A Webshield can’t replace Defense+ of CFP 3 because it’s only based on detection technologies!!
CFP v3 prevents 99% of all malware. But you will still need a web shield if you execute unknown/untrustworthy apps. If your a safe browser user, you don’t just download or surf everything and anything, then CFP 3 will be pretty much all you need regarding WEB SHIELD (The Average user will need an Web Shield for example, but me? I am well above average! :)). Defense+ is such a great HIPS and I am very excited when new technologies get integrated into Defense+ to make it Defense++++++++ in the next few months.
All good mate. I’m going to movies tomorrow with friends too! In all honesty, The Average user would need an AV (Web Shield, Email Scanner), Because that Average user is likely to open unknown email attachments, browse unknown/untrustworthy sites, Download of unknown/untrustworthy sites, etc (And for example wouldn’t have CFP 3 installed, or maybe they do… But won’t take a bit of time to configure it.)
A above average user (experienced) Like my self for example, Wouldn’t need an AV (Web Shield/Email Scanner… Same Scenario), Because CFP3 (And D+) Prevents 99% off all malware anyway, uknown or known, Where AV’s find it SOOO HARD to catch unknown viruses, etc due to only using there DETECTION technologies while CFP 3 uses PREVENTION, This is why prevention is the first line of Defense!
I create policies for my safe applications on my PC. Eg: Firefox Web browser, SUPERAntispyware Trusted application, etc. I then don’t see any pop ups unless a malware pop ups and I simply click block and that malware is history. Defense+ is SO POWERFUL and Comodo have done a great job on it. People complain because they don’t know better IMO.
You can copy this to Melih too if you wish. And see what he thinks I am sure he will agree with me. But Really? Webshield/Email Scanner/AV or whatever is based on 20 yr old techology. AV’s can only catch a subset or viruses, you can use every web shield or AV under the sun, and still get infected. Because AV’s don’t use Prevention.
Cheers,
Josh
I learnt alot from Melih over the past year and a half!! I look up to him as a great CEO with a company with so much potential… So Thanks Melih. God bless you…
IF, the av vendor is merely applying file scanning technique straight to other mediums like email or web traffic then there isn’t much point. However, above Igor made a good and valid point about in memory malware and used this as a reason to (I assume) apply the same scanning to web traffic as they do file scanning. Of course the other alternative method would be to check the memory for malware rather than web traffic (BOClean anyone ;)) against these kind of attacks.
The email and web based components, imo, must offer a different kind of detection techniques that the file AV scanner doesn’t offer. Then it will have a value. Otherwise the value is very limited.
you download a file … goes on your computer… you create it/read it/write it… your AV Program Has Scanned it while doing these actions…
ok WITH WEBSHIELD
You click a link… webshield scans it while it downloads… goes on your computer … you read it/create it/ write it… your AV Program Has Scanned it while doing these actions
I say it’s not needed…
Just more security for those whom are paranoid…
Kyle, thanks for pursuing this topic. I posted a similar question about the web shield (along with other questions) at two forums by AV SW publishers:
No one answered my questions about the risks of disabling the web shield. By the way, I did learn in my post in the COMODO forum that CFP will alert even with a web shield proxy.
This weekend, I plan to install Avira AntiVir Premium. The free Avira doesn’t protect against spyware, so I would buy the Premium SW, regardless of whether I enable the WebGuard and MailGuard components.
Here is what the manual says about AntiVir WebGuard: “When surfing the internet, you are using your web browser to request data from a web server. The data transferred from the web server (HTML files, script and image files, Flash files, video and music streams, etc) will normally be moved directly into the browser cache for display in the web browser, meaning that an on-access scan as performed by AntiVir Guard is not possible. This could allow viruses and unwanted programs to access your computer system. WebGuard is what is known as an HTTP proxy which monitors the ports used for data transfer (80, 8080, 3128) and checks the transferred data for viruses and unwanted programs. Depending on the configuration, the program may process the affected files automatically or prompt the user for a specific action.”
Since I have many non-computer-savvy family members sending emails to my PC, and since I share this PC with my somewhat-computer-savvy wife, I value security that protects against any email or any web site.
I use Mozilla Thunderbird for my email client, which stores all emails in one folder in one file. It could be that the on-access AV scanner doesn’t scan writes to files – only reads. So MailGuard would let us know a mail is suspect before opening it, so we could avoid opening it or forwarding it. MailGuard may catch mal-formed HTML that is a problem for MS Outlook but not for Thunderbird, preventing us from forwarding it to Outlook users.
As for the WebGuard, I read in forums that it significantly slows down web browsing and wastes memory+CPU, so I intend to disable it unless I hear of a risk scenario that is not handled by the combination of hardware firewall, Firefox, Adblock Plus add-on, CFP with Defense+, COMODO Memory Firewall, Avira AntiVir Premium on-access scanner and the latest version of Firefox plug-ins (Java, Flash Player, Adobe Reader, Shockwave, QuickTime, Real Player). Avira’s WebGuard has an optional feature of blocking phishing and attack web sites, but Firefox has this already, and I prefer to keep all web site exception settings in Firefox.
Can anyone think of a risk scenario with disabling WebGuard in my setup?
Well I can answer you this, That the on access scanner will scan every read and write on your computer, So It won’t exclude your email files from scanning.
It says that the webshield will stop unwanted programs\viruses on your computer, You can cross that out because it is scanned by the on access scanner.
I see that your a fairly safe surfer from your AVIRA post (I read all of it) So really… You have a very small chance of actually being exploited…
Your said you are using or plan on using memory firewall\BOCLEAN so it sounds fine to me if your a safe surfer.
The only real problem is the HTML code and scripts. And I think the most it could do it mess with your browser or redirect you to other sites or steal info from your browser.
