« previous next »
Pages: [1]   Go Down

Author Topic: Web Shield can be bypassed?  (Read 2685 times)

0 Members and 1 Guest are viewing this topic.

rasta

  • Guest
Web Shield can be bypassed?
« on: February 26, 2005, 05:58:03 AM »
Nice work with the new Web Shield feature, although it was a surprise at first. Gotta visit the forums more ofter I guess.

I just noticed today that it can be bypassed if the URL specifies a port other than 80. For example:

http://dbpubs.stanford.edu:8090/pub/2000-40

This seems to me to be too simple of a way to bypass the protection.

Is this by design? If so, what is the explanation?

My apologies to all the evangelists if this has been posted before.
Logged

w0rm

  • Guest
Re: Web Shield can be bypassed?
« Reply #1 on: February 26, 2005, 10:24:22 AM »
The webshield has an option to enter the ports that will be bypassed by it. TRy to add other ports perhaps they will work than.
That 80 is the only one can be confirmed here because while having problems i first could open everything BUT port 80 pages while Avast running.

D.
Logged

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Web Shield can be bypassed?
« Reply #2 on: February 26, 2005, 10:30:23 AM »
Hi rasta,

first, WebShield is not a firewall. What I mean by this is that it's not really appropriate to use the word "bypass" here.
WebShield adds an extra protection layer by inspecting HTTP traffic. As HTTP servers, by convention, use tcp port 80, WebShield captures data sent to this port. Use of any other port is more or less nonstandard and is quite marginal. WebShield is by default configured conservatively to avoid as many conflicts with other software as possible. Having WebShield configured to capture traffic on any other port than 80 by default would likely result in problems when someone would be running a non-HTTP traffic on that port (which is perfectly possible).

If you, on the other hand, know that traffic on your machine on e.g. port 8090 is HTTP only, and you want to have it covered by WebShield, please feel free to customize WebShield to filter traffic even on this port. The relevant settings can be found on its 1st configuration page.


Thanks
Vlk
Logged
If at first you don't succeed, then skydiving's not for you.

rasta

  • Guest
Re: Web Shield can be bypassed?
« Reply #3 on: February 26, 2005, 12:58:24 PM »
Thanks for the detailed reply, Vlk, much appreciated. I suppose "bypass" might not be appropriate in this case but frankly, I can't think of a better one.  It's good to know it is working as designed though (Drat! I thought I found a bug. Oh well :) ).

But in reality, it is true that HTTP traffic uses port 80 by convention but hackers and malicious web sites aren't exactly known to follow convention, if you will pardon the slight hint of sarcasm. But I can understand the weighing of the cost versus the benefits of checking other port traffic. And it's also nice that I'm able to add the ports myself it I need to.

I have had it running in verbose mode since the beginning and that's how I noticed the anomaly (that's another feature I very much like because I can now see where my browser is taking me). But I noticed it doesn't keep a log of any kind of the pages that go through it. I didn't read one display fast enough before it disappeared and I couldn't recreate it. It might be nice to have a way to go back and display the last few items if it can be done at all.

Thanks again. I'm very happy to have another layer of protection.  ;D
Logged
Pages: [1]   Go Up
« previous next »