AVs and 3rd party browser support

Discussion in 'other anti-virus software' started by iravgupta, Jun 30, 2010.

Thread Status:
Not open for further replies.
  1. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    MSE's system requirements, mention Internet Explorer 6+ and Mozilla Firefox 2+. I was curious to know its stance on Chrome, Opera and Safari. Digging a bit, I found an interesting fact -
    There exists an API in Windows that allows Internet browsers (among other software like email clients) to let antivirus scanners scan stuff before its rendered or downloaded to hard disk. Currently, only Internet Explorer(6+) and Firefox(2+) make use of that API. Read full discussion here(third post from the bottom, by Rob Koch) and here.

    I have personally experienced the effect of this flaw in Chrome. When I was evaluating Symantec EndPoint using some malware links, when using IE the Java based exploit was stopped before loading by SEP. When using Chrome, the exploit loaded sucessfully and managed to infect some files in the Java folder. I managed to replicate the same issue with avast!. Even posted it in one of the threads at their forums but didn't get a satisfactory reply.

    Well, moral of the story, at-least for me is, I am removing Chrome from my system and putting Firefox back on, until the time proper AV integration is made available in it.
    Guys, its not about SEP, avast! or MSE. Its about the browser being able to make full use of the AV in the system. Both SEP and avast! detected the infection, but after it had managed to infect the files. This did not occur when using IE. I like Chrome's speed but not at the cost of security.
     
  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Well I've used Avast and Chrome and they seem to work fine together. I've gotten alerts from the Avast web shield (Chrome had scripting disabled at the time, too). I don't recall downloading a malicious file though- just detected web pages. So I guess they are not talking about the web scanner.

    There's a little confusion though. It seems the MS Generals on the MS Answers help site put an emphasis on the important ability of MSE being able to hook into the IE and FF browsers to scan internet downloads. But it appears one General "Dr. Strangelove" post #2 here- http://social.answers.microsoft.com...t/thread/157d2834-144e-4ced-ba36-9d85b7cf47f9

    is claiming that scanning email is not necessary, only scanning the email attachment file as it's being written to the pc file system. Dr. Strangelove is answering a question about MSE not including an email scanner.

    Is this a double standard? Is it fair to state that scanning an email attachment in a mail client such as Outlook or Thunderbird not at all important while scanning a file being downloaded from the web extremely important? I can see where the web file could have a higher potential to be malware since the file attachment in email has most likely been scanned by an email sender such as yahoo, gmail or hotmail, etc. But a malicious attachment in an email client is not really that different than a malicious file being downloaded via web browser...right? If so, I think the MS Generals are pimping MSE too much as they give credit where it's due but completely ignore other important issues where MSE lacks important features. I mean MSE is a decent product but when the Dr. Strangelove General is claiming all MS products for complete anti-malware coverage it seems a bit fishy.
     
  3. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    Forgive me if I am wrong, but as per my understanding of that thread, all they are saying is that a dedicated email scanner for scanning emails is no longer a necessity as Microsoft has made available an API that email clients and browsers can use to call the AV for a background scan when the files are being pulled onto the HDD. Moreover, if you indeed manage to get an email with an infected attachment, opening or saving that attachment will trigger the usual alert from MSE.
    Also it's not MSE that has the ability to hook into FF and IE. Its just that among browsers only FF and IE are making use of the API to call MSE or any other AV that has registered itself with Windows.
    As i said before, in Chrome avast! and SEP alerted only after the infected files had already been downloaded. Even the page managed to fully render despite avast!'s alert.
     
Loading...
Thread Status:
Not open for further replies.