Can someone explain to me the benefit of the HTTP scanning in Beta?

Discussion in 'NOD32 version 2 Forum' started by tempnexus, May 19, 2004.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    Ok I get that HTTP scanning will catch "more trojans".
    But how does it catch it? When the trojan is being downloaded or when the trojan is on my system and is trying to com out?
    So basically it will be a active download scanner which is also an unpacker and it's using /ah? So it should detect an infection in the file that is being downloaded into the temp folder before it's actually assambled onto my destination folder?
    What is the impact on peformance both the overall system resources/performance and the net speed?
     
  2. ncs_malaysia

    ncs_malaysia Guest

    sorry.. just to ask... is the Beta released..??
    where can I download it..o_O
    thanks.!!
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The beta is not released yet. There will be 2 modes supported by the HTTP scanner: active and passive. In active mode, IMON downloads the whole file, checks it and then passes it to the application. In passive mode, IMON continually passes downloaded packets on to the application and, before the last packet is sent, the whole file is scanned for viruses. The new HTTP scanner will not be the only signifficant change in the new version, but I'll leave it unsaid for now.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    All I can say is "Bring it on!!!" it sounds great :D :D :D

    Cheers :D
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Well, I disagree...I don't like IMON and don't use it and probably won't like this HTTP scanner. It looks more and more like time for me to trial KAV. If AMON is not going to get proper powers for a long time....I don't know how long I am prepared to wait. (I'm speaking of my XP box...not the 98SE box which needs a lite scanner like NOD32).
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The sky is not falling, I say wait and see, you never know, you might like it. Defense at arms length is better than up close and personal...

    Just my $1.00 worth, 2 cents gets you nothing these days :D

    Cheers :D
     
  7. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    I ain't gonna use NOD32 anymore until they get AH for AMON like IMON now has and IMON gets all the bugs wiff Outpost to go bye bye
    :eek:
     
  8. PnP

    PnP Registered Member

    Joined:
    Jun 12, 2003
    Posts:
    194
    Location:
    Italy
    Sorry are there any new options for scan script malicius on internet? thanks..
     
    Last edited: May 20, 2004
  9. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    And it slows down your computer too much. At least the HTTP scanner in the beta I have does. This not the final beta that will be released soon publicly so it may be different then. I won't put up with the slow down or the false positives.
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I haven't found this at all, only a download is slightly slower while it scans the incoming file.

    To date I haven't come across a false positive. Only good positives here :D

    Cheers :D
     
  11. embower

    embower Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    46
    Is the Beta released?
    where can I download it?
    thanks!!
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Not released yet, though not too far away from what Marcos was saying...

    Cheers :D
     
  13. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    As Blackspear says it is not released yet. I have a beta which has the HTTP scanner. It doesn't have everything that the release version beta will contain. I have this beta only because tech support sent it to me because of problems I was having with the release version freezing, causing 100 % CPU usage and then crashing whenever I tried to copy any logs (not just the NOD32 scanner logs). I'm happy to report that the problem is fixed in the beta.
     
  14. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    That's good for you. I forsee a bunch of problems when users start using AH more both in the HTTP scanner and as some of us have been doing recently by sheduling an on demand scan using all the switches including AH.

    AH use in the on demand scanner found several "viruses" that are false positives. I sent them to Eset and the reply was that they are false positives and I must wait for the next version (I assume that means the beta when released to the public) of NOD32 to correct the false positive! That is a big pain in the butt! Everytime I run a scan using AH, it hangs on those "viruses" unless I exclude clean from the scan. I can't see a way to exclude scanning of those files unless I zip and password protect them. I do not want to do a scan and then do a clean scan. I asked in a thread here that only got one reply what to put in the command line so that if NOD32 cannot clean it will "take no action" except quarantine.

    I don't see a switch in the list you provided for "take no action". Consequently, NOD32 hangs on these false positives since it can't clean them, it asks me what to do. Because NOD32 does not pop up a window when it hangs (like other AV I have used do) it sits there for ever waiting minimized to the task bar before I think to check it and then I see it is hung. Lovely. It is stupid stuff like this with the GUI that just drives me nuts! Plus, with these false positives hanging it, I cannot run this task while I sleep which was what I intended to do! (Of course, it would hang also on a true virus if it couldn't clean it since I can't see a way to have it do nothing if it can't clean except quarantine and then it doesn't really quarantine anyhow...it would just leave that real virus doing its thing...that is so "smart"..ugh). Plus, a scan using AH will not even put a copy of the "viruses" into what Eset calls "quarantine" even though I choose that. So, I think AH is not ready for the big time at all. I was excited about it until I tried it both in the on demand scanner and now the HTTP scanner. I am not impressed. Then when false positives are found all Eset can say is wait for the next version of NOD32 to have the false positive corrected. GEEEZ. At least give me a method to exclude those files from scanning while I wait.

    What is particularly interesting is that these false positives are on applications that were scanned by command line AH before executing and nothing was found. I have had them for many months. Now AH finds viruses...so AH has been made too sensitive or something. I really dislike an AV that finds false positives. That will drive me away faster than anything. I begin to see Randy Bell's argument more clearly. :)
     
  15. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Is AH officially supported for any other module than IMON ? No. So you can't complain.
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Heuristics is educated guesswork as opposed to sigs.

    If you practice safe computing, Nod's default configuration is plenty good.

    I like the program Paolo Monti wote just as it is. :cool:

    Thanks for asking! :cool: :cool:
     
  17. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    Where can I download the beta version? I have quite of few pc's on my network and would like to start testing it.
     
  18. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    If you scroll up, it's been said several times that the beta isn't out yet.

    Marcos, will there be better unpacking/packed/compressed/archive support in the beta?
     
  19. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Generally this meens until the next signature update, from what I understand, someone correct me if I'm wrong.


    That is a good questions to which I would like to see if there is an answer...


    This is a list that ESET provide, on one of their websites. You seemed to keenly want to know how to add switches, run scheduled scans using switches and /ah, if you don't like the results, don't use what you have just learned, go back to what you were doing before, what the general public do; use default settings and scans...


    Totally in agreement, as stated several times in various threads, Quarantine needs to be fixed, as in to mean what the dictionary states quarantine is, or change the word to "copy" within Nod32, and it's supporting documentation.


    See above.


    You are trialing a "Beta" version, remember when you trialed the Beta version of 2.0, the final release fixed vertually everything major, and everything else was/is/has been worked on since..

    Cheers :D`
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The Beta hasn't been released yet, selected people with certain problems have been given a pre-release copy to see if their problems are addressed...

    It shouldn't be long, like the Beta of V2.0 when it was released, there was several updates before it went public...

    Cheers :D
     
  22. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    That's cool, I can wait. I didn't want to seem impatient, but I would like some time to try it before installing on my other pcs.

    One more thing. Is there any thing different with the way they do updates via the remote admin version? You were only allowed one server to update. I was under the assumption that you could have more one server in the next update.
     
  23. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    It sounds as if there will be a public beta release so you should be able to fully test it while it's still in beta and before the final version is released. Don't know about the admin version although perhaps an ESET mod will provide some info on that.
     
  24. Pardon me, I know I'm not "Mr. Popularity" around here, LOL.. But I would think that an http scanner would be great, would not it be able to find "embedded" trojans in websites, ala NAV and KAV?
     
Thread Status:
Not open for further replies.