Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: happyman on June 27, 2007, 07:27:20 AM
-
Does anybody notice that the web browser Safari is out of control of the web engine of avast Home Edition.
It is a HUGE security BACKDOOR. It is never screened. I hope that the issue will be handled ASAP.
It is a alert comment, to my best knowledge.
Or something's wrong with my observation, let me know.
Bye :-[
-
It's not a huge security hole nor a backdoor hole... Standard Shield will still scan all the files. They'll update it eventually to include Safari too.
-
Thanks for your reply. I thought it is huge.It seems a kind of exaggeration. If it is not a good word. Sorry about that. Actually it put me on the edge of the chair pulling my hair. Why ?
Even the Standard Shield does not monitor it. It is just idling there. My firewall level check works fine. But the application check ? Anyway Safari, I think due to different mechanism, bypasses it.
By the way, the significance of the URL blocking for me is avoidance of phishing sites or uncensored sites.
Do me a favor ?
Can you tell me about what brought it or point me to where I could read or something ?
Thanks ???
-
The Standard Shield won't monitor the program in the same way the Web Shield does. (Watered-down)The Web Shield checks the webpages while the Standard Shield checks the files on the computer that the browser makes from the the webpage. Therefore you should see Standard Shield checking Safari related or webpage files.
-
Does anybody notice that the web browser Safari is out of control of the web engine of avast Home Edition.
It is a HUGE security BACKDOOR. It is never screened. I hope that the issue will be handled ASAP.
It is a alert comment, to my best knowledge.
Or something's wrong with my observation, let me know.
The web shield doesn't monitor All browsers there is an approved list of browsers, this is commonly the most popular stable browsers and somehow I don't think that Safari for windows (in beta) will be included.
Don't ask what is included, I haven't got any idea and there is nowhere to check, I have been banging on about being able to see what browsers are supported, but all I have got is a flat forehead and headache.
You could try editing the C:\Program Files\Alwil Software\Avast4\Data\avast4.ini file using notepad or a text editor. Add the line OptinProcess=executableFileName.exe to the [WebScanner] section, where executableFileName.exe is the name of your browser executable file.
[WebScanner]
OptinProcess=DEpE-executableFileName.exe
However being beta this may cause stability issues and this is why there is a list of approved browsers (wherever and whatever is in it)
-
Does anybody notice that the web browser Safari is out of control of the web engine of avast Home Edition.
It is a HUGE security BACKDOOR. It is never screened. I hope that the issue will be handled ASAP.
It is a alert comment, to my best knowledge.
Or something's wrong with my observation, let me know.
The web shield doesn't monitor All browsers there is an approved list of browsers, this is commonly the most popular stable browsers and somehow I don't think that Safari for windows (in beta) will be included.
Don't ask what is included, I haven't got any idea and there is nowhere to check, I have been banging on about being able to see what browsers are supported, but all I have got is a flat forehead and headache.
You could try editing the C:\Program Files\Alwil Software\Avast4\Data\avast4.ini file using notepad or a text editor. Add the line OptinProcess=executableFileName.exe to the [WebScanner] section, where executableFileName.exe is the name of your browser executable file.
[WebScanner]
OptinProcess=DEpE-executableFileName.exe
However being beta this may cause stability issues and this is why there is a list of approved browsers (wherever and whatever is in it)
Thanks DavidR.
It's really a simple patch effective job. It works.
But Can I ask one more ?
Is the normal behavior of the response to block sites throwing out a page saying it is ~~~ ?
Browser Safari , however, does do a different thing - Asking id and password.
I am just curious about that. As far as I know, avast home ed. passes through a packet to DNS and then block the next packet, at the same time showing the warning page. I haven't check the Safari case though.
In addition, It is a off-topic issue. I have a file infected with a "Trojan.Downloader.Zlob-545"
The file is a "hutx_4052.exe" But Avast has no sign of whether it is virus-infected or not.
It seems probably a false positive warning, I think.
Any tips ?
I really appreciate your kind comment and reply.
Have a good day.
-
Sorry I haven't any idea what you mean by ~~~? Browser Safari, I have zero experience of safari. The main thing to understand is, avast doesn't block but scans content passing through the web shield proxy (http port 80 traffic only). Unless you have set up something in the web shield Customize, URL Blocking tab.
avast doesn't ask for a user name and password relating to any detection.
What is your firewall and does it have any privacy function ?
Does it allow ashWebSv.exe internet access ?
- If it does delete the entries for them and do a manual update and reconnect to the internet, this will force the firewall to ask permission again.
What was the URL of the site you had a problem with ?
Is this a problem with all sites or just this one ?
I would suggest that you start a new topic in the viruses and worms forum for the other question as it will get very confused in this home/pro forum topic.
