How secure is Avant now?

Discuss Avant Browser. Do not post support requests, bug reports, suggestions for new or improved features, etc. here. Put those in the Help, Bug Reports, and Requests forums, respectively.

Moderators: Support Staff², Support Staff, AvantGuard, Developer

Post Reply
Climhazard
Semi-Fan
Semi-Fan
Posts: 79
Joined: Wed Mar 06, 2013 8:46 pm
Windows Version: Windows 7 Lite x64
Avant Version: 2012 Build 197
Default engine: Gecko
IE Version: N/A
Skin: Aero Glass

How secure is Avant now?

Post by Climhazard » Tue Jul 23, 2013 6:10 pm

Found this article recently but didn't find anything posted about it here on the forums:

http://www.security-assessment.com/file ... visory.pdf
The vendor was contacted multiple times in March 2012. No response was given after the report was sent. Use
of this browser is not suggested.
These vulnerabilities were probably fixed i just couldn't find the changelog mentioning it from build 28 to 197, and few months ago on 2012 build 197 i had this security breach: http://forum.avantbrowser.com/viewtopic ... 15#p191315 (100% sure it was due to using Avant), so im interested in comment of someone more experienced in this area of security. MysteryFCM your opinion would be highly appreciated :)

It seems like avant browser:home isn't safe on 2012 builds. I assume its ok now on 2013 since browser:home has been redesigned.

mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Re: How secure is Avant now?

Post by mbrazil » Tue Jul 23, 2013 8:08 pm

Climhazard wrote:Found this article recently but didn't find anything posted about it here on the forums:

http://www.security-assessment.com/file ... visory.pdf
The vendor was contacted multiple times in March 2012. No response was given after the report was sent. Use
of this browser is not suggested.
The lack of response doesn't surprise me a bit. Avant has always suffered from inadequate attention to details and to things like responding to inquiries of all sorts. Even the Help and other information on the avantbrowser and avantforce websites are rarely current. That's what happens when you have inadequate personnel, poor business practices, and a lack of professionalism.
Climhazard wrote:These vulnerabilities were probably fixed i just couldn't find the changelog mentioning it from build 28 to 197, and few months ago on 2012 build 197 i had this security breach: http://forum.avantbrowser.com/viewtopic ... 15#p191315 (100% sure it was due to using Avant), so im interested in comment of someone more experienced in this area of security. MysteryFCM your opinion would be highly appreciated :)

It seems like avant browser:home isn't safe on 2012 builds. I assume its ok now on 2013 since browser:home has been redesigned.
I'll start out by saying I'm not a security expert, but since Javascript is implemented separately in each of the browser engines, and it is not mentioned anywhere in Avant Browser Options or anywhere on the Avant websites, except in the context of descriptions of the rendering engines, it seems almost certain that the security vulnerabilities mentioned in the article you referenced were eliminated when the rendering engines were updated in subsequent Avant versions.

Of course, if you use any build of Avant other than the very latest, you're using engine versions that are likely to have unresolved security vulnerabilities. That's one of the things that makes the current situation totally unacceptable. Every 100+ build of Avant 2013 is virtually unusable, and several engine updates have taken place since the release of build 23. The best we can do is to make absolutely sure we have an excellent and complete set of security software running on our computers and to continue using build 23 for the time being. If Avant recovers its historical excellence and feature set in a future build, we'll once again be using current versions of the rendering engines. If not, there's no point in using Avant anyway.

Post Reply