Anoying security warning upon visiting Google.com

[Black_horse_88]

Hi

I just installed Avast internet security .
Every time I visit google.com I get warning security message , twice , clicking yes , yes , or no ,no , does not affect my browsing . But it happens everytime I visit google , type in search box or refresh , which become very anoying .

I figured a way to disable the message , by disabling Avast add-ons , in Internet Explorer add-ons , that will disable avast web check , but I like to be informed of good/harmful webistes , is there a way to fix this ?

Thanks.

[YoKenny]

Absolutly no problem visiting Google.com but I do not go there with HTTPS.

[DavidR]

That has nothing to do with avast.

The message is to do with your Internet Options, Security Settings Internet Zone, Miscellaneous section (see image) settings. Since you are using HTTPS to visit google some of the content on that page won't be from a secure source.

The message is effectively telling you there is mixed content on that page and since you connected using HTTPS you will get this message. If you connect to google using a normal HTTP connection you won't get this message.

So the big question is why are you connecting to google.com using HTTPS ?

[SHARKY7SHARKY]

http://blog.httpwatch.com/2009/04/23/fixing-the-ie-8-warning-do-you-want-to-view-only-the-webpage-content-that-was-delivered-securely/

[Black_horse_88]

I don't go to HTTPS , I just type google.com or using history (http:\\google.com) , probably because I'm logged with my google account , it takes me to secured HTTPS.

The settings on my security zones are defualt.
I was using Avira before , now trying Kaspersky , and Avast for deciding my new AV. Both Avira and Kaspersky never shows that message , only Avast , If I disable the add-ons , the message won't pop.
If I logged out of my Google account , it won't pop up , and it's only happen with Avast , with add ons enabled . I used Kaspersky , with KS add ones enabled , it didn't show the message.

Maybe you should try logging in to your google account and visit google.com

Thanks Sharky7Sharky for the link , but I'm not sure if I should disable or enable mixed content , as the link says it sometimes needed for Java.

[DavidR]

They might well be the default, but what was in my image is likely to be a default and if visiting google with an https connection you are going to get that pop-up.

It doesn't really mater what I might try (I don't have any google apps), as the problem is on your system and it is that mixed content notice you will have to change. Or accept that when you visit a site on an https connection that has mixed content you are going to have to choose what to do on the pop-up each time.

[Black_horse_88]

Is there any way to stop Avast from doing this insted of stopping the add-ons ?
If no , what do you suggest to choose other than prompt , disable or enable mixed contents ? Are there any risks of choosing any ?

[FlyingRobot]

...only Avast , If I disable the add-ons , the message won't pop...

Are these the WebRep addons?  FWIW, I just did a quick test.  I see no IE8 warnings when the WebRep addons are disabled or not-installed.  I see some mixed-content warnings when they are installed and enabled.  I think when WebRep is installed and enabled, it transmits information about the sites you are visiting and the search results to avast via HTTP requests.  My suspicion is that IE sees an HTTP request when the target page is HTTPS and creates a warning (as it should).

Note: features which transmit information about the sites/URLs you visit and/or the searches you perform to third parties are a major privacy issue.  Make sure you understand how they work and think through potential implications before installing them.  Keep an eye on what you've installed in order to identify any which are installed without your explicit permission.

[Dch48]

That is not any kind of Avast warning at all. It's simply a warning from the browser (Internet Explorer)that the page may contain things that are not secured by the https protocol. I also have to ask why you are using https to go to google.com. There also is a way in IE to always allow mixed content on https pages and not get that warning. I forget how to do it though and I'll have to look it up again.

Okay found it. Go to internet options and click on the security tab. Then on the internet zone and then custom settings. Under Miscellaneous look for "display mixed content" and check enable. You will get no more prompts like the one you posted.

I guess I should have read all the posts in this thread first. DavidR shows it in pictures. Oh well 

[Black_horse_88]

That is not any kind of Avast warning at all. It's simply a warning from the browser (Internet Explorer)that the page may contain things that are not secured by the https protocol. I also have to ask why you are using https to go to google.com. There also is a way in IE to always allow mixed content on https pages and not get that warning. I forget how to do it though and I'll have to look it up again.

