KIS 2009 - slow web browsing

Discussion in 'other anti-virus software' started by mvdu, Oct 5, 2008.

Thread Status:
Not open for further replies.
  1. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Had no problems with kis and my broadband. Actually turning web traffic high did slow the page opening, though once I set it to medium the slowness vanished.
     
  2. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Isn't that by design? After all it buffers a lot more (or rather, it holds objects longer in buffer before releasing them, see the help file of KIS) when set to 'high' than in 'recommended' (1sec vs 60 secs). Additionally the heuristics are turned to maximum in 'high'.

    I only ever turn it to maximum if I suspect I might be visiting shadier pages.
     
    Last edited: Oct 8, 2008
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    All these "webshields" are piece of junk. And some are even a great means of DDoS as a free bonus in addition - hello AVG LinkScanner :D
     
  4. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    I wouldn't call for example KIS WebAV function as piece of junk. What's wrong with taking traffic inside internal buffer and then scanning for malware signs?
     
  5. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    And what's wrong with leaving the job for the normal on-access scanner so that it doesn't slow down your web browsing and doesn't cause other incompatibilities and ridiculous false positives?

    Ah, right... the "cool" factor, they couldn't stick "webshield" into the marketing blurb. :rolleyes:
     
  6. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    What cool factor? And personally, I have not noticed any slowdowns with KIS when using the Recommended settings (then again, I do not tweak internal settings of my browser). If I turn it to maximum I do notice slowdowns in some places, such as YouTube. However, recommended is the optimal setting.

    As to that false positive you are referring, I do not find it ridiculous. The software is just doing what it is supposed to do.

    I would rather have my IS acts as proxy, and deal with with exploits before they even have a chance to land in my PC and interact with my browser. If they hit the browser, there's always a chance for them to execute. At that point it would be the task of AV to intercept dropped malware before it is executed. Why give the malware a chance at all?
     
  7. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Webshields are necessary to stop exploits that execute in memory, and some network worms that never touch the hard disk at all. Normal on-access scanners are completely helpless against those.

    Don't be so quick to dismiss and ridicule things that you don't understand.
     
  8. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Errr, fatal error, doesn't compute... all malware executes in memory... there's absolutely nothing special about browsers, email clients or whatever similar.

    Your realtime AV doesn't detect malware in memory unless its origin is in your browser? Uhm, time to change the AV, I'd say.
     
  9. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Actually, there is. Exploits delivered via network-connected processes (i.e. browsers) are executed before they are saved to the cache. It's already too late when your on-access scanner detects the cached file.

    That's your own uninformed opinion, which you're welcome to.
     
  10. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, except that there's still nothing special about browsers. You can exploit tons of bugs in tons of apps remotely, yet you don't implement the functionality of those apps into an AV. Vendors don't implement such stuff for browsers either, which leads exactly to those stupid false positives mentioned above. The thing just foolishly parses the contents, lacking even the most basic logic like being able to spot the difference between active, clickable link and plaintext log pasted into a webpage. This is not KIS specific, this is a generic fact valid for all those webshields out there, as proved by the thread referred to above.

    If you want to catch similar stuff, you need behavior analysis and not dumb AV signatures.
     
  11. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    You can dismiss my explanations, but just because you're unable to refute them doesn't make them untrue. I've explained the purpose of a web scanner: because normal on-access scanners are helpless against exploits.

    And why not? There are vendors who implement IDS features to detect such attack patterns; ESS, avast!, Kaspersky, Symantec, McAfee etc. Again, a scanner that can monitor network traffic is needed here, because normal on-access scanners are (surprise) helpless against these remote exploits as well.

    So it happens with Symantec, i.e. ONE product, and all of a sudden it's a generic fact that's applicable to every product, even though we've yet to see the slightest shred of evidence that this is true. Uh huh. Brilliant work, Holmes.

    As I've said, don't be so quick to dismiss and ridicule what you don't understand.
     
