URLs are blocked even with 'Block malware URLs' disabled?

[Eddy]

I fully agree with HonzaZ

I say, block everything or nothing.

To most "common users" it is already confusing enough.
How things work, what all options/settings mean/do and such.
Let's not make it more complicated for them.

Because they were not provided the option to selectively waive certain precautions.

You are forgetting a major thing.
Common users have no clue about security and how it is working.
The more options, the more confusing it is for them.
Let's not make it more complicated for them than it is already.

Billions of people are riding a bike, but not even 1 out of 10 million know how to setup/maintain/ride it in the best way.

You are making the big mistake to only see things from your point of view.
Not from the developers side, not from the common user site and not from the technical site.

[Rundvleeskroket]

One can't very well report a false positive if the malicious code is present. The hit is correct. It just should not result in a blocked site if blocking / filtering a small part of it would suffice.

[Rundvleeskroket]

You are forgetting a major thing.

I am most certainly not. Did you not read the part where I state it should be an advanced option only? Or did you choose to ignore it?

Even a browser such as Firefox lets you tinker with more advanced settings. You have to agree to a disclaimer, and you can continue. That disclaimer discourages novices. You can now stop this talk about 'common people' and what they can or cannot comprehend. I am not now, nor have I ever, advocating a change in default AV behaviour. The operative being: default. This implies more control is available for those who seek it.

[Eddy]

You are completely wrong.
If there is something malicious on a site and you only block that, who says that there is not a unknown malicious thing on that site ?
With your philosophy you are putting people/systems at risk.

It really does not make any sense at all to remove just certain words/sentences from a novel.
Websites are not like classified documents that you are allowed to view, but things are made black because you are not allowed to see parts of it.

Yes you do forget a major thing.
Did you not read the part where I said "The more options, the more confusing it is for them." ?
Or did you choose to ignore it ?

[Rundvleeskroket]

It is up to the user to choose the level of risk they are willing to accept. There is no one size fits all solution that works for everybody. Risk is fine, as long as it is managed well. There is no confusion if advanced options are behind a disclaimer warning. Apparently this is too much for you to grasp. That's fine, just stay out of this thread then. As I've asked you before.

[Eddy]

Risk is fine, as long as it is managed well.

And that is exactly my point.
The common user is far from capable of doing so.

Apparently this is too much for you to grasp

Apparently you have
de bel horen rinkelen, maar weet niet waar de klepel hangt.

[Rundvleeskroket]

You are going out of your way to fail to make the destinction between novices and advanced users. Either your attitude is deliberate, or you are not capable of normal comprehension. Both are not helpful. So, please, just go away. Your musings are not wanted.

I am not concerned with the policy regarding common users. Keep things as the are for them.  Power users need more control.

[bob3160]

You are going out of your way to fail to make the destinction between novices and advanced users. Either your attitude is deliberate, or you are not capable of normal comprehension. Both are not helpful. So, please, just go away. Your musings are not wanted.

I am not concerned with the policy regarding common users. Keep things as the are for them.  Power users need more control.

If you make the option available, every one becomes an advanced user if what they want to reach is blocked.

[Rundvleeskroket]

Well, then you can point to the disclaimer and remind them they were cautioned sternly and they explicitly accepted.

As it is, that is still better than the current situation which has people disabling their AV entirely (or far more than necessary, like all of Web Shield) and proceed.

The option wouldn't have to be in your face. Hide it from direct view. Or make it a command line parameter for the executable. Whatever. Live dangerously mode. Sounds nice

Besides .. in its current form Avast has all kinds of options available to disable components, and thus putting users at risk. If this is so problematic for most users, one wonders why they are given those choices. I honestly don't think that argument is valid.

[bob3160]

Well, then you can point to the disclaimer and remind them they were cautioned and they explicitly accepted.

As it is, that is still beter than the current situation which has people disabling their AV entirely (or far more than necessary, like all of Web Shield) and proceed.

The option wouldn't have to be in your face. Hide it from direct view. Or make it a command line parameter for the executable. Whatever. Expert mode. Sounds nice.

It is only better in your eyes. I'd personally like to see it made even more restrictive.
Better safe than sorry even if it may be a little inconvenient.

[Rundvleeskroket]

I agree the default should be very conservative. I don't however agree that it should be the only option.

But to get back to the heart of the matter: the least broad exclusion in URL blocking is made at Web Shield level, correct? There is no way to exclude a URL from just the URL blocklist and have Web Shield evaluate said URL when visited?

Which would possibly result in it still being blocked (partially?) if something nefarious is found, but not just because the URL is on a list.

[lukor]

Hi, you are right. The option should be removed and we will most probaby do it for the next release.

This option is in the settings dialog since the time where Network Shield (reposible for URL blocking) and WebShield (responsible for the content checks) were merged. Back then it made sense to distinguish between these two detection methods, basically because they were also implemented differently using different system APIs (WebShield:proxy, Network Shield:network filter).

