Author Topic: Avast and Firefox  (Read 4073 times)

Offline street_lethal

  • Full Member
  • ***
  • Posts: 177
    • Personal Message (Offline)
Avast and Firefox
« on: November 29, 2009, 11:13:36 PM »
I've been tightening up my Firefox security and did some reading on this item:



network.prefetch-next=false(default is true)

After reading up on what this does by default, I see it as a security flaw.

Adding the above setting in my about:config for Firefox won't impede the Avast web scanner working with Firefox at all correct? I'm 99% sure it won't just asking anyway.
« Last Edit: November 30, 2009, 04:19:14 PM by street_lethal »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #1 on: November 29, 2009, 11:24:00 PM »
Hardly a security flaw, all it is doing it trying to speed your next possible click, so subsequent links open quicker as the donkey work has been done behind the scenes whilst ar browsing the page you are on.

What it will do (if both options were pre-fetching the info/data) is increase the web shield scanning. So far from imped the web shield it would give it less to scan unless you actually visit all the links on the page (unlikely).

I don't have any pre-fetching done, not because of security but because I'm on dial-up.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline street_lethal

  • Full Member
  • ***
  • Posts: 177
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #2 on: November 30, 2009, 12:06:53 AM »
Not a security flaw? Read up on it. You go to a benign site it has links you can click on to go to another site that got hacked, Firefox may attempt to cache the contents of that site without you even clicking on the link. That's putting it simply.



http://support.mozilla.com/en-US/kb/Firefox+makes+unrequested+connections

"Link prefetching is a browser mechanism, which utilizes browser idle time to download or prefetch documents that the user might visit in the near future. A web page provides a set of prefetching hints to the browser, and after the browser is finished loading the page, it begins silently prefetching specified documents and stores them in its cache. When the user visits one of the prefetched documents, it can be served up quickly out of the browser’s cache."

Anyway, I figured the same thing as you, the Avast web shield shouldn't be effected except it won't have to scan any prefetched/cached data. It'll just scan the contents of the actual site I wish to visit.
« Last Edit: November 30, 2009, 01:07:49 AM by street_lethal »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #3 on: November 30, 2009, 12:15:52 AM »
Yes no security flaw - So what, you could just as easily go there yourself, that doesn't stop avast alerting on the site regardless of if it is a visit using pre-fetch or manually visiting the site.

So essentially no change.

What about the thousands of hacked sites that try to redirect to malicious sites, guess what it doesn't matter if you are using pre-fetch or not as the redirect doesn't depend on any pre-fetch.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline street_lethal

  • Full Member
  • ***
  • Posts: 177
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #4 on: November 30, 2009, 12:28:40 AM »
You have a point.  ;D. I'm just thinking if I go to a trusted site that's not infected that has a link to a site that has been infected and Avast misses it. I figure I might as well reduce the risk. Maybe i'm being too uptight. I'm on broadband, I haven't noticed any speed decrease with it disabled.

On a another note, disabling this won't effect Avast's ability to scan a site's embedded links to ads, php files and stuff like that right? Again i'm thinking it won't because that stuff is being loaded in the current page.
« Last Edit: November 30, 2009, 12:33:41 AM by street_lethal »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #5 on: November 30, 2009, 01:17:32 AM »
Then you need to consider other measures, like using firefox with the noscript add-on and that gives another layer of protection.

The web shield it very hot on malicious scripts in web pages legit sites or otherwise, not to mention there is also the network shields malicious sites list, which doesn't allow/require you to visit a site on its list before it alerts.

Disable/enable pretty much what you like in the browser it shouldn't effect how the web shield works, which is effectively independent of the browser.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Omega40

  • Full Member
  • ***
  • Posts: 137
  • Gender: Female
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #6 on: November 30, 2009, 02:46:38 PM »

network.prefetch-next=false(default is true)


where did you get this code? which file is it?
Jenny, as stated in the first post:
Quote
Adding the above settings in my about:config for Firefox won't impede the Avast web scanner working with Firefox at all correct? I'm 99% sure it won't just asking anyway.

