Secure DNS enabled by default??

[REDACTED]

Why is this feature not an optional...option?

I had no idea that your SecureDNS was enabled by default with my Avast Pro Subscription. I take my privacy very seriously and was unaware that my internet traffic was being routed to your servers without being explicitely asked. I had to toggle through about 4 layers of settings to find the "off switch".

I use a local VPN (Private Internet Access) and when running a DNS Leak test I was curious as to why there appeared to be a DNS leak. A mysterious IP address was showing up, and after doing about an hour of hunting, uninstalling programs, running virus scans and resetting network configurations I finally realized that your SecureDNS was enabled.

So, now that I've found the issues, I have a few questions:

1) When running a local VPN (PIA), and your SecureDNS - which software was taking presedence? Meaning, who was routing and encryping my internet traffic first - AVAST or Private Internet Access?

2) What type of logs and information do you retain about your customers browsing data? And how long do you retain such data?


Honestly, I think this is a pretty scummy thing to do especially considering that there was no prompt or notification that my web traffic was being routed through your services upon installation. I also find it pretty alarming that the static DNS path resolves to a hosting company - instead of a VPN relay. It appears that your VPN server was saving data to a static hosting platform as opposed to simply handing it off.

Any official help on this would be appreciated.

[polonus]

Read here on OpenDNS forums: https://support.opendns.com/entries/57943894-Avast-2015-Security-Suite-Secure-DNS-and-OpenDNS
With a customs install you had the option not to install Secure DNS as a shields component.
We always advise users to do a custom install, in your particular case this would be the preferable way of installing Avast av.

polonus

[REDACTED]

We always advise users to do a custom install, in your particular case this would be the preferable way of installing Avast av.

You do? I don't recall "custom" installation being recommended during installation, if this were so then it would have been a default option. Generally programs recommend a "typical" install. The fact that the feature was installed by default doesn't change the fact that is was activated by default without any direct notification. If there was a direct notification that I missed, then that's my fault. I'm not going to uninstall Avast and re-install to just go through the steps.

Either way, I feel like this specific setting should be optional for users considering the the unique relationship that is created by Avast and the user when you begin to filter and handle their personal web traffic. We run a business and this, specifically, is causing concerns due to the fact that we handle very sensitive client data and we had no idea that our traffic was being forwarded to a 3rd party without our explicit consent. I would have your company re-examine exactly how this process is currently set up because in its current form I cannot believe that there aren't other users who find this process a major security risk, as well.

[Eddy]

A typical install is mostly recommended because almost no user has a clue about computers/software.
Since avast pro (and other versions) come with SecureDNS, it is only logical that it gets installed by default.

Especially a admin that works for a company should know better then to just use the typical install.
He also would have done some homework before installing.

There is no need at all to re-examine the current setup process.
It works like it should.

And you are absolutely wrong with saying it is a major security risk.
In fact it is actually adding security.