Avant Browser 10.1 beta 7

Contains all announcements of Avant Browser releases.

Moderators: Support Staff², Support Staff, Developer, AvantGuard

User avatar
Sergei
AvantGuard
AvantGuard
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Windows Version: Windows
Avant Version:
Location: Galway, Ireland
Contact:

Postby Sergei » Thu Jun 23, 2005 11:19 pm

Sorry; yes, I'm getting the same bug. Sometimes when I click "Picture Viewers/Editors" button it disapperars. Bizarrely, it usually works on images at the right of the page, not the left.

Also I can reduce a picture until it vanishes, but magnifying it doesn't bring it back again!

The image toolbar still hides tooltips, which can become quite irritating.

Also when the menu does turn up it contains an extra icon that doesn't do anything. It looks like an open hand, like the 'shared folder' icon.
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL

Defenestration
Semi-Fan
Semi-Fan
Posts: 57
Joined: Tue Jun 08, 2004 10:51 pm
Avant Version:

*** AB IS NOT A SECURE BROWSER !!!!! *******

Postby Defenestration » Fri Jun 24, 2005 12:23 am

*** AB IS NOT A SECURE BROWSER !!!!! *******

Not impressed Anderson! AB still requests Favicon over port 80, even though I have set up AB to use port 8080.

This is a security vulnerability because it can expose your real IP address when you think you are using a proxy!

What needs to be done to get this MAJOR BUG fixed ???????


Anderson, You asked for an explanation of how I found out that AB was leaking information and I gave you proof which could not be refuted!

If you don't plan on fixing this *SECURITY VULNERABILITY IN AB* then at least have the decency to reply here as to your reasoning, although there is no excuse for leavining vulnerabilities in apps unless you are somehow profiting from it!!!

I have given you reproducible steps, and I knoiw for a fact that it would take all of 5 (yes five) minutes to fix!

*** AB IS NOT A SECURE BROWSER !!!!! *******

I expect this post to be deleted due to the truthful nature of its content, but I will continue to publish it again, and again, and again......., until it is fixed!

Why won't you fix this Anderson ???????

User avatar
André
Administrator
Administrator
Posts: 5787
Joined: Sat Dec 14, 1901 3:19 am
Windows Version: Windows 7 x64
Avant Version:
Location: Baltimore and McHenry, Maryland, USA
Contact:

Re: *** AB IS NOT A SECURE BROWSER !!!!! *******

Postby André » Fri Jun 24, 2005 1:14 am

Defenestration wrote:I knoiw for a fact that it would take all of 5 (yes five) minutes to fix!
How would you know that it would take 5 minutes to fix? What if, to implement it properly, it took 3 hours to do. Have you looked at the source of Avant enough to decide if it is fixable in 5 minutes.

Also, if you are that afraid of someone getting your IP, why not ad somethings like "*favicon.ico" to an ad-block list.

--OR better yet--

Unplug your ethernet cable and uninstall TCP-IP from your computer.
Formerly known as DrDrrae.
Image
I am not a member of the development team.
Please search the forum before posting questions.

Avant Force Wiki || Avant Force Blog
Desktop:
Intel C2Q Q9550 @ 3.7GHz || 8GiBs DDR2 800 @ 435MHz || Asus P5E
112 GiB SSD || 931 GiB HDD || 2x ATI 5770 in CrossfireX || Picture

NetBook:
ASUS Eee PC 1000HE || 1.66 GHz Atom N280 || 2 GiB DDR2 667 || 320 GiB HDD

NAS:
Intel E5200 @ 2.632 GHz || 4 GiB DDR2 800 @ 421 MHz || Foxconn G31MXP-K
5.45 TiB RAID 6

Defenestration
Semi-Fan
Semi-Fan
Posts: 57
Joined: Tue Jun 08, 2004 10:51 pm
Avant Version:

Postby Defenestration » Fri Jun 24, 2005 3:41 am

I would know because I have looked at the assembly code of AB, after dis-assembling it (illegal though it may be!).

That's exactly the kind of response I expected from an AB fan/mod! I'm pointing out a serious flaw in AB, and you can only criticise me for doing so.

Granted _DrDrrae_ there are workarounds, but is it really acceptable for an Internet Web browser to have such a big flaw ?

By big, I mean that AB indicates it's sending all traffic through a proxy, but at the same time sending out requests over a port which the user has no control, and witrhout any indication that it's doing something underhand! (which it is!)

I'm sorry, but anyone who defends this kind of behaviour is either being payed by Anderson, or does not respect privacy!!!

I like AB, but at the same time would think twice about using a web browser whose author thinks it's more important to sort out issues like

"Maintain Width/Height ratio when zoom pictures. "

when a security vulnerability is pointed out to him.

