Which filters webpages first? IMON or Proxomitron?

Discussion in 'NOD32 version 2 Forum' started by Devinco, Sep 6, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Everyone,

    When filtering a webpage, probably a firewall (that filters out ActiveX, Java, and Javascript) would get the first go at filtering a webpage.

    But then would Proxomitron be next?

    Or would the IMON HTTP scanner be next?

    And where does the Admuncher filter fit in?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    You don't have to use a proxy with NOD. It's up to you.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Ronjor,

    But if you do use both, who gets to filter/scan the webpage first?

    Let's say you type in Google.com in Firefox.
    Does the page come into Proxomitron first where it is filtered.
    Then Proxomitron passes the filtered page to the IMON HTTP scanner.
    Then the IMON HTTP scanner passes it on to the browser.

    Is that how it works?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    If proxo is used, I can see no other way.
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Ronjor!
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    If anyone knows differently, speak up! :D
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    80, 8080, 3128 are the ports imon monitors. Proxo uses 8080. So maybe just the 8080 port is filtered by proxo, the others, imon gets first crack at.

    Where are the gurus when you need them? :D
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Well, I would hope it would be filtered by Proxo first! That is the entire point of using Proxo - to see the internet as I wish to see it. :) And why one would not use Proxo because IMON HTTP filtering is available is absurd IMO. IMON doesn't stop gif animation does it? IMON doesn't stop ads does it? etc. etc. etc.! IMON just clutters up, messes up and slows down your computer.

    There is no need for anyone using Proxo to use IMON HTTP filter. I certainly don't and may leave NOD32 because it is now absurdly redundant since it has chosen to emphasize IMON HTTP filtering instead of placing all the emphasis where it should be which is with AMON. I feel that if I renew this license that I am paying for unneeded junk in addition to getting an AMON that has been improved but still is nothing like the resident monitor of some other avs.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    Mele

    I notice no slowdown on my computer due the http scanning. It seems as fast as ever.
    I am curious to see the first malware the http scanning catches. If it does nothing but scan and never finds malware, then I would agree with you.
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    So then if you have Firefox set to use Proxo on port 8080 and IMON HTTP scanning port 8080, when you request a page in firefox, Proxo gets it first then passes it to IMON then IMON passes it to Firefox?

    Or does IMON fight with Proxo and try to deliver the page to Firefox scanned (with IMON) but unfiltered (bypassing Proxo)?
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    if you are using proxomitron and you have your firewall configured correctly, the only way you will see the page is if it goes through proxomitron. :)
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    Don't know. I disabled proxo with NOD. Proxo is for filtering web pages. I see no reason to filter my antivirus program through this type of proxy.

    Hey Marcos! :D
     
  13. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Huh? I don't understand. So you have Proxo on bypass now so that IMON can filter the pages and Proxo doesn't? That doesn't make sense...so I am missing something?
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    I do not have proxo bypassed. I just have NOD setup not to use it.
     

    Attached Files:

  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    And after looking at the screen shot, it may pertain to updates only.
     
  16. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    So then in your case Ronjor, Firefox is using Proxo (port 8080), then IMON doesn't scan the page? It goes from Proxo straight to Firefox? Sorry for asking all these questions, I just don't have a clue. :doubt:
     
  17. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i think that that is just how nod updates. it still goes through proxo>nod>browser. looks like a first-ronjor got out-of-bed the wrong-side :eek:
    EDIT sorry :rolleyes: i didnt see your post ron. looks like i got out of bed on the wrong side. sorry ron
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    Actually, imon is scanning pages. It shows what it is scanning in the imon window.
    So, proxo scans the page, imon scans the page, and Firefox gets it.
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    From the NOD help file.

    Proxy Server Setup




    --------------------------------------------------------------------------------


    The connection of your computer to the Internet can be mediated by a proxy server. The proxy server settings are defined by your ISP or network administrator.



