Avast WEBforum

Avast Products => Avast Mac Security => Topic started by: DaveSocal on July 01, 2014, 06:47:00 PM

Title: Avast plug-in 9.0 for Safari breaks encrypted connections
Post by: DaveSocal on July 01, 2014, 06:47:00 PM
The 9.0.2021.112 (and possibly earlier) version of the Avast plug-in for Safari definitely breaks encrypted connections. Connections that would normally be https/encrypted are now just http/unencrypted connections. And to clarify, this is with the "Scan secured connections" preferences box unchecked. Looking at the Safari web inspector warning log reveals several instances of of Google passing insecure content (see warnings below). When the plug-in is turned off, there are no errors and all connection retain their https/encrypted connections. The content that it is being sent insecurely might not be a big deal, it's the fact that it is sending insecure information at all. An encrypted connection should encrypt all the content of that connection. This is a major flaw/bug in Avast's plug-in. By the way, I called Avast Support and was in the process of telling them about this and the support technician hung up on me.


[Warning] The page at https://www.google.com/?gws_rd=ssl ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. (www.google.com, line 0)

[Warning] The page at https://www.google.com/?gws_rd=ssl displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. (www.google.com, line 0)

[Warning] The page at https://www.google.com/?gws_rd=ssl displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/222e31f0/common/skin/img//icn_float_green.png. (www.google.com, line 0)

[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)


[Warning] The page at https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1015975638&timestamp=1404228541358 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/e2f8cb10/common/skin/img//icn_float_green.png. (ServiceLogin, line 0)



[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/_/scs/mail-static/_/js/k=gmail.main.en.13f3zccySbs.O/m=m_i,t,it/am=_Iw4jJBxf6E4w136gNp_73t2SfGzvkfxI0wAQtgJwP9m_w_gfrAfyo4F/rt=h/d=1/rs=AItRSTPgFhhFB7vS1tUpL9rpi4jzWXhKLw ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0, x3)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1 displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/e2f8cb10/common/skin/img//icn_float_green.png. (mail, line 0)

