Author Topic: scanning secure connections  (Read 7627 times)

0 Members and 1 Guest are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
scanning secure connections
« on: March 18, 2010, 12:05:38 PM »
usual connections are scanned by the webshield.
i see that connecting to https-sites is handled by the browser and scanned by the networkshield.
my question: is the networkshield as good as the webshield or are there some restrictions in scanning?
as the data gets send on a secure connection is the dedection of malware/hijacking etc. the same?
can the networkshield fetch the treads as good as webshield does?
thanks for answers.
aswyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: scanning secure connections
« Reply #1 on: March 18, 2010, 12:23:48 PM »
ssl connections aren't scanned, and can't be scanned
see here, and please read, so that you understand why:
http://en.wikipedia.org/wiki/HTTP_Secure

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: scanning secure connections
« Reply #2 on: March 18, 2010, 01:06:18 PM »
ssl connections aren't scanned, and can't be scanned
see here, and please read, so that you understand why:
http://en.wikipedia.org/wiki/HTTP_Secure

well, thanks, i believe you...
nevertheless avast (networkshield) scans traffic on port 443, if i use a https connection.
so do you think, it just scans the traffic without having any influence on it?

W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: scanning secure connections
« Reply #3 on: March 18, 2010, 01:11:20 PM »
no it doesn't, the network shield only refers to a black/white list maintained by Avast; it might also have traffic scanning features, but certainly not on 443, that's impossible. What makes you think it does?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: scanning secure connections
« Reply #4 on: March 18, 2010, 01:21:53 PM »
if i open the avast gui and look at webshield-traffic it shows my normal (80) connections to the net and if i look at the netshield-traffic theres only activity, when connecting to https (443). i really don't know, if it's actually scanning that connection, but traffic is shown and i thought that the traffic shown is the traffic scanned...???
asyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: scanning secure connections
« Reply #5 on: March 18, 2010, 01:31:38 PM »
traffic is just detected, but nothing apart from the server's/site's potential to spread malware is analyzed.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: scanning secure connections
« Reply #6 on: March 18, 2010, 01:44:32 PM »
so in that case a secure connection would not be scanned, even when shown in networkshield-traffic.
means: in connection with avast secure connection is less secure, in fact to it is not scanned/cannot be scanned for malware, etc. therefore it would be better on some instances to connect over 80 than 443 since there malware would be found other than on a 'secure' 443 connection. where avast wouldn't even know about it? right?
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: scanning secure connections
« Reply #7 on: March 18, 2010, 01:54:20 PM »
most sites offering https have good reasons for that, privacy, online banking, email etc...and there's no reason to worry about the web shield not scanning. But indeed in some cases, like facebook or twitter that both support https, there is indeed a risk to download malware >>> whatever, the file shield is always there to scan decrypted files at disk level (ie https web pages are decrypted when downloaded) and will detect malware if any. If it's an archive, it will be analyzed when you open it.

 As to the network shield, can you make a screen shot of what you think it scans on 443 (activity text line) and post it here?

sded

  • Guest
Re: scanning secure connections
« Reply #8 on: March 18, 2010, 02:14:18 PM »
From the Avast! website,
"Network Shield
Provides protection against network-based viruses. The module has two main components: a URL blocker, designed to block malicious URLs (as defined by the Virus Lab), and a lightweight intrusion-detection system."
As Logos points out, there is no way for Avast! to scan the content of port 443-it is encrypted all the way to your browser.  Certainly Avast! can check the URL(s) you are redirected to-probably a good idea with all the cheap/free SSL certificates for HTTPS given out to malicious websites. 

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: scanning secure connections
« Reply #9 on: March 18, 2010, 02:23:02 PM »
most sites offering https have good reasons for that, privacy, online banking, email etc...and there's no reason to worry about the web shield not scanning. But indeed in some cases, like facebook or twitter that both support https, there is indeed a risk to download malware >>> whatever, the file shield is always there to scan decrypted files at disk level (ie https web pages are decrypted when downloaded) and will detect malware if any. If it's an archive, it will be analyzed when you open it.

