Until recently, I didn't even know that the Avast router scares its users with "scary" warnings about their routers. As it turned out, Avast antivirus checks Wi-Fi routers. It gives results that the router is not configured correctly, the device is vulnerable to attacks, or in general that the router is infected and infected, and the attackers have already intercepted DNS addresses and successfully redirected you to malicious sites, steal credit card data, and in general everything is very bad. All these warnings, of course, are flavored with dangerous red and confusing instructions that even a good specialist can’t figure out without beer. I'm not even talking about ordinary users. This is how the problems found on the D-Link DIR-615 router look like:
The device is vulnerable to attacks:
Of the solution options, of course, updating the firmware of the router. For what else 🙂 Avast may also display a message that your router is protected by a weak password, or the router is not protected from hacking.
In some cases, you can see a message that your router is infectedand connections are redirected to the malicious server. Avast Antivirus explains this by the fact that your router was hacked, and DNS addresses were changed in it to malicious. And there are also instructions for solving this problem for different routers: ASUS, TP-Link, ZyXEL, D-Link, Huawei, Linksys / Cisco, NETGEAR, Sagem / Sagemco.
In short, all these recommendations are aimed at checking DNS addresses, and services related to DNS. Through which attackers can change the DNS on your router and redirect you to their malicious sites. There are detailed instructions on how to check everything on routers from different manufacturers.
How do I respond to a router vulnerability alert from Avast?
I think everyone is interested in this question. Moreover, if you went to this page. If you are wondering how I would react to such warnings from the antivirus, then the answer is simple - no way. I am sure that Avast would find holes in my router through which they could hack me. I just have Dr.Web. He does not do such checks.
Perhaps I'm wrong, but no antivirus other than Avast checks Wi-Fi routers to which you are connected for various kinds of vulnerabilities. And this feature, called Home Network Security, appeared back in 2015. In the Avast 2015 version.
Avast scans the router for device security issues. Although, I don't fully understand how he does it. For example, how he checks the same password to enter the settings of the router. Follows the user, or the selection method? If I found it, the password is bad 🙂 Okay, though, I'm not a programmer.
Personally, I think these warnings are no more than simple guidelines for hardening your router. This does not mean that someone has already hacked you and steals your data. What Avast offers:
- Set a good password and update the router's firmware. They say otherwise you can be hacked. Ok, this is understandable. It doesn't have to be flagged as some kind of dire vulnerability. Again, though, I don't understand how the antivirus detects that the router software version is out of date. It seems to me that this is impossible.
- The router is not protected from Internet connections. Most likely, such a warning appears after checking the open ports. But by default, the "Access from WAN" function is disabled on all routers. I highly doubt that anyone will hack into your router over the Internet.
- And the worst thing is the spoofing of DNS addresses. If it detects any problems with DNS, Avast writes in plain text that "Your router is infected!" But 99% of the time it is not. Again, almost always the router automatically obtains DNS from the ISP. And all functions and services through which attackers can somehow spoof DNS are disabled by default. It seems to me that very often the antivirus "misunderstands" some user settings.
Something like this. You can of course disagree with me. It seems to me that it is much easier to access the computer directly and infect it than to do it with a router. If we are talking about an attack over the Internet. I would be glad to see your opinion on this in the comments.
How do I protect my router and remove the Avast warning?
Let's try to figure out each item that Avast most likely checks and issues warnings.
- The router is protected by a weak password. There is no encryption. In the first case, the antivirus has to enter a password that must be entered when entering the router settings. Typically, the default password is admin. Or not installed at all. And it turns out that everyone who is connected to your network can go into the settings of the router. Therefore, this password must be changed. How to do this, I wrote in the article: how to change the password on the router from admin to another. As for the password of the Wi-Fi network, it must also be strong, and the WPA2 encryption type must be used. I always write about this in the instructions for configuring routers.
- The router is vulnerable due to old software. This is not entirely true. But, if there is a new firmware for your router model, then it is advisable to update it. Not only for increased security, but also for more stable device performance and new functions. We have instructions on the website for updating the software for routers from different manufacturers. You can find it through the search, or ask in the comments. Here are the instructions for TP-Link and for Asus.
- DNS settings have been changed. The router is hacked. To be honest, I have not seen such cases yet. As I wrote above, all services through which this can happen are disabled by default. Most often, the router receives DNS from the provider automatically. The only advice I can give is not to manually register DNS addresses that you are not sure about. And if you manually specify the addresses, then it is better to use only DNS from Google, which are: 8.8.8.8 and 8.8.4.4. This is also advised in the Avast recommendations, which can be viewed on the official website: https://help.avast.com/en/ws_android/1/alert_dns_hijack.html. There are detailed instructions on how to solve DNS problems for almost all routers.
That's all. I hope I was able to at least clarify these warnings in Avast antivirus. Ask questions in the comments, and do not forget to share useful information on this topic. Good luck!
