Rating:3/5
Price:$3.99 – $8.33 per month
Refund period: 30 days
Based in which country: Czech Republic
# devices per license: 10
# servers: 700
Server locations:58 locations in 36 countries, including the USA, Canada, UK, Australia, New Zealand, Japan, France, and Germany
Streaming sites unblocked: Netflix, NBC, Channel 4
Supports torrenting: Yes
Does VPN keep logs:No
24/7 customer support: No
Website: https://www.avast.com

Avast Software s.r.o. is based in the Czech Republic and started operations in 1988. The business’s main product line is an antivirus system. The company increased its malware protection market share in 2016 with the acquisition of AVG Technologies. AVG is a rival brand that is also based in the Czech Republic, although that company had gone public with a listing on the New York Stock Exchange.

AVG is now wholly owned by Avast Software, and the brand is still being developed alongside the Avast product line. In 2021, Avast announced a merger with NortonLifeLock, which is owned by Broadcom, Inc. Effectively, this is a takeover of the Avast businesses by Broadcom, but the Avast and AVG brands will continue to be marketed.

Being part of a very large cybersecurity conglomerate, the Avast VPN is a lot more mainstream than most of its rivals. While many VPNs have edgy marketing and present themselves as energetic freedom fighters, the Avast sales pitch is much more sedate and family-friendly.

Despite its law-abiding tone, the Avast web page has no qualms about advertising the VPN’s use for unblocking geo-location restrictions at streaming services and supporting torrenting – two activities that can sometimes get VPN providers into trouble.

When Avast bought AVG, it also acquired HideMyAss (now HMA), which was an AVG subsidiary. This means that Avast actually runs two rival VPN services side-by-side as competitors.

Privacy and security on networks and the Internet are enforced by secure working practices, authentication, and above all, encryption. In this section, you will learn about security and privacy and how Avast SecureLine VPN and all other VPN systems operate.

One quick fact you need to know to understand these explanations is that data passes over the internet in segments. There is a maximum length to each segment, so if a data stream is passing over the Internet, such as a video stream, it is broken up and sent in sections.

Each section needs to be sent to a specific destination, and the convention for Internet technology is that the data is put inside a structure called a packet. The packet has a header on it, which is where the destination address is written. The header also holds the source address, showing the segment’s device. This enables a recipient to reply.

All addresses on the Internet are called IP addresses. “IP” stands for Internet Protocol, which is a set of guidelines that enable networking software written by different people to be compatible.

Legal protection

The Czech Republic is in the EU. The EU set up a Data Retention directive that required all telecom providers, including internet service providers (ISPs), to retain information on all customer connections. These records had to be held for at least 6 months, but the exact period was up to individual governments, and it could be up to two years.

The EU issued its first data retention requirements in 2006, and there has been a constant legal battle over the issue. However, the requirement was finally quashed by the European Court of Justice, which not only threw out the requirement but declared that such tracking of innocent people is illegal.

For now, VPN businesses in the EU are not required to retain records of their users’ activities, and Czech-based Avast doesn’t retain activity logs. This no-logs policy is very important because it blocks the attempts of copyright lawyers and law enforcement agencies to track the online activity of private individuals.

Network address translation

Most VPN services perform address substitution. This changes the source IP address in packets as they pass out of the VPN server onto their final destinations. All IP addresses can be tied to a physical location, and this is how streaming services know where a request has come from.

Video streaming systems only buy the broadcast rights for shows and movies for specific territories and are not allowed to stream that content to locations outside those territories. This is why, if you have a Netflix account, you get a different video library when you log in from a different country.

The Avast VPN system offers VPN servers in 36 countries. There are 700 VPN servers in 58 cities within those countries. When you select a location, your outgoing traffic will get the IP address of that server as its source address. So, if you are in Germany and want to get into Netflix for the USA, you select a server in a US city before turning the VPN connection on. After that, any queries on your location will show that you are in the USA and not in Germany.

When your request to a website goes through the Avast server, that Web server only has the IP address of the VPN server to reply to. When the VPN server receives a response, it forwards the packet to your computer.

