What is http scanning ?

I've tried to look that up, but I did not find a clear explanation.


Secondary issue: I get the impression that this may be important (though some people disagree). As I'll be ditching my McAfee software, I'm looking for a replacement. I originally intended to switch to VIPRE, but I'm hesitant to switch to this new and untested program. My alternative was Avira, but I have the impression that only the suite has http scanning. (And I'd rather not add a whole suite to my Counterspy and Spy Sweeper (already paid for, and possible conflicts)).
I'm inclined to make a decision about my next antivirus at least partly on Av-comparatives' tests (proactive, not on demand !). Any suggestions about a good AV (free or inexpensive) that is (reasonably) good at http scanning ?
Suggestions appreciated.

basic terms, constant scanning of your http while you browse, hence the term... http scanning.

http scanning stops a virus getting to your machine, simple as.

on-scanning guard / resisdent shields etc will allow the virii to get to your temp etc before your guard pops up with a notice and options.

http scanning do stop certain threats that a guard cant, however... rare i would say, and they do slow browsing down, some slightly, some alot.

are they needed, no.

is this what the market requests, yes.

So would Avast's Web Shield and AVG's new Web Guard be condsidered http scanners? I didn't notice any browser slowdowns with Avast Home, but I did with AVG 8.0

Yes, both are web/HTTP scanners.

{QUOTE-> Yes, both are web/HTTP scanners. <-QUOTE}
yep, many have them now... its something the market requests.

bitdefender
nod32
F-Secure
Kaspersky
Avast
AVG

and if i really had to pick the fast ones, they would be F-Secure, Nod32 and Avast.

Thanks to both of you for your responses.

Thank you for the information.

A bit about Avast: the free edition claims to have http scanning, but my impression as I read it, is that it's rather basic.

The professional (NOT FREE) edition has a script blocker. It's nothing like Firefox NoScript. More like protection against malicious scripts.

Which reminds me about my only positive experience with McAfee: (presumably a form of http scanning) McAfee detected malicious javascript code trying to deliver a trojan on my system, which was detected, and McAfee prevented the infection (I checked with an on-demand scan).

I'm wondering if the free http scanner of Avast is not a bit too weak.

And how come that Avast performs so much weaker than Avira in the av-comparatives test (proactive) of November 2007, see http://www.av-comparatives.org/
Please notice the 3 % score on script malware ! But maybe they didn't have the script blocker at the time?

I'm not sure what to think of it.

How come that all the antiviruses except Avira have such abysmal detection rates ? If I'd base a decision solely on this test, I'd pick Avira or no antivirus at all, the others have a chance of less than 50 % !

I'm a bit (positively) biased towards http scanning, since that was the way McAfee recently protected my computer against a javascript/trojan attack, which was the only one I've had in years.

scans your internet traffic before you browse or download = slower internet

{QUOTE->
How come that all the antiviruses except Avira have such abysmal detection rates ?. <-QUOTE}
look at it the other way, are all, really worser than Avira, including the big players in the market, no.

its all about their methods compared to others, not ability.

think outside the box and wonder why they do what they do.

remember, they are a buisiness, they do what they must to compete with the competition.

seriously, if you play the numbers game, you get a front-line figure that will only end in failure, however.. its clear to see, this is the game Avira want to play, i say this.. not because they are the high scorers (which i know, some of you will think), but the way they add signatures and their general methods of playing the game, its almost like hiding that extra ACE card up your sleeve during a high stakes poker game.

a winner this way, is truly a looser. :)

{QUOTE->
A bit about Avast: the free edition claims to have http scanning, but my impression as I read it, is that it's rather basic. <-QUOTE}
Both the free and paid versions of Avast have a full webscanner with a proxy-based design.
{QUOTE-> The professional (NOT FREE) edition has a script blocker. It's nothing like Firefox NoScript. More like protection against malicious scripts. <-QUOTE}
The script blocker (a runtime component) is intended to protect against script viruses (i.e. scripts executed from the local filesystem and interpreted by the Scripting Host). It doesn't work against browser-interpreted scripts pulled from websites and trying to exploit software vulnerabilities.

{QUOTE-> Both the free and paid versions of Avast have a full webscanner with a proxy-based design.

