Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: street_lethal on November 30, 2009, 01:13:36 AM
-
I've been tightening up my Firefox security and did some reading on this item:
network.prefetch-next=false(default is true)
After reading up on what this does by default, I see it as a security flaw.
Adding the above setting in my about:config for Firefox won't impede the Avast web scanner working with Firefox at all correct? I'm 99% sure it won't just asking anyway.
-
Hardly a security flaw, all it is doing it trying to speed your next possible click, so subsequent links open quicker as the donkey work has been done behind the scenes whilst ar browsing the page you are on.
What it will do (if both options were pre-fetching the info/data) is increase the web shield scanning. So far from imped the web shield it would give it less to scan unless you actually visit all the links on the page (unlikely).
I don't have any pre-fetching done, not because of security but because I'm on dial-up.
-
Not a security flaw? Read up on it. You go to a benign site it has links you can click on to go to another site that got hacked, Firefox may attempt to cache the contents of that site without you even clicking on the link. That's putting it simply.
http://support.mozilla.com/en-US/kb/Firefox+makes+unrequested+connections
"Link prefetching is a browser mechanism, which utilizes browser idle time to download or prefetch documents that the user might visit in the near future. A web page provides a set of prefetching hints to the browser, and after the browser is finished loading the page, it begins silently prefetching specified documents and stores them in its cache. When the user visits one of the prefetched documents, it can be served up quickly out of the browser’s cache."
Anyway, I figured the same thing as you, the Avast web shield shouldn't be effected except it won't have to scan any prefetched/cached data. It'll just scan the contents of the actual site I wish to visit.
-
Yes no security flaw - So what, you could just as easily go there yourself, that doesn't stop avast alerting on the site regardless of if it is a visit using pre-fetch or manually visiting the site.
So essentially no change.
What about the thousands of hacked sites that try to redirect to malicious sites, guess what it doesn't matter if you are using pre-fetch or not as the redirect doesn't depend on any pre-fetch.
-
You have a point. ;D. I'm just thinking if I go to a trusted site that's not infected that has a link to a site that has been infected and Avast misses it. I figure I might as well reduce the risk. Maybe i'm being too uptight. I'm on broadband, I haven't noticed any speed decrease with it disabled.
On a another note, disabling this won't effect Avast's ability to scan a site's embedded links to ads, php files and stuff like that right? Again i'm thinking it won't because that stuff is being loaded in the current page.
-
Then you need to consider other measures, like using firefox with the noscript add-on and that gives another layer of protection.
The web shield it very hot on malicious scripts in web pages legit sites or otherwise, not to mention there is also the network shields malicious sites list, which doesn't allow/require you to visit a site on its list before it alerts.
Disable/enable pretty much what you like in the browser it shouldn't effect how the web shield works, which is effectively independent of the browser.
-
network.prefetch-next=false(default is true)(http://smileyhost.net/9/e/i.jpg)
where did you get this code? which file is it?
Jenny, as stated in the first post:
Adding the above settings in my about:config for Firefox won't impede the Avast web scanner working with Firefox at all correct? I'm 99% sure it won't just asking anyway.
-
downloads are pre-fetched as well somehow in Firefox, don't know if you've noticed: if you get to a page offering downloads, leave the page idle for a little while, and then download some stuff, some downloads containing tens of megs are instant sometimes. Not sure Firefox is responsible about this, I guess the sites send the downloads (cached in RAM may be...) before you request anything.
-
Then you need to consider other measures, like using firefox with the noscript add-on and that gives another layer of protection.
The web shield it very hot on malicious scripts in web pages legit sites or otherwise, not to mention there is also the network shields malicious sites list, which doesn't allow/require you to visit a site on its list before it alerts.
Disable/enable pretty much what you like in the browser it shouldn't effect how the web shield works, which is effectively independent of the browser.
I use NoScript and AdBlock Plus, I have used them both for several years.
-
downloads are pre-fetched as well somehow in Firefox, don't know if you've noticed: if you get to a page offering downloads, leave the page idle for a little while, and then download some stuff, some downloads containing tens of megs are instant sometimes. Not sure Firefox is responsible about this, I guess the sites send the downloads (cached in RAM may be...) before you request anything.
I have noticed this behavior if I already downloaded something and I forgot that I downloaded it and I click to download again, it's instant. But I have never noticed this behavior on a new download. That's crazy if Firefox is doing what you describe.
I'm a control freak basically, I like to control what my browser is downloading. If I want to open a link i'll click on it. I don't want the browser deciding what it thinks I will click on next and downloading content in the background from a site I won't visit. You get hit with some malware from a site you never visited and you're sitting there with your thumb up your ass trying to figure out what happened.
-
I've noticed the same in Google Chrome btw...
-
I don't use Google Chrome, never installed it. I read up on Chrome's precaching feature and some privacy concerns people had with other features in it a while ago on some forum. That's not the reason I don't use it though, I like Firefox and I have been using it for about five years so I stick with it.
-
if it wasn't for speed, I would never use Chrome (off and on), but Chrome is so damned fast ;)
-
Then you should try SRW Iron Chrome without the, tracking, ID of the system, harvesting of searches, etc.
http://www.srware.net/en/software_srware_iron.php (http://www.srware.net/en/software_srware_iron.php)
-
Then you should try SRW Iron Chrome without the, tracking, ID of the system, harvesting of searches, etc.
http://www.srware.net/en/software_srware_iron.php (http://www.srware.net/en/software_srware_iron.php)
OK will see ;D
just another example of what I was saying: I just downloaded (in FF) Avast 5 5.0.254...and then started the download of AIS 5.0.254...guess what, 18 MB out of about 40 were already downloaded....
-
DavidR,
We're a little off topic but...
You don't use link prefetch as you have dialup. I also have dialup. I disabled it and haven't noticed much difference. I guess it's sort of a double edged sword. Prefetch might slow you down but if it's prefetched something you want then it speeds you up.
-
I notice a difference if I enable it, but there is meant to be a priority assigned to loading the current page objects, etc.
So I guess it would depend on your browsing habits, but I simply can't see the point in pre-fetching as the likelihood of visiting all links is very low, not to mention for those on fast broadband not much difference either; again dependant on your browsing habits, to me it is a function looking for a purpose.