  12. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    No, it doesn't happen with ONE product. As illustrated by the thread, it equally happens with Windows LiveCare and will happen with any other AV that's foolish enough to hardcode such URLs into signatures without doing any of the legwork to actually analyze the stuff, already explained above - which, surprise suprise, requires basically implementing a stripped-down browser into the AV engine if you want to get rid of such stupid false positives. Then you can implement a stripped down bittorrent/emule/whatever engine to work around P2P exploits, and bunch of others for other network stuff - and enjoy the obnoxious bloatware with horrible performance. Good luck with this. Completely broken approach.
     
  13. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Wow, that's a groundbreaking development. So it's a generic fact that applies to all product because it occurs in not only one, but TWO products! I mean, come on, TWO! Awesome!

    A flaw shared by two products means it's common and generic among all others. Oh yeah. :cautious:

    Besides, there are many types of web scanning as well. Checking for embedded links in a webpage is just one, certainly of no relevance to KIS, and even less to what's being discussed in this thread. Just another piece in the growing pile of evidence that reveals your lack of understanding about this issue.
     
  14. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Code:
             +-------------------+             .:\:\:/:/:.            
             |   PLEASE DO NOT   |            :.:\:\:/:/:.:           
             |  FEED THE TROLLS  |           :=.' -   - '.=:          
             |                   |           '=(\ 9   9 /)='          
             |   Thank you,      |              (  (_)  )             
             |       Management  |              /`-vvv-'\             
             +-------------------+             /         \            
                     |  |        @@@          / /|,,,,,|\ \           
                     |  |        @@@         /_//  /^\  \\_\          
       @x@@x@        |  |         |/         WW(  (   )  )WW          
       \||||/        |  |        \|           __\,,\ /,,/__           
        \||/         |  |         |          (______Y______)          
    /\/\/\/\/\/\/\/\//\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
    ==================================================================
    
    Finished here... ktnxbye.
     
  15. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    I wouldn't call you a troll yet, since tbh all you've done so far is to display a lack of understanding about the topic discussed. But if you insist... advice accepted, and thanks.
     
  16. yeuxbleus

    yeuxbleus Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    90
    I experience no slow downs while browsing using KAV set to recommended settings either. I thought I did, but did a comparison between surfing with Web Scanner on to with it off...no difference. :thumb:
     
  17. JasSolo

    JasSolo Registered Member

    Joined:
    May 9, 2007
    Posts:
    414
    Location:
    Denmark
    Well, sometimes it's just not eneough, just to turn something off in Kaspersky's products, to do a comparison. Sometimes it's not even enough to disable the hole product, at least that's my experience with Kaspersky. To do a real comparison, you have to uninstall Kaspersky and test, then install Kaspersky again.


    Cheers
     
  18. yeuxbleus

    yeuxbleus Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    90
    You're right. Recently, I imaged the hard drive with KAV installed and then uninstalled KAV. Still, no difference with KAV installed or uninstalled. Reimaged hard drive to when KAV was installed.
     
  19. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,814

    Agreed. Kaspersky tells you to disable part of there own product. Great fix now lets move on to getting a REAL fix. And not blame everyone Else's product once again for the screw up. ;)

    I had the same issues on the test system when I tested kaspersky a few weeks back. Unfortunately it leaked over to IE also the Delays where to noticeable for my liking, it felt like a $110 a month Dial up.


    (sorry been gone a wile hectic work sch. :eek: )
     
  20. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,641
    Location:
    Sneffels volcano
    Ditto.

    Kaspersky's web scanner is one of the best, if not the best, http scanners available out there.
     
  21. flik

    flik Registered Member

    Joined:
    May 21, 2006
    Posts:
    49
    Hi. I have experience the same with my kis. I think that when I untick ports 80 and 443 speed is increased. I have donw some tests, and I think that it helps with the speed. I haven't decide what to do. But, if I uncheck these ports, does it affect anti-fishing components too?
     
  22. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    Why don't you guys that have trouble with http scanner don't just uninstall it?Firefox with no script provides a better protection anyway.
     
  23. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Yeah :) You can easily install KIS w/o the Web AV component, you still get all the other goodies, just not this specific part.
     
  24. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,814
    The point is. You should NOT have to, to use a product that you paid for. all features should work. :blink:
     
  25. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    True, Fajo. I'm paying for my fast connection too and don't think I should put up with the slowdown.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.