 As to the network shield, can you make a screen shot of what you think it scans on 443 (activity text line) and post it here?

first: thanks to your answer(s) and your help!

so if i use https (443) it would be ok, cause of the file-scanning? would it be scanned while displaying in ff-browser, since i think its partly excluded from the file-scanner. also, if i have a secure connection, using a firewall could bypass avast then, doesn't it?

maybe i should start asking: what does/can avast stop in webshield?
and what can avast not stop bypassing webshield?

i always want to go in depth - please anyone, not shure what i'm talking about, just ignore it - sorry.
avast is still one of the best securitiy-apps! (imo)
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: scanning secure connections
« Reply #10 on: March 18, 2010, 02:36:37 PM »
From the Avast! website,
"Network Shield
Provides protection against network-based viruses. The module has two main components: a URL blocker, designed to block malicious URLs (as defined by the Virus Lab), and a lightweight intrusion-detection system."
As Logos points out, there is no way for Avast! to scan the content of port 443-it is encrypted all the way to your browser.  Certainly Avast! can check the URL(s) you are redirected to-probably a good idea with all the cheap/free SSL certificates for HTTPS given out to malicious websites. 

thank you for your reply.
the defintion doesn't help much, i did read it before.
could mean anything and nothing.
but you definitly hit the point... some sites sign their own certificates - means i trust myself - so what?
thats why i think the concept of avast works better without encryption, am iwrong?
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

sded

  • Guest
Re: scanning secure connections
« Reply #11 on: March 18, 2010, 02:52:56 PM »
Well, one way of looking at it is that Web Shield actually looks for viruses in your datastream.  Network Shield looks for reports that the website sends you viruses, but Avast! can't tell independently until you get to the File Shield.  So the protection is still there, it just happens a bit later in the processing thread if the link is encrypted.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: scanning secure connections
« Reply #12 on: March 18, 2010, 03:17:07 PM »
Well, one way of looking at it is that Web Shield actually looks for viruses in your datastream.  Network Shield looks for reports that the website sends you viruses, but Avast! can't tell independently until you get to the File Shield.  So the protection is still there, it just happens a bit later in the processing thread if the link is encrypted.

true. webshield looks 4 viruses in the stream - thats, why i asked for in the first place, cause if encrypted, it won't work, if i get logos right.
nws is not able to scan 4 viruses, right?
fileshield? i see exclusions in fs using ff.
btw. i always have encryption on, connecting to the net over a proxy. so should i drop the proxy for protection or should i keep the proxy and drop avast?
any answer appreciated.
asyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

sded

  • Guest
Re: scanning secure connections
« Reply #13 on: March 18, 2010, 03:33:52 PM »
Proxies and VPN's are really for privacy, not anti-malware.  If you go through a transparent proxy server, the datastream comes to your computer just like it normally would, whether http or https, and gets the same treatment from Avast! as though the proxy wasn't there.  The proxy can't see the content of an https link generated by your browser any more than Avast! can; it just provides another layer of encryption so outsiders can't see where or what you are surfing.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: scanning secure connections
« Reply #14 on: March 18, 2010, 04:58:40 PM »
Proxies and VPN's are really for privacy, not anti-malware.  If you go through a transparent proxy server, the datastream comes to your computer just like it normally would, whether http or https, and gets the same treatment from Avast! as though the proxy wasn't there.  The proxy can't see the content of an https link generated by your browser any more than Avast! can; it just provides another layer of encryption so outsiders can't see where or what you are surfing.

why not combine privacy and anti-malware? (anyone against it?)
and no, it gets not the same treatment, as it is neighter out there nor transparent but the transfer is caught by the networkshield, which is actually ok, but what is scanned is my interesst. i guess not all! the bad things caught by webshield...!!???
anyways, you're near to reality....
thanks a lot
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0