Avast Secure Browser (gHacks Review)

Status
Not open for further replies.

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Avast Secure Browser review

Avast Secure Browser is a free Chromium-based web browser by security company Avast that is advertised as private, fast, and secure on the official download site.

The web browser is the official successor of Avast SafeZone Browser which Avast discontinued some time ago to focus development on the new browser.

We will take a close look at the web browser in our review; you will learn about installation and use, functionality that it provides, and whether the fast, secure and private promise is kept.

Avast Secure Browser
avast-secure-browser.png


Avast Secure Browser is available as a standalone download for Microsoft Windows and also as part of Avast's security products. You find the download link in the summary box below the review.

SafeZone installations will be updated automatically to the new browser.

Installation
avast-secure-browser-setup.png

The standalone download is offered as a web installer which means that most program components are downloaded during installation. A click on options on the first installation screen displays several setup preferences:

  • Place a shortcut on the desktop (yes), taskbar (yes), and in the start menu (no).
  • Launch the browser when the installation finishes (yes).
  • Set the default program language.
  • Import bookmarks and settings from my current default browser (no).
  • Import cookies from my current default browser (no).
  • Make Avast Secure Browser my new default browser (no).
You need to check the import options if you want to import bookmarks, settings or cookies from the default system browser. Note that the import function supports imports from the default system browser, and that the import will fail if the default browser is not supported by Avast (example: if Pale Moon is your default browser, imports will fail as it is not supported).

Note that the browser supports the importing of bookmarks and settings from other browsers after installation.

Just load secure://settings/importData at any time to configure the operation. Supported browsers are Microsoft Edge, Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. You may import from a bookmarks HTML file as well.

Note: Avast collects and sends usage statistics and crash reports to company servers automatically. Users are not prompted about this during installation. You may disable the collecting and sending on secure://settings/ under privacy and security.

Using the browser
avast-secure-browser-extensions.png


Avast Secure Browser is based on Chromium, the open source part of Google Chrome, Vivaldi, Opera and other Chromium-based browsers.

If you used Google Chrome in the past, you will feel at home right away as the interface resembles that of the browser.

You will notice some differences though as well as Avast's browser comes with several built-in browser extensions.

Three extension icons are visible in the browser's toolbar that provide video downloading and ad-blocking functionality and a link to the new Security & Privacy Center.
A quick check on secure://extensions/ (yes, Avast uses secure:// for internal pages and not chrome// or about://), lists a total of seven extensions of which five are enabled. The installed extensions are:

  • Adblock -- an ad-blocker powered by uBlock Origin. Supports third-party filter lists, custom rules, and whitelists.
  • Avast Passwords (disabled) -- integrates with the passwords component of Avast security products. You need to install compatible software on the device to use it.
  • Avast SecureLine VPN -- integrates Avast's SecureLine virtual private network in the browser. Enabled by default but requires that Avast SecureLine VPN software is installed on the Windows machine.
  • Bank Mode (disabled) -- switch to a virtual desktop to communicate with important sites such as online banking sites. Bank Mode is only available if Avast Antivirus or other Avast security programs that support it are installed on the PC.
  • HTTPS Encryption -- enforces the use of HTTPS on supported websites.
  • Privacy -- an anti-tracking extension that blocks companies and sites from tracking you online.
  • Video Downloader -- download videos to your PC.
Avast Secure Browser users may disable or enable extensions but it is not possible to uninstall any of them.

Security & Privacy Center
avast-security-privacy-center.png


Security & Privacy Center is another feature of the browser that is a unique feature. It is a control interface to enable or disable built-in features, and is used by Avast to list company products that complement the browser.
You control the ad-blocking, privacy, HTTPS encryption, and password manager extensions from the Security & Privacy Center, and new tools that are not listed as extensions.

These are:

  • Anti-Fingerprinting (disabled) to block or limit fingerprinting for tracking purposes.
  • Anti-Phishing (enabled) to protect against phishing attempts.
  • Extension Guard (enabled) to block the installation of untrusted browser extensions.
  • Flash Blocker (enabled) to block all Flash content.
You may launch a new private browsing window (called Stealth Mode) and a Privacy Cleaner (clean browsing data) from the Security & Privacy Center as well.

Avast's browser lists the installation status of Avast Antivirus, Bank Mode and Avast SecureLine VPN at the top of the page. Download links are provided when products are not installed; the links redirect to the Avast website.

Avast Secure Browser Benchmarks
How fast is Avast's Secure Browser? My initial assumption was that the browser's performance should be more or less identical to that of Google Chrome and other Chromium-based browsers.