There is a second benefit to this address substitution. If many Avast customers are connected to the same server, all of their traffic will go out with the same IP address. This group’s usage of a single IP address masks the activity of each individual. However, it also complicates the mapping between the traffic for a user and that person’s real IP address.

There is a second addressing system in use on networks and the Internet, and this also goes into the IP packet header. This is a concept called the port number. A port number represents an application, and a circular program on a computer keeps checking internet traffic that arrives with its number on it.

Avast VPN uses a type of network address translation (NAT) that is called port address translation (PAT). The VPN server uses a different port address for each customer. One more complication to this strategy is that traffic passing through from a user to a Web server might already have a port number on it. So, replacing that port number with an offset, such as +3000, enables the VPN server to find the right IP address for the customer and restore the port number in the reply packet header.

Activity logging

The source of activity logs that some VPNs retain is the address translation process. This is one of the services VPNs provide, and it hides the real IP address of VPN users from the Web servers they contact. This is a useful deception that prevents copyright lawyers and law enforcement agencies from tracking back from the seized connection logs of the websites they shut down for copyright violations.

If an investigator is tracing the users of a banned site so that they can sue them for copyright infringement, they need the IP address and timestamp of the connection. They will also see the port number used for the internet connection. The investigators will trace the activity back to the VPN, and if they can seize the archived PAT table, they can track through to the relevant ISP, seize their records, and discover which person had that IP address at the time.

For this reason, VPNs that keep activity logs offer no protection at all. Avast VPN offers a no-logging policy to keep its customers safe.

Avast VPN protocols

The procedures, lookup codes, and methodologies used by a VPN are called VPN protocols. There are many of these in existence.  Avast uses four VPN protocols in its SecureLine VPN system. These are:

  • OpenVPN – Most VPN services use this system. It is open source and defines device authentication, encryption, and cipher key exchange processes.
  • Mimic – This protocol was created by Avast, and no one else uses it, except for sister cybersecurity services run by AVG – HMA doesn’t use it. Avast doesn’t explain this protocol in detail, but it seems very similar to Stunnel, which uses OpenVPN and then wraps the OpenVPN connection in an SSL session.
  • IPsec – This protocol was invented by Cisco Systems, and it operates at a very low level. It is very efficient and uses very little power, making it popular for mobile devices because it doesn’t drain the battery.
  • IKEv2 –IPSec can’t handle cipher key management, for it is usually paired with IKEv2, which performs that function.

INSIDER TIP – Avast is currently trialing the WireGuard VPN protocol as an extra option in some of its apps, but the company doesn’t mention this anywhere on its website.

The app uses different VPN protocols depending on the operating system it was written for. The allocation is:

  • Windows – OpenVPN over UDP and Mimic
  • macOS – IKEv2/IPsec and Mimic
  • Android – OpenVPN over UDP and Mimic
  • iOS – IKEv2/IPsec and Mimic

UDP refers to a category of networking protocol called the Transport Layer. Specifically, UDP stands for User Datagram Protocol. The Transport Layer deals with session management, and its main available protocol is called the Transmission Control Protocol (TCP). Avast uses TCP briefly for key exchange in its OpenVPN and Mimic protocol. In the case of OpenVPN, the system then switches to UDP.

TCP uses an acknowledgment packet, sent periodically by the client and replied to by the server, to ensure that both sides of the connection are still engaged. It is called a connection-oriented protocol, and it also ensures that loss packets are retransmitted, and that out-of-sequence packets are put back in the right order.

All of the functions of TCP slow down the exchange of data. So, systems that don’t want all of those session management features use UDP instead. UDP is called a connectionless service and does almost nothing other than putting the port number in each packet header.

Avast VPN procedures

A VPN hides the true destination of your internet connections by diverting all your traffic through its server. Thus, no matter which website you are really connecting to, your ISP only sees – and logs – the IP address of the VPN server.

VPNs work on a system that is called “encapsulation” for the connection from your computer (the client) to the VPN server. Encapsulation encrypts a packet in its entirety. This includes encrypting the header. A problem with this strategy is that it disables the packet. Routers on the internet need to be able to read the destination address in the packet header; otherwise, they can’t send the packet on.

