Web Scanners in AV

How do these actually work? Do they use the same signatures as the resident scanner? Does it actually provide any extra protection?

I think some products have web scanners that specifically detect script malware or something, would these be caught by the resident scanner?

 

Yes.

Yes, but sometimes too late.

 

What do you mean? If a malware was downloaded onto a computer wouldn't it be immediately detected as soon as it was written to the disk?

 

almost yes webshield is useless most of the time.........try wot or link scanner
and hips and you are ok

 

Web Shield and HTTP scanners are NOT useless. HTTP scanning is great for prevention of known exploits (and even unknown) so they cannot affect possibly not patched browsers (or in cases when antivirus detection for exploit is faster than a compiled patch for the affected browser/program). HTTP scanning prevents exploits to even reach browser, but they also work on all other webpage elements and downloads.

 

well it prevents access to infected web pages....and does a good job at that...avira certainly does

well in some instances the resident guard fails to detect a malware at high heuristics and it installs but the site was denied access with web guard on so to call it lame...useless.....redundant is a mistake....imho

but i would like to know the most effective web guard/sheild/http scanning is which a black listing mode of avira or a proxy tunneling of nod or maybe something else.....if someone can explain.?

 

avast! Web Shield + Network Shield beats them all imo.

 

Agree with RejZor.

Also lets you know if the site you're visiting is a problem site. For example, running sandboxie alone, you would think the site is safe. If you visited the same site from another system, with no sandboxie, you'd still think the site was safe.

avast! Web Shield + Network Shield = light and effective.

 

See this thread(not especially for you,RezjZor,but fpr all of who cares about that)...........http://forum.avast.com/index.php?topic=45515.0
P.S.Avast! is not,and never will be,what you claimed to be.......sorry,BIG fan of Avast!,but..........always it's a LACK()of detection..................

 

They are very useful.
Read this from an expert.

https://www.wilderssecurity.com/showpost.php?p=1073294&postcount=29

 

Joe, from reading here and other forums, every AV we use or discuss misses threats. The old saying, nothing gives 100 per cent protection.

 

Indeed,but not to write that all that shields beat them all......it's his opinion,but.......it's a BIG BUT here...........

 

Yes it would, normally. You go to a website and your browser caches the files, at that time they will be scanned as they are written to disk. However it is apparently possible to place a meta-tag on a file inhibiting the browser from caching it straight away. In this case the file would be able to enter memory and run before it gets scanned. Http scanners are designed to prevent this by scanning all files before they get to the browser.

 

So do all web scanners have specialised signatures for detecting web exploits?

 

But if it's running in memory wouldn't it have a file on your computer?

 

This thread isn't about virtulization or sandboxie in particular.

 

No. These signatures are part of regular updates so you get them daily along with all the other signatures against Win32/Win64 malware.

 

As TopperID explained and to the best of my understanding is correct. The threat is loaded directly to and executed from memory.

Of course the threat will probably eventually interact\write to the hard drive. Or, possibly erase (from) it.

IMO, I would rather stop it at the sidewalk then even let it on the porch.

 

Not necessarily, and even if it does get written to disk, it might not be before execution occurs. Certain types of data requested over the network can be run right in memory without touching the hard disk, and that's what HTTP scanners were designed to deal with.

 

There is loads of rogues and to be honest, no AV detects them all. And even if it doesn't, i think these are the least of the problem. They are just annoying like hell but if you don't go and pay these suckers, it's harmless, just annoying.
I'd be far more worried if file infector was missed than some rogue AV.

 

But will the threat be detected even if it was on your porch? Or is it possible for the malware to activate and disable the AV or something before it even gets scanned?

 

Can you elaborate on this?

 

Can not answer 100% in the affirmative. A lot of malware does target and attempt to shut down real-time protection and prevent on demand from running. May not even allow it to be downloaded or installed either.

Anti-malware protection is always in a reactive stage. Even those that aim at protecting against zero-day exploits can not guarantee 100% protection 100% of the time. Thus the reason for a layered protection plan. My first software layer starts with a web scanner. Not a perfect solution, one does not exist. But, IMO, if it blocks even a small group of mal-ware at the sidewalk then it increases the chances of my other layers doing their job.

I do use imaging software as well. That is my final line. But the way I feel about it, if I have to use it then I have lost to the black hats. While I may not have given up any personal information or allowed my machine to be bot`d they still succeeded in infecting me.