I ran tests using stable versions of Firefox, Chrome, Edge, Vivaldi, Opera and Avast Safe Browser. Benchmarks are linked; feel free to give this a try on your end and report the results in the comments below (Basemark and HTML5 Test: higher is better, Ares: lower is faster).

1S8lMhk.png



The benchmark results show that this is indeed the case. The small score differences between Avast Secure Browser and Google Chrome are not significant; expect the same performance in Avast's browser and Google's browser.

To sum it up: The performance of the web browser is excellent. It is as fast as Google Chrome in benchmarks and that carries over to real-world usage as well. While you won't see a five times performance boost when you compared it to Mozilla Firefox, it is an area that the browser does really well in.

What about privacy?

One of Avast's main promises is that Secure Browser protects user privacy better than other browsers. I decided to run tests using the default configuration and with all privacy features enabled.

Panopticlick by EFF stated that Avast Secure Browser offered "strong protection against Web Tracking" and that the browser did not have a unique fingerprint (in both configurations).

Other privacy tests highlighted that the browser's protection was not perfect but still better in many cases when fully enabled. The test on Maxa Tools, for example, listed the number of installed plugins, the device's IP address and the location based on the IP, as well as other information. A rerun of the test with fingerprinting protection enabled did not improve the results.

You may see some improvement depending on which test you run and whether you connect to Avast SecureLine VPN, but the same can be achieved with any other VPN as well.

To sum it up: Avast Secure Browser comes with built-in functionality to protect user privacy. While that is good overall, it does not offer 100% protection against all forms of invasive data collecting or fingerprinting.

Closing Words and verdict
avast-browser.png


Avast Secure Browser is a brand new browser that is based on Chromium. The browser is fast and comes with privacy enhancing extensions and settings that do improve privacy up to a point.

The fact that usage statistic and crash reports sending is enabled by default damages that somewhat; I'd expect a prompt from a privacy-focused browser during setup that asks me whether I want to enable the send-home functionality or not.

Another negative is that you can't uninstall extensions that the browser comes with. Disabling may work for most users but if you like a clean browser, you may not like the sticky nature of all default extensions.

Avast is off to a good start with the new browser. It offers better functionality than the company's SafeZone Browser and does well in benchmarks and other tests. The company needs to publish regular updates to not fall behind the Chromium release cycle and leave security issues unpatched for too long after patches become available.

It is too early to tell whether Avast is up for that. I'll revisit the browser in a couple of months and keep an eye on it in the meantime to find out more about that.

Source: Avast Secure Browser review - gHacks Tech News
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Comodo Dragon also responded quickly to updating chrome in the early days. However, it is like being left unattended now. I think that there are users who are introduced with expectation of safety measures by distributing it from companies dealing with security products, so I pray that protection of feet will not be delayed.
I would like to use it if there is a portable version.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Comodo Dragon also responded quickly to updating chrome in the early days. However, it is like being left unattended now. I think that there are users who are introduced with expectation of safety measures by distributing it from companies dealing with security products, so I pray that protection of feet will not be delayed.
I would like to use it if there is a portable version.
Untitled.png


I rarely agree with Tavis Ormandy but in this area I do. Especially from companies that routinely cripple HTTPS security with their ridiculous MITM web filters.
 
Last edited:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Avast tries (or tried) to install Chrome when their free antivirus installed. When only 5% of Avast user kept Chrome because of Avast endorsement then Avast brought them 25 million users (assuming Avast has indeed over 500 million users). Average Google chrome user clicks at least 3 to 7 sponsored links per week. Conservatively speaking those 5 clicks (average) per Chrome user are worth about 1 to 2 dollar advertising income for Google per week. So Avast contributes to Google's turrnover for around 25 million dollars per week, or over a billion dollars per year. This sum pretty much explains why Google and Facebook love to know our web habits and preferences: webvertising is big business.

When a referral partner added 1 billion a year to my turnover I would have posted a friendlier and less ego driven tweet than your highnes Tavis Allmighty did ;) or contrary mr Tavis got told to burn Avast initiative down by his superiors, because Avast is proposing its own browser from now on (and Google executives are not happy with the loss of a referral partner) :cool: what do you think: professional ego or profit triggered the tweet?
 
Last edited:
D

Deleted member 65228

I'm surprised no one has mentioned one of the main benefits to the Avast secure browser yet? Avast isolates access to the browser from other running software on the host. Theoretically, this makes the secure browser protected against your traditional banking malware as well.

The Avast secure browser can be beneficial for tasks like online banking. The same can be said about Kaspersky's browser, and I assume also COMODO's. I know that Kaspersky rely on virtualization for theirs and I assume COMODO do as well given that COMODO have a hyper-visor based sandbox. You will know if Avast rely on virtualization was well if it won't work without a CPU which supports Intel VT-x or AMD SVM (and if its not enabled via the BIOS). Kaspersky's own documentation even states that this must be present on their help pages.

