indicator when visiting your bank’s site (or this forum) with an EV-certificate from a trusted CA? Forget that. Instead you will see a DV-certificate issued by some software in your computer.

A third issue is the MitM-software’s TLS-library. How good is it? If it is a third-party library (it typically is), is it fully up to date, or does it have exploitable vulnerabilities? As you remember PrivDog, maybe you also remember that it had a serious issue, that accepted self-signed certificates².

If you want to use an adblocker (or similar software), use a browser extension. They operate in the browser, not before it, which means that the browser’s TLS-library is used to decrypt the encryppted data.

EFF also urged software vendors to stop intercepting encrypted traffic: Dear Software Vendors: Please Stop Trying to Intercept Your Customers’ Encrypted Traffic | Electronic Frontier Foundation
More arguments in this PDF, by Hanno Böck, September 2015: https://www.int21.de/slides/cccamp2015-tls-mitm.pdf

¹ Blocking ads is an example of that, injecting ads is another. What can not be modified, if the MitM-software happens to be a malicious one?
² Software Privdog worse than Superfish - Hanno's blog

Yes, I called this Avast in the middle and Comodo in the middle :-TU

Thanks guys. So you are basically saying that I should uninstall Comodo Ad Blocker (desktop version) and then re-install either Comodo AdBlocker or UAdblocker? Which of these do you feel offers the better security, privacy, etc?

Just out of interest, what would happen if I cleaned “COMODO AdBlocker SSL Filter 2”

Yes, to switch to an extension is my advice, but I really don’t know which one. I have not used an adblocker in a long time now. Since most ads are tracking, Privacy Badger blocks most ads (after some time) for me.

I guess you will be unable to make secure connections if you “clean” the certificate, but keep the software installed and enabled. Not sure, though, as I have experience of that.

Is Adguard Adblocker Desktop better?
Adguard Desktop has an option “dont filter sites with EV certs”.

Not really. While it’s better to not mess with the connection when an EV-certificate is used, the software has no functionality on those sites. In January 2015, less than five percent of all certificates were EV.¹ I don’t see the integrity of the data being of less importance when an OV- or DV-certificate is used.

¹ https://www.netcraft.com/internet-data-mining/ssl-survey/

Ok, got it.

Thankyou for the info.

Hi all!
Is it normal? I want to use Adguard…

Hi.

That is the “normal” (expected) behaviour if the system has an untrusted root certificate installed. In your case Adguard has installed a root certificate in order to be able to decrypt and re-encrypt the encrypted data and from the web before it reaches your browser. That is a bad practise. It breaks the end-to-end encryption (it is a MitM), and Adguard’s TLS-library may have vulnerabilities or other flaws.

My advice is to use the browser extension instead. It processes the data after the browser has decrypted it.

See also Run a Certificate Scan

Ok, I understood.

Thankyou!