Having installed antivirus software both became a blessing and a curse for any computer user. It used to be all beneficial as antimalware software manages to detect suspicious behaviors in Windows before the damage is done. However, this capability of antimalware software has its corresponding limitations like damaging the actual Windows files that prevent the OS from actually booting, yikes.
Now browsers are starting to realize this, other than malware; antimalware products itself are potential intrusive in the performance and security of software, including the web-browsers. Firefox developers are preparing a new security feature that will alert users about man-in-the-middle attacks, yes antimalware do this in the ‘hopes to track down misbehaviors’, but it needs to break the rules first in order to do so. As expected, the innovation will appear in the version of Firefox 66, scheduled for release in mid-March this year. Firefox 66 is currently in Beta version for those brave souls to download today, however.
According to the message on the Mozilla technical support page, in cases when “something in the system or network intercepts the connection and injects certificates that Firefox considers untrusted”, the browser will display an error message (“MOZILLA_PKIX_ERROR_MITM_DETECTED”).
This error can appear in situations when local software is running on the device, for example, antiviruses or tools for web development, replacing the official TLS certificates with their own for scanning HTTPS traffic or analyzing encrypted traffic. For example, most recently, users who have been updated to Firefox 65 have encountered a similar situation – the browser has blocked all websites on computers with Avast or AVG antivirus software installed.
The error can also be issued in cases of infection of the device with malware that installs its own certificates to intercept traffic, or in situations where an Internet provider or attacker on the same network intercepts traffic and replaces certificates.
Initially, the functionality was supposed to appear in the version of Firefox 65, but its implementation was postponed due to technical nuances. Firefox will become the second browser warning users about the threat of a MitM attack. For the first time, this feature appeared in Google Chrome 63, which was released in December 2017, hence it took Mozilla more than a year more to implement such security feature.
The man-in-the-middle or man-in-the-middle (MITM) attack is a generic name for various techniques aimed at gaining access to traffic as an intermediary. The essence of the attack is simple: the offender secretly intercepts traffic from one computer and sends it to the final recipient, having previously read and changed it in his favor. Though antimalware programs do not actually act maliciously, the very essence of becoming a man-in-the-middle itself is already a red flag of misbehavior.