    The programs on your computer that access the Internet (such as Internet Explorer) need the proxy server address, port number, and access username and password (as defined by your ISP or administrator).



    The NOD32 Update module is capable of retrieving this information from Internet Explorer. In some cases, however, a manual setup may need to be performed as follows:

    Click Update in the main NOD32 Control Center window.
    Click Settings
    Click Extended
    Select LAN/fixed line or dial-up (depending on the type of your internet connection)
    Click Setup in the Proxy server group
    Check the Use proxy server box
    Enter the IP address and port (if applicable)
    Enter the username and password (to access the proxy server)
    Note: The username and password above is not the same as the one provided by your NOD32 vendor.
    Click OK
    Warning! After Update setup has been completed, perform a functionality test of access to the update server. Automatic update of the NOD32 system is vital to provide the maximum level of anti-virus protection.
     
  20. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    :D

    I didn't think it was possible to get around Proxo unless bypassing it. I don't think you were getting around Proxo for the updating either. NOD32 just automatically detected your IE settings which use Proxo. How could you update otherwise? All interaction with the internet goes through Proxo unless you bypass it.
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    I believe you are right. I just tested it.
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I thought you Major Senior Members were the gurus! :D

    Please do correct me if I'm wrong but isn't IMON for scanning emails only? If so, wouldn't its HTTP filter then be restricted to HTML emails? (HTML emails would not be filtered by Proxomitron since they did not arrive via HTTP).

    NOD32's update setup (where you can route its connection via a proxy) seems a separate issue altogether and it is probably unlikely that routing via Proxomitron would make much difference (it is quite possible that it is not using HTTP for downloading updates).
     
  23. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Paranoid2000,

    That was the case for the previous version.
    The new version of IMON has an HTML scanner to scan for malware on webpages. How effective it is, how it works, what it specifically protects against, whether it can be fooled by encoded characters, is a mystery. Here is a link on its HTTP Scanning.
    From the very limited info provided, it seems to concentrate on individual infected files rather than parsing the HTML document for exploitive malicious code. But I could be wrong.

    It is really the IMON HTTP scanning that I was interested in. The update doesn't need to use Proxo.
    I looked in the settings for the IMON HTTP scanner. It had one field:
    Ports used by HTTP protocol: 80, 8080, 3128
    There is also a check box labled: Automatically detect HTTP communication on other ports too. It was checked.
    And then a radio button choice for what to do when an incoming infiltration from the internet is detected.

    Based on this, what do you think?
    Is it Proxo>IMON>Firefox? Or does Proxo and IMON scan/filter it at the same time and then fight over who will deliver it to the browser?
     
    Last edited: Sep 7, 2004
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    Appears that http is used for updates if you go by this screen shot.
     

    Attached Files:

    Last edited: Sep 7, 2004
  25. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Of course updating uses HTTP. NOD32 uses the internet settings that you have for IE. When you install NOD32 you are asked if you wish NOD32 to automatically detect your proxy settings. If you say yes, then it uses the settings you have for IE which means it goes through Proxo. If you say no, then you have to later manually set NOD32 to go through Proxo.

    I just recently tested another av and I could not update. Tech support first insisted that I uninstall Proxo!!! Geez! I told them no way! I would forget their av immediately if that was their only solution. So, then the US distributor and the technicians for the AV in Europe both installed Proxo on their computers. They had no problems using Proxo to get the av updates. (I had tried to tell them I was sure it was not a Proxo problem but they wouldn't listen).

    Proxo filters the web pages first. Then IMON. It is overkill. No need for IMON filtering if you have Proxo especially depending on whose filters you are using. (That reminds me this other av decided that it was my filters causing the problem as they had just installed the default Proxo and so I had to send the filters I use too...all the while I was sure Proxo had nothing to do with the updating problem as they learned when they installed my filters and had no trouble updating). Proxo with good filters will provide sufficient protection along with AMON and IMON for email if you really want that redundancy.
     
Thread Status:
Not open for further replies.