In order to carry that encrypted packet to the VPN server, the places the entire packet inside the payload of another packet. Responses from the server to the client are dealt with in the same way. Encapsulation effectively provides cover for traffic between the VPN client and the server so that the VPN connection is called a “tunnel.”

Avast VPN encryption

Avast uses an SSL system to establish a connection between the VPN app, the client, and the VPN server. SSL is the Secure Socket Layer, and it is implemented in OpenVPN by a library of functions that are called OpenSSL.

A confusing factor of SSL is that it was canceled because of a discovered security weakness and replaced by Transport Layer Security (TLS). However, the SSL label was so widely used that it stuck. So, when people say a system uses SSL, it really deploys TLS.

In the explanation of TCP and UDP, you might recall that these are both termed Transport Layer protocols. The session establishment routines of TLS are connection-oriented, and this is why Avast starts every session using TCP before switching to UDP for speed.

Avast doesn’t explain which encryption cipher is used for the creation of the tunnel. However, as it is using TLS, the most likely candidate is RSA. This is a public key encryption system. Encryption ciphers are formulas that have a variable in them. The value of the variable is called the key. You completely change the results of the encryption process by changing the key. Everyone knows the formula, and you need to get the key in order to decrypt a message.

In TLS, the client doesn’t ask the server for the encryption key. Instead, it asks which certificate authority the server uses. It then gets the SSL certificate from that third party. The certificate contains the server’s RSA encryption key. RSA is a public key system, which means that the encryption and decryption keys are different but linked. You can’t decrypt a text with the encryption key and can’t guess the decryption key if you know the encryption key. Therefore, the encryption key can be made public as long as the decryption key is kept private.

The client encrypts a challenge with the server’s public key and sends it. If the server responds with the right answer, it provides its identity because only the device identified by the certificate holds the corresponding decryption key.

The server then gets the client’s certificate and uses it to encrypt a message containing the session encryption key. This process prevents an interception technique used by hackers, called a man-in-the-middle attack. It also provides privacy for the distribution of the key for encapsulation encryption.

The tunnel is formed with a symmetric key cipher called AES. With this system, the same key is used to encrypt and decrypt a text, so anyone possessing the key can decrypt a message. This is why the VPN connection needs RSA to establish a session and protect the transmission of the key for the AES encryption. AES stands for the Advanced Encryption Standard.

The length of an encryption key influences the security of a cipher. The longer a key is, the harder it is to crack by guessing because there are more possible combinations. AES is used by the US military and financial institutions because it provides the best security and the longest key available for the cipher is 256 bits in length. This is expressed as AES-256, which is bank-grade encryption.

Avast VPN DNS leak protection

You have read a lot about IP addresses, but you probably never see one when you are surfing the Web. This is because Web browsers use a different address method called a Universal Resource Locator (URL). These Web addresses mean nothing to internet routers. So, before a browser can request the code for a Web page, it needs to find the IP address of the Web server that holds it.

The most important part of a URL is the domain. This is the part that ends in .com or .org, such as bestvpn.org or Google.com. The cross-reference table that links all of the domains in the world to their underlying IP addresses is too big to be held in one place and parts or stored in different locations worldwide. This is called the Domain Name System (DNS)

It would take too long to search all of these databases for every page that gets loaded into a browser, so the system is fronted by a service called a DNS resolver. The choice of DNS resolver is dictated by your ISP. The resolver stores the most recently and most frequently used URLs and fetches the few exceptions it is asked for.

ISPs can control and track your internet activity by manipulating the DNS query. The ISP can quietly ban a website without anyone realizing it by blocking the distribution of the IP address for that domain. It can also use the DNS query from your browser to record the sites you visit.

In order to keep your Web activity private and unrestricted, Avast VPN has its own DNS resolver. All of the DNS queries from your browser go down the tunnel when the VPN is switched on. If a DNS query traveled outside of the tunnel, it would automatically go to your ISP’s DNS resolver. This situation is called a DNS leak, and it doesn’t happen if you use Avast and keep the VPN turned on.

