HTTP Scanning: necessity, or just a security blanket?

[veri]

Curious as to what you fine boys and squirrels think. I know I've seen a few threads similar to this quite a long time ago, but I figured I'd get a recent opinion.

(Has Symantec added this to its corporate AV yet?)

[coldplay]

not necessary at all. its pretty much on the same degree of uselessness of email scanning.

if there is a virus, your file scanner will catch it when it starts running. if your file scanner fails to do so , so will your http scanner

[TopperID]

Quote:

Originally Posted by coldplay

if there is a virus, your file scanner will catch it when it starts running.

Hopefully it catches it when the file is written to HD, rather than after it starts running.

Quote:

Originally Posted by coldplay

if your file scanner fails to do so , so will your http scanner

In general I agree, though I do recall reading a thread where it was suggested that a file could be caused to enter straight into Memory before being written to HD. If that situation is correct, then the File Scanner would not prevent the file from running while the Web-Scanner could have stopped it entering your system in the first place. I don't know how likely this situation is though.

Quote:

Originally Posted by coldplay

not necessary at all. its pretty much on the same degree of uselessness of email scanning.

Mail scanning is lagely a question of convenience; I don't know about the latest AntiVir but it always used to be the case in the past that your mail box was counted as an archive, so if AntiVir found a bug in your mail box and you attempted to delete the bug using AntiVir, you ended up deleting your entire mailbox! The only way out of the impasse was to disable realtime scanning while you manually deleted the mail in question (you had to do this 'cos the Guard locked the file so you could not access it to delete). Having a mail scanner avoided all these problems.

[veri]

Quote:

Originally Posted by TopperID

In general I agree, though I do recall reading a thread where it was suggested that a file could be caused to enter straight into Memory before being written to HD. If that situation is correct, then the File Scanner would not prevent the file from running while the Web-Scanner could have stopped it entering your system in the first place. I don't know how likely this situation is though.

I'm assuming you really do mean "file scanner" - I'd imagine that any sort of real-time module would catch anything memory resident in short order.

[WSFuser]

Quote:

Originally Posted by veri

Curious as to what you fine boys and squirrels think. I know I've seen a few threads similar to this quite a long time ago, but I figured I'd get a recent opinion.

(Has Symantec added this to its corporate AV yet?)

its more of a security blanket though personally its one extra i like very much.

[veri]

Quote:

Originally Posted by WSFuser

its more of a security blanket though personally its one extra i like very much.

I'd tend to agree - I kind of like having it, myself.

Does anyone happen to know whether SavCE v10 includes this?

[ashishtx]

As far as i know, Sav ce10 doesn't include http scanner. Hopefully, they will include it in the new version this summer.

Will Antivir free and paid ever include http scanning? I know that Dr web has one in the works, it'll be neat to see that.

[Mele20]

I think HTTP scanners are unnecessary junk. It makes the AV cost more for something that you don't need and which, in many cases, one cannot use because these scanners drastically slow internet speed. I left NOD32 years ago partly because of their new HTTP scanner that crippled my internet speed. Then Kaspersky got one and it made my internet speed LESS than ONE-HALF the normal speed. I noticed it in the KIS Beta and it was released like that to my surprise. Get people to pay for a "feature" that isn't a feature to begin with and then have them have to not use what they paid for because it cripples their connection. That makes lots of sense.

If Avira ever does this I will be so disappointed. I think they will because all the sheep want it. I've noticed it seems that the faster the connection the worse the crippling. Kaspersky's scanner put my speed from close to 5000 down to around 2100 down. I'd be crazy to pay my ISP for a high speed internet connection and then turn around and deliberately cripple it by using my AV's http scanner.

[LUSHER]

I vote, not necessity.

[C.S.J]

these scanners do not drastically slow the internet at all, avast has demonstrated this.

of course one could argue the case, but those people arguing it, dont have an http scanning in their AV software.

i think its 'added' security, so why wouldnt anyone want it? pfft
if drweb do add an http scanner for V5, of course id be happy, but either way, doesnt bother me.

[QBgreen]

When I ran FSAVCS 6.xx, it had HTTP scanning. It was good enough to pluck several trojans out of 'mid-stream'. I do like the idea if its well implemented. I've seen it work.

[Mele20]

Oh, so I just dreamed that I had NOD32 with the HTTP scanner and I just dreamed that I beta tested KIS 2006 and then got the release version of KAV 2006? I dreamed all that and dreamed that those scanners drastically slowed my internet connection. Gee, thanks for letting me know that I can't tell reality from a dream and that I am so ignorant a user that I wouldn't have any idea how to test if this HTTP feature of various AV scanners wrecks one's internet connection or not.

You know, your post would be a lot more credible if you had simply said that Avast HTTP scanner did not slow your connection instead attacking people who have had their internet connections drastically slowed.

Who is your ISP? I have Road Runner from Time Warner Cable.

This "feature" is simply a marketing technique for the ultra gullible.

[GES/POR]

How about a http scanner module optional at install to keep both parties happy, remember optional?

