According to a research paper, G DATA solutions access encrypted data traffic in browsers by breaking HTTPS' encryption, which compromises the security of the transmitted data. The authors of the research paper have admitted to accidentally misrepresenting G DATA's solutions in their work.
The often quoted paper titled The Security Impact of HTTPS Interception states that multiple security vendors "break" encrypted data traffic by forwarding it with a weaker sort of encryption. This makes connections susceptible to attacks against security flaws in the encryption (e.g. „POODLE“). Many users were therefore concerned and contacted us for clarification. We immediately got in touch with the research team who published the paper and asked them to provide the data on which their statement is based.
After analyzing the data, it has been established that there was an error in the data processed by the researchers. In fact, none of G DATA's solutions touches HTTPS traffic in any way. We were assured that an updated version of the paper will be made available. We would like to point out that communication with the research team was very good and constructive. Zakir Durumeric, one of the paper's authors, has expressed regret about the error in the study - Nick Sullivan, another author of the study, has also acknowledged the error.
Only unencrypted connection data is checked: IP addresses and domain names. Those are checked against a blacklist of known malicious IP addresses and domains.
A conscious decision against HTTPS checking
Security vendors are facing a dilemma when it comes to checking encrypted traffic. Ideally, any malicious content is intercepted before it can reach a computer. This can best be achieved with a gateway. However, if data is protected by end-to-end encryption, it cannot be scanned anymore. Doing this would require breaking the encryption. For this reason we have made a conscious decision to leave HTTPS traffic untouched.
Since emails are still one of the main ways of distributing malicious software, we only scan secured email connections in our home user solutions. In the home user solutions this can also be deactivated (see screen shot), in which case a malicious file will only be detected once it tries to perform activities on a system.
G DATA's B2B solutions do not monitor secured email traffic at all.
