Web scanning - is it needed?

Discussion in 'other anti-virus software' started by raven211, Aug 13, 2011.

Thread Status:
Not open for further replies.
  1. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I searched for threads and couldn't find an up-to-date one.

    What is your opinion? The web scanners of AV software, needed or just another footprint? I'm talking for example shields of premium versions of AVG and Avira and what's included in all Avast! editions.


    I need your insight ;)
     
  2. eugene91

    eugene91 Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    189
    Protects you from Drive-by.. my experience using Avast! :)
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    If it is implemented well and you don't experience any slowdowns when browsing, then for sure.
     
  4. Matthijs5nl

    Matthijs5nl Guest

    I agree with this.

    It is a good method to pick up threats earlier and thereby improve prevention.
     
  5. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Web scanning. Needed?
    If No Browsing Slow Downs come up, then, Why Not?
     
  6. SteveBlanchard

    SteveBlanchard Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    312
    Location:
    ENGLAND

    I'm tempted to say use a DNS provider that blocks bad sites.
     
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I can say so much that I would NOT use an AV/Suite that didn't include one, that's says a little about how important I think they are, period.

    Now "Web Scanning" is a general term since we have URL Blocking, and then we have the HTTP scanner. The URL Blocking works like this that it shows a blockpage when ever you try to ener an URL that's on the Vendors Block list.
    So it blocks access to the malicious site before one can enter in an proactive way.

    But the HTTP scanner actually scans HTTP data in real-time using both sigs, heuristics etc.. in an proactive way as well.

    Instead that I continue to explain why it's so important I would like you to watch this test of ESET V5 RC to see exactly what I explained above. 20 test links compressed into 1:50 mins.(I must say that I really like how this guy edits he's videos :thumb: )
    And please don't see this as my "promotion" for ESET, I just want you to watch this so you can see how well the technology really works.

    -http://www.youtube.com/watch?v=uMuxBOWPIWo
    Block page = URL Blocker.
    Notification windows lower right corner = HTTP Scanner.

    And out of the products I have used I haven't felt any slowdowns by leaving the "web scanners" on.
    But it will of course differ from product to product :)
     
  8. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    would the on access scanner not pick up any threats when they reach the real system? i cant see how the http scanner would provide any benefit when any threat that gets on the system would be picked up by the on access scanner? and if the on access scanner misses the threat then the http would have missed it to na?

    can someone clarify this for me and tell me please? i want to know how avast with http + on access scanner is more secure then avast with just an on access scanner enable only.

    thanks
     
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    The benefit is that the threat wouldn't get into the system in the first place. Wich is what I prefer.
    Now idk what techniques the Avast HTTP scanner uses but I would assume that at least heuristics are in use. So No, the http scanner can still detect threats in the downloads by using heuristics.

    Let's see if vlk can answer this one. Though I guess the first answer would answer this too.
     
    Last edited: Aug 13, 2011
  10. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Choose an AV with good Realtime i.e Onaccess Protection. Coz its the real strength of any AV coz its an alround scanner & detects malware coming from any channel web, mail, pendrive, etc. All the other shields are bonus, for specific purpose only.

    Just my thought & not a statement.

    Thanxx
    Naren
     
  11. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    use sandboxie, give only internet explorer or your browser start /run access, i find you will find many tuts in the web and no malware will start.
    its more secure as an scanner.
    an scanner have to know the bad urls, sandboxie or other sandboxes not.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Maybe if you use an insecure browser.
     
  13. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Well I use the stable release of Chrome so you tell me. :D

    EDIT: Scratch that, will give Chrome Beta release a spin, too tempting. :D
     
    Last edited: Aug 13, 2011
  14. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Absolutely. It's no mystery.
    You have to realize that no AV will ever detect/block all binary malware files. Therefore, it's useful to use other protection layers - layers that are ideally independent of the scanning engine that's responsible for the detection/blocking of the binary malware (i.e. the overlap isn't too big).

    Avast's Web Shield is an example of that. With 90+ per cent of today's malware coming from web sites, it makes perfect sense to put additional protection layers to the HTTP stack. In avast's case, we use an advanced javascript detection engine, combined with a sophisticated HTML analyzer and URL blocker -- and in practice, these modules are able to detect the vast majority of malware even without ever seeing the corresponding binaries.

    Also, the WebShield allows us to track the sources (source URLs) of binaries that are later executed, and these sources are then taken into account by the heuristics engine (generally, files coming from high-profile sites are less likely to be malware than files that are coming from unknown/dodgy sites).

    Thanks
    Vlk
     
  15. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I have to say that I find a web scanner pointless, but keep in mind that it's just my case.
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Chrome beta is my favorite and you don't have to worry about exploits so why bother scanning a page for exploits?

    Scanning a page for malicious links is meh... you're way better off with an AV.
     
  17. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have a question about this whole web scanning. Let's say an infected page tries to download several different types of malware in a single download. What happens if your av recognizes some of the download as malicious but not all of the download? For instance a drive by download tries to send malicious install app A and malicious install app B in one drive by attack. Your av recognizes app A as malicious and blocks the install but does not recognize app B. Will app B also be blocked by the av's web shield or will it pass on through to the hard drive? I suppose it matters whether app A and B are in the same file?

    And what about this scenario when there is no web scanner? Would the drive by install of A and B both be stopped or just app A?

    I ask this because I have read that a single drive by can attempt to install several malicious programs onto a computer. Whether these are all contained in a single file or multiple file would be important I suppose. Any one know for sure?
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    As Vlk of avast explains a good javascript and html analyser of awebshield looks at the program code putting the actual executable someswhere on your hard disk where it survives reboot. The on access shield looks at those executables when they are written to your harddisk or when executed.
    microsoft has done tests called nozzle using a javascript anomaly analysis engine which seemed to be effective against 70% of the webbased malware. So using a webshield with the avast features makes sense.
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Can't answer your question exactly but it's possible for app A to be blocked by the web shield and app B to be blocked by the on access scanner due to different heuristics or so I've been told.
     
    Last edited: Aug 14, 2011
  20. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    it does not make any difference which browser...
    scanning web content makes sense due to some sepcific behavior of some browsers.
    you have to know that on-access wont help on firefox - firefox first load
    content into ram - then onto harddrive. so any bad content would touch firefox
    first before any av w/o web scan could scan it. thats one reason i dont promote
    avira free - it has NO web guard.

    although avira offers webrep it has also the ability to warn when browser demands listed sites.

    PS i use ad muncher and a nice hosts file from calendar of updates (COU)
     
    Last edited: Aug 14, 2011
  21. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Actually, Avira Free has webguard now, if you accept the installation of the Ask Toolbar.
     
  22. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    But the AV's does have both the HTTP Scanner and URL blocker.
    And the OP was talking about that it's included in the AV's such as Avast but wasn't sure if they are effective enough to use them, afaik.
     
  23. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    and w/o stupid ask bar? ► http://www.avira.com/en/avira-free-antivirus
    no webguard.

    btw technically - how can the installation of ask bar add some feature to avira free?
    aint really possible - otherwise tell me more please.
     
  24. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Been using Avast for over 4yrs on and off and I can say without a doubt most of the stuff (malware) that I have come across personally, the web shield picked up on some rogue site. So yeah, I would say it's useful.

    Ice
     
  25. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    the point i was trying to make was that the avast on access scanner would have picked it up anyway if the exe got on the real system
     
Loading...
Thread Status:
Not open for further replies.