Is http scanning (WebGuard) necessary?

I have been using the free version of Avira along with some spyware scans using free products on a regular basis. I am now wondering if http scans are worthwile and should I finally pay for the Avira security suite and just have an all-in-one solution and peace of mind.

 

https://www.wilderssecurity.com/showpost.php?p=1072211&postcount=8

 

I don't think that post is accurate. My understanding of http scanning is that it scans any traffic on the http protocol through a proxy server. The AV engine scans anything accessed via file API's (open/execute etc). Thus if a web page has a malicious script it will not be caught by the AV but by the http module. Web downloads are covered but not web pages/active content etc.

 

HTTP Scanning: necessity, or just a security blanket?

 

Informative post. Thanks, WSFuser.

 

Good AV RTM - necessary

WebGuard - unnecessary

 

HTTP scanning is the only way to catch and block (!) exploit files like JPG, WMF, ANI or HTML/JS before the browser parses them (and executes the exploit if the system is unpatched). If you are only using on-access scanning, the exploit will be detected - after the exploit was executed and able to download/execute more malware - if that malware is undetected by the AV scanner aswell.

Now, if you are using a good HIPS I would say you don't need HTTP scanning. A good HIPS will block the installation/activation attempt of the shellcode. HTTP scanning always slows down surfing, no matter how fast the AV product is.

 

This would seem to imply that AV products without a HTTP scanner are unable to prevent ANI, HTML/JS etc exploits from doing their dirty work. To the best of my experience, this is completely untrue; even the WebGuard-less AntiVir Classic triggered numerous times on the ANI exploit, shellcoded HTML files and, of course, the dreaded HTML exploit heuristic...

This is getting more and more confusing.

 

It does slow down, but if it's done properly it's hardly noticeable. BitDefender's HTTP scanner is sluggish, while avast's is hardly noticeable.
Well at least i can't see any difference when turned on or off. 1Mbit line.

 

I don't know if http scanning is absolutely necessary or not. I'll leave that up to the experts. I do know that I feel somewhat more secure with an AV that does have http scanning, so I guess that's what really matters. If you feel better having an http scanner and it doesn't affect your computer's performance, why not take advantage of the extra protection.

I'm using Avira IS with http scanning enabled, and it doesn't affect my browsing speed at all. There is some slow down when it comes to loading some adobe flash videos, but I can live with that.

 

For me a HTTP scanner is a welcomed component.
Is it neccesary? I'll leave that question for an av expert.

 

How do you know?

 

no, its not.

 

Haven't experienced any slowdowns yet with BitDefender, nor with KIS.
It's good to have some extra protection layer IMO.

 

Originally Posted by RejZoR
BitDefender's HTTP scanner is sluggish, while avast's is hardly noticeable.

Agreed. I don't notice a slow down at all while using Bitdefender 2008. I've tried surfing with HTTP active and off. I can't tell the difference.

 

My personal experience with Avast on Vista was the system experienced a general slowdown. This could be Avast or some drivers on my notebook.

Previous versions of Bitdefender were found to cause system slowdowns in tests by one of the big magazines, either PC World or PC Magazine. However, that was for version 8 or 9. I don't know if there has been an improvement, but these sort of reputations are hard to get rid of.

 

Trying Avast at this time, so far no slow down and it seems to load very fast at start up.

 

I have learned a new fact from a respected expert. Thanks, Stefan.

I do have a good HIPS, of course.

 

Absolutely no difference whether it is off or on, and faster on my machine than Norton, Avira, or NOD32.

 

It's sluggish. BD10 HTTP was awful. BD11 looks better but still far from what avast! can show off.

 

Salesperson now hey Stefan.

 

So as I have Defensewall I can leave the Avira web scanning off?

Collective view of those in the know?

Ian

 

It maybe sluggish on YOUR computer(s). Every computer setup is different. But it's light and speedy on my computer. And on other users computers. I can't tell it's turned on when I'm surfing.

 

Hmmm.......Necessary? Dunno.
But i'm using it, nothing wrong with added protection.

 

To go along with this question, would running Sandboxie nullify the need for a web scanner? Thank you