Avast Web Shield - need it or not?

Discussion in 'other anti-virus software' started by SourMilk, Jul 30, 2006.

Thread Status:
Not open for further replies.
  1. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Is there any reason to run Avast's Web Shield? Doesn't the antivirus resident shield take care of any malware collected from browsing the web? Sorry, if this has been discussed before but I could find this question on the search.

    SourMilk out

    "Lemons into lemonade, sour milk into cheese"
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    THe idea of the web shield is to prevent it from ever reaching your machine.

    Pete
     
  3. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    But, wouldn't your realtime scanner pick up on the infection? I use FirstDefense-ISR and try out new software on an experimental snapshot. I've found that going to suspicious websites (like crackz, etc.) on purpose to court trojans, the resident scanner alerts me before the trojan downloads. Is this the same as the Web Shield purports to do?
     
  4. ross232

    ross232 Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    22
    Not necessarily, no. Webshield detects a variety of browser based exploits. New malware could exploit these and install themself onto your PC if you have this disabled. Standard shield wouldnt detect them if no signature has been released.
     
  5. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Okay. I see now why Avast has a web shield. It makes me wonder how they are able to catch new malware before the signatures are released. If they use a behavior scheme it would seem they would also use it in their antiviral programs. Who knows? Maybe they do and we don't know about it. Non-heuristic signature only antivirus programs (like Avast) are old fashioned but still work well. Perhaps they will incorporate the behavioral coding into the main scanner someday. Anyway, thanks for the responses. I know now that the Web Shield function of Avast indeed has a purpose.

    SourMilk out
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Web shield is a nice feature. If u are using Avast, u must keep it turned on, except if it slows ur surfing.
     
  7. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    There was a good talk about the advantage to use Avast's web-shield, here. (link on 2nd page, discussion is already about the web-shield on the 1st page though).


    nicM
     
  8. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Main purpose of Web Shield (or any other HTTP scanner) is interception of exploits before they can hit the browser. "Byproduct" of this is that it can also detect everything else before it hits browser (like malicious plugins and stuff that autoloads). Sure real-time scanner would in general pick most of stuff but there is quiet a lot stuff that executes in browser without actually being cached to disk. SUch stuff can only be detected by Web Shield (HTTP scanners).
     
  9. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh

    Surely RT scanners would catch the malware when in memory and wouldn't need a disk write? Or am I wrong here?

    If this is not the case then surely Avast is a better choice than Antivir even though Antivir has a higher detection rate in most tests.

    Thanks,
    Fairy
     
  10. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    im not sure. the realtime scanner of an AV scans ur disk not memory.

    BOClean (an antitrojan) on the other hand, would catch malware when its in memory.
     
  11. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    I'm reading that other thread, very interesting. It suggests to me that in the real world the lower detection rate of Avast! may be made up for by it's having ah HTTP scanner. This is something that most existing tests don't seam to cover. Thoughts anyone?
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U mean all the AV,s don,t scan the memory as real time protection? I thought they do.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    how....?
     
  14. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    im not too sure about av realtime protection.

    but i do know ewido and kav let u scan ur memory on-demand.

    in addition, avast and nod32 automatically perform a memory scan when u start their on-demand scanner. avast lets u disable the memory scan tho.
    i remember someone said that the http scanner can detect some stuff without signatures. zero-day protection maybe?

    idk, its something like that.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    so same threats can be detected on didk via heuristics as well.
     
  16. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    lol. idk = i dont know.
     
  17. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Really? o_O
    I didnt know that.
     
  18. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    If as explained in other posts RT scanners only scan when written to disk and therefore malware that injects code into your browser and runs in memory (or other possibilities through exploits like buffer overruns) wouldn't detect them when they first arrive. So even if malware later dropped files to disk if it initially stayed silent and just copied personal details entered in the browser or sent your tax returns and personal records to a criminal's ftp server you would be defenceless with disk scanning but Avast could protect you before the damage is done.

    This would be doubly true if this sort of attack becomes more common.

    Fairy
     
  19. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    I was half expecting someone to point out the flaws in my logic which are a product of my ignorance. Go on! You know you want to :D
     
  20. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    I am not an expert in AV but I have the following questions in mind.

    - any kind of web shield will have some heuristics or signatures to scan for a threat, e.g. WMF exploit in order to detect it. The same heuristics or signatures will be needed for a real-time scanner to detect it. So the sucess of both webshield and real-time scanner to detect the threat hinges on either one or both of these two things.

    - will a real-time scanner scan objecs in memory too? If a real-time scanner scans objects in memory and it has heuristics or signatures to detect the exploit, will it be able to stop it? Also, will IE cache objects downloaded into memory on disk as temporary files too and will a real-time scanner catch the same threat there?

    Thanks.
     
  21. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Only way to scan stuff in memory in realtime is by using full emulator (like BitDefender B-HAVE for example). There is no other way where you could do this in realtime in physical memory.
     
  22. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    You should check Avast! Forum for some of these answers.

    On a basic level, the web shield is better than the standard shield - because scanning archives is default on the web shield. I assume that is still true? Told to me By master VLK of all that is anti-virus.

    Http scanning is necessary because malware can take hold via browser holes before anything hits your hard drive. Further, not all browser caches are created equal - some are one huge file or several as opposed to thousands of individual pieces making clean up rediculously hard, if not impossible (perhaps with some collateral damage) - ie. think Giant inboxes and trying to remove a single file from OutLook - let alone Eudora, Opera, Thunderbird, Pegasus etc etc. - Thus >Email scanners<. Web shield is the same principle.

    Why you might be better off running the email and webshield, and shutting off the real time scanner and taking your chances ;) (remember to duct tape your DVD/CD and Floppy drives shut first.)
     
  23. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yes, archive scanning is still present in Web Shield.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I was just guessing. I don,t know exactly.
     
    Last edited: Aug 3, 2006
Loading...
Thread Status:
Not open for further replies.