Announcements

system · December 31, 2014, 8:20pm

.

Pondus · December 31, 2014, 8:50pm

What avast version do you have? I think this is related to avast secure DNS. This was asked / and explained by somone from avast team in another post

If i find it i will post a link…

system · December 31, 2014, 9:09pm

.

system · January 1, 2015, 9:00am

Hello Sulphate

May the avast forum users have more information about the current issue that you are experiencing so we can clarify and fix the issue.

What OS do you use,x86 or x64?
If you use other antivirus did you use their official antivirus removal tool?
Windows Update and Drivers is all updated?
Other Programs you are using?
Other Programs you are using is it updated to the latest version?

system · January 1, 2015, 9:56am

.

system · January 4, 2015, 9:21am

.

RejZoR · January 4, 2015, 9:51am

Erm, why did you even bother asking here if you weren’t interested in resolving the “issue” in the first place? We don’t even know what you were on about with the DNS logs and avast! “accessing” webpages. I hope you do realize that avast! is verifying/scanning all accessed URL’s and webpages for malware and phishing, ever thought it might be that?

system · January 4, 2015, 10:27am

.

igor0 · January 4, 2015, 11:30am

Avast doesn’t access those sites (should be easy to see via a firewall, shouldn’t it?) - it only resolves those DNS records.
The operation is part of the Home Network Security feature - checks for DNS compromise / redirection to unrelated sites.

RejZoR · January 4, 2015, 12:34pm

When i read your post, all it said was (let me quote it): “.”

That was all it said, so don’t yell at me for not understanding what a period is suppose to mean…

@igor
Maybe I don’t quite understand it, but why does avast! have to resolve unrelated address through DNS if user doesn’t actually try to access those specific webpages? I understand that if you visit one of the mentioned addresses, avast! checks if everything is fine, but why does it have to if you don’t visit them?

I thought I understand the scanning/cloud part but apparently I’m missing knowledge on this one…

bob3160 · January 4, 2015, 1:46pm

Maybe I’m missing something ??? If someone were to examine my computer,
would it look as though I accessed these sites daily?

igor0 · January 4, 2015, 5:29pm

Nope - your computer doesn’t access the site, there’s no communication with the site, no data are downloaded from there.
Just your DNS server is asked to convert the particular domain to the corresponding IP address - but that IP address is not contacted.

This is not connected with the ordinary Web Shield scanning. The Home Network Security feature tries to find vulnerabilities on your local network (say a router with the ROM-0 vulnerability, a router with a weak default password - accessible from the Internet etc.). It also tries to detect other problems like compromised DNS (be it a router problem, hijacked hosts file or something else) - part of which is checking (= resolving) a number of popular domains and somehow evaluating the result; if HNS concludes that the DNS returns suspicious results, it will notify you about the problem. [Like it or not, but those are quite popular domains - but it’s certainly not a complete list of what’s checked.]
So this is not about the scanning of a particular network connection, this is about evaluating the general state of your DNS. Whether Web Shield would detect the malicious content after your DNS redirects you to a bad site… well, maybe/hopefully. This is just another, different protection layer.

system · January 4, 2015, 7:29pm

.

system · January 4, 2015, 7:36pm

So what you are saying is that Avast loads various “sites” (no comms, no data) to test the DNS IP address return ?
If so, why would it contain these type sites listed ? …how does Avast choose sites to test IP ?

Anyway…Wow, while I get the “intent” of this “layer” most definitely an activity I don’t want happening in the background on my PCs…this is why I run OpenDNS. IMHO seems to me Avast should work on extending items like ID-ing online exploits of your PC security holes (eg. Java, Adobe, etc.) and not trying to manage the network layer…to me WAY out of the scope of an A/V.

lukor · January 4, 2015, 9:28pm

thekochs post:14:

igor post:12:

Nope - your computer doesn’t access the site, there’s no communication with the site, no data are downloaded from there.
Just your DNS server is asked to convert the particular domain to the corresponding IP address - but that IP address is not contacted.

So what you are saying is that Avast loads various “sites” (no comms, no data) to test the DNS IP address return ?
If so, why would it contain these type sites listed ? …how does Avast choose sites to test IP ?

