KIS 2009 - slow web browsing

Had no problems with kis and my broadband. Actually turning web traffic high did slow the page opening, though once I set it to medium the slowness vanished.

 

Isn't that by design? After all it buffers a lot more (or rather, it holds objects longer in buffer before releasing them, see the help file of KIS) when set to 'high' than in 'recommended' (1sec vs 60 secs). Additionally the heuristics are turned to maximum in 'high'.

I only ever turn it to maximum if I suspect I might be visiting shadier pages.

 

All these "webshields" are piece of junk. And some are even a great means of DDoS as a free bonus in addition - hello AVG LinkScanner

 

I wouldn't call for example KIS WebAV function as piece of junk. What's wrong with taking traffic inside internal buffer and then scanning for malware signs?

 

And what's wrong with leaving the job for the normal on-access scanner so that it doesn't slow down your web browsing and doesn't cause other incompatibilities and ridiculous false positives?

Ah, right... the "cool" factor, they couldn't stick "webshield" into the marketing blurb.

 

What cool factor? And personally, I have not noticed any slowdowns with KIS when using the Recommended settings (then again, I do not tweak internal settings of my browser). If I turn it to maximum I do notice slowdowns in some places, such as YouTube. However, recommended is the optimal setting.

As to that false positive you are referring, I do not find it ridiculous. The software is just doing what it is supposed to do.

I would rather have my IS acts as proxy, and deal with with exploits before they even have a chance to land in my PC and interact with my browser. If they hit the browser, there's always a chance for them to execute. At that point it would be the task of AV to intercept dropped malware before it is executed. Why give the malware a chance at all?

 

Webshields are necessary to stop exploits that execute in memory, and some network worms that never touch the hard disk at all. Normal on-access scanners are completely helpless against those.

Don't be so quick to dismiss and ridicule things that you don't understand.

 

Errr, fatal error, doesn't compute... all malware executes in memory... there's absolutely nothing special about browsers, email clients or whatever similar.

Your realtime AV doesn't detect malware in memory unless its origin is in your browser? Uhm, time to change the AV, I'd say.

 

Actually, there is. Exploits delivered via network-connected processes (i.e. browsers) are executed before they are saved to the cache. It's already too late when your on-access scanner detects the cached file.

That's your own uninformed opinion, which you're welcome to.

 

Yeah, except that there's still nothing special about browsers. You can exploit tons of bugs in tons of apps remotely, yet you don't implement the functionality of those apps into an AV. Vendors don't implement such stuff for browsers either, which leads exactly to those stupid false positives mentioned above. The thing just foolishly parses the contents, lacking even the most basic logic like being able to spot the difference between active, clickable link and plaintext log pasted into a webpage. This is not KIS specific, this is a generic fact valid for all those webshields out there, as proved by the thread referred to above.

If you want to catch similar stuff, you need behavior analysis and not dumb AV signatures.

 

You can dismiss my explanations, but just because you're unable to refute them doesn't make them untrue. I've explained the purpose of a web scanner: because normal on-access scanners are helpless against exploits.

And why not? There are vendors who implement IDS features to detect such attack patterns; ESS, avast!, Kaspersky, Symantec, McAfee etc. Again, a scanner that can monitor network traffic is needed here, because normal on-access scanners are (surprise) helpless against these remote exploits as well.

So it happens with Symantec, i.e. ONE product, and all of a sudden it's a generic fact that's applicable to every product, even though we've yet to see the slightest shred of evidence that this is true. Uh huh. Brilliant work, Holmes.

As I've said, don't be so quick to dismiss and ridicule what you don't understand.

 

No, it doesn't happen with ONE product. As illustrated by the thread, it equally happens with Windows LiveCare and will happen with any other AV that's foolish enough to hardcode such URLs into signatures without doing any of the legwork to actually analyze the stuff, already explained above - which, surprise suprise, requires basically implementing a stripped-down browser into the AV engine if you want to get rid of such stupid false positives. Then you can implement a stripped down bittorrent/emule/whatever engine to work around P2P exploits, and bunch of others for other network stuff - and enjoy the obnoxious bloatware with horrible performance. Good luck with this. Completely broken approach.

 

Wow, that's a groundbreaking development. So it's a generic fact that applies to all product because it occurs in not only one, but TWO products! I mean, come on, TWO! Awesome!

A flaw shared by two products means it's common and generic among all others. Oh yeah.

Besides, there are many types of web scanning as well. Checking for embedded links in a webpage is just one, certainly of no relevance to KIS, and even less to what's being discussed in this thread. Just another piece in the growing pile of evidence that reveals your lack of understanding about this issue.

 

Code:

         +-------------------+             .:\:\:/:/:.            
         |   PLEASE DO NOT   |            :.:\:\:/:/:.:           
         |  FEED THE TROLLS  |           :=.' -   - '.=:          
         |                   |           '=(\ 9   9 /)='          
         |   Thank you,      |              (  (_)  )             
         |       Management  |              /`-vvv-'\             
         +-------------------+             /         \            
                 |  |        @@@          / /|,,,,,|\ \           
                 |  |        @@@         /_//  /^\  \\_\          
   @x@@x@        |  |         |/         WW(  (   )  )WW          
   \||||/        |  |        \|           __\,,\ /,,/__           
    \||/         |  |         |          (______Y______)          
/\/\/\/\/\/\/\/\//\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
==================================================================

Finished here... ktnxbye.

 

I wouldn't call you a troll yet, since tbh all you've done so far is to display a lack of understanding about the topic discussed. But if you insist... advice accepted, and thanks.

 

I experience no slow downs while browsing using KAV set to recommended settings either. I thought I did, but did a comparison between surfing with Web Scanner on to with it off...no difference.

 

Well, sometimes it's just not eneough, just to turn something off in Kaspersky's products, to do a comparison. Sometimes it's not even enough to disable the hole product, at least that's my experience with Kaspersky. To do a real comparison, you have to uninstall Kaspersky and test, then install Kaspersky again.


Cheers

 

You're right. Recently, I imaged the hard drive with KAV installed and then uninstalled KAV. Still, no difference with KAV installed or uninstalled. Reimaged hard drive to when KAV was installed.

 

Agreed. Kaspersky tells you to disable part of there own product. Great fix now lets move on to getting a REAL fix. And not blame everyone Else's product once again for the screw up.

I had the same issues on the test system when I tested kaspersky a few weeks back. Unfortunately it leaked over to IE also the Delays where to noticeable for my liking, it felt like a $110 a month Dial up.


(sorry been gone a wile hectic work sch. )

 

Ditto.

Kaspersky's web scanner is one of the best, if not the best, http scanners available out there.

 

Hi. I have experience the same with my kis. I think that when I untick ports 80 and 443 speed is increased. I have donw some tests, and I think that it helps with the speed. I haven't decide what to do. But, if I uncheck these ports, does it affect anti-fishing components too?

 

Why don't you guys that have trouble with http scanner don't just uninstall it?Firefox with no script provides a better protection anyway.

 

Yeah You can easily install KIS w/o the Web AV component, you still get all the other goodies, just not this specific part.

 

The point is. You should NOT have to, to use a product that you paid for. all features should work.

 

True, Fajo. I'm paying for my fast connection too and don't think I should put up with the slowdown.