I can only ask.....,

"Why are you afraid to fix this Anderson ?"

abfan123
Avantus Maximus
Avantus Maximus
Posts: 5624
Joined: Wed Jan 26, 2005 4:24 pm
Windows Version: Vista Ultimate x64 SP2
Avant Version: 11.7 build 43
IE Version: 8
Contact:

Postby abfan123 » Fri Jun 24, 2005 4:34 am

Well

Actually

Try to use some proxy server and go to http://whatismyip.com with any browser (Firefox/Mozilla/Opera/Internet Explorer/Avant Browser)

Even if I'm using the "anonymous proxy server" or even "highly anonymous" and programs like ProxyWay,whatismyip.com still show me 2 IPs
1 my real IP and another IP of the proxy server that I'm using

So...
Where's the vulnerability exists?
IE8(Pro), Microsoft Security Essentials
Main PC:
Image
Secondary PC same as primary but with Windows 7 x64 Ultimate as the OS.

gary100856
Fan
Fan
Posts: 148
Joined: Thu Dec 09, 2004 9:50 pm
Avant Version:

Postby gary100856 » Fri Jun 24, 2005 7:39 am

I see a minor flaw. When I move the mouse over an image I get that image menu bar showing up, which is fine. But if I move the mouse over an image and quickly right click the right click context menu comes up but then the image menu bar also shows up, sometimes under and sometimes over the context menu. Although the menu bar disappears shortly anyway if I don't use it, I think it would be better if the image menu bar didn't show up at all if the right click context menu is already up.
Last edited by gary100856 on Fri Jun 24, 2005 8:42 am, edited 1 time in total.
Avant 10.1 build 17
XP pro, IE 6
Kerio Firewall

ytsmabeer
Newbie
Newbie
Posts: 32
Joined: Tue Dec 14, 2004 9:40 am
Windows Version: Windows
Avant Version:
Location: Fryslân
Contact:

Postby ytsmabeer » Fri Jun 24, 2005 8:17 am

I just like to now when can we start translating the new parts, 'cause they seem not to be present in the eng.lng
Last edited by ytsmabeer on Fri Jun 24, 2005 2:35 pm, edited 1 time in total.
Frisian translator Avant,Maxthon,Opera,Google,Poptray,7zip,regseeker,paint.net

User avatar
robc
AvantGuard
AvantGuard
Posts: 988
Joined: Fri Dec 12, 2003 3:33 pm
Windows Version: Vista Ultimate SP1
Avant Version: 11.6 Build 20
IE Version: 7
Location: Italy

Re: *** AB IS NOT A SECURE BROWSER !!!!! *******

Postby robc » Fri Jun 24, 2005 10:04 am

Defenestration wrote:
This is a security vulnerability because it can expose your real IP address when you think you are using a proxy!

What needs to be done to get this MAJOR BUG fixed ???????


I'd say that relying on a proxy as a "security" measure is like putting an opaque bag on one's head and pretending there's nothing out there since you cannot see anything :shock: Even being behind a NAT server is insecure...

That's not to say that bypassing the proxy for favicons if a proxy has been specified is good, but that's definitely NEITHER a security issue NOR a major bug (I, for one, don't use a proxy and probably many other users don't), at most it can be an annoyance for you; if this issue has not been dealt with yet, there probably are other problems to tackle before. If you are so afraid, then block port 80 on your firewall so that no traffic can pass through it and let all http traffic through to your proxy on 8080.
Image formerly known as Image

batagy
Semi-Fan
Semi-Fan
Posts: 52
Joined: Tue May 06, 2003 11:52 pm
Windows Version: WinXP SP3
Avant Version: 11.7 build 43
IE Version: IE8.0
Location: Hungary
Contact:

Re: Avant Browser 10.1 beta 7

Postby batagy » Fri Jun 24, 2005 2:11 pm

Anderson wrote:Avant Browser 10.1 beta 7

I will release a new official version once the translations are finished.
Anderson


Really good, thanks, Anderson.

But at the moment we don't have the new language file, or the new strings, which need to be translated. Please send those out to the translators in email.

Regards:
batagy

Defenestration
Semi-Fan
Semi-Fan
Posts: 57
Joined: Tue Jun 08, 2004 10:51 pm
Avant Version:

Postby Defenestration » Fri Jun 24, 2005 2:42 pm

abfan123 wrote:Try to use some proxy server and go to http://whatismyip.com with any browser (Firefox/Mozilla/Opera/Internet Explorer/Avant Browser)

Even if I'm using the "anonymous proxy server" or even "highly anonymous" and programs like ProxyWay,whatismyip.com still show me 2 IPs
1 my real IP and another IP of the proxy server that I'm using

So...
Where's the vulnerability exists?