Anyway…Wow, while I get the “intent” of this “layer” most definitely an activity I don’t want happening in the background on my PCs…this is why I run OpenDNS. IMHO seems to me Avast should work on extending items like ID-ing online exploits of your PC security holes (eg. Java, Adobe, etc.) and not trying to manage the network layer…to me WAY out of the scope of an A/V.

Hi,
avast does not load the sites, it merely connects to the router and ask it a few questions. It does not connect to the IP, does not check if the IP is accessible or not, nothing. Compare it to for example the prefetch feature of the modern browsers - where site might get downloaded only because it is shown in the search result list.

The sites used by avast happen to be from the alexa.com top 1000 sites list.

Can you please elaborate why you have troubles with avast doing these DNS requests? I can see now that it may not look pretty when the logs are viewed by some other person (say a network admin in a corporate environment), but why you personaly have issues with this? Is it the bandwidth consumed by the DNS lookup (once a day) the concern? We would probably like to improve this and add more configuration options (such as a way to keep HNS enabled but disable this periodic scans - currently you can only disable HNS as a whole in Settings / Tools / HNS), but to do this we would like to know your reasons.

thanks. lukas

system · January 4, 2015, 10:14pm

Thx…but if Avast does not go “out” past the router then why does OpenDNS show the sites as OP outlined ?

Also, alexa.com is meant as an analytics tool.
On the surface this looks less like “security” and more about data collection, etc.
It is items like this that get people wondering if Avast collect and sell user data ?
At the very least Avast is using the access to generate a ton of analytics…seems awful heavy handed.
The Avast EULA http://files.avast.com/files/legal/eula-avast-free.pdf states the information collected…
The information collected by the Software is generally not correlated with any other personal information related to you that AVAST may be processing such as information given by you to AVAST or its distributors or agents during the process of ordering and downloading the Software. Unless you have permitted otherwise, the information collected by the Software is used anonymously in aggregation with similar information from other users of the Software for analytical purposes to identify new viruses and threats and for improvement and development of the Software and for statistical purposes.

stibi · January 4, 2015, 10:45pm

I don’t use DNS logs, but I also don’t understand the reason to “connect to the router and ask it a few questions” for a mass of IP addresses. The result will not be very surprising. The addresses will be well known. Or do you search for any kind of forgery?

RejZoR · January 5, 2015, 7:35am

So, if I understand it correctly, avast! connects to router and checks if the address it asked for is also returned by the router. If it’s not, this may be indication that something is redirecting your connections on your computer. Or have I failed understanding it? This is basically an internal connectivity check and doesn’t actually go beyond your home network.

igor0 · January 5, 2015, 8:32am

I don’t think Lukor meant to say that the DSN queries don’t go past the router… the router doesn’t have a table of all domains on the Internet, it propagates the queries further - to the DNS servers.

I think you got it wrong (vice versa, I would say)… alexa.com list if built on the results of analytics. To trigger the analytics, you would not only have to connect to the particular site (which doesn’t happen there), but also to download its web page and download the links from that web page (one of those being the analytical link).
Selling DNS results? They would be basically the same for almost all the users - no interesting data here

Yes, exactly. The expected results are well known - and that would be the case for most users. However, if you have a compromised router that redirects some domains to fake/phishing pages, you get something unexpected and you may report a problem (of course, assuming that it’s at least one of checked domains that gets redirected - that’s why the top alexa.com domains were chosen - being popular, they are also likely to be used for an attack).

Lukor may correct me if I’m wrong, but I believe Avast simply makes a number of DNS queries. Sure, they go via your router (all your traffic does), the router could be the potential cause of problems (if any are found), but I wouldn’t say it doesn’t go beyond your home network - the queries would be propagated to DNS servers (usually supplied by your ISP, or OpenDNS if you manually configured that).

lukor · January 5, 2015, 8:33am

We are doing this to detect so called DNS hijacking, where a malicious attacker might change the settings inside your PC (and point you to a infected DNS server), or with the help of router vulnerabilities (such as ROM0) or misconfiguration (such as default passwords) change the DNS settings on your router.

http://www.gohacking.com/dns-hijacking/
http://www.whogothacked.com/2014/02/hackers-exploiting-router.html
http://arstechnica.com/security/2014/12/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/