Avast VPN IP leak protection

If any of the traffic between your VPN app and the chosen VPN server avoids passing down the tunnel, your ISP can see it and log it. This is called an IP leak. The only way this can happen is if your VPN is turned off without you realizing it. This can happen because the VPN uses UDP, which has no connection-sustaining routines, but your internet connection does.

If the VPN client doesn’t hear from the server for a while, it assumes the session has ended and disconnects. However, your internet service is passing “keep alive” messages back and forth, so the internet connection remains open. As all of the pages we request keep loading in your browser, you don’t notice that the VPN has stopped working, and all of your Web activity is exposed to your ISP. This is called an IP leak.

Avast prevents IP leaks with a system called a kill switch. This is an option within the VPN app. If you turn the kill switch on, the VPN app completely controls your computer’s network card. No traffic gets onto the internet without passing through the VPN. Thus, if there is no tunnel for the app to send the traffic down, you have no internet activity. This is something that you will notice, and then you will turn the VPN back on.

The kill switch only works if the VPN app is open. You can change a setting in the Avast app to ensure that the VPN automatically starts when you start the computer. Thus, the VPN app will always be open with the kill switch engaged, and you won’t be able to use the internet without a VPN connection.

Some online systems won’t let you in unless you are in a specific country. Other services, such as Netflix or newspaper websites, let you in but adjust their content according to where you are. Thanks to that VPN server mechanism that puts its IP address in packet headers as the source of the connection request, you will get the content for the server location you choose before you connect.

The Avast VPN app includes a list of server locations. You select one before turning the VPN service on. The relative power of a VPN service lies with which websites they can unblock – some are easier than others.

We tested the Avast VPN service with a number of well-known streaming services, and here are the results:

ServiceTest
NetflixYes, for the USA, the UK, Germany, France, and Japan
Disney+No for the UK, the USA, Germany, and Japan. Yes for France
BBC iPlayerNo
ITV HubYes, with Mimic
Channel 4Yes
ABCNo
NBCYes

Avast has one plan that is offered in three subscription packages – the variable is the length of the subscription period. Avast is a little different from the majority of VPN providers because it doesn’t offer any subscription period shorter than a year. This can be off-putting. However, digging around, you will find a number of ways to get a free VPN service from Avast. First, the prices for the three subscription periods that Avast VPN offers:

  • One year — $55.08 for the first bill ($4.59 per month), then $99.99 per year ($8.33 per month) thereafter
  • Two years — $105.36 for the first bill ($4.39 per month), then $194.99 for two years ($8.12 per month) thereafter
  • Three years — $158.04 for the first bill ($4.59 per month), then $294.99 per three years ($8.19 per month) thereafter

This price list is a little surprising. There is almost no incentive to take the longer subscription term after the initial discounted period ends. All subscriptions get a 30-day money-back guarantee.

You can pay for your entire subscription period upfront with a credit card (Visa, Mastercard, American Express, or Discover) or PayPal.

If you are worried about committing to the VPN for a whole year, go for the 7-day free trial before buying. You do not have to set up an account, identify yourself in any way, or give your credit card details to get this offer.

The free trial gives you access to the full service and will stop working after seven days if you decide not to set up an account.

1. To get the trial, go to the Avast SecureLine VPN website and click on the Try it free for 7 days link.

2. This will download a file. Click on the file to run the installer.

3. When the installation completes, the app will run you through a guide to the service. Skip through these pages by pressing the Continue button.

4. The first time you try to turn the VPN on, you will be shown a pop-up that offers you the option to buy the service or access the free trial.

5. Click on the Start 7-day free trial button to continue without paying. In the next screen, you are presented with a welcome message for the trial. Click on the Get Started button to continue.

6. The app is very straightforward. In its opening state, it offers to connect to an optimal location. Wait, and select a definite location instead.

7. Click on the Change button in the location box to get to the server location list. This shows the countries where Avast SecureLink has servers. Some of these countries have more than one location, and to pick your VPN server location down to the city, click on the arrowhead next to the country name. A full down arrow in a circle indicates that a server is suitable for P2P downloading. A circle with a play symbol in it means the server is optimized for video streaming.

8. Two options in the left-panel menu on this screen let you filter the server list to just those suitable for streaming or torrenting.

