Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: reisender67 on January 01, 2014, 07:54:39 PM

Title: Why AVAST scans no HTTPS connections?
Post by: reisender67 on January 01, 2014, 07:54:39 PM
Hello,

I have a question: Why AVAST Web Shield scans no HTTPS connections?

Happy new Year
Christian
Title: Re: Why AVAST scans no HTTPS connections?
Post by: NoelC on January 01, 2014, 08:15:59 PM
The https protocol ensures end to end encryption - which protects network traffic from being viewed by intermediaries.  In most cases that's considered a good thing, but you're wanting your antivirus program to be able to monitor that traffic and the encryption blocks it too.  From the perspective of a program or person trying to watch the data go by, it just looks like gibberish.

-Noel
Title: Re: Why AVAST scans no HTTPS connections?
Post by: DavidR on January 01, 2014, 08:22:40 PM
I have a question: Why AVAST Web Shield scans no HTTPS connections?

Isn't that the whole point of a secure encrypted connection, to keep prying eyes out.

Whilst avast could probably scan the encrypted streams, but to what purpose as encryption essentially changes all signatures etc.

So there would have to be some third party intervention whereby avast redirects the outbound request to https so that the incoming https would come through some sort of proxy where it can be decrypted (similar to the way the old mail shield used to handle SSL emails). But I'm sure this isn't as easy as this very short comment on how it might be done.
Title: Re: Why AVAST scans no HTTPS connections?
Post by: NoelC on January 01, 2014, 08:50:14 PM
One could imagine that in this day and age Microsoft or other browser makers might make an API available in the browser itself that could allow the scanning of web traffic there.  Whether such a thing actually exists is beyond my knowledge of browser implementations.  Thing is, if you could attach in, then malware could potentially attach in as well.

-Noel
Title: Re: Why AVAST scans no HTTPS connections?
Post by: polonus on January 01, 2014, 08:57:36 PM
There are ways to look at your https connection for security issues, some browser extensions do a great job. I have Recx Security Analyzer extension up and running in Google Chrome, when WOT and netcraft alert be aware something is not right. Also Comodp's Site Inspector gives good scan results. See: urlquery dot com scans,

polonus
Title: Re: Why AVAST scans no HTTPS connections?
Post by: reisender67 on January 01, 2014, 11:12:40 PM
Hi,

but why AVAST does not check this directly, as for example ESET does?

Greetings
Christian
Title: Re: Why AVAST scans no HTTPS connections?
Post by: jwoods301 on January 01, 2014, 11:22:24 PM
That would be a question for the product design team...

My "1 minute guess" (after thinking about it for a minute) would be performance issues.
Title: Re: Why AVAST scans no HTTPS connections?
Post by: DavidR on January 01, 2014, 11:46:45 PM
Hi,

but why AVAST does not check this directly, as for example ESET does?

Greetings
Christian

For a start we (avast users) don't know exactly what you mean by check/scan directly or for that matter what ESET does.

Scanning the https secure encrypted traffic directly (as I mentioned isn't the issue) is unlikely to detect anything because its encrypted form differs completely from it unencrypted state.

If there is some other intervention to be able to scan the unencrypted form before it is displayed/run in the browser, then that may slow browsing depending on how that is done.
Title: Re: Why AVAST scans no HTTPS connections?
Post by: polonus on January 01, 2014, 11:51:26 PM
Hi DavidR,

Or it could be done using proxy: http://support.gfi.com/manuals/en/webmon2012/Content/ADMINISTRATOR/Topics/Configuration/ConfiguringHTTPSProxySettings.htm

pol