Author Topic: Avast plug-in 9.0 for Safari breaks encrypted connections  (Read 5082 times)

0 Members and 1 Guest are viewing this topic.

Offline DaveSocal

  • Newbie
  • *
  • Posts: 1
Avast plug-in 9.0 for Safari breaks encrypted connections
« on: July 01, 2014, 06:47:00 PM »
The 9.0.2021.112 (and possibly earlier) version of the Avast plug-in for Safari definitely breaks encrypted connections. Connections that would normally be https/encrypted are now just http/unencrypted connections. And to clarify, this is with the "Scan secured connections" preferences box unchecked. Looking at the Safari web inspector warning log reveals several instances of of Google passing insecure content (see warnings below). When the plug-in is turned off, there are no errors and all connection retain their https/encrypted connections. The content that it is being sent insecurely might not be a big deal, it's the fact that it is sending insecure information at all. An encrypted connection should encrypt all the content of that connection. This is a major flaw/bug in Avast's plug-in. By the way, I called Avast Support and was in the process of telling them about this and the support technician hung up on me.


[Warning] The page at https://www.google.com/?gws_rd=ssl ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. (www.google.com, line 0)

[Warning] The page at https://www.google.com/?gws_rd=ssl displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. (www.google.com, line 0)

[Warning] The page at https://www.google.com/?gws_rd=ssl displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/222e31f0/common/skin/img//icn_float_green.png. (www.google.com, line 0)

[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)


[Warning] The page at https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1015975638&timestamp=1404228541358 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/e2f8cb10/common/skin/img//icn_float_green.png. (ServiceLogin, line 0)



[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/_/scs/mail-static/_/js/k=gmail.main.en.13f3zccySbs.O/m=m_i,t,it/am=_Iw4jJBxf6E4w136gNp_73t2SfGzvkfxI0wAQtgJwP9m_w_gfrAfyo4F/rt=h/d=1/rs=AItRSTPgFhhFB7vS1tUpL9rpi4jzWXhKLw ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0, x3)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1 displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/e2f8cb10/common/skin/img//icn_float_green.png. (mail, line 0)

[Warning] The page at https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmail.google.com#rpctoken=757437573&forcesecure=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/chat?client=sm&prop=gmail&nav=true&fid=gtn-roster-iframe-id&os=MacIntel&stime=1404228675633&xpc=%7B%22cn%22%3A%22ep61l2%22%2C%22tp%22%3A1%2C%22ifrid%22%3A%22gtn-roster-iframe-id%22%2C%22pu%22%3A%22https%3A%2F%2Ftalkgadget.google.com%2Fu%2F0%2Ftalkgadget%2F_%2F%22%7D&ec=%5B%22ci%3Aec%22%2Ctrue%2Ctrue%2Cfalse%5D&pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&href=https%3A%2F%2Fmail.google.com%2F_%2Fscs%2Fmail-static%2F_%2Fjs%2Fk%3Dgmail.main.en.13f3zccySbs.O%2Fm%3Dm_i%2Ct%2Cit%2Fam%3D_Iw4jJBxf6E4w136gNp_73t2SfGzvkfxI0wAQtgJwP9m_w_gfrAfyo4F%2Frt%3Dh%2Fd%3D1%2Frs%3DAItRSTPgFhhFB7vS1tUpL9rpi4jzWXhKLw%3Frel%3D1&pos=l&uiv=2&hl=en&hpc=true&hsm=true&hrc=true&pal=1&uqp=false&sl=false&hs=%5B%22h_hs%22%2Cnull%2Cnull%2C%5B2%2C1%5D%5D&moleh=380&mmoleh=36&two=https%3A%2F%2Fmail.google.com&host=1&zx=4xvib2teez9q ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://plus.google.com/hangouts/_/hscv?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&xpc=%7B%22cn%22%3A%228qdyZvkvaa%22%2C%22tp%22%3Anull%2C%22osh%22%3Anull%2C%22ppu%22%3A%22https%3A%2F%2Fmail.google.com%2Frobots.txt%22%2C%22lpu%22%3A%22https%3A%2F%2Fplus.google.com%2Frobots.txt%22%7D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/talkgadget/_/transportevents?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/frame2?v=1403646784&hl=en#e%5B%22wblh0.8952892625238746-0%22,2,1,%5Btrue,%5B%5D%5D%5D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)

