Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: avast 15 on July 15, 2010, 02:09:48 AM
-
whenever i surf the net i sometimes run into sites that are effected and avast alerts me with a pop up and blocks the website from appearing but sometimes it doesnt block the site it shows it. How is the threat blocked if the site sometimes is still showed when you click to go to it?
-
avast only blocks the infected element, if the detection isn't on the actual web page then it is entirely possible that the page will display, but the infected element will have been blocked.
The web shield filters all http port 80 traffic and scans it in its local proxy, if it is infected avast aborts that connection and discards that item, so it doesn't end up in your browser cache to be either run or viewed on your browser.
In the majority of cases the infection is actually inserted into the main page (an HTML javascript script or iframe tag) if that is the case then the page won't display as the page code in its entirety is discarded.
Me if avast alerted on a site yet the page still loaded, I know it is an item in that site called or imported into that page, so there is no way I would continue using that site and avoid other such alerts.
-
can you save an image or video of an effected site if the site still loads?
-
Can you post the links to these sites?
Post hxxp instead of http (not live links).
-
im just wondering in general i dont have any links
-
can you save an image or video of an effected site if the site still loads?
I wouldn't attempt to do anything on a site that avast has alerted on (I would exit the site even if it displayed) as you never know what else might be lurking around the next link. I would think it very unusual if a site has been hacked (the most common reason avast alerts, certainly for known sites) and there was only one instance of infection/exploit/redirect, etc. etc.
So you simply can't rely on avast absolutely catching everything, whilst I would say that avast's web shield protection is probably the best out there, nothing is 100%.
-
It also depends on the browser that is being used. I have seen the sites being completely blocked in IE and FF, but the same site loads completely in Chrome. avast! alerts on all 3 though.
-
Yes the browser is also a factor, some don't obey the aborted connection but continue to try and complete the download.
-
And Opera somtimes block before avast so you don`t see any avast warning......
-
There was a thread going on in MSE forums where one of the experts clearly explained that as of now, only Firefox and Internet Explorer make use of a Windows API that allows them to pass each item to the AV installed in the system before rendering it. It does not depend what AV it is. This is the reason why MSE's system requirements page explicitly mentions IE and FF and not Chrome, Opera or Safari. And that is also part of the justification behind MSE not having a dedicated web-shield.
-
so if im using chrome or opera i wouldnt be as safe?
-
so if im using chrome or opera i wouldnt be as safe?
A conclusion can be reached only when some official response from the avast! team can clear this up. But since I have seen this thing in action, with both avast! (all shields on) and Symantec EndPoint Protection, I have been sticking with IE and FF only.
avast! did alert in case of Chrome, but it was after the page had fully rendered and manage to activate the Java Runtime Environment in my system. With IE and FF, the page was blocked completely.
-
so if im using chrome or opera i wouldnt be as safe?
In my case Opera was blocking the website from loading before avast.......
-
Hey guys, I know I am new here but I happened across this thread and I am a big fan of Opera and although this differs from the topic to some degree I felt due to the nature of the content it would not upset the staff that I post here to make sure the info gets to the right person(s) rather than in a new location that those here might miss. What I wished to share is not related to Avast blocking something but rather enhancing Opera a bit by adding Web of Trust, many may have already seen the bookmarklet method but less have seen the user javascript version which is by far preferred due to the fact it works much closer to the way it would with Firefox. Anyways, thought it might be useful to mention so I just wished to offer the link containing information someone might enjoy.
http://extendopera.org/userjs/content/wot-opera
Again, I hope I haven't upset staff due to the slight topic shift.
-
WOT is not the oracle it purports to be, it is community based and relies on the quality of the user reporting sites, etc. I use WOT with Firefox and have come across many anomalies, sites that are flagged as bad that are good and worse still sites that are bad that are flagged as good.
So WOT should be used as a guide not total reliance.
-
I try to make a point of that to those I install it for as well. If you ever load McAfee Site Advisor and WOT on the same pc you can see a big difference in what each reports for some sites which only proves that no one program is always going to be correct.
-
McAfee's site advisor is terrible as much of its database is so old as to be worthless. When you are talking about site security, etc. anything older than a month is ancient, a week old and a day reasonably current. Some of their entries are 6 months old.
-
so if im using chrome or opera i wouldnt be as safe?
A conclusion can be reached only when some official response from the avast! team can clear this up. But since I have seen this thing in action, with both avast! (all shields on) and Symantec EndPoint Protection, I have been sticking with IE and FF only.
avast! did alert in case of Chrome, but it was after the page had fully rendered and manage to activate the Java Runtime Environment in my system. With IE and FF, the page was blocked completely.
So, am I less safe if I use a browser other than IE or FF with Avast (or any AV for that matter)? Very curious about the answer.
-
Site Advisor, Norton Safe Web, WOT, there are several choices. I personally use K9 Web Protection and Sunbelts ClearCloud DNS servers, between the two alone a HUGE majority of malicious sites never bother me, with anywhere from 100,000-1 Million sites analyzed by Sunbelt per day I'd say they are about as recent as one can get. 8)
-
Site Advisor, Norton Safe Web, WOT, there are several choices. I personally use K9 Web Protection and Sunbelts ClearCloud DNS servers, between the two alone a HUGE majority of malicious sites never bother me, with anywhere from 100,000-1 Million sites analyzed by Sunbelt per day I'd say they are about as recent as one can get. 8)
Tweakerz,
That's great but the thread is about "How Avast Blocks Threats":
So, am I less safe if I use a browser other than IE or FF with Avast (or any AV for that matter)? Very curious about the answer. (Please see two posts previous to this one).
-
Going by my experience, and what I have read so far, yes, I would feel much safer with IE or FF. What good is a web-shield if the browser is not gonna respect aborted connections?
Check out - http://forum.avast.com/index.php?topic=59677.msg503112#msg503112
and -
(third post from the bottom, by Rob Koch)
http://social.answers.microsoft.com/Forums/en-US/msestart/thread/157d2834-144e-4ced-ba36-9d85b7cf47f9
and -
http://social.answers.microsoft.com/Forums/en-US/msescan/thread/8416f536-2974-4269-8720-b26e060df240
-
The point is Randy you can be equally protected by adding some free and low to 0 resource security by way of K9 and ClearCloud DNS as well as an additional browser intergrated offering such as Norton Safe Web, this combined with WOT makes you very safe, but it seems Avast primarily is going to protect IE and FF which is not to say the other browsers do not get protection, just that I think with IE and FF having the most users the program(s) (Avast in this case) are more geared towards them.
-
@Tweakerz, what we need to understand is -
1. The system requirements of avast! have never mentioned any particular browser, and nor has there been any official word on it.
2. The misbehaving app here is the browser - chrome/opera/safari. The onus of proper respect of an AVs attempt to abort the connection lies with the browser. The API is available to be made use of in all versions of Windows since XP SP2.
The fact that nobody from avast! is clearing this up is surprising. We need someone official and qualified to tell us in plain english if there is a difference in the way different browsers interact with avast's web shield. If yes, then on whom does the responsibility of correcting it lies.
-
I totally agree Ravi, I just feel it is very likely due to the typical support for IE and FF that these are more supported if you will, I too though hope to see an answer from Avast that can clear up the question. :)