How does Avast Https scanning works?
- Thread starter Azazel
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 21, 2016
- 3,467
Yes, Avast utilizes a different mechanism for HTTPS scanning compared to traditional root certificate-based approaches. Instead of intercepting and decrypting the HTTPS traffic using a root certificate, Avast uses a technology called "TLS/SSL scanning" or "HTTPS scanning" to inspect the encrypted traffic without breaking the encryption.
Here's a technical overview of how Avast's HTTPS scanning works:
1. When you access a website using HTTPS, your browser initiates a secure connection with the web server. The server responds by sending its SSL/TLS certificate to your browser.
2. Avast intercepts this certificate and creates a new one on the fly, signed by Avast's own root certificate. This is known as a "man-in-the-middle" (MITM) technique.
3. Avast's root certificate is already installed on your computer as part of the Avast antivirus software. This allows Avast to generate a new certificate that appears valid to your browser.
4. Avast establishes a separate secure connection with the web server on your behalf, using the original certificate from the server.
5. Avast acts as a proxy between your browser and the web server. It decrypts the HTTPS traffic coming from the server using the original certificate, inspects the contents, and then re-encrypts it using Avast's own certificate.
6. The re-encrypted traffic is then sent back to your browser, which decrypts it using Avast's root certificate, making it appear as if the secure connection is established directly with the web server.
7. Avast scans the decrypted content for any potential threats, such as malware or phishing attempts. If a threat is detected, Avast can block the connection and notify you.
It's important to note that Avast's HTTPS scanning is designed to enhance your security by inspecting the encrypted traffic for potential threats. However, some users may have concerns about the privacy implications of this method, as it involves intercepting and decrypting the HTTPS traffic. Avast has implemented measures to protect user privacy, such as anonymizing the data and using secure connections for communication between the Avast software and its servers.
Overall, Avast's HTTPS scanning provides an additional layer of security by inspecting encrypted traffic without relying on root certificates.
Here's a technical overview of how Avast's HTTPS scanning works:
1. When you access a website using HTTPS, your browser initiates a secure connection with the web server. The server responds by sending its SSL/TLS certificate to your browser.
2. Avast intercepts this certificate and creates a new one on the fly, signed by Avast's own root certificate. This is known as a "man-in-the-middle" (MITM) technique.
3. Avast's root certificate is already installed on your computer as part of the Avast antivirus software. This allows Avast to generate a new certificate that appears valid to your browser.
4. Avast establishes a separate secure connection with the web server on your behalf, using the original certificate from the server.
5. Avast acts as a proxy between your browser and the web server. It decrypts the HTTPS traffic coming from the server using the original certificate, inspects the contents, and then re-encrypts it using Avast's own certificate.
6. The re-encrypted traffic is then sent back to your browser, which decrypts it using Avast's root certificate, making it appear as if the secure connection is established directly with the web server.
7. Avast scans the decrypted content for any potential threats, such as malware or phishing attempts. If a threat is detected, Avast can block the connection and notify you.
It's important to note that Avast's HTTPS scanning is designed to enhance your security by inspecting the encrypted traffic for potential threats. However, some users may have concerns about the privacy implications of this method, as it involves intercepting and decrypting the HTTPS traffic. Avast has implemented measures to protect user privacy, such as anonymizing the data and using secure connections for communication between the Avast software and its servers.
Overall, Avast's HTTPS scanning provides an additional layer of security by inspecting encrypted traffic without relying on root certificates.
Explaining Avast’s HTTPS scanning feature
Avast Web Shield scans HTTPS sites for malware and threats.
blog.avast.com
- Jun 15, 2023
- 227
It's not how it is used. This is the old method.Explaining Avast’s HTTPS scanning feature
Avast Web Shield scans HTTPS sites for malware and threats.
The new method has something to do with SSLKeyLogFile.
That's the only write-up I could find about it online. The only other place I'd think about looking is the help file created during Avast's installation, though I'm not confident it'll contain any technical details.
- Mar 16, 2019
- 3,637
Here's an explanation of this method. I don't know if you're looking for a more in-depth explanation, but I agree that Avast's approach is significantly faster in my experience also.
textslashplain.com
Actually, Chrome, Edge and Firefox are three browsers where Avast use this method. On Brave, (Probably Opera also) Avast use the typical root certificate method used by other products that you're aware of. I have actually compared the speed difference between this two method of Avast side by side on Chrome & Edge vs Brave and browsing speed of SSLKeyLogFile method was faster every single time on every page. I don't know if there is any downside of this method as I wonder if it's faster then how come other products haven't taken this approach yet? There must be some reason.
Spying on HTTPS
When I launched Chrome on Thursday, I saw something unexpected: While most users probably would have no idea what to make of this, I happened to know what it means– Chrome is warning me that …
textslashplain.com