[C.S.J]

Quote:

Originally Posted by Mele20

You know, your post would be a lot more credible if you had simply said that Avast HTTP scanner did not slow your connection instead

this is exactly what i did say.

[yeuxbleus]

If it slows your connection down then don't use it, but if it doesn't (which is the case with me), by all means use it.

Quote:

This "feature" is simply a marketing technique for the ultra gullible.

BS! Not all of us who choose to use an HTTP scannner are gullible. See statement above. Quit putting people who choose to have an HTTP scanner down, such as the case here when you replied to a post of a similar topic:

Quote:

...Only ignorant folks who don't understand how AV's work use something like that...

[Mele20]

My main point is that I don't want to have to pay for YOUR GULLIBILITY. That is the hard cold fact. You gullible folks force people like me to pay for a feature that is worthless junk and I resent that strongly. Telling me simply not to install the feature is NOT a REASONABLE answer.

A reasonable alternative would be for the AV vendor to offer a version that is CHEAPER because it doesn't contain unnecessary junk designed for the gullible who demand also sorts of unneeded gadgets otherwise they feel scared to use the internet because of their ignorance. The pressure on the AV vendors from gullible people like yourself is tremendous and THAT is what I resent. Stop forcing me to pay for a feature I don't need, that no one needs.

[huntnyc]

Using Nod32 2.7 on my laptop, I see no noticable difference in speed when surfing. But have tried others and they slow my surfing noticably.

Gary

[VikingStorm]

Quote:

Originally Posted by Mele20

My main point is that I don't want to have to pay for YOUR GULLIBILITY. That is the hard cold fact. You gullible folks force people like me to pay for a feature that is worthless junk and I resent that strongly. Telling me simply not to install the feature is NOT a REASONABLE answer.

A reasonable alternative would be for the AV vendor to offer a version that is CHEAPER because it doesn't contain unnecessary junk designed for the gullible who demand also sorts of unneeded gadgets otherwise they feel scared to use the internet because of their ignorance. The pressure on the AV vendors from gullible people like yourself is tremendous and THAT is what I resent. Stop forcing me to pay for a feature I don't need, that no one needs.

Is that how the software industry works at all? I'm not sure I get your logic. By your logic, every time someone adds a new feature they need to create a newer "old" version, that costs even less than it did before. I understand if adding what you deem "pointless" features raises the price, but if the price is the same? Why not just keep your old version. Not all features cost money. The philosophy of software design is to add new as many new features that the user may be interested in to upgrade. It does not correlate every single feature to a monetary cost.

[CJsDad]

Ths is all too damn funny.
First calling out a poster about attacking people who have had their internet connections drastically slowed because of an HTTP scanner when in all seriousness I never saw an attack but then you turn around and call people gullible because they have a difference in opinion on using the scanner and they are "forcing you" to pay for something you dont need.
Laughable and hypocrytical.

[yeuxbleus]

Quote:

Originally Posted by Mele20

My main point is that I don't want to have to pay for YOUR GULLIBILITY. That is the hard cold fact. You gullible folks force people like me to pay for a feature that is worthless junk and I resent that strongly. Telling me simply not to install the feature is NOT a REASONABLE answer.

A reasonable alternative would be for the AV vendor to offer a version that is CHEAPER because it doesn't contain unnecessary junk designed for the gullible who demand also sorts of unneeded gadgets otherwise they feel scared to use the internet because of their ignorance. The pressure on the AV vendors from gullible people like yourself is tremendous and THAT is what I resent. Stop forcing me to pay for a feature I don't need, that no one needs.

My point is that in the process of convincing us that you don't need an HTTP scanner, you insist on putting people down who choose to use an HTTP scanner. People who choose to use an HTTP scanner are not necesarrily gullible and ignorant, look at how many people on this forum whom I would consider as being far more knowledgeable than you who use them. It is both arrogant and ignorant of you to state that. I haven't read of people who choose to use an HTTP scanner putting down people who choose not to. It's a matter of personal choice. If you choose not to use it, that's your choice. Quit making general statements and follow your own advice:

Quote:

You know, your post would be a lot more credible if you had simply said that Avast HTTP scanner did not slow your connection instead attacking people who have had their internet connections drastically slowed.

Edit: Spelling

[shek]

vlk answered it in the following post.
http://www.wilderssecurity.com/showp...0&postcount=29

[midway40]

Thanks for that link, I don't remember seeing that post before. An excellent post by IBK as always

[solcroft]

Quote:

Originally Posted by midway40

Thanks for that link, I don't remember seeing that post before. An excellent post by IBK as always

IBK ≠ vlk

vlk's one of the folks in charge at Alwil, the company behind avast!.

Though I DON'T get why he says that only a HTTP scanner can stop the WMF exploit. Doesn't the .wmf file in question need to be downloaded to the browser cache first??

[The_Duality]

Quote:

Originally Posted by solcroft

Though I DON'T get why he says that only a HTTP scanner can stop the WMF exploit. Doesn't the .wmf file in question need to be downloaded to the browser cache first??

Same here... how can that be possible? Im quite interested to know...