Download process is not safe anymore

I’ve recently downloaded a file and I realized that this browser is no longer safe.

Normally, before the download starts “downloading”, I have to confirm the dialog box asking me “where to I want to save the file?”. But now, I realized that by the time I decide myself on trajectory, the download as already finished in the background before I even accept and confirm to download the file by clicking save. That mean if I go on a web page that try to force download something on my computer without my authorization, I might damage my pc simply by navigating on the web.
Recently, since the last update I believe, this browser is no longer safe at all. Anytime, I could get a pop up (ads) or land on a malicious website, that force a download into my PC and run any kind of junk on my computer before I even blink my eyes. That is not good at all. When it ask me “where do you want to save this file?”, I expect that it holds the download back until my approval on location directory.

I understand that it’s faster because it ask me to confirm download direction, meanwhile the download is directly run for a quicker navigation. But that is not what I expect from my browser.

Whilst I don’t use the Avast Secure Browser:
Is there not a browser Options/Settings/Menu function that allows you to set a default download location ?
That way you wouldn’t get asked where to save it.

There certainly is in Firefox and probably other browsers.

You are totally out of sight. The main point of “asking every single time” where to save the file is to FIRST avoid random download to run on you PC without you even ask for (without your permission) and SECOND to have a personalized configuration of all your files. I’m a student and whenever I download class documents, I don’t want it to end up forgiven in a single folder. I like to download every single file in it’s specific class and course folder, but that is not the point. I don’t know if I made my point clear to everyone.

I checked with Chrome and they have the same process except on their side, they only allow direct download of files when the file is recognized. For exemple, try to download VLC and it will download straight before you even confirm location. But try to download Eicar with Chrome and it won’t download it until you press the “save” button. You can see the download progression in the task bar (loading in green).This is a major problem in my opinion. These days we get whole lot of virus out there, if you know what I mean. Just kidding!! ;D ;D

Nahh, seriously!!! Avast team… you need to fix that. I was not aware of that, but now that I am I don’t see a reason for staying here any longer.

To start with downloads are going to be scanned by Avast regardless of where they are saved.

Not only that the source that they connect to in order to be downloaded would also be checked by the Web Shield. They would also be scanned by the File System Shield should you or something try to run them.

Avoiding the download is the only good way to avoid any problem. If a malicious and unwanted file try to install on my PC trust me I don’T care about what antivirus is waiting behind to catch it. All I want is my browser to be smart enough and not let any clown out there force download stuff on my computer simply because my browser download anything that comes in. This is a joke. am not arguing with you anymore. Just make sure I will switch for chrome by now.

Also I visit a website for 30 sec. and got lot of pop up unblocked. My friend said he’ve got on the same website for hours and got none of those ads. Chrome users has better experience overall and google is making a much better job apparently. Security is lacking on this browser and it no longer fit my standard. Migrating my favorite URL right now.

Avast isn’t waiting behind, first you have the web shield, it is monitoring sites and scanning content including downloaded content. Second you have the file system shield which scans newly created files. Finally the third line of defence is the file system shield scanning any file before it is executed.

The Avast Secure Browser is also isolated from your system and because of that you can’t install a load of other add-ons. As I have said I don’t use it and this was one of the reasons why. Another reason was I couldn’t install it on all my systems as XP/Vista OSes aren’t supported.

The simple answer is, if it doesn’t suit your requirements, just uninstall it.

WHAT IF I DON’T USE AVAST ANTIVIRUS? This is not secure at all.

Do you work for Avast? because such an answer is bad for their image. If so you could just say “we will have a look into it but can’t promise anything” and it would have much more better look. I don’t really need opinion or explanation or suggestion. I am here to report a major problem IMO. All am bringing forward is lack of security on a browser called “secure browser”. Beside that, I don’t need any support. All I want to hear is “Hey that is a good fact… thanks to bring this point forward so we can fix it in a hurry.”

By the way. Have fun!

It wouldn’t take much to fix that. Not lot of time and effort to fix something that would make the browser a step ahead on safety.

I don’t work for Avast, I’m an avast user like yourself, but perhaps not given your comment, what if I don’t use avast :slight_smile:

It is very strange that this setting is changed back to the default value.
I’ve just checked automatically changing this setting after browser update. Unfortunately, I can’t reproduce this issue.
I had ‘Ask where to save each file before downloading’ is set to yes and after browser update, it is still enabled.

Could you please provide us with your diagnostic information?
You can get it by visiting this link: secure://settings/diagnosticInfo

To enable this option back to ‘Ask where to save each file before downloading’ back, please do the next steps:

  • Open secure://settings/downloads
  • Click on ‘Ask where to save each file before downloading’

Thank you!

You don’t seem to understand the problem. Please read back. The problem is not with the option to determine where to save file every time. The problem is that the download begin before I even confirm “save” the file. The download starts somewhere in the cloud before you press save.

Hi moneymaker0886,

Can you please tell me if this problem occurs with every file that you try to download? Or just some certain type of files?
Also, as stated above, could you please provide us with your diagnostic information? You can find it by visiting this link: secure://settings/diagnosticInfo

I can, but I will not. I don’t have time to waste with you. fix it or don’t, but don’t make me waste my time with diagnostic information that you don’t need. IT’S IRRELEVANT . You can go and test it out yourself. No need to ask me.

Again go read back what have been said, because you seem to skip lines.

Time for you to get out of the house. Your disposition is terrible. :slight_smile:

I understand now.
Actually this is normal behaviour for the Chromium-based browsers.

Regarding safety, Avast Secure Browser has functionality which has good integration with AV and verifies all your downloading files.

first, I am not using Avast antivirus anymore, I use window defender. Second, if a new virus or malware force install on my pc, because it’s new, no matter what antivirus you on, it wont be stopped. I’ve seen it before and this is still going on. The only way to avoid problems would be to let owners control what files can download on the PC.

Since secure browser download files before you tell him to, this is unsafe. You could get a popup that force download stuff with no option to avoid the download. It’s really really bad.

Hello moneymaker0886,

I have discussed this with one of our security experts that focuses on browsers and we ended up in agreement that the download itself is not dangerous. Executing the malicious code is.

So therefore pre-downloading the data before you click save is not security vulnerability and also it is the reason why other major browsers (Chrome, Firefox) behaves the same and why most of the browsers are by default set to not ask where to download the file and automatically download it to Downloads folder. Downloading does not mean installing/executing.

And you were not right about Chrome pre-downloading only trusted files. I just checked with our malware samples that are on internal network (private ip range) and Chrome pre-downloaded them without worry.

However, we are not saying we can’t be wrong. If you know about any existing exploit or you have some proper research about how this attack would work from technical point of view (like what exact steps would need the attacker achieve to infect the machine) then please properly describe the vulnerability and contact us via our bug bounty program As this would be massive security flaw, that would basically be affecting every online user, the reward from the bug bounty program would be for sure financially really rewarding. Please read the programs instruction first, before submitting your report.

To your question about Avast team staff. You can identify us on forum by “Avast team” info under the profile icon. “Avast Überevangelist” are recognized community users that have deep knowledge about our products.