Author Topic: Why AVAST scans no HTTPS connections?  (Read 4236 times)

0 Members and 1 Guest are viewing this topic.

reisender67

  • Guest
Why AVAST scans no HTTPS connections?
« on: January 01, 2014, 07:54:39 PM »
Hello,

I have a question: Why AVAST Web Shield scans no HTTPS connections?

Happy new Year
Christian

NoelC

  • Guest
Re: Why AVAST scans no HTTPS connections?
« Reply #1 on: January 01, 2014, 08:15:59 PM »
The https protocol ensures end to end encryption - which protects network traffic from being viewed by intermediaries.  In most cases that's considered a good thing, but you're wanting your antivirus program to be able to monitor that traffic and the encryption blocks it too.  From the perspective of a program or person trying to watch the data go by, it just looks like gibberish.

-Noel

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89349
  • No support PMs thanks
Re: Why AVAST scans no HTTPS connections?
« Reply #2 on: January 01, 2014, 08:22:40 PM »
I have a question: Why AVAST Web Shield scans no HTTPS connections?

Isn't that the whole point of a secure encrypted connection, to keep prying eyes out.

Whilst avast could probably scan the encrypted streams, but to what purpose as encryption essentially changes all signatures etc.

So there would have to be some third party intervention whereby avast redirects the outbound request to https so that the incoming https would come through some sort of proxy where it can be decrypted (similar to the way the old mail shield used to handle SSL emails). But I'm sure this isn't as easy as this very short comment on how it might be done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

NoelC

  • Guest
Re: Why AVAST scans no HTTPS connections?
« Reply #3 on: January 01, 2014, 08:50:14 PM »
One could imagine that in this day and age Microsoft or other browser makers might make an API available in the browser itself that could allow the scanning of web traffic there.  Whether such a thing actually exists is beyond my knowledge of browser implementations.  Thing is, if you could attach in, then malware could potentially attach in as well.

-Noel

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33935
  • malware fighter
Re: Why AVAST scans no HTTPS connections?
« Reply #4 on: January 01, 2014, 08:57:36 PM »
There are ways to look at your https connection for security issues, some browser extensions do a great job. I have Recx Security Analyzer extension up and running in Google Chrome, when WOT and netcraft alert be aware something is not right. Also Comodp's Site Inspector gives good scan results. See: urlquery dot com scans,

polonus
« Last Edit: January 01, 2014, 09:49:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

reisender67

  • Guest
Re: Why AVAST scans no HTTPS connections?
« Reply #5 on: January 01, 2014, 11:12:40 PM »
Hi,

but why AVAST does not check this directly, as for example ESET does?

Greetings
Christian

jwoods301

  • Guest
Re: Why AVAST scans no HTTPS connections?
« Reply #6 on: January 01, 2014, 11:22:24 PM »
That would be a question for the product design team...

My "1 minute guess" (after thinking about it for a minute) would be performance issues.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89349
  • No support PMs thanks
Re: Why AVAST scans no HTTPS connections?
« Reply #7 on: January 01, 2014, 11:46:45 PM »
Hi,

but why AVAST does not check this directly, as for example ESET does?

Greetings
Christian

For a start we (avast users) don't know exactly what you mean by check/scan directly or for that matter what ESET does.

Scanning the https secure encrypted traffic directly (as I mentioned isn't the issue) is unlikely to detect anything because its encrypted form differs completely from it unencrypted state.

If there is some other intervention to be able to scan the unencrypted form before it is displayed/run in the browser, then that may slow browsing depending on how that is done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33935
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!