The script blocker (a runtime component) is intended to protect against script viruses (i.e. scripts executed from the local filesystem and interpreted by the Scripting Host). It doesn't work against browser-interpreted scripts pulled from websites and trying to exploit software vulnerabilities. <-QUOTE}

Thank you !

{QUOTE-> scans your internet traffic before you browse or download = slower internet <-QUOTE}

You're a real McAfee fan, aren't you ?

Am I correct in assuming that McAfee uses http scanning ? (I have the impression it does, just checking)

{QUOTE-> look at it the other way, are all, really worser than Avira, including the big players in the market, no.

its all about their methods compared to others, not ability.

think outside the box and wonder why they do what they do.

remember, they are a buisiness, they do what they must to compete with the competition.

seriously, if you play the numbers game, you get a front-line figure that will only end in failure, however.. its clear to see, this is the game Avira want to play, i say this.. not because they are the high scorers (which i know, some of you will think), but the way they add signatures and their general methods of playing the game, its almost like hiding that extra ACE card up your sleeve during a high stakes poker game.

a winner this way, is truly a looser. :) <-QUOTE}

I have no way of knowing whether you're right, but let's assume you are ...

How would you choose an antivirus for best performance, which I'll define as most effective in proactive protection (=preventing infections, rather than on-demand scans), and a few other things, like price ?
Other than your own personal experience with Dr Web ?

{QUOTE-> Thank you ! <-QUOTE}
You're welcome :)

{QUOTE-> How would you choose an antivirus for best performance, which I'll define as most effective in proactive protection (and a few other things, like price) ? <-QUOTE}
Other than running your own tests with a fairly large, current and working test bed and using a proper method, you'll have to rely in the expertise of others and the relevance/quality of their test beds.
Knowing the tricks used by malware to stay a step ahead of the viruslabs, I'll risk to say that proactive testing may have little value to the end-user.

{QUOTE->
How would you choose an antivirus for best performance, which I'll define as most effective in proactive protection (=preventing infections, rather than on-demand scans), and a few other things, like price ?
Other than your own personal experience with Dr Web ? <-QUOTE}
trials are there for this very thing, ;)

{QUOTE-> trials are there for this very thing, ;) <-QUOTE}

Not very useful if you normally don't get infected ! (I believe once in two or three years) :)

{QUOTE-> Not very useful if you normally don't get infected ! (I believe once in two or three years) :) <-QUOTE}
then why are you so worried? :)

in all honestly, all AV's that are mentioned in the main here on wilders, are good enough to protect any home user.

but as a forum, disagreements and personal opinions enter the stage too.

{QUOTE-> in all honestly, all AV's that are mentioned in the main here on wilders, are good enough to protect any home user. <-QUOTE}
Exactly. Why not looking for the setup that works best for you? Ie. the fastest, the lightest and so on.

{QUOTE-> then why are you so worried? :)

in all honestly, all AV's that are mentioned in the main here on wilders, are good enough to protect any home user.

but as a forum, disagreements and personal opinions enter the stage too. <-QUOTE}

It's a bit difficult for me to ignore the test results (proactive).
And if they were all good enough, I could just pick one randomly.
I can't say that's very satisfactory.

(But I don't want to get in a contest about which one is the best, I know the rules!)

{QUOTE-> which I'll define as most effective in proactive protection (=preventing infections, rather than on-demand scans) <-QUOTE}

Proactive protection means detection of new malware without a signature update. It's not the same thing as "real-time" protection.

{QUOTE-> You're a real McAfee fan, aren't you ?

Am I correct in assuming that McAfee uses http scanning ? (I have the impression it does, just checking) <-QUOTE}
no, it doesn't. and yes, i do like mcafee.

{QUOTE-> Proactive protection means detection of new malware without a signature update. It's not the same thing as "real-time" protection. <-QUOTE}

That's a revelation !

I'm not aware of any "real-time" protection tests.
I don't care if a virus is stopped by a signature detection or heuristics.
How, other than by experimentation, can I find out what are the best "real-time" AV programs, commercial or free ? (Best primarily defined as being effective)

Disregard...you already found good old www.av-comparatives.org. I'll be able to read better once this Cataract is removed in a few weeks...:o :blink: :wacko: :)

{QUOTE-> Disregard...you already found good old www.av-comparatives.org. I'll be able to read better once this Cataract is removed in a few weeks...:o :blink: :wacko: :) <-QUOTE}

As I understand it av-comparatives doesn't have any tests regarding 'real-time' protection ?

