Strange behaviour of Web shieln in 4.6.623 [New Opt-In Behavior]

[xtonda]

Hi,

I am using slow GPRS connection to Internet (T-Mobile Czech Republic) and to speed up things a little bit I am using bit weird configuration of proxies. Browser connects to local squid which does caching. Squid connects to local Privoxy which does ad blocking and Privoxy connects to local GPRSpeed (NettGain1100) client which does compression and data tunneling  to ISP gateways that pass it further to the Internet.

The problem is, when I configure web shield to port where squid or privoxy listens, everything works fine but when configured to port where GPRSpeed (NettGain1100) listens, internet connection works but nothing is scanned. I am playing with these more than hour and I am sure I am setting correct port. I am almost sure it worked with previous version of avast.

Any idea what is wrong? Can you provide or recommend me some tool to diagnose this problem further?

[Lisandro]

Can you see if this link could help you on understanding webshield working?
http://forum.avast.com/index.php?topic=1647.msg100190#msg100190

[xtonda]

Can you see if this link could help you on understanding webshield working?
http://forum.avast.com/index.php?topic=1647.msg100190#msg100190

Thanks, adding OptIn=0 solves the problem. So avast recognizes mozilla and squidNT bot desn't recognize Privoxy. This setting realy deserves GUI.

Unfortunately scaning only communication from some known programs weakens strength and usability of WebShield

[Vlk]

xtonda, you're right in everything you said. Mozilla and squid is supported (is explicitly listed).

Unfortunately, we had to change the default setting from opt-out to opt-in in version 4.6.623 because of various incompatible programs. And I agree that such a setting would deserve a GUI control but it was too fast a decision to be possible to implement (please realize that every GUI change has to be translated to all supported languages - it this moment, 21 and counting)

Meanwhile, we'll probably create a FAQ entry documenting this.

Thanks
Vlk

[xtonda]

Unfortunately, we had to change the default setting to opt-out in version 4.6.623 because of various incompatible programs.

Can you list here conflicting programs you are aware of?

Thanks.

[Vlk]

It's a secret but I can say that these include

AOL Client Browser Top Speed compression
4X Made Easy - financial app from www.4xmadeeasy.com
McAffee Personal firewall GUI

The folks @Kerio are aware of some other (we've discussed this behavior with them - they're using a similar approach for cookie and ad blocker in their Personal Firewall...). Same applies to ZoneAlarm.

Generally speaking, incompatible is every application that uses the HTTP port (80) to route some non-HTTP (or partially-HTTP) data (including custom HTTP commands etc).

Thanks
Vlk

[xtonda]

Generally speaking, incompatible is every application that uses the HTTP port (80) to route some non-HTTP (or partially-HTTP) data (including custom HTTP commands etc).

That says it all. So it actually isn't problem with Avast Web Shield but problem of these uncompliant applications.

Thanks

[Vlk]

Absolutely, we're not aware of any problem in the WebShield proxy itself (it's fully HTTP 1.1, 1.0 and 0.9 compliant, can handle SSL connections etc) but some apps simply don't adhere to the standards... or don't use the http protocol on port 80 at all (use a proprietary binary protocol, e.g. to trick the firewall into thinking that it's letting in/out http traffic, actually - this is the case with some p2p apps, for example).

Thanks
Vlk