HTTP/Web Scanner Advised?

Hi, I'm a new user to the forums.

I'm currently running a trial of the new ZoneAlarm Security Suite (8.0), and so far I like it! Check Point seems to have fixed the previous slowdowns of Zone Alarm, so it runs smoothly.

The only concern I have is that there is no web guard (or HTTP scanner). I visited the EICAR test site, and tested a webpage infected with the test string; ZoneAlarm did nothing. Only when I downloaded the test file and attempted to run it did ZoneAlarm promptly quarantine it.

So, my question is this: do I need an HTTP scanner? I've read recently that hackers are now attacking legitimate websites now, so do I need a web guard to protect my computer while I surf?

Sorry if this has already been asked; I did a Forum Search, but couldn't find anything related.

 

This thread discusses the issue: Is http scanning (WebGuard) necessary?

While there are many informative posts in that thread, you may find post #45 particularly helpful.

Welcome to Wilders.

 

Oops! Sorry, guess I didn't search hard enough. But, after reading through those posts, I have another question.

About a month ago I was preparing a presentation on PowerPoint, and went to Google Images to search for some pictures. I had ESET's Smart Security installed at the time. I clicked on a picture, and Smart Security alerted me to something along the lines of "DNS poisoning", and I received a popup that an infection had been stopped.

Now, was this "DNS poisoning" the result of a network attack, or HTTP scan? Because when I went back and did the search again, the picture came up clean... If Smart Security hadn't been set to scan HTTP, would I still have gotten infected?

And thanks for the reply and welcome, Dogbiscuit. If this thread needs to be moved/merged with another, I won't mind.

 

I agree with post #45 myself, I do however use HTTP scanning because it is more comforting to know you have that one extra tool that may make a difference, and it can help during the window between a vulnerability being found and patched. After all, those windows can be as small or large as the vendor makes them.

Edit: Regarding your other question, perhaps the site the picture was hosted on was compromised, but not the picture itself? I don't know a lot about DNS poisoning, so I'm shooting in the dark here. It could have also been an initial FP.

 

You can live without HTTP scanning. Still think HTTP scanning is necessary. Good for blocking drive by downloads, and detecting malware before you download it(imagine if it's a very big file, spending a lot of time to download it and then discover that it's a malware).

If you use firefox, you can minimize the risk of going into websites that can perform drive by downloads by using WOT or SiteAdvisor with LinkScanner(or all of the three if you want).

You can also try this nice addon https://addons.mozilla.org/en-US/firefox/addon/938
It's Dr.Web online scanner, that scans links(direct links) for malware.

 

I just wanted to add that the use of the NoScript extension in Firefox can go a long way towards killing off those drive-by downloads also, among other nasty little tricks.

 

I would personally complement ZA with a sandbox rather than a HTTP scanner. You need to complement your signature based detection with a non-signature based protection.

SandboxIE or more proactive solutions like ZA ForceField could be used.
You will soon probably be able to test the ZASS version with ForceField integrated.

Cheers,
Fax

 

Thanks for your reply, guys. I looked at post #45 on that other thread, and I think I'll use an antivirus with HTTP scanner. I'm currently using AVG, and it runs just fine. As for Check Point's new ForceField product, I tried it, but it chewed up way too much memory . Thanks for the suggestion though – I can always use them !

And about that "DNS Poisoning" attack, I'm not a computer virus expert, so I don't have the slightest clue as to what it was (maybe someone could enlighten me as to what it is? I've never seen or heard of it before). My point there was that if it can happen again, and if it does, would an antivirus without HTTP scanning pick it up (e.g. DNS poisoning under ZoneAlarm, which doesn't have a web guard).

Once again, thanks for the feedback .

Oh, and I've installed WOT for Firefox, and another friend of mine recommended me to use MVPSHosts with HostsXPert. So far, so good!

 

Forcefield will eat a lot of Resources no matter what due to the fact its Emulating your browser as its memory climes so does forcefield its the price you pay to keep all data from writing to the hard drive. I personaly dont use it, Don't feel the need for it.

Now as for ZA as long as it has realtime Scan (Dont remeber) you should not have a problem becuse as soon as a file or something gets wrote to the hard drive it should be scaned. HTTP scan is just to scan is in the stream. so kind of stops it before it fully writes to the hard drive.. the only advantage to this is Drive by downloads really. stoping someting from downloading with out you knowing it.

but thats just my 2cents.

Gl to ya.

edit.

Here is a link to Wiki on DNS Posoning. http://en.wikipedia.org/wiki/DNS_cache_poisoning

(Mod) sorry If the link is a violation. its not maleware so I did not think so.

 

Which version did you try?
With latest ForceField version (V. 1.2) I have not more than 16 to 20MB memory use.
Unless you have no RAM... it should be managable.

Cheers,
Fax

 

It is still impossible to get infected without the malicious code existing on your HD/memory. So just a simple "on access" scanning should be enough. Of course it's a "nice" feature though to alert before that.

 

Does microsoft provide the patch for DNS Poisoning?
If we did have the loses of the computer,can MS do anything?

 

Please see here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;241352

 

I believe it was version 1.2. Under my system, it used about 20 to 28 MB. That may not sound like a lot, but I'm using BitDefender Antivirus 2009 with HTTP scanning, and all the processes total around 10 to 18 MB.

Still, I don't mean to bash ForceField. It is a nice idea, but it's only in the early versions. Perhaps I'll give it another go in the future .

 

https://www.wilderssecurity.com/showthread.php?t=218274

You might want to read those posts if you think its light.. also 20 megs of ram is not going to hurt anything UNLESS your below 512 and means its only active why the browser is it should not effect anything else. also there is other AV's out there if your still looking that the whole AV running is under 20 megs. might have a looksy if you end up not happy with Bdefender.

 

I used sandboxie for browser protection. Most compromised websites wont actually have the malicious code on the server but rather they put a redirect to a malicious. Adding Hostman and having an updated hosts file can be another layer.

 

Yes, I realize that BitDefender 2009 is a bit buggy (I heard many complaints from users saying it wasn't ready to be released). So, I'm only using the Antivirus – no Internet Security or Total Security – which runs fine.

And as for ForceField, on my laptop (which I am using to type this, and the computer that is the subject of this thread), I have about 960 MB of RAM. About 40+ MB of RAM go to some of the hardware (I'm not a computer specialist, so not sure what). Anyways, my point is that it's an old computer (maybe about 4 years old) which freezes very often, so I want something as light as possible.

But, I'm an open person, so I'll give ForceField a try on my other desktop computer. Again, thanks for your input !

Yes, I've added the Hosts file protection, and I'll also take a look into this sandboxing feature; a close friend of mine mentioned it, so I'll give that a spin, too .

 

Sandboxie is what forcefield is, the main difference is Forcefield is just for the browser. Sandboxie can be used for programs also. but basically there 1 in the same.

 

Another vital difference is that ForceField is created for mass market and not just the techy crowd.
Hence ForceField is a product that my GF can use without grumbling or getting panic attacks.