Is An HTTP Scanner Really Necessary?

Discussion in 'other anti-virus software' started by Barney, Oct 29, 2010.

Thread Status:
Not open for further replies.
  1. Barney

    Barney Registered Member

    Joined:
    Jun 17, 2003
    Posts:
    119
    I was wondering if I could get people's opinion on this. I was wondering whether it was really necessary to have an HTTP scanner built into my Antivirus.

    I ask this because sometimes I feel as though my internet surfing speed has been negatively affected with this new HTTP addition. Would using an AV and disabling this feature be adequate? Thanks.
     
  2. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,080
    It's another layer of security, you can gain some speed but you will lose a little bit of protection.

    My advice, probably the http scanner is never going to be the only techonolgy/layer able to detect a threat, but is up to you.

    You can use DNS with malware blocking capabilities, like Norton DNS, Comodo DNS, Open DNS... almost transparent to websites loading time, specially if you are in USA or central Europe
     
    Last edited: Oct 29, 2010
  3. carat

    carat Guest

    No - it will slow down your browsing speed :doubt:
     
  4. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Why take a "double dose" of "flawed" protection o_O :ouch:

    My answer is a "Big, Fat - NO!"

    Instead, virtualize your browser/system and/or protect your browser with something like SafeOnLine, SpyShelter, etc from those info stealing bastages ;)
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I believe real time protection should protect so I disable it on my machines. I do leave it on for others but if there a complaint about browsing speed disable it too.
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I'll agree with the previous posts. HTTP-scanner will slow browsing down and the real-time scanner should take care of the threat. And as somebody already mentioned, with the free DNS-applications around these days you're very well protected in the browser layer.
     
  7. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    No it's not absolutely necessary but it's another layer in the armour as had already been mentioned.

    If you use firefox, it's worth using NoScript.
     
  8. shanep

    shanep AV Expert

    Joined:
    Sep 10, 2008
    Posts:
    54
    I can't speak for other products, but certainly for the Norton products you will loose a huge amount of protection if you disable the Network IPS (which scans network traffic of all kinds including HTTP). The IPS is scanning network traffic for vulnerabilities and blocking them before they exploit the browser. There is no other way to do this reliably other than scanning network traffic. You can't simply scan files in the browser cache as in many cases the browser has already been compromised before the file is seen hit the disk.

    Also, what started with a single vulnerability being compromised which you could have blocked had you been monitoring the network stream, now gets turned into a potentially infinite number of file-based threats that get dropped on the system by the shell code that got executed when the vulnerbility slipped through. Dealing with these files is a bigger challenge since there could be so many of them. It is much easier to shut of the pipe.. i.e. block the HTTP attack.

    Shane.
     
  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Now that is why I EMET the hell out of my browser. :)
     
  10. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    So, if Norton knows about these browser vulnerabilities, why not tell the software company about them and get them fixed? That way if you keep your browser up to date, you shouldn't have much to worry about. If Norton isn't telling the software company about the vulnerabilities, I'd have to wonder why not. Now, a flash vulnerability is a different thing, because I don't get the feeling adobe takes them very seriously:)
     
  11. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    This is in a perfect world where all PC users keep their windows up-to-date. Sadly not the case.
     
  12. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Also I have seen another case when checking out malware also. I keep a log of Md5 and URL for malware I submit to different vendors, I notice at times I can go back to the URL and see if its still being hosted I find a file with the same name, a whole different MD5, and a huge dive in detection. As long as the URL guard is blocking the site you would not have to worry about them. So yes a I think web guards can come in handy as long as they are updated by there creator. So in certain cases a webguard can help you.
     
  13. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Necessary? Nope,back when I used an AV,I never used any that even had such thing as a "HTTP Scanner " :argh: and I never had any issues.
     
  14. shanep

    shanep AV Expert

    Joined:
    Sep 10, 2008
    Posts:
    54
    Hi Scott,

    When we discover a vulnerability ourselves, we definitely let the vendor know using "responsible disclosure". However, as someone pointed out, even when the fix becomes available, most users dont know they need to get the patch. This is especially problematic when the vulnerability is in some 3rd party ActiveX and therefore not auto-patched via Windows Update. So the machine remains unpatched, they get exploited by the vulnerability and the machine gets infected.

    Shane.
     
  15. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    My opinion is that it depends. If you use your AV as sole security application then yes it is necessary.

    On the other hand if you use sandboxie or other modes of virtualization properly configured you may disable it.

