Do you really need a Webshield?/Email scanner?

Why? I don’t want an opinion, I would like some facts\proof that you benefit from having a web shield\email scanner.

What makes you any safer from using a webshield/email scanner?

Isn’t it obvious? Viruses are commonly found in email and unknown files, etc. So you still will need that area of detection for the average user in this world.


Josh, Why do I need a Webshield? All the webshield is doing is scanning the file in a TEMP folder, that the on access scans anyway.

Using webshields\email scanners aren’t scanning it " In the air" it’s being done on your pc.

Hey I’m not trying to be rude, I would just like something to back it up, All you have told me is that “Yes Webshields are needed” Whats the reason for this? I’ve tested with a webshield on and off, email on and off and they still detect the viruses.

Oh… Sorry I was only giving an over all opinion.

I’ll get back later… all friends… (:HUG)


Thanks mate, We are all told that web shields are good, but why?

I do not know the answer, how ever I can’t see how it is worth having when the on access detects the infection anyway.

You know… somebody should try and go onto Avast Forums and AVG forums and Avira forums and ask them that exact question “Are webshields really needed?” Would be interesting to see if they all answered the same or what they would say :slight_smile:

It would be interesting to see what they would have to say… But would they tell you the truth? What would be good if someone that has knowledge of AV"S came here and explained to us whether a WEB shield actually does have any security gains - Someone like Egeman or Melih, because they have free products so they have no reason to lie to us.

Edit:: If anyone has an AVAST! or AVG account… Feel free to ask their forums! Remember, No opinions - Just facts

Whether you feel the need for it remains a personal choice, browse with Sandboxie & right click scan any dubious emails from unknown or unwanted sources and you’ve pretty well eliminated any need for a semblance of a web shield or email scanner either of which will only contribute to supplementary resource usage anyway.

Xman (:KWL)

If you want to have a look here: Do you really need a Webshield/Email scanner?

I will post any interesting feed back I get on this comodo thread!

errr sorry, but didn’t you use too many “!” on their forum? 88)
ppl will think you’re angry :stuck_out_tongue:
just yes or no, not the technical reasons why!
i see dead ppl!

oh i made up the last one ;D

i post this before. this is 1 scenario about the email scanner. but i don’t remember exactly if it’s true since i don’t have email scanner right now.
sometimes i just need to forward the email to someone else (i don’t read or open the attachment).
if i don’t have an email scanner, the AV will kicks in only if i open the attachment. so if i just fwd the email, the virus will let off 88)

not much of a function, we prevent others for being infected :stuck_out_tongue:

Are you sure about than Ganda? :wink: As soon as it touches your pc it will scan it, It isn’t allowed to be accessed or modified etc until it’s scanned.

Edit: !!! !!! !!! !!!

[quote author=Kyle link=topic=26466.msg193263#msg193263 date=1219997029]
Are you sure about than Ganda? :wink: As soon as it touches your pc it will scan it,
really ??? i’m talking about a .zip attachment. the AV won’t do anything til you double click the file :stuck_out_tongue:

anyway, it’s not really important.
beside, every major email provider has their own AV. like yahoo with norton, and Gmail won’t even let you attach any executable file.

I’m surprised no-one mentioned this.

Malformed scripts/html attacks, these work for both email and www.

the webshield should analyse every page you download for exploits before feeding them to your browser. As these exploits require no execution and this do not have a .exe or a signature both the firewall and the av will have a tough time catching them

For this a web\email shield is needed.

Another examples is that emails/websites that contain webbugs.

Also some virusses hide in files that are exluded from most av’s

So, Script and HTML attacks.

Thank you very much Tetsuo55 :slight_smile:

If anyone has more info please pass it on

Edit: I found this on WIKI,

Install malware on a computer by exploiting code injection vulnerabilities in a web browser or its plugins when the user visits a malicious site.
^ is this what you are referring to? Because if it is, The modifying/access of that file would be scanned in real time.

Please explain to me how the Malformed scripts work, not familiar with them.

What you described is one of the possible attacks, and the most common.

Another possibilty would be that the malformed line of code could change access rights from limited to admin (google an exploit named “how to impress your girl vista” or something).

A more interesting attack would be one where the malformed code would trigger a behavioural difference, for example it could cause the browser to send out all the passwords stored in its pass-manager at the next ENTER button press after typing in an URL, the application would not be modified on a file level, just a variable would change, this is not something comodo can block because the application is changing itself not another application

Comodo is only going to pop up if browser attacks another process or if it starts exhibiting new behaviour. changed behaviour goes unnoticed.

(Last section is all theoretical, these attacks would be very advanced and easy to patch against)

Thank you Tetsuo much appreciated :slight_smile: I understand you 100%.

It would be nice if Comodo cause prevent this sort of attack :slight_smile:
Maybe you could let them know :wink:

I already gave Melih a few examples.

I have a ultra-paranoia hypthetical theory that imho comodo could use as their starting point for re-designing an upcoming version of comodo firewall/hips/av combo.

I will post it later (its huge) but what i basically boils down to is:

“assume everything(hard-\soft-ware) is vulnerable to attack(has exploitable bugs)” “The software should protect them ALL, for the hardware parts which the software cannot protect a hardware solution should be found”

the only downside is that the same theory also states that the firewall software and hardware will also have explotaible bugs in them(its still better to have 1 exploitable attack vector than an unlimited number of them though)

Alright thanks Tetsuo, I like your idea - Can you send me it VIA PM so we are not going off topic here :slight_smile:

From TECH;

I’m trying to say that using the files scanner (Standard Shield) at High security level (or custom but scanning open/created/modified files) will use more resources to achieve some security level that could, thanks to avast configurability, achieved using less resources and dedicated providers. So the security level could be different to different parts of the system, optimizing the protection and the performance.

imho, WebShield can’t be replaced by Comodo Defense+ (HIPS).

"Web Shield is a unique feature of avast! that enables it to monitor and filter all HTTP traffic coming from the Web sites on the Internet. Since an increasing number of viruses (and other malware, such as adware, spyware and dialers) are being distributed via the World Wide Web, the need for an effective countermeasures has also increased. The Web Shield acts as a transparent HTTP proxy and is compatible with all major web browsers, including Microsoft Internet Explorer, FireFox, Mozilla and Opera.

Unlike most competitive solutions, Web Shield’s impact on browsing speed is almost negligible. This is because of a unique feature called “Intelligent Stream Scan” that lets the Web Shield module scan objects on-the-fly, without the need of caching them locally. Stream scanning is performed in operating memory only (without the necessity to flush the contents to disk), providing maximum possible throughput rates."

(A very nice example, even thought not exactly the case we are talking about, was the Slammer worm in 2003. It was never saved to disk, it existed only in a form of a malicious network packet or in memory - which is why quite a few people got confused when they were looking for a sample.)

They are some of the answers that I have been able to get from avast!