Author Topic: Why is AvastSvc.exe not using HTTPS?  (Read 2299 times)

0 Members and 1 Guest are viewing this topic.

Offline nightwalkerrobin

  • Newbie
  • *
  • Posts: 1
Why is AvastSvc.exe not using HTTPS?
« on: May 01, 2022, 09:30:56 PM »
I understand that AvastSvc needs to run to provide updates and such, but why is it still using HTTP and not HTTPS?

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #1 on: May 02, 2022, 11:53:07 AM »
Hi,

Can you please attach a screenshot of this? Please see this article on how to generate a screenshot. https://support.avast.com/en-ww/article/Create-screenshot

Offline david_1024x

  • Newbie
  • *
  • Posts: 1
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #2 on: May 25, 2022, 06:24:56 PM »
I had the same question.  I've monitored these ports and have a few questions:
  1 Why are they not using https?  This is very poor judgement and reflects poorly on the ability to trust this product
  2 Why are they left connected?  These should be sessions, open and closed when finished.
  3 The fact that they're left open and unencrypted begs the question: exactly what information is being communicated on these ports?
  4 I tested the app with the most limited setup (see attached)
    _ there is should be no reason for these ports given there are no app features that need frequent communication with Avast servers
    _ I spent a good hour searching this forum trying to find useful information on these port with no success

!) Avast team - please explain

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #3 on: May 26, 2022, 09:30:19 AM »
Some features (e.g. streaming updates for instance, at least I believe so) use a persistent connection, intentionally - they don't close it, they wait for another streaming update to arrive.
Wherever http is used, some kind of digital signature is checked to make sure the data is legit. Or, in some cases there's a custom encryption on top of http (the reason being performance).

Offline Mr. Consumer

  • Full Member
  • ***
  • Posts: 134
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #4 on: May 26, 2022, 12:42:32 PM »
Some features (e.g. streaming updates for instance, at least I believe so) use a persistent connection, intentionally - they don't close it, they wait for another streaming update to arrive.
Wherever http is used, some kind of digital signature is checked to make sure the data is legit. Or, in some cases there's a custom encryption on top of http (the reason being performance).
Still, I think measures should be taken by Avast to stop relying on HTTP. It doesn't look good in 2022. Nowadays, we even have DNS over HTTPS build into Windows 11. So streaming updates or anything related to Avast should adopt HTTPS for everything.

Offline Mr. Consumer

  • Full Member
  • ***
  • Posts: 134
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #5 on: May 26, 2022, 12:50:29 PM »
I checked on my system and yeah it's the same here. Not good.
« Last Edit: May 26, 2022, 12:58:40 PM by Mr. Consumer »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #6 on: May 26, 2022, 03:28:43 PM »
I checked on my system and yeah it's the same here. Not good.
If you don't like the explanation you've already received from Avast, which I thought was pretty good,
you do have a choice. It's your computer.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #7 on: May 26, 2022, 04:24:22 PM »
I checked on my system and yeah it's the same here. Not good.
If you don't like the explanation you've already received from Avast, which I thought was pretty good,
you do have a choice. It's your computer.

I also thing it was a very good and clear answer.  It isn't as if these connections are to any old tom dick or harry website.

The fact that it is also encrypted and some kind of digital signature further reduces/negates the use of http for the streaming updates.

As Bob mentions, your system, your choice. 
You have a few, has this put you at risk during the time you have had Avast, switch of streaming updates or switch your antivirus. 
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Mr. Consumer

  • Full Member
  • ***
  • Posts: 134
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #8 on: May 26, 2022, 05:48:27 PM »
Why do you two always have to attack a forum member who points out something negative related to Avast? Imagine you/a politician suggesting your government to change a not-so-good policy and the government in reply tell you, go leave the country if you don't like it. That's a ridiculous answer which reminds me of.....well some certain countries.
I very much appreciate the answer that was given and in reply, I briefly said that I think that Avast should move to HTTPS. I didn't say anything wrong here. You should accept constructive criticism.
Things like Windows updates are also always served via HTTPS nowadays unless there is an issue. If I remember correctly, Microsoft even made HTTPS mandatory for organizations using Windows Server.
So it's only a normal thing to move in this direction. So, I didn't say anything illogical that would make you angry. There is no need to create a scene here.
At this point, just wait and see if the OP and the other member have anything to say about the answer that was given. Otherwise, it seems there is nothing else that needs to be said by you and me.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #9 on: May 26, 2022, 06:26:46 PM »
This is not an attack.

However, perhaps because you have had an answer by a very senior Avast Team member and because it doesn't really present a direct risk in the same way as you connecting to an https site using your browser.

As has been said it is your system and your choice, so there isn't much point in continuing beating the horse when it is effectively dead.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #10 on: May 26, 2022, 09:33:17 PM »
There wasn't any attack unless you perceive any answer that doesn't meet your standards or expectation as an attack. I was simply expressing my opinion of your reply. Not everyone will necessarily agree with your opinion or mine.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Mr. Consumer

  • Full Member
  • ***
  • Posts: 134
Re: Why is AvastSvc.exe not using HTTPS?
« Reply #11 on: May 31, 2022, 06:13:54 PM »
Alright then. I just hope me complaining about Avast don't give you the impression that I hate it or something. My intention is to see Avast getting even better as a product.