I think the main benefit of all these browsers is for sensitive tasks like banking only as opposed to general usage... Because they tend to rely on virtualization so it only makes sense that the initial idea was for banking usage.

It is true that custom Chromium browsers can come with their own set of vulnerabilities, and everything in the software-world can be exploited. That's the hard truth. You may see people saying that company X suck because of vulnerabilities X, X and X but it's only a matter of time. No matter how hard you try, something will be vulnerable... And patches can introduce other vulnerabilities. That's how it works and it has always worked this way and always will.

Myself? I'd use the normal browser like Microsoft Edge, Google Chrome or Firefox. Why? I'd rather use the browser from the official vendor even if the modified one is coming from a reputable security vendor. I think a better approach would be browser isolation without a custom one being used, but that's my opinion.

HitmanPro.Alert can detect modifications to the browser in-memory for example, no custom browser required. This is beneficial against banking malware which is attempting to install a form-grabber/WebInject into the browser via memory patching on the host environment.
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Hello @Opcode:notworthy:
1-should I use chrome inside the Sandboxie or Avast/Comodo sandbox?is there any advantage?
2-is it true that if I sandbox the chrome I will lose the chrome security features(like the sandbox)?
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
I'm surprised no one has mentioned one of the main benefits to the Avast secure browser yet? Avast isolates access to the browser from other running software on the host.
Bank Mode is only available if Avast Antivirus or other Avast security programs that support it are installed on the PC.
I'd imagine this why it hasn't been mentioned.
 
D

Deleted member 65228

1-should I use chrome inside the Sandboxie or Avast/Comodo sandbox?is there any advantage?
Theoretically, COMODO would be stronger than Sandboxie AFAIK. Sandboxie might've updated since I last checked but last time I did check they were relying mostly on kernel-mode callbacks and user-mode patching instead of virtualization.

You can use Google Chrome in a sandbox if you'd like to. Google Chrome does have policies enabled for its own sandbox containing but this isn't alike using a normal sandbox to isolate the browser. I guess sandboxing your browser can be beneficial in some ways such as in the event of a web-based exploit targeting the browser.

is it true that if I sandbox the chrome I will lose the chrome security features(like the sandbox)?
I cannot say for certain because I guess it's a case-by-basis situation.

For example, if a sandbox relies on virtualization to isolate Google Chrome and resides its isolation work mainly in kernel-mode instead of injecting code into the browser process as well, and the APIs for enabling policy XXXX which Google Chrome will try to use are accessible, and the sandbox doesn't intervene with such, then it would work fine AFAIK.

Sandboxie for example, they'll inject code into the Google Chrome process when you sandbox it. This could break security which was implemented internally... And if a sandbox cannot inject code if it relies on UM patching as well, it could break security trying to force it (for example).

Depends on the sandbox being used and how the sandbox works, and the version of the browser being isolated, where the browser came from (which vendor), etc. Everyone may use similar techniques for this and that or most of the time but it doesn't mean it was all implemented the same and the slightest difference can cause different end-result effects.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I asked (17th May) over at Avast forum how/when they update security patches in Chrome (because Avast's lags in version compared to Chrome): answer (June 14th) : silence , nada niente, nothing, niets Version of Avast Safe Browser behind official Chrome
Quite ironic, isn't it?

Avast just reinvents the wheel. Google is already doing an excellent job on the Chromium browser. I don't see any valid point in what Avast is doing with respect to browser development unless its browser would become like Kaspersky's browser, which has hardware virtualization.

Instead of this, Avast could have just offered some advice to its customers about browser hardening, without this kind of browser.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Right. I don't believe in these private browsers. The loss is greater than the gain.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Is there anyway to harden your privacy by preventing Avast from collecting your data when using their browser.....I mean setting flags/preferences and disabling data send to Avast?
 
  • Like
Reactions: RoboMan

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Is there anyway to harden your privacy by preventing Avast from collecting your data when using their browser.....I mean setting flags/preferences and disabling data send to Avast?
I would like to know about this too... I've been testing this browser and it's really great, has some amazing privacy features and is real fast at browsing and opening. I have MBAE to protect against possible exploits due to it's Chrome version update lag... Could be a potential daily browser if we can delete telemetry :)
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
I would like to know about this too... I've been testing this browser and it's really great, has some amazing privacy features and is real fast at browsing and opening. I have MBAE to protect against possible exploits due to it's Chrome version update lag... Could be a potential daily browser if we can delete telemetry :)
If you cannot acces its flag/preference settings I think it's diificult
 
  • Like
Reactions: CyberTech
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top