Thread: Sudden problem with opening e-mail with images
View Single Post
Old 06-02-2017, 13:26   #9
Kushan
FORMER Virgin Media Staff
 
Join Date: Dec 2010
Location: Warrington
Posts: 4,737
Kushan has a bronzed appealKushan has a bronzed appeal
Kushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appeal
Re: Sudden problem with opening e-mail with images
Quote:
Originally Posted by SilverLady View Post
Well I got the totally expected unhelpful answer from Kaspersky.

This error message is 'expected behaviour'. A one sentence explaining what the warning meant and told to select disconnect or continue as wished, neither would affect my browsing.

Completely missed the point that this constant appearance of the error message in every e-mail with images, even from frequent trusted senders, had only appeared over the last week or two, since the latest Kaspersky update.

However the problem has suddenly cleared. All images from regular contacts are appearing without the error message box. So holding my breath that this will continue.

Thanks for help from posters here.
I'm glad you got it sorted. There is one thing I want to raise, though:

Quote:
Originally Posted by SilverLady View Post
Thanks Kushan

I went into Kaspersky - additional - network, but when going to check "Do not scan encrypted connections" a warning came up that this would disable Safe Money. I use Safe Money often and would not want to lose it, so didn't go ahead.

Next time the error message comes up on e-mail, I'll try to take a screen shot.

I'm not on Windows 10. I upgraded, but after having 'freezing' problems, I reverted back to 8.1 which I'm happier using.
Kaspersky's model of scanning encrypted connections likely, ultimately, does more harm than good and likely leaves you more vulnerable to attacks than just having the whole system disabled.

Indeed, I was going a quick google to research this before giving you my response and it seems it's worse than I anticipated: https://www.theregister.co.uk/2017/0...tificate_slip/

To simplify what all this is about: When you visit a "secure" website, it uses what's known as an SSL certificate to encrypt it. You get these certificates by going to a registered authority and proving you own the domain. That's what gives you the green padlock - it's telling you that, not only is the connection encrypted, but it's got a certificate from someone you trust.

That "trust" part is very important. If you go to Google.com, Google gives you a certificate that a well-known, well-audited 3rd party has issued them - you trust that this 3rd party has done their due diligence and validated that yes, this is the owner of google.com and they're legitimate. Your Operating System contains a list of known good vendors, so using some clever maths you can validate that the chain of trust is good and thus your encrypted connection is safe from eavesdroppers. Your browser will also do its own checks for known bad ones.

If one of those authorities gets compromised or gets caught issuing certificates to people who don't actually own the domains they're claiming for, that authority can be revoked nearly instantly (and this has happened in the past).

Anyway, it's important to be aware that the only way for Kaspersky to monitor "encrypted" connections is to break that chain of trust. They literally add a new Certificate authority to your OS's whitelist (their own) and issue certificates for every single encrypted site you try to visit. They are literally eavesdropping your connection, doing the very thing that the whole system was designed to prevent - and what's more, they've done it badly.

Now, if anyone breaks Kaspersky's authority certificate (And that article I linked above is basically saying that it was trivial to do), then every single site you visit is compromised. There's no way to revoke it because it's not legitimate in the first place, your OS didn't have it installed - you did that yourself. You're basically screwed.

What's more, I'm not convinced that "safe money" is anything but smoke and mirrors. The correct use of SSL will prevent eavesdroppers. Keeping your browser up to date will prevent attacks. Your bank (if it's like mine) will require a second authentication (usually a phone call or that little calculator looking thing) to send money elsewhere - what exactly is their "safe and secure" environment?

It's entirely your choice what you do, but I strongly advise against using their SSL interception, it's ultimately weakening your security, not strengthening it.
Kushan is offline   Reply With Quote