AV/VPN traffic inspection

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Locked
argentwolf
Level 4
Level 4
Posts: 344
Joined: Wed Aug 22, 2018 5:24 am
Location: Holly Springs, NC

AV/VPN traffic inspection

Post by argentwolf »

I'm curious if we even now fully appreciate that we've voluntarily given full permission to the 3rd party anti-virus software(s) running on any endpoint device to freely be a MITM, and collect/inspect/log data of all traffic originating/terminating locally and/or in the cloud (e.g., McAfee's 31TB of 'acquired data'). Another such stratagem are Virtual Private Networks or VPN's.
Today we should innerstand why the 'outfit' needs to continually motivate user(s) to deploy such means on every device and why the continued "fear of attack" is necessary [we all know ransomware doesn't attack, but was launched], to keep that sneaky AV bulwark deployed on every device across the planet which potentially touches the public interweb (i.e., DARPA's surveillance and collection platform), obviously OS telemetry data simply isn't complete.​ We also know that if a product or service is free, we are the product. Huh?
I continue to witness users advantaging Linux w/o AV only to deploy a 3rd party VPN on their home machine for "added privacy and security". Seriously? The cognitive dissidence has become compromisingly epidemic. I'm sure I'm not alone, but I've had several clients who've had more than 1 VPN running on their machine at the same time. Guess the overwhelming fearmongering is working...and someone besides me is making a lot of $$'s.

"Exclusive: John McAfee’s ultimate hack"
https://siliconangle.com/2014/03/11/joh ... mate-hack/
Last edited by LockBot on Thu Dec 21, 2023 10:50 pm, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Vanguard debian, because nothing's worse than doing nothing whimsically.
LMDE 6 | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931GiB SSD | 298 GiB HD
LMDE 6| 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465 GiB SSD
Hoser Rob
Level 20
Level 20
Posts: 11776
Joined: Sat Dec 15, 2012 8:57 am

Re: AV/VPN traffic inspection

Post by Hoser Rob »

argentwolf wrote: Tue Nov 21, 2023 4:45 pm ... The cognitive dissidence has become compromisingly epidemic. ...]
That's cognitive dissonance, not dissidence.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
Hoser Rob
Level 20
Level 20
Posts: 11776
Joined: Sat Dec 15, 2012 8:57 am

Re: AV/VPN traffic inspection

Post by Hoser Rob »

Most VPN users I know of just use them to be able to stream content that's not normally available in their region. They don't care about privacy that much. There's little incentive to cater to the tinfoil hat brigade anyway, there just aren't enough of them.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
t42
Level 11
Level 11
Posts: 3859
Joined: Mon Jan 20, 2014 6:48 pm

Re: AV/VPN traffic inspection

Post by t42 »

-=t42=-
Hoser Rob
Level 20
Level 20
Posts: 11776
Joined: Sat Dec 15, 2012 8:57 am

Re: AV/VPN traffic inspection

Post by Hoser Rob »

t42 wrote: Tue Nov 21, 2023 6:50 pm cognitive dissidence
In the context above it's still cognitive dissonance.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
argentwolf
Level 4
Level 4
Posts: 344
Joined: Wed Aug 22, 2018 5:24 am
Location: Holly Springs, NC

Re: AV/VPN traffic inspection

Post by argentwolf »

Below is the context I intended, but isn't the disconnect simply more salt in the wound if cognitive dissidence and cognitive dissonance are both accurate? Witnessing such subjective mental gymnastics about risk and a lack of vigilance is the focus I meant to highlight. :wink: :wink: :wink:

“This cognitive dissidence causes people to create conspiracy theories, like the ones above, to change facts to match their beliefs, rather than changing their beliefs to match facts.”
— Bo Bennett
Vanguard debian, because nothing's worse than doing nothing whimsically.
LMDE 6 | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931GiB SSD | 298 GiB HD
LMDE 6| 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465 GiB SSD
argentwolf
Level 4
Level 4
Posts: 344
Joined: Wed Aug 22, 2018 5:24 am
Location: Holly Springs, NC

Re: AV/VPN traffic inspection

Post by argentwolf »

Below another recent article assuming of baffling level of illiterate and an attempt to leverage a lack serious contemplation. "Cloud security" in the least is oxymoronic, but 'they' sell it and users buy it, I guess because it contains all the notable keywords. Amazing profitable products are the masses! :? :? :?

