Why AVAST scans no HTTPS connections?

Hello,

I have a question: Why AVAST Web Shield scans no HTTPS connections?

Happy new Year
Christian

The https protocol ensures end to end encryption - which protects network traffic from being viewed by intermediaries. In most cases that’s considered a good thing, but you’re wanting your antivirus program to be able to monitor that traffic and the encryption blocks it too. From the perspective of a program or person trying to watch the data go by, it just looks like gibberish.

-Noel

Isn’t that the whole point of a secure encrypted connection, to keep prying eyes out.

Whilst avast could probably scan the encrypted streams, but to what purpose as encryption essentially changes all signatures etc.

So there would have to be some third party intervention whereby avast redirects the outbound request to https so that the incoming https would come through some sort of proxy where it can be decrypted (similar to the way the old mail shield used to handle SSL emails). But I’m sure this isn’t as easy as this very short comment on how it might be done.

One could imagine that in this day and age Microsoft or other browser makers might make an API available in the browser itself that could allow the scanning of web traffic there. Whether such a thing actually exists is beyond my knowledge of browser implementations. Thing is, if you could attach in, then malware could potentially attach in as well.

-Noel

There are ways to look at your https connection for security issues, some browser extensions do a great job. I have Recx Security Analyzer extension up and running in Google Chrome, when WOT and netcraft alert be aware something is not right. Also Comodp’s Site Inspector gives good scan results. See: urlquery dot com scans,

polonus

Hi,

but why AVAST does not check this directly, as for example ESET does?

Greetings
Christian

That would be a question for the product design team…

My “1 minute guess” (after thinking about it for a minute) would be performance issues.

For a start we (avast users) don’t know exactly what you mean by check/scan directly or for that matter what ESET does.

Scanning the https secure encrypted traffic directly (as I mentioned isn’t the issue) is unlikely to detect anything because its encrypted form differs completely from it unencrypted state.

If there is some other intervention to be able to scan the unencrypted form before it is displayed/run in the browser, then that may slow browsing depending on how that is done.

Hi DavidR,

Or it could be done using proxy: http://support.gfi.com/manuals/en/webmon2012/Content/ADMINISTRATOR/Topics/Configuration/ConfiguringHTTPSProxySettings.htm

pol