I can't speak about other anonymous proxy servers because I don't use them, but when I use Anonymizer as my Anonymous proxy and go to http://whatismyip.com or http://www.ipchicken.com (or any other website that shows your real IP address), only my anonymous proxy IP address is shown, and not my real IP address.

The vulnerability exists because my real IP address is exposed every time a Favicon is requested by AB.

robc wrote:I'd say that relying on a proxy as a "security" measure is like putting an opaque bag on one's head and pretending there's nothing out there since you cannot see anything Shocked Even being behind a NAT server is insecure...

Granted nothing is totally secure, but does that mean you should not use a firewall, AV etc. because they are not perfect ?! Not at all. It just means you should be aware of the limitations. As with all types of security it should be used as part of a layered defence.

An anonymous proxy service allows you to hide your real IP address from the sites you visit through it. You do expose your real IP address to the anonymous proxy servers, but IMO it's better to only expose your real IP address to a single entity than to multiple entities.

robc wrote:That's not to say that bypassing the proxy for favicons if a proxy has been specified is good, but that's definitely NEITHER a security issue NOR a major bug (I, for one, don't use a proxy and probably many other users don't), at most it can be an annoyance for you; if this issue has not been dealt with yet, there probably are other problems to tackle before.

I just don't see how you can say a compromise of your privacy, by your real IP address being exposed (unknowingly to most users unless they are aware of this problem), is not a security issue or a major issue. While you and many others don't use a proxy, there are also many people who probably do use a proxy.

An issue like this should go straight to the top of the ToDo list, and be given highest priority.

User avatar
hornakapopolis
AvantGuard
AvantGuard
Posts: 11151
Joined: Thu Jul 31, 2003 2:09 pm
Windows Version: Windows 7 Pro 64
Avant Version: 2015
Default engine: Chrome
IE Version: 11
Skin: Stickers
Location: Ohio, USA
Contact:

Postby hornakapopolis » Fri Jun 24, 2005 3:13 pm

While not joining the argument, and not to put words in robc's mouth, but I think the "no IP address equaling even teensy weensy security" issue is what he's referring to.

Knowing that someone's IP is AOL, Pipex, or British Communications isn't really a security issue, is it? Interchanging the terms security and privacy just seems to happen a lot to me.

User avatar
Sergei
AvantGuard
AvantGuard
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Windows Version: Windows
Avant Version:
Location: Galway, Ireland
Contact:

Postby Sergei » Fri Jun 24, 2005 4:45 pm

I agree that this needs to fixed, but by claiming that it must be some sort of plot you're not exactly winning people over by your arguments.

The problem is that not enough people care about this issue. Most people don't value anonymity on the web. Look below here - there's my website address. If you go there you can find my personal phone number. The vast majority of of people aren't concerned, so this flaw has no priority.

But it is a serious flaw. If people think they're anonymous then they should be, even if there aren't many of them. It ought to be fixed as soon as possible.
My Cartoons

:

IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL

User avatar
robc
AvantGuard
AvantGuard
Posts: 988
Joined: Fri Dec 12, 2003 3:33 pm
Windows Version: Vista Ultimate SP1
Avant Version: 11.6 Build 20
IE Version: 7
Location: Italy

Postby robc » Fri Jun 24, 2005 6:42 pm

You cannot be completely anonymous on the Net even if you're using some of the anonymizers out there: the plain simple fact is that somewhere the mapping of your real IP to the "anonymous" one is recorded and can be retrieved, some way or the other. Probably, the maximum "anonymity" one may get is to browse for a few minutes in an internet cafe in another town (better, in another country) while there's nobody in there, then jump on a train and leave for somewhere else :wink: :D :lol: And please, in such a case, don't ever browse to password-protected sites using your true-life account...

I'm afraid the best security nowadays lies in using a fully patched system (whatever the OS, each and every one of them has its own set of problems) behind a dedicated firewall (hardware or IPCop-like) and with "good" browsing habits; the best privacy, using the above system with cookies switched off except for those few cases in which you need them (e.g. online transactions, forums, etc.). Whatever your ISP, there are bound to be logs everywhere, stored for several years at least to comply with the law, so there actually are very few instances in which you may do something that others cannot "trace" if they really want to.
Image formerly known as Image

User avatar
Sergei
AvantGuard
AvantGuard
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Windows Version: Windows
Avant Version:
Location: Galway, Ireland
Contact:

Postby Sergei » Fri Jun 24, 2005 6:56 pm

Amen.
My Cartoons

:

IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL

User avatar
André
Administrator
Administrator
Posts: 5787
Joined: Sat Dec 14, 1901 3:19 am
Windows Version: Windows 7 x64
Avant Version:
Location: Baltimore and McHenry, Maryland, USA
Contact:

Postby André » Sat Jun 25, 2005 4:47 am

Word. In todays internet world, there is no escaping people trying to get your personal information, hacking your computer, etc.
Formerly known as DrDrrae.
Image
I am not a member of the development team.
Please search the forum before posting questions.

