Advice Request Which web shield/web protection is better?

[Captain Holly]

I apologize if this is a noob type question. I am using Avast Free with the Avast Security extension on Windows 10 v 21H1. I have been testing Firefox and it works well but I get a message when adding extensions that says my browser is being managed by my organization. I have found that is because the Avast web shield protection and it wants to act as a MITM to intercept and monitor my web/internet traffic. Given that Firefox has a reputation as a safe browser I am just wondering just how good is the Firefox internet/browser protection compared to Avast or any other third party AV? Has anyone here tested it? I can do a registry hack for Firefox to stop the browser management message which I think will allow the Firefox built-in browser shield to work, but I am not sure I want to do that. Avast protection is very good too. When I run the AMTSO phishing test and EICAR virus tests I get warnings from Avast, not Firefox. I am just wondering if one might do better than the other or if anyone here at MT has any info or might have tested this?

Thanks,

C.H.

 

[eonline]

For me the native protection of Firefox or any other browser is useless, but this is a personal opinion based on my experience. Better the filtering by secure DNS.

 

[plat]

I do have respect for Avast's Web Protection, first of all.

Firefox recently implemented its proprietary form of site isolation called Fission. Link explaining what that is in more detail is embedded. It was the deciding factor for me to abandon Sandboxie for the more long-term future. Firefox only has three ext. now with Strict Internal tracking protection.

If you like browser tests and want to compare various browsers, here is one over at "the other forum" where i had an eye-opener testing Firefox. Right now, I use that and Edge interchangeably (banking excluded).

BrowserAudit - How secure is your browser?

With the new version, once you work with it for a couple of days it's not near as bad as you think Unfortunately NoScript for post-Quantum FF has not...

www.wilderssecurity.com

BrowserAudit

I mean, this is someone's personal experience so one can't really paste it into anyone else's and expect the same results. Everyone's use-scenario is different and I'm surely not expecting an iron-clad Firefox security-wise. Never, ever. Still, I've regained a bit of trust and confidence in Firefox lately. I hope Mozilla doesn't screw it up again.

 

[Captain Holly]

Thanks for the info. I will read up on the browser test site but will probably leave FF as is. Avast is likely just as good as the browser security in FF. Something like this probably happens in Chrome and Edge too, but either they don't tell you about it or I don't know where to find it.

Thanks.

C.H.

 

[oldschool]

Firefox uses Google Safe Browsing which is just OK and nowhere near as good as Avast's web shield. That being said, there are pros and cons to MITM web filtering for various reasons including e.g. privacy, etc.. Others could explain the technical details better than I. I myself don't care for such invasion but I also don't rely only on Safe Browsing. User awareness and knowledge is your first line of defense, and often the best.

My preferred built-in option is Smartscreen in Edge, which raises its own privacy concerns. And like @ESecurity said, secure DNS is another method. I see he uses BD Trafficlight extension in FF and Malwarebytes in Chrome. They are both very good. In the end it is a matter of personal preference, level of paranoia, etc.

Just remember: Stay safe, not paranoid!

 

[SeriousHoax]

You don't need the Avast Browser Security extension. You can disable or remove that. It only provides a user rating based reputation. It even slowed down page loading in my test. Avast's web shield works system-wide regardless of the browser.
The HTTPS scanning feature of Avast works differently compared to Bitdefender, ESET, Kaspersky, K7 and some others. Avast don't inject their own certificate into the browser like the mentioned one. It seems Avast use a browser API to scan everything that's loaded the by browser. I'm not 100% sure about the browser API thing but as far as I know there are three ways to scan the content loaded by a browser. One is via extension using the necessary browser API, one is by MITMing the HTTPS connection and the other is using browser API without requiring any extension. Avast does the last one.
The good things about this approach compared to MITMing are that it doesn't break the HTTPS connection, browsing speed seems to be faster.
But this approach has a bit higher disk write while browsing. At least compared to ESET which doesn't seem to write anything on the disk but Kaspersky does.
One exception that I found is Twitch. If you watch 5 GB streaming content on twitch then Avast also writes about 5 GB data on the disk. It can be avoided by adding "https://*.ttvnw.net/*" into exception.
Avast's web protection is much better than protection provided by the browsers.

 

[oldschool]

You don't need the Avast Browser Security extension. ... Avast's web shield works system-wide regardless of the browser.

Good point. I missed that he's using both.

The HTTPS scanning feature of Avast works differently compared to Bitdefender, ESET, Kaspersky, K7 and some others. Avast don't inject their own certificate into the browser like the mentioned one. It seems Avast use a browser API to scan everything that's loaded the by browser. I'm not 100% sure about the browser API thing but as far as I know there are three ways to scan the content loaded by a browser. One is via extension using the necessary browser API, one is by MITMing the HTTPS connection and the other is using browser API without requiring any extension. Avast does the last one.
The good things about this approach compared to MITMing are that it doesn't break the HTTPS connection, browsing speed seems to be faster.
But this approach has a bit higher disk write while browsing. At least compared to ESET which doesn't seem to write anything on the disk but Kaspersky does.
One exception that I found is Twitch. If you watch 5 GB streaming content on twitch then Avast also writes about 5 GB data on the disk. It can be avoided by adding "https://*.ttvnw.net/*" into exception.
Avast's web protection is much better than protection provided by the browsers.

