Ok I get that HTTP scanning will catch "more trojans". But how does it catch it? When the trojan is being downloaded or when the trojan is on my system and is trying to com out? So basically it will be a active download scanner which is also an unpacker and it's using /ah? So it should detect an infection in the file that is being downloaded into the temp folder before it's actually assambled onto my destination folder? What is the impact on peformance both the overall system resources/performance and the net speed?