Avant Force Wiki || Avant Force Blog
Desktop:
Intel C2Q Q9550 @ 3.7GHz || 8GiBs DDR2 800 @ 435MHz || Asus P5E
112 GiB SSD || 931 GiB HDD || 2x ATI 5770 in CrossfireX || Picture

NetBook:
ASUS Eee PC 1000HE || 1.66 GHz Atom N280 || 2 GiB DDR2 667 || 320 GiB HDD

NAS:
Intel E5200 @ 2.632 GHz || 4 GiB DDR2 800 @ 421 MHz || Foxconn G31MXP-K
5.45 TiB RAID 6

User avatar
Sara
AvantGuard
AvantGuard
Posts: 6246
Joined: Thu Dec 12, 2002 11:16 pm
Windows Version: Windows 7
Avant Version: 2015 Build 8 Lite
Default engine: N/A
IE Version: IE 10(64 bit)
Skin: Crystal
Location: Butler, PA

Postby Sara » Sat Jun 25, 2005 7:13 pm

What that means is, don't do anything on the net that you don't want someone else to know about. Just as in real life, we have to live our lives as tho someone is looking over our shoulder--the metaphor can be religious or not, as you like. Obviously there are a lot of people who have fooled themselves into thinking that they are truly untouchable on the net--that they can say and do all kinds of things in the virtual world that they would sneak around about in the real world. What happens when the two worlds meet can be disastrous, whether it's a terrorist plan or a pedophile.

While I'm very careful about personal info like credit card #'s I do rely on secure servers when I shop on line and password protect the data on my computer. Beyond that kind of thing I don't do anything on-line that would do damage to anyone in either the virtual or the real world. I might embarrass myself occasionally, but, hopefully, I've never knowingly harmed anyone else. IMHO folks who are out to do harm forfeit their rights to privacy. When people start talking about plots, I immediately wonder what they are trying to hide...............

Just my 2 cents worth....

Sara :D

tmpusr
Newbie
Newbie
Posts: 1
Joined: Tue Apr 11, 2006 1:33 am
Windows Version: Windows
Avant Version:

Re: Avant Browser 10.1 beta 7

Postby tmpusr » Tue Apr 11, 2006 1:39 am

Yes I would have to agree that this bug, while minor in many respects, is a deal breaker for anyone who surfs anonymously, including me. I used Avant Browser for a while and liked it very much but not having the ability to use it with the proxy made me switch to Firefox.
I actually just registered to find out about this and saw this thread so I figured I may as well include myself in the ones that see this as a deal breaker. Great browser otherwise though!

IMHO folks who are out to do harm forfeit their rights to privacy. When people start talking about plots, I immediately wonder what they are trying to hide...............


Maybe so, but that would also mean that people doing no harm also lose their privacy, and why shouldn't law abiding people have privacy?
Thanks,
Paul

abfan123
Avantus Maximus
Avantus Maximus
Posts: 5624
Joined: Wed Jan 26, 2005 4:24 pm
Windows Version: Vista Ultimate x64 SP2
Avant Version: 11.7 build 43
IE Version: 8
Contact:

Re: Avant Browser 10.1 beta 7

Postby abfan123 » Tue Apr 11, 2006 4:36 am

tmpusr wrote:Yes I would have to agree that this bug, while minor in many respects, is a deal breaker for anyone who surfs anonymously, including me. I used Avant Browser for a while and liked it very much but not having the ability to use it with the proxy made me switch to Firefox.
I actually just registered to find out about this and saw this thread so I figured I may as well include myself in the ones that see this as a deal breaker. Great browser otherwise though!

IMHO folks who are out to do harm forfeit their rights to privacy. When people start talking about plots, I immediately wonder what they are trying to hide...............


Maybe so, but that would also mean that people doing no harm also lose their privacy, and why shouldn't law abiding people have privacy?
Thanks,
Paul


As you may see from the changelog of the next beta build , This bug has been corrected quite long ago.
So what's the point to discuss it now?
IE8(Pro), Microsoft Security Essentials
Main PC:
Image
Secondary PC same as primary but with Windows 7 x64 Ultimate as the OS.


Return to “Browser Release Announcements”

Who is online

Users browsing this forum: No registered users