Beta 4 - 11.1.2237 - XP SP3 and HTTPS scanning in Firefox 41.0.2

DavidR · 2015-10-24T14:36:05.000Z

Well this issue really hasn’t been squashed yet.

I’m constantly having issues browsing in Yahoo’s portal - https://uk.yahoo.com/ - that I browse for news, etc.

I also get this issue in the avast forums.

Several time a day I have to disable https scanning and stop the web shield. I then try to refresh those tabs I can’t view, but I’m still unable to view them.
Only when I enable https scanning and restart the web shield am I able to view the pages.
On occasion I also have to do this same exercise with the Mail Shield.

So there is certainly some work still to be done on HTTPS scanning for XP SP3.

Asyn · 2015-10-24T14:49:40.000Z

Hi Dave, still waiting for a reply from the devs here…

Asyn post:19:

MartinZ post:1:

WebShield HTTPS Scanning: We introduced a new method of HTTPs scanning. It is used in Firefox, Chrome and Opera. It works without changing the certificates with the help of kernel mode hooking. The security parameters and certificates are verified by the browser itself, including checks for untrusted or revoked certificates.

Interesting, is this also valid for XP systems…??

DavidR · 2015-10-24T16:30:10.000Z

Yes this has certainly been around for some considerable time and there were meant to be fixes, when it was first introduced I didn’t really have an issue when other were reporting issues in the likes of Yahoo and some other sites.

But from the time of the work around for XP is when I started to have issues, weird the fixes for me had the reverse effect. I too wonder about this new web shield HTTPS method, as I thought it was also for XP, but only those with SP3.

For me when they tried the selective/qualified update experiment to stop XP systems getting a beta if they weren’t allowed on XP was another problem area as it still let me install a beta that shouldn’t have been allowed and the only way round that was a clean reinstall.

The last two rounds of beta testing (for XP) and release for 10.4.x and 11.1.x have for me been probably the least stable of all of the betas I have taken part in in over 11 years.

I’m also still getting system lockups whilst browsing (also in MS Excel and also memory errors reported) with no other course of action than hard shutdown. This for me has been the worst as there is no way to gather any data or run the the support tool. Really frustrating.

Asyn · 2015-10-24T17:25:21.000Z

DavidR post:3:

I too wonder about this new web shield HTTPS method, as I thought it was also for XP, but only those with SP3.

For me when they tried the selective/qualified update experiment to stop XP systems getting a beta if they weren’t allowed on XP was another problem area as it still let me install a beta that shouldn’t have been allowed and the only way round that was a clean reinstall.

The last two rounds of beta testing (for XP) and release for 10.4.x and 11.1.x have for me been probably the least stable of all of the betas I have taken part in in over 11 years.

I doubt it, as the same problems/bugs are still showing up…
Was on vacation back than, so I missed all the “fun”.
Well, it works/worked well, if HTTPS-scanning is disabled, so we know the culprit.

DavidR · 2015-10-24T18:22:20.000Z

For me simply disabling HTTPS didn’t seem to be enough.

I had also to stop and restart the web shield and then ultimately have to enable HTTPS again, weird or what.

Along the way, there was a point in time when with https scanning disabled, statstics showed https pages still being scanned.

Asyn · 2015-10-25T05:04:25.000Z

Strange. Did you try a clean reinstall yet…!?

DavidR · 2015-10-25T14:25:54.000Z

Asyn post:6:

Strange. Did you try a clean reinstall yet…!?

Not for this beta update, but with the hassle on earlier beta updates I had done a clean install at 2016 beta. And that didn’t resolve any prior issues, in fact I seem to have had more hassle with 2016 than any other given I started out with a clean install.

For beta testing I generally do a program update from the UI as that is what I think most users do in regard of program updates.

Asyn · 2015-10-25T19:21:42.000Z

Unfortunately, we can only wait (and hope) for input from the devs…

DavidR · 2015-10-25T20:33:36.000Z

Yep, that is what I’m hoping for.