"What Is Cloud Security? Everything You Need to Know"
https://www.esecurityplanet.com/cloud/w ... -security/
Vanguard debian, because nothing's worse than doing nothing whimsically.
LMDE 6 | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931GiB SSD | 298 GiB HD
LMDE 6| 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465 GiB SSD
billyswong
Level 8
Level 8
Posts: 2485
Joined: Wed Aug 14, 2019 1:02 am

Re: AV/VPN traffic inspection

Post by billyswong »

Before browsers implement DNS over HTTPS, more often than not using VPN is the easiest fix to mitigate DNS hijacking https://en.wikipedia.org/wiki/DNS_hijacking

For some reason I haven't figured out, the DNS record for Google font got spoofed once in a while in my home internet connection, and some websites got stalled by it. So now I turned on DNS over HTTPS in Firefox.
t42
Level 11
Level 11
Posts: 3859
Joined: Mon Jan 20, 2014 6:48 pm

Re: AV/VPN traffic inspection

Post by t42 »

billyswong wrote: Thu Nov 30, 2023 8:42 am I turned on DNS over HTTPS in Firefox
It works but note that DoH is opportunistic. But why be limited to the browser, - it's easy to setup DoT on system level: Setting up DNS over TLS using Stubby and DNSMASQ.
-=t42=-
billyswong
Level 8
Level 8
Posts: 2485
Joined: Wed Aug 14, 2019 1:02 am

Re: AV/VPN traffic inspection

Post by billyswong »

t42 wrote: Thu Nov 30, 2023 9:52 am It works but note that DoH is opportunistic. But why be limited to the browser, - it's easy to setup DoT on system level: Setting up DNS over TLS using Stubby and DNSMASQ.
DoT on system level may get conflict if I VPN to company intranet. So I don't bother managing all that annoyance / exceptions. Turning on DoH in Firefox is easy, with "manage exception" button right on my finger tip.

p.s. Also look at how lengthy is your tutorial. Whereas I just need Firefox > Settings > Privacy & Security > DNS over HTTPS > Increased Protection here. One-liner and cross-platform.

p.s.2. If one choose "Max Protection" in Firefox DoH will *not* be opportunistic.
t42
Level 11
Level 11
Posts: 3859
Joined: Mon Jan 20, 2014 6:48 pm

Re: AV/VPN traffic inspection

Post by t42 »

billyswong wrote: Thu Nov 30, 2023 10:03 am DoT on system level may get conflict if I VPN to company intranet. So I don't bother managing all that annoyance / exceptions. Turning on DoH in Firefox is easy, with "manage exception" button right on my finger tip.
You are right, DoH in Firefox and Chrome is simple to switch on, so everyone can benefit from it. But to set some obscure DNS server in Firefox custom option is complicated, requires manipulations of about:config and may not succeed.
As for company VPN, I'm not sure about conflict, it depends. When I'm switching on VPN, DNS is immediately changed from DoT privacy server to VPN accompanying DNS server. Company's VPN should do the same, but surprises happen.
-=t42=-
billyswong
Level 8
Level 8
Posts: 2485
Joined: Wed Aug 14, 2019 1:02 am

Re: AV/VPN traffic inspection

Post by billyswong »

t42 wrote: Thu Nov 30, 2023 1:17 pm You are right, DoH in Firefox and Chrome is simple to switch on, so everyone can benefit from it. But to set some obscure DNS server in Firefox custom option is complicated, requires manipulations of about:config and may not succeed.
As for company VPN, I'm not sure about conflict, it depends. When I'm switching on VPN, DNS is immediately changed from DoT privacy server to VPN accompanying DNS server. Company's VPN should do the same, but surprises happen.
I have written the exact steps above so no obscure about:config required for DoH in Firefox.