Offline logos

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9456
  • Gender: Male
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #7 on: November 30, 2009, 03:26:39 PM »
downloads are pre-fetched as well somehow in Firefox, don't know if you've noticed: if you get to a page offering downloads, leave the page idle for a little while, and then download some stuff, some downloads containing tens of megs are instant sometimes. Not sure Firefox is responsible about this, I guess the sites send the downloads (cached in RAM may be...) before you request anything.
« Last Edit: November 30, 2009, 03:31:00 PM by Logos »
w7 - ais7

Offline street_lethal

  • Full Member
  • ***
  • Posts: 177
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #8 on: November 30, 2009, 04:05:11 PM »
Then you need to consider other measures, like using firefox with the noscript add-on and that gives another layer of protection.

The web shield it very hot on malicious scripts in web pages legit sites or otherwise, not to mention there is also the network shields malicious sites list, which doesn't allow/require you to visit a site on its list before it alerts.

Disable/enable pretty much what you like in the browser it shouldn't effect how the web shield works, which is effectively independent of the browser.

I use NoScript and AdBlock Plus, I have used them both for several years.

Offline street_lethal

  • Full Member
  • ***
  • Posts: 177
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #9 on: November 30, 2009, 04:15:12 PM »
downloads are pre-fetched as well somehow in Firefox, don't know if you've noticed: if you get to a page offering downloads, leave the page idle for a little while, and then download some stuff, some downloads containing tens of megs are instant sometimes. Not sure Firefox is responsible about this, I guess the sites send the downloads (cached in RAM may be...) before you request anything.

I have noticed this behavior if I already downloaded something and I forgot that I downloaded it and I click to download again, it's instant. But I have never noticed this behavior on a new download. That's crazy if Firefox is doing what you describe.

 I'm a control freak basically, I like to control what my browser is downloading. If I want to open a link i'll click on it. I don't want the browser deciding what it thinks I will click on next and downloading content in the background from a site I won't visit. You get hit with some malware from a site you never visited and you're sitting there with your thumb up your ass trying to figure out what happened.
« Last Edit: November 30, 2009, 04:34:56 PM by street_lethal »

Offline logos

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9456
  • Gender: Male
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #10 on: November 30, 2009, 05:03:04 PM »
I've noticed the same in Google Chrome btw...
w7 - ais7

Offline street_lethal

  • Full Member
  • ***
  • Posts: 177
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #11 on: November 30, 2009, 05:32:21 PM »
I don't use Google Chrome, never installed it. I read up on Chrome's precaching feature and some privacy concerns people had with other features in it a while ago on some forum. That's not the reason I don't use it though, I like Firefox and I have been using it for about five years so I stick with it.

Offline logos

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9456
  • Gender: Male
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #12 on: November 30, 2009, 06:06:06 PM »
if it wasn't for speed, I would never use Chrome (off and on), but Chrome is so damned fast  ;)
w7 - ais7

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #13 on: November 30, 2009, 08:18:46 PM »
Then you should try SRW Iron Chrome without the, tracking, ID of the system, harvesting of searches, etc.

http://www.srware.net/en/software_srware_iron.php
« Last Edit: November 30, 2009, 08:20:59 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline logos

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9456
  • Gender: Male
    • Personal Message (Offline)
Re: Avast and Firefox
« Reply #14 on: November 30, 2009, 08:24:34 PM »
Then you should try SRW Iron Chrome without the, tracking, ID of the system, harvesting of searches, etc.

http://www.srware.net/en/software_srware_iron.php

OK will see  ;D

just another example of what I was saying: I just downloaded (in FF) Avast 5 5.0.254...and then started the download of AIS 5.0.254...guess what, 18 MB out of about 40 were already downloaded....
w7 - ais7

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now