I am using Bitdefender AV 2013 ed and I have noticed that when the Scan SSL is e

Question

I am using Bitdefender AV 2013 ed and I have noticed that when the Scan SSL is enabled in the configuration BD will use a local certificate, as mentioned here. This modifies the cert chain with BD as the trusted root on secured sites, or at least that's what you see. My questions are:

1) What is this kind of technology called?

2) What is actually taking place behind the scenes with cert validation?

3) Is BD masking the actual cert chain or does it actually substitute its own root for the site based on doing its own checks then tells the browser its "trusted"?

4) Is the presenting server involved in this process in any way or is it oblivious to what the client is doing?

Explanation / Answer

Bitdefender is doing here a Man-in-the-Middle attack, except that it is not really an "attack" since you actually consent to it. Bitdefender impersonates you when it talks to the server, and impersonates the server when it talks to your browser. This requires Bitdefender to create on-the-fly a fake certificate for the target server; your browser is fooled by it because Bitdefender added its own CA certificate to the set of roots trusted by your browser. That CA is, really, operated by Bitdefender itself.

All of this occurs locally on your own computer. There are two SSL connections, one between your browser and the local Bitdefender process, and one between Bitdefender and the remove server. Bitdefender forwards data back and forth, and can see it all plainly, which is the point of the exercise.

The remote server is blissfully unaware of these shenanigans.
shareedit

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.