When one VPN into company intranet, that internal DNS can't get a TLS certificate signed by authorities outside such as Let's Encrypt as that internal DNS is not public to the internet but using a intranet IP. So setting DoT for such will require more effort. Commercial VPNs for profit don't have such issue.
t42
Level 11
Level 11
Posts: 3859
Joined: Mon Jan 20, 2014 6:48 pm

Re: AV/VPN traffic inspection

Post by t42 »

billyswong wrote: Thu Nov 30, 2023 1:49 pm I have written the exact steps above so no obscure about:config required for DoH in Firefox.
If you try to set custom DNS server in the Firefox you will change your opinion. Cloudflare and NextDNS are easy but try third option to set obscure but really privacy oriented DNS server, for example
Screenshot from 2023-11-30 19-06-46.png
-=t42=-
User avatar
diyliberty
Level 3
Level 3
Posts: 175
Joined: Sat Feb 19, 2022 11:40 am

Re: AV/VPN traffic inspection

Post by diyliberty »

I had to read the OP twice. Is it saying don't use antivirus and don't use a VPN?
User avatar
jackkileen
Level 4
Level 4
Posts: 384
Joined: Mon Feb 04, 2019 7:58 pm
Location: Rocky Mtn High; FL Gulf

Re: AV/VPN traffic inspection

Post by jackkileen »

billyswong wrote: Thu Nov 30, 2023 10:03 am DoT on system level may get conflict if I VPN to company intranet. So I don't bother managing all that annoyance / exceptions. Turning on DoH in Firefox is easy, with "manage exception" button right on my finger tip.
p.s. Also look at how lengthy is your tutorial. Whereas I just need Firefox > Settings > Privacy & Security > DNS over HTTPS > Increased Protection here. One-liner and cross-platform.
p.s.2. If one choose "Max Protection" in Firefox DoH will *not* be opportunistic.
I don't trust any browsers to be "safe" for me and prefer to "mask" my system before I access/use them.
MINT: 21.3 Cinnamon 6.0.4_Kernel:6.5.0-35-generic - AMD Ryzen 9 5950X 16-Core Processor × 16
MX LINUX: KDE Plasma Version: 5.27.5_Kernel Version 6.1.0-17-amd64 (64-bit): X11
mediclaser
Level 4
Level 4
Posts: 494
Joined: Tue Mar 20, 2018 2:28 pm

Re: AV/VPN traffic inspection

Post by mediclaser »

jackkileen wrote: Thu Dec 14, 2023 7:24 pm
billyswong wrote: Thu Nov 30, 2023 10:03 am DoT on system level may get conflict if I VPN to company intranet. So I don't bother managing all that annoyance / exceptions. Turning on DoH in Firefox is easy, with "manage exception" button right on my finger tip.
p.s. Also look at how lengthy is your tutorial. Whereas I just need Firefox > Settings > Privacy & Security > DNS over HTTPS > Increased Protection here. One-liner and cross-platform.
p.s.2. If one choose "Max Protection" in Firefox DoH will *not* be opportunistic.
I don't trust any browsers to be "safe" for me and prefer to "mask" my system before I access/use them.
What exactly do you mean by "masking" your system?
If you're looking for a greener Linux pasture, you won't find any that is greener than Linux Mint. ;)
User avatar
jackkileen
Level 4
Level 4
Posts: 384
Joined: Mon Feb 04, 2019 7:58 pm
Location: Rocky Mtn High; FL Gulf

Re: AV/VPN traffic inspection

Post by jackkileen »

mediclaser wrote: Mon Dec 18, 2023 9:36 pm What exactly do you mean by "masking" your system?
VPN is in place/running before I open up any browsers (don't use browser extensions for VPNs or built in VPNs), use DNS over TLS using Stubby, have IPv6 disabled in Network Settings for all connections (wired and wifi), and monitor/control applications requests and outbound traffic with OpenSnitch.
MINT: 21.3 Cinnamon 6.0.4_Kernel:6.5.0-35-generic - AMD Ryzen 9 5950X 16-Core Processor × 16
MX LINUX: KDE Plasma Version: 5.27.5_Kernel Version 6.1.0-17-amd64 (64-bit): X11
Locked

Return to “Open Chat”