Excellent explanation, my friend. Bookmarked.

 

[SpiderWeb]

BrowserAudit

This is interesting. But I hope people do not tweak their config before reconsidering. The default security settings in Chrome and Firefox are already hardened enough for the average user. They are secure browsers. The PROBLEM is people are running an inherently insecure OS. Windows cannot be secured. The kernel code is too old and there will always be new exploits. Switch to Chrome OS, Linux or macOS and get an alternative CPU that isn't vulnerable to side channel attacks. Until then you will always feel paranoid.

 

[Captain Holly]

Thanks very much guys for the help and info, this was exactly what I was looking for. I disabled the Avast extension in Edge, Chrome and FF and am now just using the browsers itself, Avast AV and Ublock Origin. Browsing does seem faster without the Avast extension. I had no idea it could cause that much of a slow down.

C.H.

 

[SpiderWeb]

That being said I use uBO which is sufficient in its current form (pre-Manifest v3) and Web of Trust for convenience. I have all site permissions off by default and only allow Javascript on select HTTPS TLDs (.com, .org, .net, .edu, etc.). My firewall is nextDNS which blocks anything from resolving in the first place.

 

[Sunshine-boy]

McAfee WebAdvisor is decent.

 

[Kongo]

NextDNS and you won't need any extension at all.

 

[oldschool]

McAfee WebAdvisor is decent.

Yes but isn't that one a privacy nightmare? It used to make you enable Yahoo Search. Don't know if it's changed.

 

[Anthony Qian]

Avast’s Web protection is great. AV-C’s real world protection test shows that Avast has a 99.9% protection rate against online threats, which is better than Kaspersky and ESET, based on this test. I’ve checked the past results of this test and find that Avast consistently performs well so I’m quite impressed!

BTW, the AMTSO phishing test and the EICAR virus tests you mentioned are both tests to see if your antivirus's web protection functions are turned on and working; neither can evaluate your AV’s capacity to defend against online threats.

 

[Templarware]

I use Avast, with its online security extension. Then I also have uBlock Origin, my router has AI Protection and runs NextDNS, which also helps.

 

[trandung]

You don't need the Avast Browser Security extension. You can disable or remove that. It only provides a user rating based reputation. It even slowed down page loading in my test. Avast's web shield works system-wide regardless of the browser.
The HTTPS scanning feature of Avast works differently compared to Bitdefender, ESET, Kaspersky, K7 and some others. Avast don't inject their own certificate into the browser like the mentioned one. It seems Avast use a browser API to scan everything that's loaded the by browser. I'm not 100% sure about the browser API thing but as far as I know there are three ways to scan the content loaded by a browser. One is via extension using the necessary browser API, one is by MITMing the HTTPS connection and the other is using browser API without requiring any extension. Avast does the last one.
The good things about this approach compared to MITMing are that it doesn't break the HTTPS connection, browsing speed seems to be faster.
But this approach has a bit higher disk write while browsing. At least compared to ESET which doesn't seem to write anything on the disk but Kaspersky does.
One exception that I found is Twitch. If you watch 5 GB streaming content on twitch then Avast also writes about 5 GB data on the disk. It can be avoided by adding "https://*.ttvnw.net/*" into exception.
Avast's web protection is much better than protection provided by the browsers.

Avast is using the SSLKeyLogFile to leak the secret keys Spying on HTTPS .IMHO, I think it's better if they use an extension to scan browser content (maybe Norton is using this method, I'm not sure).

 

[Nevi]

Before I have used Bitdefenders traffic light, and MBAMs browser guard. They worked fine. At the moment I rely on Webroots web shield which has kept distance to everything nasty.
I have heard Nortons safe web should be quiet good too.

 

[Moonhorse]

I just use microsoft defender + edge together...smartscreen does the job

As i use edge i only allow edge extensions , so im using emsisoft browser security. Aswell adguard windows, filters https traffic & blocks all exe downloads

 

[SeriousHoax]

Avast is using the SSLKeyLogFile to leak the secret keys Spying on HTTPS .IMHO, I think it's better if they use an extension to scan browser content (maybe Norton is using this method, I'm not sure).

Thanks, I was not aware of this. I tried to find what Avast uses in their security blogs, but it still mentions the network inspection method described in the article you shared but as you know they don't use that anymore.
Yeah, I'm also not much of a fan of any forms of HTTPS inspection done by some AVs. HTTPS scanning also slows down browsing speed. Yeah, Norton's extension is probably using adequate browser API to scan content. McAfee WebAdvisor probably does the same too. McAfee WebAdvisor is also able to block third party domains/connections loaded by the browsers something Bitdefender TrafficLight can't do, not sure about Norton Safe Web. BTW I meant McAfee's extension only, not what you'll find on their website which also install a service along with the extension.

 

[omidomi]

MBAM Extension