Web Scanners in AV

Discussion in 'other anti-virus software' started by Someone, May 23, 2009.

Thread Status:
Not open for further replies.
  1. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    How do these actually work? Do they use the same signatures as the resident scanner? Does it actually provide any extra protection?

    I think some products have web scanners that specifically detect script malware or something, would these be caught by the resident scanner?
     
  2. progress

    progress Guest

    Yes.

    Yes, but sometimes too late.
     
  3. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    What do you mean? If a malware was downloaded onto a computer wouldn't it be immediately detected as soon as it was written to the disk?
     
  4. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    almost yes webshield is useless most of the time.........try wot or link scanner
    and hips and you are ok
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Web Shield and HTTP scanners are NOT useless. HTTP scanning is great for prevention of known exploits (and even unknown) so they cannot affect possibly not patched browsers (or in cases when antivirus detection for exploit is faster than a compiled patch for the affected browser/program). HTTP scanning prevents exploits to even reach browser, but they also work on all other webpage elements and downloads.
     
  6. thathagat

    thathagat Guest

    well it prevents access to infected web pages....and does a good job at that...avira certainly does

    well in some instances the resident guard fails to detect a malware at high heuristics and it installs but the site was denied access with web guard on so to call it lame...useless.....redundant is a mistake....imho

    but i would like to know the most effective web guard/sheild/http scanning is which a black listing mode of avira or a proxy tunneling of nod or maybe something else.....if someone can explain.?
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    avast! Web Shield + Network Shield beats them all imo.
     
  8. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Agree with RejZor.

    Also lets you know if the site you're visiting is a problem site. For example, running sandboxie alone, you would think the site is safe. If you visited the same site from another system, with no sandboxie, you'd still think the site was safe.

    avast! Web Shield + Network Shield = light and effective.
     
  9. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    See this thread(not especially for you,RezjZor,but fpr all of who cares about that)...........http://forum.avast.com/index.php?topic=45515.0
    P.S.Avast! is not,and never will be,what you claimed to be.......sorry,BIG fan of Avast!,but..........always it's a LACK(o_Oo_Oo_O)of detection..................
     
  10. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    They are very useful.
    Read this from an expert.

    https://www.wilderssecurity.com/showpost.php?p=1073294&postcount=29
     
  11. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Joe, from reading here and other forums, every AV we use or discuss misses threats. The old saying, nothing gives 100 per cent protection.
     
  12. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Indeed,but not to write that all that shields beat them all......it's his opinion,but.......it's a BIG BUT here...........
     
  13. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Yes it would, normally. You go to a website and your browser caches the files, at that time they will be scanned as they are written to disk. However it is apparently possible to place a meta-tag on a file inhibiting the browser from caching it straight away. In this case the file would be able to enter memory and run before it gets scanned. Http scanners are designed to prevent this by scanning all files before they get to the browser.
     
  14. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    So do all web scanners have specialised signatures for detecting web exploits?
     
  15. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    But if it's running in memory wouldn't it have a file on your computer?
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    This thread isn't about virtulization or sandboxie in particular.
     
  17. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    No. These signatures are part of regular updates so you get them daily along with all the other signatures against Win32/Win64 malware.
     
  18. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    As TopperID explained and to the best of my understanding is correct. The threat is loaded directly to and executed from memory.

    Of course the threat will probably eventually interact\write to the hard drive. Or, possibly erase (from) it.

    IMO, I would rather stop it at the sidewalk then even let it on the porch. :D
     
  19. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Not necessarily, and even if it does get written to disk, it might not be before execution occurs. Certain types of data requested over the network can be run right in memory without touching the hard disk, and that's what HTTP scanners were designed to deal with.
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    There is loads of rogues and to be honest, no AV detects them all. And even if it doesn't, i think these are the least of the problem. They are just annoying like hell but if you don't go and pay these suckers, it's harmless, just annoying.
    I'd be far more worried if file infector was missed than some rogue AV.
     
  21. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    But will the threat be detected even if it was on your porch? Or is it possible for the malware to activate and disable the AV or something before it even gets scanned?
     
  22. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Can you elaborate on this?
     
  23. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Can not answer 100% in the affirmative. :( A lot of malware does target and attempt to shut down real-time protection and prevent on demand from running. May not even allow it to be downloaded or installed either.

    Anti-malware protection is always in a reactive stage. Even those that aim at protecting against zero-day exploits can not guarantee 100% protection 100% of the time. Thus the reason for a layered protection plan. My first software layer starts with a web scanner. Not a perfect solution, one does not exist. But, IMO, if it blocks even a small group of mal-ware at the sidewalk then it increases the chances of my other layers doing their job.

    I do use imaging software as well. That is my final line. But the way I feel about it, if I have to use it then I have lost to the black hats. :mad: While I may not have given up any personal information or allowed my machine to be bot`d they still succeeded in infecting me. :ouch:
     
Loading...
Thread Status:
Not open for further replies.