Importance of running HTTP scanners?

Agreed

And is why it is utterly useless

 

I have been trusting on antivirus software for security for all my life, always on an almost default Windows installation using an administrator account (currently Windows 7 Home Premium 64-bit). And I have never had a infection, now what about wasting time?

 

See here,




http://www.mywot.com/en/faq/website/scorecard

Go through any site listed on MDL, you will find that rated in WOT too. That's a new feature in WOT. The site you listed may not be listed on there.
http://www.urlvoid.com/scan/zencast.com
Avast's webshield may find additional threat.

 

Have a look at the "retrospective tests" on av-comparitives and on-going tests of zero-day malware.

 

AV-Comparatives' retrospective test is irrelevant. Why would you test an security product while it is only allowed to use offline generic signatures/heuristics which are up to 10 days out of date? In fact, detecting 60% of so-called zero-day malware with a completely cripped and outdated security product is a great achievement in my eyes.

 

Hmmmm.... wouldn't think that would need explaining

What if a user is one of the first to encounter malware that hasn't had a signature pushed out yet and heuristics misses it

 

I don't think a traffic scanner is necessary, but quite useful. Web scanners block malware early, and can for example block malware by blocking URLs without having signatures for the actual malware stored on the site.

Scanners won't do any harm even with virtualization. I take backups of important files when I modify them, then add intrusion prevention, application controlling, virtualization AND scanners (all inside KIS) without getting ever infected and without wasting more time for imaging etc.

Also, for most users something like imaging takes too much time and effort too.. average users who just want to boot their PC and use it for different things without having to think about security. Same with virtualization and non-automatized intrusion prevention.

Then either some other layers will prevent infection or the user will get infected, and the system has to be cleaned. Actually this is one case where a web scanner may prove its usefulness; if a 0-day trojan downloader gets through heuristics, the web scanner might detect the sites where it tries to get additional malware from as malicious and block them. I've seen that quite often.

 

Agreed 100%...

 

sg09, how come those sites that find malware haven't identified the Trojan that apparently is on zencast.com right now? It has been there for some time.

 

I am not sure, But its not blocked by Trend Micro, MBAM and KIS http scanners here too. Have you scanned that trojan in Virustotal?

 

Well well KIS actually found a trojan there,
Trojan.JS.Agent.wh
but that at
hxxp://retrovisionmedia .com/images/rvmlogobug .jpg
So that site (zencast.com) leads to drive by download of that malware which is actually not hosted there. Malware hosted site too is not hosted in MDL,
http://www.urlvoid.com/scan/retrovisionmedia.com
btw, I actually trid to access that page but encounterd 404 error.

 

So without the Webscanner, this Trojan would be downloaded to a person's computer, right? Then it is up to teh real time scanner to catch it. Seems to me it's better to never have it be downloaded to the drive in the first place. Where would the Trojan be downloaded to on the hard drive?

 

@temporary internet files.

 

do you know what would happen next? I've read that just viewing things online can result in infection. If downloaded, does that mean you are infected? Do you know what the trojan would do from the temp internet files?

 

As an addition to any HTTP scanner, I'm testing TrafficLight.

http://trafficlight.bitdefender.com/extensions.html

 

is this good? I thought gdata also has a cloud scanner or something like this.. did u try that?

 

Now Is a beta, I haven't find any bug, and I'm using the firefox version (without the AV) using only the malware filter and the phising filter.

I have been testing it with some websites with malware and works very well, but without the complete version if you donwload the malware from a direct url I think does not work. When I tested it blocked 20/20 malware domains that I found on MDL

The firefox version only blocks the website, the full (free) version also is able to block the files that you download.
For example, I can download a malware with a direct URL from MDL but if I go to the domain (web) where the link is placed the web is blocked.

I dont know how to test the phishing filter.

I tried the complete version but takes some ram, anyway is totally free, so adding for free another AV engine to the browser doesn't seem to be a bad deal.

 

ah thanks.. will check it out.. maybe if i can find the extension for chrome

 

Here: https://chrome.google.com/webstore/detail/cfnpidifppmenkapgihekkeednfoenal

 

now thats great.. Thanks buddy

 

I run avast! Internet Security with only the file, network and behavioral shields installed & active. I browse the internet with Norton DNS and Chrome sandboxed, so for me, the web shield is just a waste of resources and time.

 

More than WOT or any Web-Scanner, I trust Sandboxie above all!

+1.

 

Scans clean 0/23 at URLVoid.

 

BitDefender TrafficLight

http://i52.tinypic.com/14kzbiu.png

 

I only have one GB ram and it caused my notebook's fan turns faster.