Avast! 8 Beta?

Yes,it's an Avast issue alright.I confirm that with Avast installed,if you block your browsers (i checked with Comodo Dragon,Firefox and IE 9) in Privatefirewall they are still connecting to the internet like nothing happened.But this doesn't happen with OA.

 

I don't think it's a question of whose fault it is. Avast Web Shield has always worked like this (since 2003 when it was first introduced). It works as a transparent local proxy and the fact that some firewalls don't see redirections to such a proxy is unfortunate but true.

But in general, this is a fairly standard practice (transparent proxies -see e.g. http://en.wikipedia.org/wiki/Proxy_server#Transparent_proxy) so if your firewall cannot handle it, it may for sure have problems with other apps - including malware and other stuff you want to be protected from.

Just another example of how the whole 2-way firewall concept is broken from the security perspective -- i.e. it is always "best-effort" and not really something to rely on. Results really depend on where in the stack the offending app is, and where the firewall is.

Vlk

 

thanks for the answer vlk..that should keep some of the COMODO guys out of here and maybe they will eventually stop picking upon avast
and make them look what COMODO devs can do now about this

 

You got me curious about your windows firewall rules. I'm assuming you allowed avast's webshield in your rules. But what about browsers? One of the issues seem to be that even if a browser isn't specifically given an outbound rule, it still connects via the proxy that avast webshield creates.

 

Wrong, no issues with private firewall here.

 

Have you tried what i've described in my previous post?

 

Nice, thanks

 

Everything is just as it came from factory default..no changes done to win FW...running win7

 

Then you don't know for sure if there are any issues with windows firewall since you left it at default which allows all outbound connections.

 

Look out! The discussion regarding the inability of some firewalls to "see" through a transparent web proxy is back.

Frankly, if (and I say "if" because I don't know if it is true) MS have not updated their own FW to be compatible with their own recommended first-choice API, it doesn't follow that any other vendor who has also not updated their FW to be compatible with the recommended first-choice MS API, is compelled to slavishly follow MS's example.

 

Another video.
This one posted by MrITReviews
-http://youtu.be/AJGpBUbuxVM-

 

Interesting point you bring up concerning the updating of firewalls.When was the last time the windows firewall was updated because i certainly dont recall it as long as ive had my computer.

 

Why on earth do people put such high value on these home grown ten link reviews.?
They are pointless and hardly give a fair picture of a products effectiveness.
But seeing as everybody takes these videos as the word and gospel of god ,here is another one and avast 8 does not do that great.
Some good and some are bad.
https://www.youtube.com/watch?v=Mtu92Tr_9VM

 

I tend to agree
Yes certainly not a thorough enough test, all the same interesting to see it in action.

 

Perhaps this has already been answered, but can the Web Shield just be turned off so the affected firewalls will "see" the browser traffic again?

 

I would seriously doubt it.The web shield is an important part of avast and to suggest turning it off just to accommodate other products is downright lunacy and is preposterous .
Then again this is one of the dangers in using a layered approach as conflicts will arise ,unlike using full suites which compliment each other perfectly and to suggest turning off a security module just for others to work is just plain crazy.
Maybe the developers of these products need to go back to the drawing room and think some more.

 

To answer my own question I started my VM and I see that the web shield can be turned off. That's not a problem for me. It seems to me that this is one benefit of being able to control the modules individually. I haven't actually tested this along side one of the affected firewalls though.

 

I believe you can go into web shield settings and select, scan traffic from well-known browsers only.

 

This was a test done by a "noob", just picking some links on MDL malc0de and he thinks to be testing a product ... I hope "ThePCSecurity" will do another one ...

 

I believe it is the nature of how outgoing traffic on certain ports is redirected to a localhost port for processing by the local proxy/shield that effectively blinds the affected firewalls. I don't know how many shields rely upon such redirection in current versions of Avast, but Mail Shield was another one that used to rely upon redirection. I don't remember seeing anyone test other shields and redirected ports, but I always thought that would be a wise thing to do.

I don't know how Avast determines if a browser is well-known, but the scan well known browsers only would seem to reduce the number of applications for which redirection occurs and thus be helpful. However, some people do setup outgoing firewall rules they want applied to well known browsers and those should still break I think.

IIRC, some time ago Lukor of Avast mentioned in a forum post that a future version of Avast would incorporate a different design. The suggestion being that said future version probably wouldn't rely upon the troublesome redirection and thus would no longer blind the affected firewalls. I take it this redesign doesn't apply to Avast 8?

Since Avast 7 at least is a Proof Of Concept for the issue in question, I would suggest people hold onto a copy so they have something to test firewalls with.

 

These 10 or less links only are pretty much useless as it can either score perfect 100% easily or fail completely.

But the tests where they use 10 live links, ~300-1200 samples for on-demand and the rest later executed as any other program, that is not that useless. Granted, it's no scientific way of testing it, but it shows the rough efficacy of security programs.

Live links showcase how good it is at possibly realistic threats.

On-Demand scan check shows how good it is with signatures.

Live files execution of remaining samples shows how good are proactive features when (if) malware already goes past all the links checks and manages to get downloaded to the HDD.

The tests like this are always amusing to watch and they also usually show the most realistic scenarios and so they have some merit to them. They don't tell you the exact story but they do tell you what you can expect from a program in general. Those that always performed great in such tests were also pretty much always good in other tests and on actual normal systems used by normal users.

 

You believe right,but that doesn't help.

 

What do you mean it doesn't help?

It seems to me that everything other than well-known browsers would no longer be redirected through the local proxy.

If you are wanting to block browsers, which I don't know why anyone would want to, then this won't help.

 

It is the principal of the whole thing isnt it.If we wish to block something from connecting to the internet then we have every right to do so,It is our computers and we are free to control them as we wish....UNTIL.!!...avast is installed and then all the fun of the fair breaks out and we find we have no control what so ever.

 

ot posts removed. Stay civil

and for the other post that were here see
https://www.wilderssecurity.com/showpost.php?p=2005915&postcount=55