I’m having problems to get websockets (new technology coming with HTML5) working.
In Google Chrome I tried to use : http://websocket.org/echo.html but I’m unable to connect. But as soon as I disable the web agent from avast there is no problem anymore !
No warnings are emitted and no events are logged…
Maybe avast thinks it’s not a “normal” HTTP communication (websocket is using the port 80 but not the HTTP protocol)
EDIT1 : more information, my avast is up to date (27 december 2010)
avast free edition, language FR, version 5.0.677
engine and VPS : version 101226-2
does it show any warning when you try to visit it?if it does not then maybe try to contact with alwil via email and explain the problem because it seems like a false programming…i think that if your installation had a ptoblem,avast would block every site…i’m not an expert though so keep an eye on here for more replies
I haven’t done a lot of modifications in the settings and the advanced settings for the web agent are the default ones (I tried to change them, one by one, to spot the problem but I didn’t found anything relevant).
if you add the url in the exclusion list of web shield,does it make any diference?you can add a url in the exclusion list by going to avast control panel>web shield>expret settings>exclusions>URLs to exclude, and add the url with the html5 and tell me what happens…if the problem persists then i would try a repair of avast by going to start>control panel>programs>unistall a program>change/remove avast and at the setup menu scroll down and select repair…
EDIT 1:before trying the things i suggested,open the web shield and and the bottom right side there is a button saying “show report file” and copy paste what it says…
Due to security issues in WebSockets protocol Firefox and Opera turned off support for WebSockets for their next major releases Firefox 4 and Opera 11. We’ve covered how to enable WebSockets in Opera 11. Firefox 4 Beta 8 will be released with WebSockets support disabled by default,
December 10, 2010 3:54 AM PST
Web Sockets and the risks of unfinished standards
Enthusiasm for a promising new standard called Web Sockets has quickly cooled in some quarters as a potential security problem led some browser makers to hastily postpone support.
The Web Sockets technology, which opens up a live communication link between a browser and a server, remains an important part of plans to make the Web a home for more dynamic, interactive sites. It could, for example, speed up Google Instant searching and multiplayer games. But Mozilla and Opera put their Web Socket plans on hold this week until the wrinkles are ironed out.
"We've decided to disable support for WebSockets in Firefox 4, starting with beta 8 due to a protocol-level security issue," Christopher Blizzard, a Mozilla leader of new-technology work, said in a blog post. "Once we have a version of the protocol that we feel is secure and stable, we will include it in a release of Firefox, even a minor update release...To be clear, we're still excited about what WebSockets offers and we're working hard with the IETF [Internet Engineering Task Force] on a new WebSockets protocol." (Although the World Wide Web Consortium (W3C) is standardizing Web Sockets as part of HTML5, the IETF is in charge of the actual communication protocol it uses.)
I tried to exclude some URL’s (the webpage URL, the WS server’s URL with ws:// prefix and the same one with http prefix) and the problem persists.
The report file is empty, there are only start/stop logs.
Repair done, same problem.
@Nesivos thx for the links but I’m already aware about this situation. I enabled WS in firefox and chrome by disabling the default security setting etc, the problem is not there. Moreover when I disable avast web shield it works, so it’s not a browser’s configuration problem.
However, WS might be detecting some malicious code so it blocks the connection to the site.
Web Sockets problem
Now, though, plans are shifting with publication of a security problem by Adam Barth, a programmer with extensive browser security expertise. In a November 26 paper (PDF), Barth pointed out a problem with the "handshake" used to set up Web Sockets connections. By exploiting it, an attacker could get a browser to run malicious code through a mechanism called cache poisoning, Barth and the paper's co-authors said
The point is that it works perfectly without the web shield. There’s not malicious code, it is just an echo response…
The problem is the same with other examples of WS.
hello i have seriouslu problems with my avast . its bloking my internet explorer ad i cant see the avast firewall , im very tired of find this but i cant find that. please helpme.
disabling avast web shield is really dangerous because its your first line of defense…as for the urls exlusion you have to add the urls like this…if that doesnt work either let me know…
i agree with nesivos on this one…WS are considered a security risk and thats the reason web shield is blocking them…thats why i suggest the exclusion list which should work if you added the urls like the image above
I disabled 3 URL’s as previously explained. But the websockets don’t work either.
I know that this technology can be a security breach, but in this case I would like avast to show me a message, a notification explaining me that it has blocked something. I don’t get any message in the logs.
Hi,
I am Jan Carlin. I work for Kaazing as the support director. I’ve been following this discussion and have a question: does our demo page kaazing.me work when using avast in the way described here? If it works, you should see the New York Times news feed and the Twitter feed and other demos running. I suspect that it will work. Could you please test ClementN?
