Are web AV scanners worth a hit on browsing speed?

Discussion in 'other anti-virus software' started by mvdu, Apr 30, 2009.

Thread Status:
Not open for further replies.
  1. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,751
    Location:
    Toronto Canada
    Yes web scanners are worth a hit on browsing speed. Some register a larger hit than others and most Av vendors offer a trial so try a bunch of them and decide for yourself how much of a slowdown is to much.
     
  2. Cloud_Shadow

    Cloud_Shadow Registered Member

    Joined:
    Mar 29, 2009
    Posts:
    46
    I dont notice anything on the browsing speed but my downloading speed is affected a lot, so whenever i download anything i just turn off Avira's Webguard, and during browsing i just turn it on,

    From the testing that i have done, it is very helpful as it can just detect malware without even downloading the file to the HDD.
     
  3. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,136
    Location:
    Las Vegas
    I don't run Avira's Webguard and it is a myth that it is necessary. It doesn't matter what executes- it will be caught by Avira's Guard before doing damage. Webguards are for novices that do not understand the architecture of AVs.

    Of course nothing is 100% safe, so I have an image ready to restore if any malware gets through. It never has.
     
  4. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    Hello Bunkhouse Buck,
    there is some malware which even if caught by the standard realtime guard is to late.
    I agree about image backups thou. always very handy incase stuff goes wrong.
     
  6. Cloud_Shadow

    Cloud_Shadow Registered Member

    Joined:
    Mar 29, 2009
    Posts:
    46
    But the thing is why let the malware get to the pc in the first place if you stop it before?

    If someone says that a 1-2sec browsing speed hit is a big deal, then sorry to say you are paranoid.
     
  7. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    Depends on the webscanner that you use. If you surf in a untrusted state or a sandbox of some type a webscanner is not really needed. For me on my setup the hit from the scanner is just too much. To each his own I guess.
     
  8. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Of course this assumes that the AV, once the detection has been made, is actually capable of stopping it. In many cases, yes it can. This varies depending on the AV and the particular malware, or variant of it.
    How many posts to forums, particularly forums that process HjT logs, have there been saying something like "my antivirus found a trojan and quarantined it, but it keeps coming back..."
    Problem is, there are new variants of malware created extremely frequently. An AV that has a clean-routine for the base variant may just simply not be able to clean the new variant, because it has used a different (or random, morphing) names, and/or different install paths.
    If the webshield can recognize the "basic footprint" of it before it gets to the disk, the crap it's carrying with it doesn't get a chance to write to the disk.
     
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,751
    Location:
    Toronto Canada
    So Av developers who DO understand the architecture of Avs put them in on a whim? LOL I like that little butt covering caveat you've added at the end.;)
     
  10. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Is it possible for a Web Shield to detect it and for a real-time scanner to miss it? That seems a bit strange.
     
  11. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    From my understanding, they should both be working on the same definitions, so I wouldn't think that is possible.
    What I'm suggesting, is that what the malware contains might trigger the warning, but that the AV might not be able to quarantine all aspects of the malware, letting enough pass through that it can rebuild itself.
    So, as an example, let's say the webshield is off, and a trojan is downloaded, as part of an exploit in a modified (hacked) web page.With the trojan might be several other chunks of code to do with registry mods, autorun mods, and who knows what else? (I don't know much about the architecture of malware, beyond having browsed lots of descriptions about what some of them do, usually when trying to work out a manual clean routine. So I can't answer that.)
    So it starts to execute; the resident shield recognises that, stops it, creates an alert, it gets deleted or quarantined. But enough other junk that the shield does not have definitions for - because of a variance - writes to the disk.
    Same scenario with the webshield on: It is detected on the page before any of it can write to the disk, the connection is aborted.

    I don't know this for sure, it's just a theory and it probably is not technically spot on. But the number of times you read about malware that is detected but not neutralized, I think something like this happens quite a bit. Having a web shield on probably cuts down the incidence a lot.
     
  12. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,751
    Location:
    Toronto Canada
    The web scanner can depending on the developer have more sensitive heuristics. Sensitive is not the word I'm looking for but it will have to do for now.
     
  13. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    How about if you use CIS (AV included) + Prevx - wouldn't malware be caught by one of the layers even though Comodo AV doesn't have a webguard?
     
  14. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    I can't use SandboxIE on my system. So even with Comodo's Defense+, would a web scanner be advised?
     
  15. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    I noticed an impact. It slows down my connection by about 200kbps (from 10mbps), so I turned nod32 http scanner off. I use anyway noscript with firefox, and the browser runs under defensewall, so there should not be any issue.
     
  16. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,136
    Location:
    Las Vegas
    Covering my ass was not about the absence of a webguard- it was about the obvious fact that no AV is 100% reliable.

    The public in all their ignorance demanded webguards. Visit the Avira forum and there is clear evidence that the Avira Webguard is not needed for protection and that has been stated by Avira officials many times. You can choose not to install it or remove it if you have installed it. It does not enhance protection (myth) and it can impact performance depending on your system.
     
  17. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    This is not an entirely accurate statement...

    People browsing in areas where they really had no business browsing were looking for better protection...

    And the ability to try and catch something in the browsing phase before it gets near your anti-virus provides a better chance of catching the nasty before it infects your computer...

    I will agree that the Avira Webguard doesn't boost the protection for the Avira Anti-virus... whatever the webguard would catch, the anti-virus would catch and whatever the anti-virus would miss, the webguard would miss...

    So... the best option would be to use another webguard vendor from the anti-virus vendor, thus improve your chances of catching something before it catches you...

    But then... even better would be to safe guard your habits on surfing the web...

    Regards -
    -Bob
     
  18. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,136
    Location:
    Las Vegas
    You still are clinging to the premise that a webguard is efficacious. That is the premise I have challenged on this board for several years, and there has been no proof that at least in Avira's case, that it enhances protection in any form.
     
  19. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    I am not a big fan of web scanners as they are on-access tools, always working and consumming computer capacity.

    Anyway a great advantage I see is that it can stop malicious scripts or whatever. And for one blocked script, it is potentially tens of downloaded malwares which will not run. I know avira is great on detection, but it is not necessarily enough when it comes to 0-day threats.

    So in my mind, the effect of the web scanner is drastically is much higher than the usual scanner.

    Of course there are other ways to block drive-by downloads which do not need an on-access tool... (watch Rmus posts for this matter)
     
  20. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    About the avast! Home, they work differently.

    Standard Shield scan only files with selected extensions, while Web Shield scan all files and also inside archives, and you don't need to have the entire file to detect the threat...

    You can see this with Eicar site as an example... ;)
     
  21. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    I don't believe a webguard that contains the same code as the anti-virus software will produce any different effect than the anti-virus code itself... If you really want a webguard, choose a vendor OTHER than your anti-virus vendor and your chances of blocking become increased...

    Regards -
    -Bob
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.