[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/frame2?v=1403646784&hl=en#e%5B%22wblh0.8952892625238746-1%22,2,1,%5Bnull,%5B2,3,4,5%5D%5D%5D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://plus.google.com/hangouts/_/hscv?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&xpc=%7B%22cn%22%3A%22RRQ67xALt8%22%2C%22tp%22%3Anull%2C%22osh%22%3Anull%2C%22ppu%22%3A%22https%3A%2F%2Ftalkgadget.google.com%2Frobots.txt%22%2C%22lpu%22%3A%22https%3A%2F%2Fplus.google.com%2Frobots.txt%22%7D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] Invalid CSS property declaration at: * (rs=AItRSTNb65V50Ue4xLuVSFOQM_8tHosJAQ, line 1, x2)
[Warning] The page at https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Ftalkgadget.google.com#rpctoken=790919542&forcesecure=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://clients6.google.com/static/proxy.html?jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en.VXUpfikRKZo.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Ft%3Dzcms%2Frs%3DAItRSTOh049Pi6fXQ7xvZQYcwfcT2RsU5Q#parent=https%3A%2F%2Ftalkgadget.google.com&rpctoken=890380087 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

[Warning] The page at https://plus.google.com/hangouts/_/pre?hl=en&authuser=0 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: Avast plug-in 9.0 for Safari breaks encrypted connections
« Reply #1 on: July 03, 2014, 09:16:13 PM »
It is only the new AOS (former WebRep) plugin that has this "issue", the old plugin was displaying WebRep info in the browser GUI itself. Where "breaking" the connection means, that some avast! info code is added to the page, which is the purpose of the AOS plugin. If you do not like this feature, you can disable/uninstall the plugin from your browser like any other browser plugin.

Offline GeoffBur

  • Newbie
  • *
  • Posts: 11
Re: Avast plug-in 9.0 for Safari breaks encrypted connections
« Reply #2 on: July 05, 2014, 12:56:21 AM »
The real reason for this "feature" is to install adware.

http://www.thesafemac.com/avast-installs-adware/

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 350
Re: Avast plug-in 9.0 for Safari breaks encrypted connections
« Reply #3 on: July 05, 2014, 06:49:50 PM »
I've always disliked these avast browser plugins/extensions, and their automatic installation on each program upgrade even thou I had disabled/removed them before.

They contribute zero for my 'internet safety'.

Offline david.krueger

  • Newbie
  • *
  • Posts: 1
Re: Avast plug-in 9.0 for Safari breaks encrypted connections
« Reply #4 on: July 06, 2014, 04:30:06 PM »
Thanks for the replies. This is interesting. Since the avast! plug-in does not 'break' encrypted connections in Chrome - then Chrome must be broken by not reporting compromised secure connections. I guess Safari is doing it's job by making sure that the Safari user knows that its https/encrypted connections have been tampered with. It is unfortunate that this plug-in has this 'behavior'. This has lessened my opinion of the overall product. I had found version 8 trouble free and it caught some stuff that Sophos for Mac had missed. At this point, I can no longer recommend this software to anyone.

Offline huanito

  • Newbie
  • *
  • Posts: 7
Re: Avast plug-in 9.0 for Safari breaks encrypted connections
« Reply #5 on: July 22, 2014, 08:05:50 AM »
@davesocal thanks for posting this. I had the same issue and have wasted a bunch of time on it this evening, ending in uninstalling the avast web plugin. ::)
@david.krueger it may be that the chrome version of the plugin does not have the same issue. I agree it is sad that avast has made this slip in the guise of protecting us. I also have have a more cautious opinion of them now. On top of the shenanigans a while back with not allowing checking of https mail on os x. Sigh. May have to switch to eset.  :-\  Sad really.