Okay found it. Go to internet options and click on the security tab. Then on the internet zone and then custom settings. Under Miscellaneous look for "display mixed content" and check enable. You will get no more prompts like the one you posted.

I guess I should have read all the posts in this thread first. DavidR shows it in pictures. Oh well 

Are you sure you have read all the posts ? Lol.  I know the way , but I don't know what the risks are , I guess the WebRep add ons trigger the mixed contents , making the message appears.
Avast losing a point , and one goes for KS  hehehe.

Alright thanks all . I will decide what to do about the mixed contents.
Have a nice day.

[FlyingRobot]

I've been playing with IE8 while WebRep is installed/enabled and Wireshark is running.  I see what I'd call HTTP Requests for updates to the rules used by WebRep, HTTP Requests sending host/domain names to avast (rather than full[er] URLs), and I see api.webrep.avast.com doing a Set-Cookie: userid=XXXXXXXXXXXXXXXXXXXXXXXXXX; Expires=Tue, 2-Nov-27 06:44:53 GMT; Path=/;Domain=webrep.avast.com.  What I don't see is WebRep sending host/domain names every time the same search is performed.  So I'm thinking there is some caching going on.

So I'm inclined to change the previous "My suspicion is that IE sees an HTTP request when the target page is HTTPS and creates a warning" to the more general "IE sees that some content is not delivered over HTTPS and creates a warning".  Sorta like the warning dialog says   If I load a search results page and allow the mixed content I see the WebRep ratings bars next to the results.  If I refresh the page and disallow the mixed content I don't see the green ratings bars.  Perhaps there are other difference but I just wanted to verify that idea.

FWIW, I search google via HTTPS just to reduce what third-parties can sniff.  That isn't perfect because a) we're talking about google and it is probably as bad or worse than many third parties, b) what usually follows is a click then HTTP Request that can be sniffed.  Yet, I do prefer to use HTTPS where possible.  If one uses WebRep they should be aware that at least some times and for at least some sites it appears to take some content that was kept within a secure channel and it sends it out over an insecure HTTP channel.  Ideally it would never do that.

[SHARKY7SHARKY]

You are not the only one with this problem, all you have to do is check mixed content & keep your Java up to date.
& it’s not an Avast issue.
Thousands get it & they don’t have avast, it’s IE triggering the alert.
Many get it on banking sites etc.
Mixed content settings will not disable Java.

[Black_horse_88]

I checked the mixed content , it's working fine now, I hope that won't affect my secure on the internet 

Anyway , thanks all for sharing your knowledge and helping my , much appreciated.
Thanks.
Enjoy your day.

[ady4um]

I don't mean to contradict anyone. I just want to give my own personal point of view.

Every time I get to some site where mixed "secured / unsecured" objects are part of the page, I tend to select to show / download only the "secured" sections. Only in specific cases where the page is not working correctly or it shows some problem, I *may* choose to show the "unsecured" parts too.

In cases where real security issues are in place (like personal data), I search first for help and real info about those "unsecured" parts of the web page before "taking the chance" with the "unsecured" objects.

So, in my case, if I were to select not to show those "secure/unsecure" messages anymore, my default selection would be to show the "secured" parts *only*, and only in very particular cases I would care to allow all type of contents to be loaded (and that would mean to change some additional setting, so to allow a different behaviour in that particular page than the default I selected).

In the case of google accounts, there is a setting / option to load "everything" using https, or just the "sign in" page (so after signing in, the rest is normal http). My guess this setting is influencing the behaviour of all google-related services once you signed in.

[FlyingRobot]

I hope that won't affect my secure on the internet 

If you blindly allow mixed content it COULD affect your security (as well as privacy).  You wouldn't know if it WOULD do so unless you investigated and assessed the specific situation.  Needless to say, you would want to investigate BEFORE allowing your browser to request or process the questionable content.  Yes, that can be challenging, time consuming, and in general a PITA.

FWIW, I think I read that by default IE9 does not show the mixed-content warning if the only non-secure content is images.  I'm not at my IE9 equipped machine right now but I think there is a setting to fix that.