avast does not load the sites, it merely connects to the router and ask it a few questions. It does not connect to the IP, does not check if the IP is accessible or not, nothing. Compare it to for example the prefetch feature of the modern browsers - where site might get downloaded only because it is shown in the search result list.
Thx....but if Avast does not go "out" past the router then why does OpenDNS show the sites as OP outlined ?
I don't think Lukor meant to say that the DSN queries don't go past the router... the router doesn't have a table of all domains on the Internet, it propagates the queries further - to the DNS servers.
Also, alexa.com is meant as an analytics tool.
On the surface this looks less like "security" and more about data collection, etc.
It is items like this that get people wondering if Avast collect and sell user data ?
At the very least Avast is using the access to generate a ton of analytics.....seems awful heavy handed.
I think you got it wrong (vice versa, I would say)... alexa.com list if built on the results of analytics. To trigger the analytics, you would not only have to connect to the particular site (which doesn't happen there), but also to download its web page and download the links from that web page (one of those being the analytical link).
Selling DNS results? They would be basically the same for almost all the users - no interesting data here
I don't use DNS logs, but I also don't understand the reason to "connect to the router and ask it a few questions" for a mass of IP addresses. The result will not be very surprising. The addresses will be well known. Or do you search for any kind of forgery?
Yes, exactly. The expected results are well known - and that would be the case for most users. However, if you have a compromised router that redirects some domains to fake/phishing pages, you get something unexpected and you may report a problem (of course, assuming that it's at least one of checked domains that gets redirected - that's why the top alexa.com domains were chosen - being popular, they are also likely to be used for an attack).
So, if I understand it correctly, avast! connects to router and checks if the address it asked for is also returned by the router. If it's not, this may be indication that something is redirecting your connections on your computer. Or have I failed understanding it? This is basically an internal connectivity check and doesn't actually go beyond your home network.
Lukor may correct me if I'm wrong, but I believe Avast simply makes a number of DNS queries. Sure, they go via your router (all your traffic does), the router could be the potential cause of problems (if any are found), but I wouldn't say it doesn't go beyond your home network - the queries would be propagated to DNS servers (usually supplied by your ISP, or OpenDNS if you manually configured that).