There is considerable discussion on another forum regarding a version-updated anti-virus program using its .exe file to act as an internal proxy for the purpose of scanning POP3 & HTTP traffic. It previously used winsock hooks - so that is an unsubtle hint which one it is!
This, it is said, creates a “tunnel” through a third party software firewall, by using a trusted program, i.e. the AV program, to route outbound web access through the firewall, thus negating the allow/deny facility, with corresponding rule creation, which most firewalls have.
Does Avast! use this technique? If so, in practical terms, what are the opinions of forum members?
avast uses a localhost proxy and doesn’t avoid the firewall.
Unfortunately with no detailed information or link or your reluctance to name it there really is no way to comment. Also your comment “It previously used winsock hooks” is really a waste of time even investigating if that is no longer the practice, regardless of what AV it is.
Any firewall worth its salt should be able to detect the parent program using a localhost proxy (sygate was one that couldn’t detect what program was using the proxy). So if a different parent initiates an internet connection on a port that is redirected through either ashMaiSv.exe or ashWebSv.exe the firewall should challenge it.
WebShield acts like an internal proxy, afik.
If you use GMail, or any other SSL email, you need an internal proxy (Stunnel) to allow avast scanning of it.
Well I have no problem in saying that the AV in question is nod32, but it could happen to ‘any’ AV using a localhost proxy to scan email or in this case http traffic.
Well that is exactly as I said the problem is the firewall and not an AV tunnelling past the firewall but one that has a localhost lookback flaw, one which was recognised years back but was never fixed by sygate.
At one point the recommended action was not to use the web shield transparent proxy, but to manually set the browser to use the avast web shield proxy. Now it is marvelous that avast users had to do this to make up for the failings of a firewall.
This changed somewhat when avast didn’t allow all traffic to use the web shield proxy on port 80, but only recognised compatible browsers. This made security better for avast users, but it still didn’t make up for the short comings of the sygate localhost loopback vulnerability.
Hmm - so which firewall doesn’t have such a vulnerability?
I know this isan Avast! forum, but I’m thinking of using Online Armor with Avast!, so how do these two stack up
together?
The greatest majority don’t have the vulnerability but I don’t have any list.
I don’t use online armour so have no personal experience of it. There are some who do use it or have used in the forums and there those that hate it and those that love it. That lover or hate relationship has nothing to do with its getting on with avast.