« previous next »
Pages: [1]   Go Down

Author Topic: How to authenticate the avast installer?  (Read 2650 times)

0 Members and 1 Guest are viewing this topic.

youen

  • Guest
How to authenticate the avast installer?
« on: September 18, 2013, 08:50:53 PM »
Hi,

I just downloaded avast, and I don't have another antivirus currently installed. Moreover, the download is made from 01net.com using a non crypted connection.
How, in these conditions, can I be sure I am installing the actual avast antivirus, and not some malware that is trying to look like avast? I don't see the point in installing a security software if I can not trust the download source.

Is there a place where I can get an MD5 or SHA1 for the installer with an official https://avast.com address?

Thanks.
Logged

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: How to authenticate the avast installer?
« Reply #1 on: September 18, 2013, 08:54:40 PM »
You can download it from avast.com they are also linking to another website, but this website is clean.
Logged
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: How to authenticate the avast installer?
« Reply #2 on: September 18, 2013, 08:55:59 PM »
Since you are already on the forum why did you not download from here rather than some untrusted site ???  Choose the version you'd like from here http://forum.avast.com/index.php?topic=133788.0
Logged

youen

  • Guest
Re: How to authenticate the avast installer?
« Reply #3 on: September 19, 2013, 09:12:09 AM »
Thanks for the links, I did not know it was hosted on avast.com too (as the main avast page redirected me to another site without asking for my preference).

However, this does not really solve the issue. HTTP is not secure. I would have thought avast would provide a way to authenticate the downloaded file, whatever the download source, through a secure protocol (https, on the avast site). Maybe I'm wrong though.

I know it is unlikely that someone manages to distribute hacked versions of the anti-virus (for example through a "man in the middle" attack of the avast website?), but as far as I know it's possible. That would allow the attacker not only to install a malware on user computers (that could steal passwords etc.), but also to do so completely undetected since the false anti-virus would of course not report itself as a virus, and users would think they are protected. Or maybe I'm wrong and such an attack is not possible, in which case please tell me how.

EDIT: I just tried changing the protocol in the download links you sent me (https instead of http), and it works :-) So It's good for me. It's probably heavier for avast hosting to send the whole installer on an encrypted connection than just provide an MD5 or SHA1 key, but that's their problem... Thanks.
« Last Edit: September 19, 2013, 09:15:54 AM by youen »
Logged
Pages: [1]   Go Up
« previous next »