If I worked for an AV company, I would make my product provide good protection against common applications, such as MS Outlook, IE and MS Word, which utilize macros, VBS and Active-X that provide access to the OS. So I understand why Avira includes their MailGuard and WebGuard components.
Mozilla Thunderbird, Mozilla Firefox, Star Office and OpenOffice.org do not support macros, VBS and Active-X, so they are much less vulnerable to script attacks. The Mozilla apps support JavaScript natively and Java, Flash, Shockwave, Adobe Reader, Real Player, QuickTime and Windows Media Player through plug-ins. My understanding is that JavaScript, Java, Flash and Shockwave are sandboxed programming environments; while the others simply decode video and audio data. The only way to access the OS through these interfaces is through bugs/vulnerabilities. The most common vulnerability is buffer overflow, but Comodo Memory Firewall handles this. Mozilla and the companies publishing the plug-ins are quite vigilant about updates to avoid vulnerabilities.
I suggest that MailGuard and WebGuard are unnecessary for systems with all of the following characteristics:
MS Office not installed
IE used for Windows Update and a selected sites that only work with IE (1 for me)
Outlook Express not used
Mail client, web browser and office apps don’t support VBS, Active-X or macros with OS access
Comodo Memory Firewall installed
Comodo Firewall Pro installed with Defense+ active
Automatic or weekly update checks for plug-ins
To further improve the prevention aspect of security, I use the following:
Firefox JavaScript advanced options disallow all potentially malicious behavior
Firefox warns about suspected attack and phishing sites
The AdBlock Plus add-on blocks a significant portion of malware by blocking ads.
Thunderbird does not download remote images by default
My ISP blocks viruses and spam
MS Windows Media Player is not associated with any extensions or web content.
Adobe Flash Player is configured to not allow local storage for sites.
Firefox clears private data when closing
I realize that this post contradicts my earlier position on the MailGuard. I realized that we always preview mail attachments before forwarding a mail, so the on-access scanner would catch malware then. My present plan is to not install the MailGuard and WebGuard components when I install Avira AntiVir Premium tomorrow.
I would appreciate comments from others that suggest security holes that I didn’t think of. Especially interesting is web content in RAM that is not written to disk.
I’ve Avira webguard installed on one computer and not on the other. When I tested the eicar malware file on both computers, I found that the computer without Avira webguard was not able to prevent the execution of eicar in a text file format: http://www.eicar.org/download/eicar.com.txt
I’m not sure how this is relevant in terms of security and protection against malwares because such a string of text seems to be quite harmless if it’s only being displayed in the browser window. On the other hand, the computer with webguard installed managed to block the entire page.
The only disadvantage that I found with webguard is that it slowed down the internet speed significantly especially when I was browsing in several windows/tabs simultaneously. I suspected webguard may not be robust enough to handle too many simultaneous scanning across many sites at any given time.
Supposedly if I disable webguard, could any other program protect me against this kind of malware in txt form but wouldn’t slow down my Internet speed? Is it really necessary for me to have this kind of protection?
Thanks for your explanation. Does that mean any malware file which is not saved onto the harddisk is harmless? If so, I guess there’s no point for webguard to block the page altogether and I can safely uninstall that feature.
Hello Hippo, Well the File scanning part of webshield is useless. It depends on what other features the web guard has, if\how it scans for malicious scripts and exploits on web pages etc. If you get the time, page 3-4 are good pages to read.
Oh NO! I tried exactly as suggested AND my Antivir premium didn’t pick it up. I waited and finally decided to do a manual scan on the .txt file and only then the antivirus detected the malware.
Webguard ON: detection of eicar malware upon clicking on the links, access had been denied.
Webguard OFF: no detection and the zipped files were being downloaded happily. Moreover, I could open the zip files without invoking any alert provided that I don’t execute eicar.com inside the zip.
Is it because of my antivirus configuration or I’ve overestimated the power of real-time protection? :THNK
For now I guess I’ll leave my webguard on… even though I’ll have to compromise on the internet speed then.
p/s: I had tried my very best to read through page 3 and 4. But as a network security newbie, I can’t say I understand them fully, hehe. I’m still google-ing for webpages with malicious scripts to see if there’s a more pronounce difference between having webguard ON and OFF, please let me know if anyone knows such websites. I don’t mind reformatting if something screws up my computer.
Lol It’s ok, It will just be your CONFIG, Do you have Archives for on access scanning? archives =ZIPS etc.
Also that’s another argument whether or not to scan archives… But in theory archives them selfs cannot cause damage, only the contents = and they have to be extracted.
I installed Avira AntiVir Premium today. I did not install the MailGuard or WebGuard components. I configured \Guard\Scan as follows: Scan mode=“Scan when reading and writing”, check “Scan archive”, Files=“All files”.
Avira allowed the page http://www.eicar.org/anti_virus_test_file.htm to display in Firefox, but Avira prevented Firefox from downloading each of the four test files on that page. Thanks Avira!
And thanks to Kyle for helping us understand that MailGuard and WebGuard are unnecessary!
Yeah, thanks to Kyle, now I know what’s wrong with my configuration. However, my webguard is still on as I don’t want to give any chance to potential exploits, not even displaying text on my screen, hehe.
Anyway, I hope that when CIS is up for public, I don’t have to come back to Avira anymore, though I’ll give Avira a thumb up too.
Well Melih just explained why CIS doesn’t have an Email Scanner or Webshield, etc:
no plugins for emails etc... but if its just doing file scan then you don't need it as you have on access. Anything that hits your HD will be checked. And soon we will have the in-memory scanner in cav3, so you can catch in memory malware too that doesn't hit your hd. So the point is: no point in adding yet another scanning burden on email for a file if you have on access and in memory scanning, cos malware has to hit either one.
