KAV 6.0

What happens when you are using a free firewall like zone alarm where you can't make specific rules? Is your computer vulnerable then when using an AV with an HTTP scanner?

 

This is only a problem with Sygate firewall which had a problem of allowing anything to access a proxy and connect out through it. I believe that ZoneAlarm is fine, but since you can't make rules defining whether or not an app can access the port your proxy uses in loopback, I am not positive. Others can probably add more to this.

Alphalutra1

 

Personally, I am not very comfortable using ZoneAlarm as any application granted with internet acess can access to any port (unlike rules specified firewall like Norton Firewall & Outpost etc).

Although you can tighten the security in ZoneAlarm using the "Expert Rules" option, sad to say it is not user friendly to do so (unlike others).

 

Ok, let me ask this then. How likely is it that an HTTP scanner can open up a hole in the firewall as traffic is proxied through it? Sorry for all the questions.

 

I am unable to comment on how likely it will happen but it can be a real threat, it is something for the security experts to determine.

Any security experts here? Care to share your view?

 

I'm using Firefox 1.5.0.1 only, which is configured so that when I shut down the browser, it cleans cache, surfing history, temp files and cookies. What is the advantage of the HTTP scan after this?

Best regards,
Firefighter!

PS. Has anyone done that kind of opening speed test with NOD HTTP scan and Avast 4.6 web shield as I did in post 13. in here? I have 512 MB RAM, so it's good to have the same to compare these results.

 

Firefighter, in tour described setup the Webscanner would come in handy while using your browser, to filter out exploits / malware. Granted, Firefox is currently not very vulnerable, but Webscanner could give a little bit of extra protection.

Keep in mind though that real-time scanner (File AV) will scan all files written to disk as well.

 

I'm using Sunbelt's Kerio firewall. It has NIPS and HIPS protection. Is this basically the same as HTTP scanning? Sorry if this is a dumb question. I'm not familier with this and I'm just trying to learn.

 

No, HTTP scanning scans all HTTP traffic for malware. So it's like real-time protection normally found on an AV, but then for all incoming HTTP traffic.

 

"Had"? As a Sygate user, should I expect problems if I choose to install KAV6?

 

I think it includes both incoming & outgoing traffic.

For example: Internet Browser <-> Web Scanner (Proxy) <-> Internet

 

Perhaps you would want to double check with the Technical Support on this?

It is not the only firewall with this problem, I have problem with another firewall.

 

As far I'm conserned HTTP scanners only scan incoming traffic. Scanning outgoing traffic would only cause unneeded overhead. Since the files already on the computer are supposed to be clean already (due the realtime-scanner).

 

I just installed KAV 6 this morning and I have a few questions:

1) In "Mail AntiVirus", if I disable "Scan SMTP, POP3, IMAP, NNTP Traffic", does it literraly disable mail scanning functionality or only the scanning of the mail in-transit to my mailbox?

2) Does any component of ProActive Defense overlap that of ProcessGuard? I am faily new to what ProActive Defense is aimming to do. Is it a component that I should install and let it run on its own or should I not install this component because I am ignorant of what it is suppose to do?

3) I disabled iChecker and iSwift right after I installed KAV 6. Was there some custom installation process that had allowed me to disable it early on so that it wouldn't "tag" my files like in KAV 5?

Thanks
Sub

 

It disables scanning prior to placement in your in-box if I understand your question and the program

I'd go with one or the other only.

These approaches do not use ADSs, as did KAV 5.0. Files are not tagged, no need to disable.

Blue

 

Well they are still tagged but just in KAV's internal database.
So no, no NTFS ADS like activity in kAV6...

 

Correct RejZoR, I should have been clearer. Thanks.

Blue

 

Thanks for the replies.

 

I have just tested NOD32 HTTP Scanner.. Here are my results:
HTTP SCANNING on (with High Efficiency): virusscan.jotti.org - 2,812s
HTTP SCANNING off: virusscan.jotti.org - 2,578s

maybe someone else should try to test it.

 

I get it, not just now but before too.

KAV v6 will be released this month, bugs or not.

Please correct me if i'm wrong.

 

Sygate is a discontinued firewall which HAS and still has a proxy bug. It will never be fixed unless the firewall is brought back to life aka Kerio into Sunbelt Kerio. However, since it is symantec we are talking about and they have ended the product, I doubt it will ever be fixed.

Alphalutra1

 

Ahh. Ok. Thanks Sputnik.

 

Okay, thank you for the information.

 

Thanks! But how much RAM and how fast PC? Mine is an AMD Sempron 2800+ (= real 1,60 gigahertz) and 512 MB RAM.

Best regards,
Firefighter!

 

My computer: Pentium 4 (3GHZ), 1 GB RAM...