Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: nightwalkerrobin on May 01, 2022, 09:30:56 PM
-
I understand that AvastSvc needs to run to provide updates and such, but why is it still using HTTP and not HTTPS?
-
Hi,
Can you please attach a screenshot of this? Please see this article on how to generate a screenshot. https://support.avast.com/en-ww/article/Create-screenshot
-
I had the same question. I've monitored these ports and have a few questions:
1 Why are they not using https? This is very poor judgement and reflects poorly on the ability to trust this product
2 Why are they left connected? These should be sessions, open and closed when finished.
3 The fact that they're left open and unencrypted begs the question: exactly what information is being communicated on these ports?
4 I tested the app with the most limited setup (see attached)
_ there is should be no reason for these ports given there are no app features that need frequent communication with Avast servers
_ I spent a good hour searching this forum trying to find useful information on these port with no success
!) Avast team - please explain
-
Some features (e.g. streaming updates for instance, at least I believe so) use a persistent connection, intentionally - they don't close it, they wait for another streaming update to arrive.
Wherever http is used, some kind of digital signature is checked to make sure the data is legit. Or, in some cases there's a custom encryption on top of http (the reason being performance).
-
Some features (e.g. streaming updates for instance, at least I believe so) use a persistent connection, intentionally - they don't close it, they wait for another streaming update to arrive.
Wherever http is used, some kind of digital signature is checked to make sure the data is legit. Or, in some cases there's a custom encryption on top of http (the reason being performance).
Still, I think measures should be taken by Avast to stop relying on HTTP. It doesn't look good in 2022. Nowadays, we even have DNS over HTTPS build into Windows 11. So streaming updates or anything related to Avast should adopt HTTPS for everything.
-
I checked on my system and yeah it's the same here. Not good.
-
I checked on my system and yeah it's the same here. Not good.
If you don't like the explanation you've already received from Avast, which I thought was pretty good,
you do have a choice. It's your computer.
-
I checked on my system and yeah it's the same here. Not good.
If you don't like the explanation you've already received from Avast, which I thought was pretty good,
you do have a choice. It's your computer.
I also thing it was a very good and clear answer. It isn't as if these connections are to any old tom dick or harry website.
The fact that it is also encrypted and some kind of digital signature further reduces/negates the use of http for the streaming updates.
As Bob mentions, your system, your choice.
You have a few, has this put you at risk during the time you have had Avast, switch of streaming updates or switch your antivirus.
-
Why do you two always have to attack a forum member who points out something negative related to Avast? Imagine you/a politician suggesting your government to change a not-so-good policy and the government in reply tell you, go leave the country if you don't like it. That's a ridiculous answer which reminds me of.....well some certain countries.
I very much appreciate the answer that was given and in reply, I briefly said that I think that Avast should move to HTTPS. I didn't say anything wrong here. You should accept constructive criticism.
Things like Windows updates are also always served via HTTPS nowadays unless there is an issue. If I remember correctly, Microsoft even made HTTPS mandatory for organizations using Windows Server.
So it's only a normal thing to move in this direction. So, I didn't say anything illogical that would make you angry. There is no need to create a scene here.
At this point, just wait and see if the OP and the other member have anything to say about the answer that was given. Otherwise, it seems there is nothing else that needs to be said by you and me.
-
This is not an attack.
However, perhaps because you have had an answer by a very senior Avast Team member and because it doesn't really present a direct risk in the same way as you connecting to an https site using your browser.
As has been said it is your system and your choice, so there isn't much point in continuing beating the horse when it is effectively dead.
-
There wasn't any attack unless you perceive any answer that doesn't meet your standards or expectation as an attack. I was simply expressing my opinion of your reply. Not everyone will necessarily agree with your opinion or mine.
-
Alright then. I just hope me complaining about Avast don't give you the impression that I hate it or something. My intention is to see Avast getting even better as a product.