WebRep, IE8 & GMail

I have 7 Pro 64Bit & use IE8. I’ve updated avast! Free to v6.0.1044 & have WebRep running.
Problem I am having is this:
Whenever I go to GMail, I get the attached Security Warning. I’ve done a few short tests & this is what I’ve found:

  1. When WebRep is ON, GMail is the only HTTPS website I’ve found where this message comes up
  2. If WebRep is turned OFF, no message comes up when going to GMail

I like WebRep & would like to keep it ON, so does anyone know how to keep this message from coming up on GMail? I’ve tried to contact Google about this, but finding a way to get to them is frustrating & the only contact I COULD find has not responded back so I have no idea if anyone has even read it.

I’ve been going back & forth w/avast! tech support & last email from them was:
“You can also use different web browser.”

I cannot install a new browser & I don’t see how that would help since this warning is happening ONLY w/the GMail site. Anyone have other suggestions?

Either

:slight_smile:

Want my email secured, so I’ll live w/it; not a big deal.
At home, I do have a wireles router (Westell Ultraline Series3) that my comfuser is attached to by a CAT5. How do I check the security of my wireless router?

Well, any reason why have not you tried the new version? (BTW, the login will still be secured via SSL even if you do not use HTTPS for Gmail.)

P.S. A new thread in General section of this forum for your router topic. Thanks.

I thought v6.0.1044 was the latest version?
So I’ll still be secure even by turning HTTPS off just for GMail?

About the router question; not a problem, I’ll ask there. Thanks for the info.

Missed that, sorry.

The login? Yes, absolutely.

http://mail.google.com/support/bin/answer.py?answer=8155

HTTPS access is available via https://mail.google.com, and our system offers an SSL-encrypted login[b] by default[/b]. Your Gmail password is [b]always encrypted when sent over the Internet[/b].

don’t turn off HTTPS on Gmail … whatever your problem is.

( and yes… I know that the setting concerns just the session, and that the login is always encrypted anyway, it’s always been the case)

edit : actually your popup is just an IE warning, you can turn that off.

WebRep talks to the server via a HTTP connection. Doing so from a HTTPS website results in the warning dialog. You can get rid of the dialog if you go to Internet Options and allow mixed content.

Why not turn HTTPS off on GMail if it has underlying encryption?

If I Allow Mixed Content, can/will that be a problem w/anytype of security? Say a worm/virus on the webpage.

Don’t understand what yo mean here. The addon cannot alter the URLs the users wants to visit.

True. On the other hand if such threat used a https connection then you would be out of luck all the same. Now you know how to get rid of that dialog, but in the end of the day you need to make the decision.

Would it be a big problem if it used HTTPS? :slight_smile:

It might one day as well do, but this feature is not a priority right now. We have it in our wish list for future versions however.

OK, thanks. Complete agreed on the priority point. :wink:

it doesn’t have underlying encryption. If you turn https off from Gmail settings, your entire Gmail session will be unencrypted. What remains encrypted if you turn https off is the login process, and just that.

Logos, what do you mean “actually your popup is just an IE warning, you can turn that off.”? Turn off my pop-up blocker?

The message that the OP gets is one of the biggest little PITA’s for IE 8. It’s not really a warning. The wording is strange in this regard. Sometimes web-developers will use mixed security on a page, where part of a page is secure and part of a page is not. Competing browsers just display the content appropriately. But IE’s little https: mixed warning message is more of an annoyance than a help.

To fix this without compromising security of your computer, you should keep your G-Mail https at secure. However, tell IE 8 in it’s settings to display mixed security content without the warning message. Here’s how to do that: Open IE 8 and follow the steps below:

Turn off https prompt in IE 8 (If you would like to disable this security warning forever:)

  1. Go to Tools → Internet Options
  2. Select the Security tab. (Make sure the “Internet” zone is selected)
  3. Click the “Custom Level” button. Scroll-down the list of options
  4. Set the “Display mixed content” setting from “Prompt” to “Enable.”
  5. Apply the changes. It’s done!

Taken from:

http://www.labnol.org/software/ie-security-warning-for-https-websites/13388/

Jack

PS. You might need to close IE and all Windows, than restart IE, before the setting will take effect.

Jack,
By changing “Display mixed content” from Prompt to Enable will just stop the warning message & NOT have any bearing on my security protection?

Correct,

All that will do is stop the message prompt that says, “Do you want to view only the content on this page that was delivered securely?” It will not compromise your computer’s security. By changing that setting, you won’t see that annoying message anymore. If there was a simple way to have IE 8 say, “Don’t Show This Warning Again,” when the prompt first pops up, you could check that, and have IE 8 remember the setting. IE 8 has no “Don’t Show This Message again” for that prompt. This is something that I hope IE 9 has or gets in an update, because it needs it.

The only way to stop the message from appearing for good, is to do the steps above. You might want to print and save those instructions, if you need to apply them to another computer.

Jack

PS. I used to get the message in G-Mail all the time, and before I knew how to disable the “Mixed Content” message, I had to turn off the https thing in G-Mail to get it to stop. But you don’t want to do that, leave your secure htts: in G-Mail turned on, and do the steps in my post above. That should take care of it. Before I disabled this setting, I was also getting that message sometimes on Google Docs, especially when they changed the layout, AND on Windows Live Sky Drive when MS changed the site! When that show mixed content prompt is on, and web-developers change their sites, that message may come back. You put the Display Mixed Content on “Enable.” and the message goes away.

You could leave the prompt on as the default and wait for a Web Rep update through a new Avast version. But this might also be a Google issue as well. I recommend to people to just set IE to always show the mixed content as outlined above if they get that message too much, especially on multiple sites, and the problem goes away after those steps are applied.