Winsock Question

I once read a post here from a person who used to use NOD and doesn't anymore, that they didn't like an AV that scanned e-mail at the winsock level. I can't remember their reasoning, it's been a while. Being somewhat of a noobie to NOD32, can someone explain what the advantage, or the disadvantage if there is one, of scanning e-mail at the winsock level compaired to the way most AVs scan e-mail.

 

At the Wisock-level, the AV scanner has access to all communication, including Web. A Pop-scanner proxy will just scan e-mail.

Not so much an answer about the Winsock level, but more of what purpose does a mail scanner play (cause I think people worry about them TOO much. Mine's enabled, mind you ).... any mail or internet scanner is really a "nice to have" not a "need to have," more like an early warning system. The resident should catch it as well since that's its job and it is working off the same engine, heuristics, whatever.... The main idea is to keep the nasties on the other side of the fence form your system, to keep them from ever getting to you. Conversely, if the resident engine or heuristic or whatever doesn't recognize the nasty, neither will your scanners! So things like encrypted mail or other encrypted communications can't be scanned (after all, the whole purpose is to keep from being able to read the message and its contents), but the resident porttion of the AV will still protect you after it is decrypted.

 

Thank you for the explanation Atangle.