Open Bug 1747884 Opened 4 years ago Updated 4 years ago

When using Kaspersky Internet Security Certificate for Windows 10 required when installing Thunderbird

Categories

(Thunderbird :: OS Integration, enhancement)

Product:
Thunderbird
Component:
OS Integration
Version:
Thunderbird 91
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: oz.ricko75, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0

Steps to reproduce:

Installed Thunderbird several months ago...causes Kaspersky Internet Security to report following message ...with every Thunderbird update.
"Secure Traffic in windows operating system is not monitored.
There was an error while configuring windows operating system.
To resume monitoring add the certificate manually. "

Actual results:

As no computer tech called Kaspersky for assistance ..... tech who I spoke to didn't achieve a fix even though I gave him remote access to my laptop.
So then tried Dell Assist as I have a service contract with them ...... same thing after much fiddling around no fix was achieved ..... beg off the task told me to contact Mozilla Thunderbird to report problem with the software.

Expected results:

Installation of Thunderbird with no bugs related monitoring of Win operating system .
Note I am 70 yrs old ...not able to apply suggested fixes as below to Thunderbird...... myself. Too complex for me both tech I contacted couldnt get it right either.
Any chance you guys and girls at Mozilla can work a permanent fix for this issue in a next update.
Copied from Kaspersky Internet Security Website.

Mozilla Firefox and Thunderbird use their own certificate storage. To avoid errors related to the control of encrypted traffic, the Kaspersky application reconfigures Mozilla Firefox and Thunderbird to make them use not theirs storages but the system certificate storage as well. If you disable this option in the application settings, add the Kaspersky root certificate to the Mozilla Firefox and Thunderbird certificate storage manually. Otherwise the applications will be unable to open HTTPS-pages.

How to add the Kaspersky root certificate to the Mozilla Firefox or Thunderbird certificate storage

Open Control Panel. For instructions, see Microsoft Help page. 
Open Internet Options. 
Go to the Content tab and click Certificates.

Opening the system certificate storage

Go to the Trusted Root Certificate Authorities tab, select the Kaspersky root certificate and click Export.

The Trusted Root Certification Authorities tab with the Export button

Finish the export with the help of the Certificate Export Wizard.
    Click Next → Next.
    In the File name field, enter the full path to the folder to which you want to export the certificate. Enter any name for the file with the .cer extension. For example: С:\Users\Administrator\Documents\exported_certificate.cer

    Click Next.

    Exporting the Kaspersky root certificate
    Click Done.
Open Mozilla Firefox.
Click Open menu button in Mozilla Firefox→ Options.

Opening Mozilla Firefox settings

Open Privacy and Security, scroll down and click View Certificates.

Opening the Mozilla Firefox certificate storage

Go to the Authorities tab and click Import.

The Certificate Manager in Mozilla Firefox

Select the certificate you got at step 5.
Select Trust this CA to identify websites and Trust this CA to identify email users. Click OK.

Importing the root certificate to the Mozilla Firefox certificate storage

The Kaspersky root certificate will be imported to the Mozilla Firefox and Thunderbird storage.

How to reconfigure Mozilla Firefox and Thunderbird to make them use the system certificate storage

Open your browser - Mozilla Firefox or Thunderbird.
    In Thunderbird: go to Options → General and click Config editor.
    In Mozilla Firefox: in the address bar, enter about:config. Click Accept the Risk and Continue.

About:config command in Mozilla Firefox

In the search field, enter security.enterprise_roots.enabled.
Click Toggle button in Mozilla Firefoxto toggle the value to true.

Setting the value security.enterprise_roots.enabled to true in Mozilla Firefox

Make sure that the value of the string is true.

Checking the value security.enterprise_roots.enabled in Mozilla Firefox

Mozilla Firefox and Thunderbird will be reconfigured to use the system certificate storage.

Group: mail-core-security

This is not a bug in Thunderbird. It is a poor choice by Kaspersky to use self-signed certificates and to implement their man in the middle hacking of secure connections to enable their scanning of the network traffic and now apparently trying to force a reduction in security by complaining Thunderbird does not use the lower security windows certificate store. The solution is simply. Remove Kaspersky.

Seriously, I can not see the project or Mozilla looking to setting the window's security store as a default. I would consider this bug invalid, or if we look at the underlying issue of using the os store as default "wonfix" in line with Bug 1314010

Postbox (a Thunderbird derivative) has gone to some trouble over the issues of Kaspersky and others and their self-signed certificates.
https://support.postbox-inc.com/hc/en-us/articles/204602300-Invalid-Security-Certificate-Error-when-using-Kaspersky-AVAST-or-other-Security-Apps

Reading over bug 1449115#c31 It would appear this is a deliberate ploy by Kaspersky. I have no idea how you turn the alarmist alert off in Kaspersky.

See Also: → 1314010, 1449115
You need to log in before you can comment on or make changes to this bug.