Avast Download Redirect to CNET - Not concerned with security best practice?

[REDACTED]

Start:  https://www.avast.com/en-us/index
Click on "Download Free Antivirus" copied url is: https://www.avast.com/en-us/download-thank-you.php?product=FAV-ONLINE&locale=en-us
The link redirects here:  http://download.cnet.com/Avast-Free-Antivirus-2015/3001-2239_4-10019223.html?hasJs=n&hlndr=1&part=dl-85737&path=direct&ls=media

Should I worry when the Antivirus software you rely on to protect you from just these maneuvers does not serve its own products and redirects you without notice or permission?

Or the question is, why should I NOT worry?

[Asyn]

You can also download it from the official Avast server.
-> https://forum.avast.com/index.php?topic=210678.0

[REDACTED]

Thank you for the link to the Avast online installers.  But the linked urls are also http not https and point to an executable file.  So we have to risk malware to get the Antivirus?

[bob3160]

Thank you for the link to the Avast online installers.  But the linked urls are also http not https and point to an executable file.  So we have to risk malware to get the Antivirus?

No malware just the installation file.
If you prefer, get them from here: How to Successfully Install Avast http://goo.gl/VLXde

[REDACTED]

I am surprised that AVAST does not utilize https for software distribution.  Isn't this a basic precaution?  What am I missing?

[bob3160]

Here's the download link I use for the free version:
https://www.avast.com/download-thank-you.php?product=FAV-AVAST&locale=en-ww

[Asyn]

I am surprised that AVAST does not utilize https for software distribution.  Isn't this a basic precaution?  What am I missing?

-> https://forum.avast.com/index.php?topic=60523.msg527512#msg527512

[REDACTED]

My concern is that Avast itself does not respect customer security enough to permit this.  Following links in a forum does not instill confidence in security practices.  Should be on the main page, secure and transparent.

This url also redirects to CNET without notice or permissions:
https://www.avast.com/en-us/download-thank-you.php?product=FAV-ONLINE&locale=en-us

http://download.cnet.com/Avast-Free-Antivirus-2015/3001-2239_4-10019223.html?hasJs=n&hlndr=1&part=dl-85737&path=direct&ls=media

[mchain]

What you say seems to be correct.  Seems to go along with what you could get for free could also come at a hidden cost.

I'd follow Asyn's advice @ reply # 1.  Furthermore, I'd also strive to download all executable files from original vendor sites only in the future as I've known about this redirect issue for several years now. 

Bitcoin miners is one of the new things in redirects.

[REDACTED]

Asyn's reply - the link is https to the forum (low risk) but the links to the downloads are http (high risk). 

So it seems I am the only one out of 400 million who finds this to be problematic.  In posting the question, I was hoping to be educated on security risks but am just getting more unsecure links.

[Asyn]

Asyn's reply - the link is https to the forum (low risk) but the links to the downloads are http (high risk). 

See Reply #6.

[REDACTED]

I am surprised that AVAST does not utilize https for software distribution.  Isn't this a basic precaution?  What am I missing?

I realize where you are coming from and I don’t disagree. However you could download the package from the http site (avast’s not cnet’s) then get the md5 hashes from this page https://support.avast.com/en-us/article/Troubleshoot-Antivirus-corrupted-setup and use a md5 tool to verify the package. IMHO the best you’ll probably get?

[REDACTED]

OK This one is served from AVAST - https://www.avast.com/en-us/download-thank-you.php?product=FAV-AVAST&locale=en-us

NOTE FAV-AVAST not FAV-ONLINE

[igor]

I am surprised that AVAST does not utilize https for software distribution.  Isn't this a basic precaution?  What am I missing?

I realize where you are coming from and I don’t disagree. However you could download the package from the http site (avast’s not cnet’s) then get the md5 hashes from this page https://support.avast.com/en-us/article/Troubleshoot-Antivirus-corrupted-setup and use a md5 tool to verify the package. IMHO the best you’ll probably get?

All the Avast installers (and other files) have a digital signature by Avast Software s.r.o.
Verifying that (rightclick --> Properties / Digital Signatures / Details) is the best way (much better than comparing some MD5 hashes, in my opinion).

[REDACTED]

Good information, Igor.  However once you click on the executable and before the confirmation prompt, if there is malware, it is too late.