Is An HTTP Scanner Really Necessary?

I was wondering if I could get people's opinion on this. I was wondering whether it was really necessary to have an HTTP scanner built into my Antivirus.

I ask this because sometimes I feel as though my internet surfing speed has been negatively affected with this new HTTP addition. Would using an AV and disabling this feature be adequate? Thanks.

 

It's another layer of security, you can gain some speed but you will lose a little bit of protection.

My advice, probably the http scanner is never going to be the only techonolgy/layer able to detect a threat, but is up to you.

You can use DNS with malware blocking capabilities, like Norton DNS, Comodo DNS, Open DNS... almost transparent to websites loading time, specially if you are in USA or central Europe

 

No - it will slow down your browsing speed

 

Why take a "double dose" of "flawed" protection

My answer is a "Big, Fat - NO!"

Instead, virtualize your browser/system and/or protect your browser with something like SafeOnLine, SpyShelter, etc from those info stealing bastages

 

I believe real time protection should protect so I disable it on my machines. I do leave it on for others but if there a complaint about browsing speed disable it too.

 

I'll agree with the previous posts. HTTP-scanner will slow browsing down and the real-time scanner should take care of the threat. And as somebody already mentioned, with the free DNS-applications around these days you're very well protected in the browser layer.

 

No it's not absolutely necessary but it's another layer in the armour as had already been mentioned.

If you use firefox, it's worth using NoScript.

 

I can't speak for other products, but certainly for the Norton products you will loose a huge amount of protection if you disable the Network IPS (which scans network traffic of all kinds including HTTP). The IPS is scanning network traffic for vulnerabilities and blocking them before they exploit the browser. There is no other way to do this reliably other than scanning network traffic. You can't simply scan files in the browser cache as in many cases the browser has already been compromised before the file is seen hit the disk.

Also, what started with a single vulnerability being compromised which you could have blocked had you been monitoring the network stream, now gets turned into a potentially infinite number of file-based threats that get dropped on the system by the shell code that got executed when the vulnerbility slipped through. Dealing with these files is a bigger challenge since there could be so many of them. It is much easier to shut of the pipe.. i.e. block the HTTP attack.

Shane.

 

Now that is why I EMET the hell out of my browser.

 

So, if Norton knows about these browser vulnerabilities, why not tell the software company about them and get them fixed? That way if you keep your browser up to date, you shouldn't have much to worry about. If Norton isn't telling the software company about the vulnerabilities, I'd have to wonder why not. Now, a flash vulnerability is a different thing, because I don't get the feeling adobe takes them very seriously

 

This is in a perfect world where all PC users keep their windows up-to-date. Sadly not the case.

 

Also I have seen another case when checking out malware also. I keep a log of Md5 and URL for malware I submit to different vendors, I notice at times I can go back to the URL and see if its still being hosted I find a file with the same name, a whole different MD5, and a huge dive in detection. As long as the URL guard is blocking the site you would not have to worry about them. So yes a I think web guards can come in handy as long as they are updated by there creator. So in certain cases a webguard can help you.

 

Necessary? Nope,back when I used an AV,I never used any that even had such thing as a "HTTP Scanner " and I never had any issues.

 

Hi Scott,

When we discover a vulnerability ourselves, we definitely let the vendor know using "responsible disclosure". However, as someone pointed out, even when the fix becomes available, most users dont know they need to get the patch. This is especially problematic when the vulnerability is in some 3rd party ActiveX and therefore not auto-patched via Windows Update. So the machine remains unpatched, they get exploited by the vulnerability and the machine gets infected.

Shane.

 

My opinion is that it depends. If you use your AV as sole security application then yes it is necessary.

On the other hand if you use sandboxie or other modes of virtualization properly configured you may disable it.

Also you may disable it, without virtualization just by secure (and update) your browser, like firefox with noscript, request policy, DNS, hostsfile, adblock etc. This way will take some time to properly configure firefox as in the beginning most scripts will be blocked. In general the majority of users want to avoid the hassle with the popups and the configurations and just enable the http scanner, with a minimal decrease in browsing speed.

