SafeZone

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Avast SafeZone
SafeZone.png
SafeZone on Windows 8
SafeZone on Windows 8
Developer(s) Avast Software s.r.o.
Stable release
3.55.2393.561
Development status Active
Written in Mainly C++, among others[1]
Operating system Windows
Engines Blink, V8
Size 493 MB
Type Web browser
License Freeware
Website www.avast.com/f-safezone

Avast SafeZone, also known as Avastium, is a web browser developed by Avast Software that focuses on Internet security. It is based on Chromium, but was subsequently found to contain a serious security flaw not present in Chromium itself.[2][3] Initially it was bundled exclusively with the paid versions of Avast Antivirus. Then, in March 2016, Avast bundled it with the free versions of its antivirus software. It has never been available as a standalone product, however. Its design has been considered as reminiscent of the browser Opera.[4]

Features[edit]

Besides the features inherent to Chromium, SafeZone includes the following built-in extensions:[5]

  • Ad Blocker: Content filter that comes only with EasyList enabled by default. It is also subscribed by default to the Adblock Plus Acceptable Ads Program whitelist.
  • Bank Mode: A browsing mode that allegedly protects the user “against a potentially hijacked host or network, and also prevents keyloggers and network-based eavesdropping from capturing any” data. Bank Mode automatically activates when it detects that the user has reached a banking website or a payment page, although it can be manually invoked. It runs from an alternate desktop that is purportedly isolated from other processes, bar from those called within Bank Mode through its taskbar.
  • Passwords: Password manager and form auto-filler that also suggests allegedly secure passwords on sign up forms. It allows the user to sync passwords through browsers, desktop and mobile, via the Avast Passwords add-ons and apps with the user’s Avast Account.[6]
  • SafePrice: An add-on that detects whether the user is viewing a product’s page at an online store and searches for better prices for that product on a list of purportedly trusted websites.
  • Video Downloader: A plug-in that offers to download videos being watched by the user on selected websites. Allows the user to choose video quality and, in some cases, to download the soundtrack of the video as an audio file.

SafeZone also blocks the user from accessing known malicious webpages and from installing known malicious extensions.[7]

Controversies[edit]

In December 2015, Google Project Zero researcher and antivirus critic, Tavis Ormandy, unveiled a critical security issue within SafeZone, which was not originally present within Chromium, but which could easily grant a hacker access to any file stored on the user’s hard drive, and potentially arbitrary code execution. The exploit involved the execution of a malicious JavaScript code in any browser that would evoke SafeZone’s Bank Mode add-on, which could access any URI scheme, such as file:///. The flaw was reported to have been fixed by Avast in February 2016.[2][8][3]

See also[edit]

References[edit]

  1. ^ "Chromium (Google Chrome)". Ohloh.net. Retrieved 8 February 2012. 
  2. ^ a b Lucian Constantin (5 February 2016). "Serious flaw discovered in Avast's security-focused SafeZone browser". PCWorld. Retrieved 20 February 2017. 
  3. ^ a b Muncaster, Phil (2016-02-08). "Avast Patches Critical SafeZone Flaw". Infosecurity Magazine. Retrieved 2017-09-02. 
  4. ^ Venkat Eswarlu (24 March 2016). "Avast makes SafeZone browser available to free version users as well". Techdows. Retrieved 20 February 2017. 
  5. ^ Steve-Avast (27 February 2016). "SafeZone browser - Frequently Asked Questions". Avast forum. Retrieved 20 February 2017. 
  6. ^ Avast Passwords: FAQ
  7. ^ Avast SafeZone
  8. ^ taviso (18 December 2015). "Avast: A web-accessible RPC endpoint can launch "SafeZone" (also called Avastium), a Chromium fork with critical security checks removed". Project Zero. Retrieved 20 February 2017. 

External links[edit]