    Also you may disable it, without virtualization just by secure (and update) your browser, like firefox with noscript, request policy, DNS, hostsfile, adblock etc. This way will take some time to properly configure firefox as in the beginning most scripts will be blocked. In general the majority of users want to avoid the hassle with the popups and the configurations and just enable the http scanner, with a minimal decrease in browsing speed.
     
  16. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Yes, it's entirely necessary in my opinion. I see mine updates frequently, sometimes several times a day regardless of virus definitions updates.
     
  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    seems that the one guy who should really know about this thinks it is necessary but most of the self proclaimed experts(!yeh right!!) off this site think it isn't,I do wonder why some of these guys don't go and write their own product,then they could include the modules that they KNOW are needed,there is nothing so dangerous as a little bit of knowledge in the hands of somebody who believes they "know it all"!
     
  18. Vladimyr

    Vladimyr Registered Member

    Joined:
    Feb 11, 2009
    Posts:
    461
    Location:
    Australia
    Is An HTTP Scanner Really Necessary? No.
    Do I have it active on every PC with avast!? Yes.
    Would I be tearing my hair out if I disabled it and something got through? Yes :argh:

    "Ya makes ya choices, ya takes ya chances me buccos" ;)
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Web scanners are definitely another layer of protection as they can protect you against new variants of malware otherwise yet unrecognized by other modules of the particular security software. Nowadays malware is changing rapidly to evade detection and gain success for the authors. Traditional signature / heuristic detection methods are not sufficient and many new born threats may pass by unrecognized. This is when web protection with url blocking and other special heuristic algorithms comes into play and prevents your computer from getting infected.
     
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Whether or not they're really necessary, depends on the user such type of protection is aiming to protect.

    Would it offer any benefit to me? None, at all. Would it offer benefits to family members? Most definitely, because it would prevent them from downloading malicious software (without knowing it so; even thinking it was a safe app.), etc.

    So, the question you truly need to make is not if they're really needed, but if you do need them.
    Are you the type of user able of using other security measures that kill right-away any chance of an infection? If so, then ditch it. If not, then keep it. Find a solution that doesn't cripple your browsing experience.

    I don't know about others, but these two (AVG and avast!) doesn't slow browsing, at all. That's not my experience. I have family members with both, respectively, and no complains.
     
  21. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I have to agree on this:thumb:
     
  22. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I suppose if you never use the web then they're not needed!(lol)
     
  23. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    I for one would never claim to be a security expect but whenever you use security software you need to balance the risk v the impact of the software. You could create the worlds best security suite and nobody would use it, if their machine ran like a dog.

    The OP was experiencing a performance impact and asked a question regarding that. There is no perfect answer since a lot depends on the setup, other software, whether they're behind a router, the type of surfing they do etc.

    /Off Topic

    Steve, one of the benefits of the forums is to ask for advice, advice is free, it's down to the individual to decide what they do. It's unrealistic to expect experts to drop into every thread, so why do you feel the need to pour scorn or leave flippant remarks for others who are trying to help.
     
  24. Nek

    Nek Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    25
    I'd like to add to Barney's question.

    I've used Avast's HTTP Scanner and as with Barney, I've encountered slow browsing speed.

    So I went to read a lot about browsers as the infection vectors and I've read that browsers can be infection vectors for three reasons (please correct me if I'm mistaken):
    1) Browsers' vulnerabilities
    2) Scripts
    3) Payloads

    If these are the only concerns, aren't NoScript and regular browser updates enough? Regular updates would fix browser vulnerabilities, NoScript would prevent scripts and browser configuration (i.e. no pdf etc execution in browser) would prevent payloads.

    Am I missing something important?
     
  25. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    because the one guy who is the "expert"(ie works for an av company and explained the reasons behind what he says)believes it is needed,but still the "experts" from here either totally ignore such advice(not only in this thread) or totally dismiss it because they DO know better,it depends on how high "surfing speed" is in your list of priorities:-if a couple of millisecs lost in a page loading is more important than the extra security then disable it:-but then again every form of protection will have a negative effect on speed,be that browsing,file transfer or any other use people use there PCs for, so you could argue as to whether any protection is worth the performance hit couldn't you?:-and because a lot of PCs brought to me are owned by these "experts"(I shouldn't moan really:-they keep me employed!):-I would have thought the best solution if the product he is using is giving problems when browsing would be to try a few other vendors wares that offer same(or similar) protection to see if any have a significantly less impact and has anyone thought it may be the av product interacting with some other add-on he his running while browsing?It may not be the http scanner per se
     
    Last edited: Oct 30, 2010
Loading...
Thread Status:
Not open for further replies.