 

Yes, it's entirely necessary in my opinion. I see mine updates frequently, sometimes several times a day regardless of virus definitions updates.

 

seems that the one guy who should really know about this thinks it is necessary but most of the self proclaimed experts(!yeh right!!) off this site think it isn't,I do wonder why some of these guys don't go and write their own product,then they could include the modules that they KNOW are needed,there is nothing so dangerous as a little bit of knowledge in the hands of somebody who believes they "know it all"!

 

Is An HTTP Scanner Really Necessary? No.
Do I have it active on every PC with avast!? Yes.
Would I be tearing my hair out if I disabled it and something got through? Yes

"Ya makes ya choices, ya takes ya chances me buccos"

 

Web scanners are definitely another layer of protection as they can protect you against new variants of malware otherwise yet unrecognized by other modules of the particular security software. Nowadays malware is changing rapidly to evade detection and gain success for the authors. Traditional signature / heuristic detection methods are not sufficient and many new born threats may pass by unrecognized. This is when web protection with url blocking and other special heuristic algorithms comes into play and prevents your computer from getting infected.

 

Whether or not they're really necessary, depends on the user such type of protection is aiming to protect.

Would it offer any benefit to me? None, at all. Would it offer benefits to family members? Most definitely, because it would prevent them from downloading malicious software (without knowing it so; even thinking it was a safe app.), etc.

So, the question you truly need to make is not if they're really needed, but if you do need them.
Are you the type of user able of using other security measures that kill right-away any chance of an infection? If so, then ditch it. If not, then keep it. Find a solution that doesn't cripple your browsing experience.

I don't know about others, but these two (AVG and avast!) doesn't slow browsing, at all. That's not my experience. I have family members with both, respectively, and no complains.

 

I have to agree on this

 

I suppose if you never use the web then they're not needed!(lol)

 

I for one would never claim to be a security expect but whenever you use security software you need to balance the risk v the impact of the software. You could create the worlds best security suite and nobody would use it, if their machine ran like a dog.

The OP was experiencing a performance impact and asked a question regarding that. There is no perfect answer since a lot depends on the setup, other software, whether they're behind a router, the type of surfing they do etc.

/Off Topic

Steve, one of the benefits of the forums is to ask for advice, advice is free, it's down to the individual to decide what they do. It's unrealistic to expect experts to drop into every thread, so why do you feel the need to pour scorn or leave flippant remarks for others who are trying to help.

 

I'd like to add to Barney's question.

I've used Avast's HTTP Scanner and as with Barney, I've encountered slow browsing speed.

So I went to read a lot about browsers as the infection vectors and I've read that browsers can be infection vectors for three reasons (please correct me if I'm mistaken):
1) Browsers' vulnerabilities
2) Scripts
3) Payloads

If these are the only concerns, aren't NoScript and regular browser updates enough? Regular updates would fix browser vulnerabilities, NoScript would prevent scripts and browser configuration (i.e. no pdf etc execution in browser) would prevent payloads.

Am I missing something important?

 

because the one guy who is the "expert"(ie works for an av company and explained the reasons behind what he says)believes it is needed,but still the "experts" from here either totally ignore such advice(not only in this thread) or totally dismiss it because they DO know better,it depends on how high "surfing speed" is in your list of priorities:-if a couple of millisecs lost in a page loading is more important than the extra security then disable it:-but then again every form of protection will have a negative effect on speed,be that browsing,file transfer or any other use people use there PCs for, so you could argue as to whether any protection is worth the performance hit couldn't you?:-and because a lot of PCs brought to me are owned by these "experts"(I shouldn't moan really:-they keep me employed!):-I would have thought the best solution if the product he is using is giving problems when browsing would be to try a few other vendors wares that offer same(or similar) protection to see if any have a significantly less impact and has anyone thought it may be the av product interacting with some other add-on he his running while browsing?It may not be the http scanner per se