Web Shield Default Port Question

Avast Free Antivirus / Premium Security
1

Hi

I’m fairly new to Avast (so far by the way I think it’s great) so I’m still finding my way around it but I notice that the only default port in web shield is 80 and given that 443 is so widely used I was just wondering (before I add it) if there might be a good reason for it’s omission … ie. is it likely to cause problems somehow?
Sorry if this is a dumb question.

Cheers

JT.

2

443 is used only for connections to a proxy server. Do you use a proxy server? If so, on which machine (your local machine or a remote machine?)

3

I’m not very techy so bear with me please but as far as I am aware, I do not use a proxy server. However, I often see in my firewall logs entries for my browser to https (443). These are frequently associated with things financial (secure server) or another good example would be installing Firefox Extensions.

JT.

4

Oops, sorry, 443, you’re right, that’s HTTPS.

The WebShield module cannot filter HTTPS traffic - simply because HTTPS was designed to prevent similar mechanisms (called man-in-the-middle, i.e. someone “listening” en route)

Thanks
Vlk

5

Thanks Vlk

just to make sure I understand correctly, if you include port 443 in Web Shield, it acts as a proxy in that, for example it ‘goes and gets’ the information but just doesn’t filter it. Is that right?

JT.

6

Adding port 443 to the list of WebShield’s ports won’t work. Simply because the communication on port 443 is not based on the HTTP protocol (but HTTPS, which has a similar name but is a very different protocol).

HTH
Vlk

7

Thanks for trying to explain this to me Vlk but something just doesn’t add up!
If I set my firewall to log everything, then restrict Firefox to port 80, then add port 443 to Web Shield, I am able to go to the Firefox Extensions pages perfectly ok. If I then look in my Firewall logs, the entries list Web Shield going to remote port 443.
I am confused!

JT.

8

This is because WebShield contains some advanced hacks to detect HTTPS communication and switches itself to “passthru” mode (i.e. passive relay). It was implemented just to prevent problems when users try to tweak the settings and accidentally sort of over-tweak it… :slight_smile:

In any case, adding 443 to the list of monitored ports will NOT add any extra security (and HTTPS traffic will not be scanned for viruses, as can be verified e.g. on the EICAR virus-test file page http://www.eicar.org/anti_virus_test_file.htm )

Hope this explains it,
Vlk

9

Thanks for your time and explanation Vlk … much appreciated.

JT.

10

Vlk, what is the performance/reliability of the RejZor’s tweaks into WebShield? Do they work and increase security?