9. Once you click on a new location, the VPN will turn on without you needing to do anything else. If you don’t want to change the location, you turn the VPN on and off with the On/Off slider at the top of the home screen for the app.

10. When the VPN is not turned on, the home screen shows your real IP address. When the service is active, you will see the substituted VPN server IP address alongside your own IP address and a counter for the connection duration.

Avast offers a bundle of all of its security and privacy services, and that is called Avast One. This gives you a firewall, virus and ransomware protection, email scanning, and a VPN. Their Avast One Essential plan is free forever. That means you can get the Avast VPN without paying anything.

The Essential plan only allows you to have one device connected to the VPN service, but you can install the app on as many devices as you like – you just can’t have them all turned on at the same time. Getting around that simultaneous connection restriction is easy by opening multiple accounts.

Here is a comparison chart of the two Avast One plans:

The downside of the free option is that data throughput is limited to 5 GB per week, and you can only connect to one VPN server location.

We examined the performance of the Avast VPN service to see its influence on connection speed – particularly download speed. Avast says its service offers unlimited bandwidth, but what does that mean in real-life situations? These tests were carried out in the UK on the Three network. Tests were carried out using the Ookla system at speedtest.net, and the VPN protocol in the app was set to OpenVPN. Each test scenario was run three times, and the middle result is shown.

First, to establish a performance baseline, we tested a connection to a nearby server without the VPN turned on:

The mean download speed achieved was 9.02 Mbps, and the upload speed was 5.07 Mbps. Turning on the Avast VPN, set to use the server location in London, UK, and connecting to the same test server got these results:

This test gave a download speed of 3.38 Mbps and an upload speed of 1.57 Mbps. This is a big speed drop. However, it is typical of OpenVPN speeds influence when used by many of the VPN services in the world.

Long-distance connections across the internet are slower because packets have further to travel and pass through more routers – this test went to Sydney, Australia:

As can be seen, a connection to the other side of the globe wasn’t much slower than a local connection. The connection had a download speed of 8.52 Mbps and an upload speed of 4.01 Mbps.

Turning on the VyprVPN service, using the London VPN server, and connecting to the same server in Sydney again, the results were similar to those using the VPN on a local connection.  

The download speed was 3.17 Mbps, and the upload speed was 2.70 Mbps.

Avast’s speed test results were average when compared to other leading VPN providers. The stars for speed are ExpressVPN, NordVPN, and Surfshark.

Does Avast work in China?

User feedback suggests that Avast is not a good choice for people in China who want to access the Web outside of the country.

Can I use Avast torrenting?

Avast has a number of VPN servers that are optimized for torrenting. The VPN service does not keep logs or examine its customers’ traffic. Therefore, it is safe to engage in P2P file sharing on any Avast server.

Is Avast a fast VPN?

Avast can’t be categorized as a lightening fast VPN. However, it won’t slow your connection down too much. Watching streaming videos without buffering is still possible if you have this VPN service turned on. ExpressVPN, NordVPN, and Surfshark are your best options if high connection speeds are your priority.

Is Avast a firewall?

Avast VPN is not, strictly speaking, a firewall. However, the system uses network address translation, which many experts refer to as a “NAT firewall” because it hides the IP addresses of devices behind it, making targeted attacks impossible. If you want a VPN service that includes a firewall and virus protection, look at Avast One.

Does Avast block infected files?

Avast doesn’t examine the contents of packets that pass to your computer, so it has no way of blocking viruses. Avast offers a free anti-virus system, which has a free version. You can get a bundle of Avast services, including anti-virus and a VPN called Avast One.

To sum it up

The VPN is a sideline for Avast – the company’s main product is an anti-virus. Fortunately, the business offers a number of free services, so you can get both virus protection and a VPN for free with Avast if you know where to look.

The Avast VPN is a good service, but it isn’t excellent. It wouldn’t appear on anyone’s list of the Top Five VPNs. The VPN’s price is reasonable, its ability to get into streaming services has some great achievements and some failures, and the connection speeds offered by Avast are so-so. There are hundreds of VPNs that are a lot worse than Avast VPN. However, you could do better by opting for ExpressVPN, NordVPN, or Surfshark.