VB does real-time tests (to get a VB100 award, an AV should catch 100 % of ITW malware on-access and on-demand). AV-Test.org and AV-Comparatives.org only do realtine tests to evaluate runtime-only modules (such as behaviour blockers or on-execution-only sandbox analysis).
Using equal settings, real-time detection should be the same (or higher) than on-demand detection.

{QUOTE-> VB does real-time tests (to get a VB100 award, an AV should catch 100 % of ITW malware on-access and on-demand). AV-Test.org and AV-Comparatives.org only do realtine tests to evaluate runtime-only modules (such as behaviour blockers or on-execution-only sandbox analysis).
Using equal settings, real-time detection should be the same (or higher) than on-demand detection. <-QUOTE}

That makes several antivirus programs look a lot better ! :)

Sorry, I don't understand what you're trying to say. Could you re-elaborate your sentence?

{QUOTE-> Sorry, I don't understand what you're trying to say. Could you re-elaborate your sentence? <-QUOTE}

The VB100 award means apparently more than I thought.

Quoting you:
"Using equal settings, real-time detection should be the same (or higher) than on-demand detection"

The antivirus programs generally do well in on-demand tests, so based on the quote above, real-time protection should be good, and not as bad as I thought (in the proactive/retrospective tests all or most AVs detected less than 50 % of the viruses, except Avira).

Got it, thanks :)
One example of the real-time scanner catching things that the on-demand scanner miss is malware inside installers. Most AVs have a poor support for installers (Inno, NSIS, etc) so there's a high chance that an on-demand scan of a given file may result in a false negative. When you execute it, the installers extracts the individual files and here the RTM can detect/remove the malware components.

{QUOTE-> Got it, thanks :)
One example of the real-time scanner catching things that the on-demand scanner miss is malware inside installers. Most AVs have a poor support for installers (Inno, NSIS, etc) so there's a high chance that an on-demand scan of a given file may result in a false negative. When you execute it, the installers extracts the individual files and here the RTM can detect/remove the malware components. <-QUOTE}

But why are the on demand scanners so poor? Time was when they were excellent. All one needs is an excellent on demand scanner so why is that so hard to find these days?

Huh? The problem of packers/installers/archives support was always present.

{QUOTE-> no, it doesn't. and yes, i do like mcafee. <-QUOTE}
How about the secret tech. they are working on? Think they will add it to their products like most vendors are doing?:thumb:

{QUOTE-> How about the secret tech. they are working on? Think they will add it to their products like most vendors are doing?:thumb: <-QUOTE}
What secret tech?!
Are you talking about engine?

{QUOTE-> What secret tech?!
Are you talking about engine? <-QUOTE}
Yep, and I read somewhere they were working on something new---don't remember much.. Hell could've been something else other than McAfee??

{QUOTE-> Yep, and I read somewhere they were working on something new---don't remember much.. Hell could've been something else other than McAfee?? <-QUOTE}
Well, it is off-topic, but I think I could answer you as well as adding a bit of knowledge about http.
The new engine is due to come out from around June-december, and will enhance detection.


Also, http scanning has blocked a great many threats EVEN before my page was loaded, so the resident scanner didn't need to try to heal it. It may have failed, but thanks to http, it didn't have to.

{QUOTE-> Well, it is off-topic, but I think I could answer you as well as adding a bit of knowledge about http.
The new engine is due to come out from around June-december, and will enhance detection.


Also, http scanning has blocked a great many threats EVEN before my page was loaded, so the resident scanner didn't need to try to heal it. It may have failed, but thanks to http, it didn't have to. <-QUOTE}
:thumb:

{QUOTE-> Well, it is off-topic, but I think I could answer you as well as adding a bit of knowledge about http.
The new engine is due to come out from around June-december, and will enhance detection.


Also, http scanning has blocked a great many threats EVEN before my page was loaded, so the resident scanner didn't need to try to heal it. It may have failed, but thanks to http, it didn't have to. <-QUOTE}

Does McAfee have http scanning or not ?

I believe you stated earlier (somewhere) that it did not have that feature.