HTTP Scanner discussion: Questions and Answers.

Discussion in 'ESET NOD32 v3 Beta Forum' started by Big D1, Aug 22, 2004.

Thread Status:
Not open for further replies.
  1. Big D1

    Big D1 Registered Member

    Joined:
    Aug 20, 2004
    Posts:
    68
    Does anybody have any idea how much better NOD32 will be at detection rates with the http scanner, or how does the http scanner improve NOD32?

    When a application is being used that uses the default or detected http ports, and then IMON automatically puts that application in the compatibility list in compatibility or efficiency mode, how does one remove that application in the IMON compatibility list if the application is uninstalled and not used again?

    That's all the questions I have for now, but I may have some more later.
     
  2. DiGi

    DiGi Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    114
    Location:
    in the middle of nowhere
    Files that you downloading by http protocol are scanned before they come to client application. Include all files in archives.

    So - without HTTP IMON you CAN download infected file (in archive) - it isn't dangerous. And when you try to extract it (write to disk) AMON will catch it. Same for simle downloading files.

    It is simple another layer of defence...
     
  3. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi all,

    So why all the fuzz about the HTTP hype, if Amon catches the file anyway after extracting them, for instance from a ZIP file.

    I for one find it sometimes very annoying when a page is loading for minutes.

    Don't know what you guys think of it??

    rgds,
    Martin
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    The good part about NOD is you can turn off what you don't want to use.

    For others, they may like the scanning and don't care about speed.

    From the looks of things, NOD will be doing adware and spyware in the future too.
     
  5. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi Ronjor,

    Don't want to speak negative here, but why all the bells and whisles, so NOD can look like so many AV's already, all bloated??

    We are talking about a top notch AV here, let's keep it that way, there are already enough adaware and spyware progs. around.

    Let's keep NOD lean and mean!!!!!!!!

    rgds,
    Martin
     
    Last edited: Aug 22, 2004
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas

    I agree. Lean and mean. It does seem some people want an all in one solution.
    I do not like bloatware myself and will avoid it at all cost! :)
     
  7. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    I hope all the extra garbage is deselectable............

    rgds,
    Martiin
     
  8. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I think the HTTP scanner is great for family members and other folks that don't really have a clue about all of this stuff and can stop some potential infections before they get on their computer.

    I also like to see if the HTTP scanner is detecting something on a site as opposed to waiting to see if AMON catches it at a later time or date when some action is preformed on the file. Also you may not remember just where you got that file from at a later date.

    In addition I don't have any slow down using the HTTP scanner. Timing a download of about 10MBs of images with the HTTP scanner enabled or not enabled comes out at the same amount of time.

    So I think the HTTP scanner is a good addition and added security tool.
     
    Last edited: Aug 22, 2004
  9. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    In other words, i pay for an AV not for circus attraction :doubt: :D

    rgds,
    Martin
     
  10. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    You got a point there Stan, but for people who are beyond this, like i said, an AV is an AV, not some bloated circus attraction like :::::::::::: (i will not mention that prog. again, sorry for those whom i have affended)

    But i think you know what i mean.

    rgds,
    Martin
     
  11. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Same here,
    I've HTTP scanning enabled and I don't notice any slowdown.
    About the spyware/adware, I'm fully agree that NOD detect them. Spyware/Adware is now part of the malware (malicious codes) and now Antivirus aren't antivirus, are antimalware, in others words, all AV detect much more than viruses. Indeed, NAV 2004, KAV, NOD, McAfee and others detect spyware and adware, so, I don't understand why you don't like such feature.


    virus
     
  12. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Hi Martin,

    I understand what you mean.

    However, Eset would still need to target both the novice user and the advance user and all the folks in between.

    Of course the more advance user can just select not to use the HTTP scanner.

    I still find the NOD beta to continue to be very well programmed and see no noticable effect on my machines when running it unlike some other AVs.
     
  13. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    I agree Stan, but for i can see (for what it's worth) the more junk they put into a program, the more things can screw up.

    But like you said, iam running NOD without the HTTP scanner, because in my point of view, it is affecting my browsing.

    just my humble opinion,

    rgds,
    Martin
     
  14. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I have a few questions about the HTTP scanner functionality myself, which I sort of asked in this Wilders thread. Basically, it would seem to me that the HTTP scanner really only adds the detection of client-side scripting malware. If you download files or install ActiveX controls, it seems to me that both of these events would be filesystem "create" events that would trigger AMON into scanning them. Much of the larger content (jpgs, gifs, wavs, etc.), I think get cached on the harddrive by most browsers, so they too would probably trigger a "create" event that prods AMON into action. It seems it would only be the in-memory downloading of the HTML/DHTML/Javascript/VBscript code itself that might go undetected.

    Adding detection for that does seem useful to me, so I don't really have a problem with the addition of HTTP scanning; especially since: 1) it is 100% optional and user selectable, and 2) it doesn't generate any noticeable srufing slowdown on my system (which definitely surprised me). However, I was just curious what additional protection we really are getting and if AMON doesn't get triggered in the cases I mentioned, generating a duplicate scan?
     
  15. DarthGW

    DarthGW Guest

    i agree with some of u guys here
    lets just keep nod32 lean and mean
    thats what made it well-known in the first place
    there are professional anti-spyware solutions out in the market
    for example...im using adaware se pro
    keep in mind that im not using it for on-access scanner,only weekly for a full scan for spyware
     
  16. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    What's the problem if ESET add Spyware and Adware and keep the others thing at a good level? like viruses, trojans, heuristic?
    I submit every day to ESET many samples: trojans, viruses, worms, and few adwares. They are adding spyware/adware, yes, true, but they add much more quickly trojans, viruses and worms, so what's the problem?
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed, so long as the main focus is Viruses and Trojans, the general public do not know the difference between the two...

    Cheers :D
     
Thread Status:
Not open for further replies.