HTTP Scanner discussion: Questions and Answers.

Does anybody have any idea how much better NOD32 will be at detection rates with the http scanner, or how does the http scanner improve NOD32?

When a application is being used that uses the default or detected http ports, and then IMON automatically puts that application in the compatibility list in compatibility or efficiency mode, how does one remove that application in the IMON compatibility list if the application is uninstalled and not used again?

That's all the questions I have for now, but I may have some more later.

 

Files that you downloading by http protocol are scanned before they come to client application. Include all files in archives.

So - without HTTP IMON you CAN download infected file (in archive) - it isn't dangerous. And when you try to extract it (write to disk) AMON will catch it. Same for simle downloading files.

It is simple another layer of defence...

 

Hi all,

So why all the fuzz about the HTTP hype, if Amon catches the file anyway after extracting them, for instance from a ZIP file.

I for one find it sometimes very annoying when a page is loading for minutes.

Don't know what you guys think of it??

rgds,
Martin

 

Hi Ronjor,

Don't want to speak negative here, but why all the bells and whisles, so NOD can look like so many AV's already, all bloated??

We are talking about a top notch AV here, let's keep it that way, there are already enough adaware and spyware progs. around.

Let's keep NOD lean and mean!!!!!!!!

rgds,
Martin

 

I hope all the extra garbage is deselectable............

rgds,
Martiin

 

I think the HTTP scanner is great for family members and other folks that don't really have a clue about all of this stuff and can stop some potential infections before they get on their computer.

I also like to see if the HTTP scanner is detecting something on a site as opposed to waiting to see if AMON catches it at a later time or date when some action is preformed on the file. Also you may not remember just where you got that file from at a later date.

In addition I don't have any slow down using the HTTP scanner. Timing a download of about 10MBs of images with the HTTP scanner enabled or not enabled comes out at the same amount of time.

So I think the HTTP scanner is a good addition and added security tool.

 

In other words, i pay for an AV not for circus attraction

rgds,
Martin

 

You got a point there Stan, but for people who are beyond this, like i said, an AV is an AV, not some bloated circus attraction like :::::::::::: (i will not mention that prog. again, sorry for those whom i have affended)

But i think you know what i mean.

rgds,
Martin

 

Same here,
I've HTTP scanning enabled and I don't notice any slowdown.
About the spyware/adware, I'm fully agree that NOD detect them. Spyware/Adware is now part of the malware (malicious codes) and now Antivirus aren't antivirus, are antimalware, in others words, all AV detect much more than viruses. Indeed, NAV 2004, KAV, NOD, McAfee and others detect spyware and adware, so, I don't understand why you don't like such feature.

virus

 

Hi Martin,

I understand what you mean.

However, Eset would still need to target both the novice user and the advance user and all the folks in between.

Of course the more advance user can just select not to use the HTTP scanner.

I still find the NOD beta to continue to be very well programmed and see no noticable effect on my machines when running it unlike some other AVs.

 

I agree Stan, but for i can see (for what it's worth) the more junk they put into a program, the more things can screw up.

But like you said, iam running NOD without the HTTP scanner, because in my point of view, it is affecting my browsing.

just my humble opinion,

rgds,
Martin

 

I have a few questions about the HTTP scanner functionality myself, which I sort of asked in this Wilders thread. Basically, it would seem to me that the HTTP scanner really only adds the detection of client-side scripting malware. If you download files or install ActiveX controls, it seems to me that both of these events would be filesystem "create" events that would trigger AMON into scanning them. Much of the larger content (jpgs, gifs, wavs, etc.), I think get cached on the harddrive by most browsers, so they too would probably trigger a "create" event that prods AMON into action. It seems it would only be the in-memory downloading of the HTML/DHTML/Javascript/VBscript code itself that might go undetected.

Adding detection for that does seem useful to me, so I don't really have a problem with the addition of HTTP scanning; especially since: 1) it is 100% optional and user selectable, and 2) it doesn't generate any noticeable srufing slowdown on my system (which definitely surprised me). However, I was just curious what additional protection we really are getting and if AMON doesn't get triggered in the cases I mentioned, generating a duplicate scan?

 

i agree with some of u guys here
lets just keep nod32 lean and mean
thats what made it well-known in the first place
there are professional anti-spyware solutions out in the market
for example...im using adaware se pro
keep in mind that im not using it for on-access scanner,only weekly for a full scan for spyware

 

What's the problem if ESET add Spyware and Adware and keep the others thing at a good level? like viruses, trojans, heuristic?
I submit every day to ESET many samples: trojans, viruses, worms, and few adwares. They are adding spyware/adware, yes, true, but they add much more quickly trojans, viruses and worms, so what's the problem?

 

Agreed, so long as the main focus is Viruses and Trojans, the general public do not know the difference between the two...

Cheers