[Warning] The page at https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmail.google.com#rpctoken=757437573&forcesecure=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/chat?client=sm&prop=gmail&nav=true&fid=gtn-roster-iframe-id&os=MacIntel&stime=1404228675633&xpc=%7B%22cn%22%3A%22ep61l2%22%2C%22tp%22%3A1%2C%22ifrid%22%3A%22gtn-roster-iframe-id%22%2C%22pu%22%3A%22https%3A%2F%2Ftalkgadget.google.com%2Fu%2F0%2Ftalkgadget%2F_%2F%22%7D&ec=%5B%22ci%3Aec%22%2Ctrue%2Ctrue%2Cfalse%5D&pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&href=https%3A%2F%2Fmail.google.com%2F_%2Fscs%2Fmail-static%2F_%2Fjs%2Fk%3Dgmail.main.en.13f3zccySbs.O%2Fm%3Dm_i%2Ct%2Cit%2Fam%3D_Iw4jJBxf6E4w136gNp_73t2SfGzvkfxI0wAQtgJwP9m_w_gfrAfyo4F%2Frt%3Dh%2Fd%3D1%2Frs%3DAItRSTPgFhhFB7vS1tUpL9rpi4jzWXhKLw%3Frel%3D1&pos=l&uiv=2&hl=en&hpc=true&hsm=true&hrc=true&pal=1&uqp=false&sl=false&hs=%5B%22h_hs%22%2Cnull%2Cnull%2C%5B2%2C1%5D%5D&moleh=380&mmoleh=36&two=https%3A%2F%2Fmail.google.com&host=1&zx=4xvib2teez9q ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://plus.google.com/hangouts/_/hscv?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&xpc=%7B%22cn%22%3A%228qdyZvkvaa%22%2C%22tp%22%3Anull%2C%22osh%22%3Anull%2C%22ppu%22%3A%22https%3A%2F%2Fmail.google.com%2Frobots.txt%22%2C%22lpu%22%3A%22https%3A%2F%2Fplus.google.com%2Frobots.txt%22%7D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/talkgadget/_/transportevents?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/frame2?v=1403646784&hl=en#e%5B%22wblh0.8952892625238746-0%22,2,1,%5Btrue,%5B%5D%5D%5D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/frame2?v=1403646784&hl=en#e%5B%22wblh0.8952892625238746-1%22,2,1,%5Bnull,%5B2,3,4,5%5D%5D%5D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://plus.google.com/hangouts/_/hscv?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&xpc=%7B%22cn%22%3A%22RRQ67xALt8%22%2C%22tp%22%3Anull%2C%22osh%22%3Anull%2C%22ppu%22%3A%22https%3A%2F%2Ftalkgadget.google.com%2Frobots.txt%22%2C%22lpu%22%3A%22https%3A%2F%2Fplus.google.com%2Frobots.txt%22%7D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] Invalid CSS property declaration at: * (rs=AItRSTNb65V50Ue4xLuVSFOQM_8tHosJAQ, line 1, x2)
[Warning] The page at https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Ftalkgadget.google.com#rpctoken=790919542&forcesecure=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://clients6.google.com/static/proxy.html?jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en.VXUpfikRKZo.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Ft%3Dzcms%2Frs%3DAItRSTOh049Pi6fXQ7xvZQYcwfcT2RsU5Q#parent=https%3A%2F%2Ftalkgadget.google.com&rpctoken=890380087 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://plus.google.com/hangouts/_/pre?hl=en&authuser=0 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
Title: Re: Avast plug-in 9.0 for Safari breaks encrypted connections
Post by: tumic on July 03, 2014, 09:16:13 PM
It is only the new AOS (former WebRep) plugin that has this "issue", the old plugin was displaying WebRep info in the browser GUI itself. Where "breaking" the connection means, that some avast! info code is added to the page, which is the purpose of the AOS plugin. If you do not like this feature, you can disable/uninstall the plugin from your browser like any other browser plugin.
Title: Re: Avast plug-in 9.0 for Safari breaks encrypted connections
Post by: GeoffBur on July 05, 2014, 12:56:21 AM
The real reason for this "feature" is to install adware.

http://www.thesafemac.com/avast-installs-adware/
Title: Re: Avast plug-in 9.0 for Safari breaks encrypted connections
Post by: specimen9999 on July 05, 2014, 06:49:50 PM
I've always disliked these avast browser plugins/extensions, and their automatic installation on each program upgrade even thou I had disabled/removed them before.

They contribute zero for my 'internet safety'.
Title: Re: Avast plug-in 9.0 for Safari breaks encrypted connections
Post by: david.krueger on July 06, 2014, 04:30:06 PM
Thanks for the replies. This is interesting. Since the avast! plug-in does not 'break' encrypted connections in Chrome - then Chrome must be broken by not reporting compromised secure connections. I guess Safari is doing it's job by making sure that the Safari user knows that its https/encrypted connections have been tampered with. It is unfortunate that this plug-in has this 'behavior'. This has lessened my opinion of the overall product. I had found version 8 trouble free and it caught some stuff that Sophos for Mac had missed. At this point, I can no longer recommend this software to anyone.
Title: Re: Avast plug-in 9.0 for Safari breaks encrypted connections
Post by: huanito on July 22, 2014, 08:05:50 AM
@davesocal thanks for posting this. I had the same issue and have wasted a bunch of time on it this evening, ending in uninstalling the avast web plugin. ::)
@david.krueger it may be that the chrome version of the plugin does not have the same issue. I agree it is sad that avast has made this slip in the guise of protecting us. I also have have a more cautious opinion of them now. On top of the shenanigans a while back with not allowing checking of https mail on os x. Sigh. May have to switch to eset.  :-\  Sad really.