Is http scanning (WebGuard) necessary?

Is this the same case with avira?

If so, this is something to think about when you have a slow pc.

 

To dredge up an old topic...

I believe shellcode hiding in HTML exploit files was once mentioned as why HTTP scanners are necessary. Lately I've had to learn to decrypt shellcode exploit files, and I've seen nothing to confirm that they are executed in memory; the HTML files are saved to the cache like every other file before the browser reads them, meaning a good resident scanner will catch them. Also, only the oldest, most unpatched OSes seem to be vulnerable to this; even my copy of WinXP which had gone five years without any patches was hardened against this type of attack, making analyzing the exploits using Proxomitron impossible, much to my displeasure (hence my having to learn to decode them by hand).

 

Well for the most part they are pointless and is more of a marketing technique then anything. If your browser is updated so that it cant be exploited there is NO point in having one except if you like the html page that is displayed.

HTTP scanners and Active scanners use the same definitions. Lets say you download a virus. If you have an html scanner as it initiates the download and begins it will block the virus. However lets say the http scanner is disabled it will then download the virus waiting for user execution or if its exectued through an exploit it will attempt to run. As soon as it attempts to run the same definitons that are used in html scanner are now being used by the active scan. The scanner will then pick it up and block it at the file level instead of the http level. It will then allow you to block and remove the virus before its even run.

Whats the difference? Really nothing which is why I say its worthless.

IMHO there just one of thoughs pretty features that people dont really truly understand. Yes its nice and looks pretty however to me its not worth the network peformance drop that most suites offer.

 

I got into this argument a few years ago and was saying that the http scanners were mostly just marketing hype, and one of the guys here at Wilders proceeded to argue that they helped prevent something from executing directly in browser memory due to browser exploits etc. So I let it go at the time, but I have yet to ever see anything like that happen here in more than 12 years of internet usage with every browser imaginable including a lot of IE use.

Now that's not to say that it *can't* happen, just that I don't think the odds are very good that it ever will happen to me. But with all that said, I am currently using Avast which has an http scanner and I don't really see too much drag on browsing speed, so I go ahead and use it.

As always, there are people who will argue each way on this issue... I suppose it's also always up to the user to decide what he/she feels most comfortable with...

 

I also use avast's web-scanner and I'm a safe surfer, so it probably doesn't help me much, if any. However, with my teenagers also using this pc, I feel safer with the web-scanner on. If it gives me a false sense of security, so what, my daughters get free-reign of the pc. Is a web-scanner important Dam right it is, just ask my daughters!!!

 

Actually Norton 2008 (both NIS and NAV) have two kind of HTTP scanners. There's the Network Intrusion Prevention engine with 100s of HTTP signatures, + there is the Browser Defender. If they didn't have these engines, it is really the luck of the draw. It always depend on whethere the file gets written to disk before/after it is rendered by the browser.

 

You may be a safe surfer, but there is no such thing as a "safe" site anymore. Hundreds of well-known sites are being hacked everyday. Its just a matter of time before you visit one of these sites.

 

The shellcode in an HTML is relevant but its not the right way to detect malicious HTMLs since the shellcode is completely variables. Some AVs like Kaspersky use this method and its always very reactive, they have to keep writing new sigs and hence their response time for such threats sucks. The new NIS/NAV 2008 looks malicous usage of the ActiveX and hence they are more generic. Its trivial to write an HTML with brand-new shell-code that will easily infect a machine running Kaspersky. Try that with NIS/NAV2008 thats a challenge.

 

That's very true!!! It's football season again, and I still remember what happened last SuperBowl!!! I do visit a lot of football-sites.......

 

Yep, I'm sure anyone who knows about that will think twice before visiting www.miamidolphins.com

or tomshardware.com
or kevinmitnick.com
or experts.microsoft.fr/
or

 

As far as my understanding goes, your statements are so far out of the left field they don't even warrant an explanation.

 

Occasionally Avast Web Scanner has caught a nasty or two on my machines running Avast for the last 5 years so yes, web scanning has its benefits, think of it as a barrier to your fort, then you have the wall.

 

Really ? prove it. I've look at a lot of drive-by downloads and Kaspersky's detection capabilities for those. Have you ?

 

My system has been clean over 6 months using NIS '07-'08. NIS has been blocking all web threats (mostly Trojan.Downloader and recently a few of whatever that Quicktime exploit is called) so no cleaning has been necessary. As far as rogue Active-X controls goes, IE7 with Protected Mode has been handling them. I have not tried allowing their installation to see if NIS would catch them though.

 

Yes to the question, if it works and doesnt slow your PC. And right now I only know of 2 that qualify and one is my cute little Avatar.

 

Just out of curiosity, what's the other one

 

F Secure my new friend.

 

Still F-secure and Avira Trjam?

 

Well, I don't know trjam but I tested Avast for 30 days on my PC and I did not noticed any slowdown either. So that makes three.

 

Ok, then 3.

 

I'll 2nd that 3rd...

 

avast certainly does not slow the computer down.

 

That your opinion on your computer. As for my computer it definitely slow my computer down. I have a kinda old computer Amd 2700+ 1gb pc3200 ddr 400mhz ram gigabyte 8x agp motherboard geforce 5950 ultra graphic card. But i just started trialing avira antivir premium suite which has the http scanner and im very impress with no slowdowns,which i had with avast home 4.7. But i will take performence over alittle bit of security.But so far i might just end up buying this suite after the end of the trial i just wish the premium verison had the http scanner because i really don't need a suite...

 

The Premium version doesn't have the http scanner?? If not, then it really should...

 

Nope it doesn't just the suite does...