-
Sorry I haven't any idea what you mean by ~~~? Browser Safari, I have zero experience of safari. The main thing to understand is, avast doesn't block but scans content passing through the web shield proxy (http port 80 traffic only). Unless you have set up something in the web shield Customize, URL Blocking tab.
I am sorry for your confusion since I just jotted down my instant thought. I try to clarify my ideas a little bit more.
When I set up blocking sites on Web Shield and then I try to go to a site of them, The Avast Web Shield blocks the connection throwing out a page saying "avast! Web Shield Warning Access denied" while browser Safari doesn't do that. Instead, it asks id and passwd as if Safari considers it as 'bad' site. So it plays a role of censorship guard. It means it does not show the warning page.
What was the URL of the site you had a problem with ?
Is this a problem with all sites or just this one ?
Yes. only those sites set up on "Web Shield" engine. Not every sites.
Fro the other virus-related one , I follow your instruction.
I just hope that no matter who the development team is, the team will have more attention to this issue.
Once again, I appreciate your reply.
-
As I said avast wouldn't ask for an id and password especially for URL Blocking set up in the web shield, so it does sound like something else, perhaps safari asking for an id and password to override what it feels is a bad site.
The difference between say IE of firefox where the "avast! Web Shield Warning Access denied" page is displayed yet not in safari, then I would say it has something to do with safari rather than the web shield as it should work the same in all browsers, especially if they are standards compliant. This may be nothing more than a problem with a beta product, but effectively it is still blocked.
I'm not convinced that using the URL Blocking to block multiple sites is efficient and using either the hosts file or your firewall would be a better option. I have one entry in the URL blocking and that is *.pif to block all pif files.
-
Yes. DavidR. You are right. That's what I thought about.
I have multiple layers of security systems. firewall (kernel level), antivirus (application level) browser (another application level) just in case that one of them comes to a malfunction. Sometimes, they do. Specially, A firewall system is kind of tricky. Recently, firewall system brings attention of security issues to me. At first, I thought Safari uses a different Subsystem from other win32 Subsystem along with different calling mechanism.That's why my curiosity has been brought up. Thanks. :D
-
No problem, welcome to the forums.
-
When I set up blocking sites on Web Shield and then I try to go to a site of them, The Avast Web Shield blocks the connection throwing out a page saying "avast! Web Shield Warning Access denied" while browser Safari doesn't do that. Instead, it asks id and passwd as if Safari considers it as 'bad' site.
Hi happyman,
WebShield is indeed somewhat non-RFC compliant in this blocking thing. It responds with the HTTP code 401 - Access denied, actually the 403 - Forbidden would be more suitable. The 401 code is reserved for cases where the browser may ask the user for username and password and possibly retry the page. On the other hand, WebShield does not include the WWW-Authenticate header so the browser does not know how the password should be encoded and hence it makes no sense to display the username/password dialog.
This is probably the reason why it works in normal browsers and sucks in Safari.
We'll change that in the next version.
BTW: we have updated the list of scanned browsers to include Safari. But I would not recommend it for regular use until (at least) the release version. It crashes fairly often on my comp.
-
Thanks for the update lukor.
Is there any danger of knowing what browsers are on the approved list, either in the avast help file Resident Protection, Web Shield.
I know this would require the update of the help file on inclusion of a new supported browser ?
Or a drop down list in the Web Shield, Customize... area in the same way as the Instant Messaging provider, this would exclude the requirement to update the help file ?
-
David, I like the idea of application list scanned by WebShield similar to the Instant Messaging provider. I would support that for the new version.
-
Thank you, I think it would be very valuable and helpful for those who help here to have a reference.
It may also remove the need for posts querying if their browser is supported, something which we can't easily answer, without testing if web shield is actually scanning.
-
We'll change that in the next version.
Can we ask you more about it?
Vlk won't say a word... neither Kubecj, or Igor, or nobody else... We can't even guess what is happening through avast 5... :'(
BTW: we have updated the list of scanned browsers to include Safari. But I would not recommend it for regular use until (at least) the release version. It crashes fairly often on my comp.
I'll give the same suggestion. Avoid the beta phase.
-
Just as a few times before, this was meant as "we'll change that in the next build of avast! 4". It's quite a tiny change, so there's no need to wait with that.
Major changes will wait for avast! 5, but it will certainly take some time.
-
Just as a few times before, this was meant as "we'll change that in the next build of avast! 4". It's quite a tiny change, so there's no need to wait with that. Major changes will wait for avast! 5, but it will certainly take some time.
But Vlk said that we won't see minor updates on 4.7 and we must wait for avast 5...
Igor, it's being disappointed do not know how avast will upgrade or see that it is in a very slow rate nowadays...