What makes this more frustrating is it will work for a while without issue and then loading effectively stops. Then I have to do my dance with the web shield. For now I have the https scanning option disabled, fingers crossed it is working.

davexnet · 2015-10-26T16:19:23.000Z

I’ve been looking around on the interwebs, other A/V’s that have tried XP SSL scanning have also experienced
similar problems. Perhaps the whole thing in XP is a bit of a kludge and will never work properly…

DavidR · 2015-10-26T17:30:50.000Z

Well I think it could be deeper than HTTPS scanning as I have had it off for a day or so now, but I again experienced issues when browsing the yahoo Portal https://uk.yahoo.com/.

The same symptoms as before, pages not loading, stopping the web shield and trying to browse/refresh the pages didn’t do anything until I re-enabled the web shield.

davexnet · 2015-10-26T17:57:42.000Z

Yes I see what you’re saying. I have reverted back to 2218 at least twice now, and this is what I’m running on my XP pc’s.
But the symptoms you describe point to a general lack of stability. Where the problem actually is,
I don’t know.

I would have assumed that turning off SSL scanning in the latest releases would be equivalent to 2218 where it was not implemented -
but it doesn’t seem to be. I’ve seen higher CPU in the task manager even with SSL scanning off, compared to 2218.

DavidR · 2015-10-28T18:21:58.000Z

This problem is still present in 11.1.2238 avast 2016 RC1 - why does that not surprise me it has been around for quite some time.

davexnet · 2015-10-28T18:43:27.000Z

For me, avast development cycle lacks any credibility. If SSL scanning in XP is not reliable it should be dropped.
If it’s a problem in avast and the XP infrastructure is sound, avast should explain the situation in full detail.

avast’s behavior is more reminiscent of an unaccountable mad professor than a professional software organization.

DavidR · 2015-10-28T19:19:13.000Z

davexnet post:14:

For me, avast development cycle lacks any credibility. If SSL scanning in XP is not reliable it should be dropped.
If it’s a problem in avast and the XP infrastructure is sound, avast should explain the situation in full detail.

avast’s behavior is more reminiscent of an unaccountable mad professor than a professional software organization.

Sorry but I completely disagree with your analogy.

Part of the problem is XP is old and doesn’t have the functionality (APIs) that would ordinarily be used in other OSes. So in trying to continue support for XP (unlike many others) they tried another method. But that in itself may have had issues and depending on what SP was installed the additional method wasn’t working 100%.

In the end some restrictions in what SP was required to be able to support https scanning and that was SP3. So those without SP3 probably couldn’t have the HTTPS scanning function, but why I ask myself would they still be on SP2 when SP3 is eons old.

davexnet · 2015-10-28T19:37:25.000Z

DavidR post:15:

Sorry but I completely disagree with your analogy.

…and depending on what SP was installed the additional method wasn’t working 100%.

In the end some restrictions in what SP was required to be able to support https scanning and that was SP3. So those without SP3 probably couldn’t have the HTTPS scanning function, but why I ask myself would they still be on SP2 when SP3 is eons old.

Well my analogy wasn’t great, but when the same problems keep appearing release after release, I get a idea in my head that I couldn’t quite convey…

Is the problem in XP confined to SP2? I’ve never heard it mentioned anywhere. If that’s the case, perhaps avast should qualify the software as needing
XP sp3 at a minimum?

As to why users still running SP2? it’s probably something to do with WGA and other perceived anti-piracy measures, whether real or not.

DavidR · 2015-10-28T21:19:24.000Z

I haven’t said that it is restricted to XP SP2 (for a start I’m on SP3), just that things have changed in the latest release of avast from 2015 R4 on how the https scanning is achieved in XP and this still needs more work.

Avast hasn’t changed the system requirements for some time, certainly not by any great margin. As for SP2 whilst it is still supported, there are going to be areas that aren’t supported in the that OS because it isn’t possible and the new NG (virtualisation function) is just one thing of the top of my head that isn’t available in XP of any SP variety.

Announcements