Today, the detections already include many more checks, they watch for HTTP referrers, URLs extracted from previously seen malware samples, they check the content-type and match it against the actual content, and finaly also check for the content, in some cases for parts of the content, such as begining or end, etc. These things are included in several calls from the networking stacks into the detection engine.

It is no longer easy to separate one of the methods (URL blocking) from the whole chain - other that let it happen and then specifically ignore virus results containing Url:Mal2.
While this could be implemented, I wouldn't vote for it -- there are many checks in the process of the detection that make the whole result -- either turn it off completely by using the URL Exclusions, or let them all happen.

Thanks again for pointing to us that the checkbox is now obsolete.

Lukas.

[REDACTED]

I know this is an old thread, but I wanted to add that this issue is still happening. The only way for me to access blocked sites is to completely disable avast and kill the process with the task manager so I won't be renewing my license, but will check out this thread in the future to see if it is ever fixed.

For me it's a much larger issue because sites that I am required to access for school are blocked, as well as some shopping sites. (I can't submit homework if the university subdomain is blocked, and there's no way that blocking such sites should even happen!) Multiple people commented that we should all blindly follow the advice of the program to tell us what is and is not safe, but more often than not I am blocked from accessing sites I absolutely know to be safe. People would be livid if their ISP decided what they should and should not do on the internet, even if the ISP said it was just blocking content they know to be dangerous. In one case the FBI pulled bad websites, but made a mistake and pulled entire swath of safe family friendly websites and it was a huge issue. Ultimately, the end user - or at least the administrator account - should have the right to white list sites.

Besides that, it doesn't do a very good job of blocking sites. Avast says:  "this site could have harmed your computer" , but does not actually block the site from appearing or it's code from loading in the background. If it was pushing malicious code it's unlikely that avast would do anything about that. All it does is block the user from interacting with the site which is stupid. At least when google does it they fully redirect away which prevents malicious code from running at all and then gives the user the choice to go through.

The system would be more robust if I could both white list and black list sites. I have seen numerous unsafe websites I wish could not come up via popup, but at not at all blocked. If I could specify the url with a wildcard * to indicate everything in a range should be blocked that would stop that issue and make my computer safer without depending on avast to decide it's dangerous before blocking. Likewise, if I need to access a website for work or school I should not have to completely disable an antivirus because avast has decided on it's own that it wants to control my browsing habits. I should be able to tell it to let me access a website regardless of what it is programmed to think about that.

EDIT: Killing the avast process didn't help either, so I was forced to completely uninstall. It apparently injected code into the browser which I consider to be malicious behavior. I won't be re-installing. After uninstalling, and without having to restart the computer or even restart the browser, I regained control over my computer and was able to access blocked sites again.

[HonzaZ]

...because sites that I am required to access for school are blocked, as well as some shopping sites. (I can't submit homework if the university subdomain is blocked, and there's no way that blocking such sites should even happen!)

If some university/shopping domains are blocked and you think this is incorrect, you can submit a false positive. User-based whitelisting is very dangerous and I do not recommend it. If it is a false positive, it should be unblocked by us, and if it is a true positive, it shouldn't be visited at all.

Avast says:  "this site could have harmed your computer" , but does not actually block the site from appearing or it's code from loading in the background.

Code from blocked URLs is NOT loaded if you have Avast on. Are you perhaps talking about our browser plugin (Avast Online Security)? AOS does ask asynchronously, because if it asked about each URL before loading its code (and there can easily be hundreds of resources when opening one URL), browsing experience would be very slow.

I have seen numerous unsafe websites I wish could not come up via popup, but at not at all blocked.

If you think some URLs are unsafe/malicious and not detected by Avast, you should report them.

We of course do not block URLs willy-nilly; we only block a URL if there is a strong evidence of something malicious happening. Of course false positives may happen, but we do our best to keep the number (and impact) of them as low as possible.

[Eddy]

I can't submit homework if the university subdomain is blocked, and there's no way that blocking such sites should even happen!

So, you rather visit a malicious domain/server and loose days/weeks or even months of work because the malware destroys your work ?

Multiple people commented that we should all blindly follow the advice of the program to tell us what is and is not safe, but more often than not I am blocked from accessing sites I absolutely know to be safe.

And how do you know they are safe ?
Are you a programmer ?
Are you highly skilled in computer networks, traffic analyzing and such ?

Giving users the option to white list domains/IP's is a really bad idea.
A domain/IP that is safe right now can be infected the next second.
Do you really think people will check a domain/IP before they visit it if it is still safe and still should be white listed or not ?
No, they just visit it because it was safe in the past.
Giving users the option to white list domains/IP's (and other things), is like telling them not to use any security at all.

Sure, it can be annoying if you want to visit a domain/IP and it is wrongly blacklisted.
But as they say "Better safe than sorry".