AV in your Browser

http://info.drweb.com/show/2653

If this works right and doesn’t slow anything down I really hope to see something like this added to avast! or at least avast! Pro

"Dr.Web in your browser — new free service of scanning for viruses!

Doctor Web, Ltd., the developer of the popular Dr.Web anti-virus, announces release of the new free service developed for users traveling on the World Wide Web with the help of Mozilla, Mozilla Firefox or MS Internet Explorer.

New free service by Doctor Web, Ltd. is designed as a plug-in, which scans for viruses and different kinds of malicious programs, such as dialers, spywares or adwares any link to a page before it is s opened, or any file before it is downloaded onto a computer with the most up-to-date version of the Dr.Web scanner and hot add-ons to the virus base, released twice per hour – no other antivirus company releases updates so often!

To scan a link or a file, you should neither to install the Dr.Web antivirus onto your computer, nor download the file you want to open or save — the scanning for viruses is done on the servers of the Global updating system of the Dr.Web antivirus. Depending on the size of the checked file, the scanning will be done in several seconds and then you can open the page or download the file and never fear of a virus attack."

Avast is already doing so (if you have Avast setup correctly), no need for a plugin or anything.

avast! already scans files before you download them? How do you make sure it’s setup right? I want to make sure mines setup right. :slight_smile:

Try to download eicar test file from www.eicar.org.
If you’ll see a virus dialog with “Abort connection” button, it has been caught by the WebShield provider.

This seems to be the same of WebShield provider of avast!

This not… Dr.Web seems to be scanning at their server, like a server proxy… ?
avast! scans the download traffic in your computer, local proxy.

Start by reading the avast help file, avast! - help: resident protection - Web Shield - Provider Settings.

You can also check and see if the Scanned Count is increasing on the detailed view of the Web Shield provider.

Not to mention the check Igor mentioned:
Web Shield Test
http://www.eicar.org/download/eicar.com

I check out this Dr. Web extension for firefox. It takes a quite a while to scan the links plus it’s not really like WebShield cause you have to manually scan the link by right clicking it. It scan scripts too which is good. :slight_smile:

Hi FIXER,

I tried the plug-in for Firefox, it is not slow at all, does not interfere with the resident AV scanner, which in my case is AVAST,
it scans scripts OK, and I like it to pre-scan from the search-engine result list to see whether the link is “kosher”. I think it is a good extra security addition, as it does not interfere. And update frequency with the best.

greets,

polonus

Hey polonus, I install the extension again and you’re right, it’s not really slow. I must be sleepy or something.
I think I’ll keep Dr.Web Extension for Firefox for a while. :slight_smile:

I’m using it too now. it’s already 10 minutes I have it. Seems to be nice plug-in for my Foxie as it’s not resident, scans link only the you need it and it uses nothing from my PC (I mean definitions or other typical on-line AV’s stuff). I think it’s very handfull thing as it’s easy to use (only one right click on mouse) and it’s really fast. At the moment. Is hard to say how it will work on high loads… :-\

Also a good way of tracking web site usage, or am I just a cynic

Hello Essexboy,

Why always see the dark site of something. If you trust google with all your webcontent and acceleration of all your data if you have it, and desktop searching, this information can be used against YOU, even all that you have published HERE, will be in the hands of Google. No one seems to bother it sits on this gigantic privacy bomb. Dr.Web is a respectable antivirus product, and when it scans your links to be safe, you think it is back tracking. You don’t feed it all of your computer. Besides all your links are checked by marketeers anyway with webbugs. No I think for me it is a desirable functionality, and if they find something they know where the web is unsafe. That they do an exploration of where the malware hides, I think that is a good thing, and if asked I would cooperate. Also if it is closing more of my vulnerabilty window.

polonus

I have no problem there, I know that there is probably no way to backtrack to your system unless you use a static ip. But my thought was that it would be a good earner for this company to give site visit statistics, which in a way would pay for the av. And as for seeing the dark side…May the force be with you ;D

Hello essexboy,

Well that is why this is a good service, it is a bit like with mailwasher but than for AV and from a distance (St.Petersburg based and there global update servers), another factor is their terrific update rate of 2 hours (now we know how “they” do that), using heuristics is a two-sided sword we know, but it is not on our machine and that is safer. Normal online scanning and RAV online scan is so honest to state this openly is a privacy danger for confidential files because it takes place via non-secured connections, so they can take no responsibilty as what could happen with the content of the files you update. With plug-in link scanning on global update servers that risk is non-existing.
While e-mail can be made safe at provider level, web browsing is the main risk to be infected with malware. To be able to pre-scan a link and then load it after it seems OK is a bit more secure anyway. Thanks to the “Pitriski” (meaning those from St.Petersburg (sprytni ludzi z Petersburga).

greets,

polonus

That´s cool! :slight_smile:
I don´t know that this is possible.

But there is a probably security risk in avast!
I try to download there the file via SSL secure connection and avast don´t show the risk, no attention … nothing. I save it.
Only when I (for example a zip file) open it and open the file in it oder save it, there was a message from avast.

And a other problem:
Try to download the .txt file via SSL https connection and save it. Nothing. Than try to open it with a double click (= editor). Nothing! First a attention message pops up when I try to rename it from .com.txt to .com.
That´t not really bad because a file in a archiv or as a text file is not really a risc.

But what is with this double-extensions as attachments on emails?
If I remember correctly there where be a bug in the past in Outlook (or Outlook Express) that it not show right files with a double extension and if you made a double click on it, it was opened for it´s real extension. maybe a .com.txt file was shown as .txt file, but it could be open as a .com file.
What is with this risc?

I now make a little test.
I deactivate avast and send myself a email with this double extension file on a mailbox where I can download Files via ssl.
And than I´m really interested in what avast do! :slight_smile:
I will report it in a few minutes.
I guess it only “cries” when I try to open it with a double click out of the mailbox.

In this combination a other question:
It there any virus/worm/trojan (or whatever) known which can kill the avast process so that nothing will be scanned and the virus can spreading in the system!?

It’s not a bug, it’s normal and perfect.
If avast! can scan a SSL connection, i.e., break the encryption, so all other guys in Internet could break your connection to your bank and stole your passwords, etc. SSL connections are made to be private, unscanable… 8)

You must read about eicar.com and it’s behavior… Seems perfectly normal what is happening in your computer.

Something like
filename.exe.doc or filename.vbs.txt

Being infected by the real .exe or .vbs file, for instance.

Sure there is. Just search the board. You’ll see that is almost possible to do anything when you’re the administrator in a computer.

Hmm ok …

I must admit that I have nothing to say … :wink:

With this SSL Connection you are surely right!
That´s was also where I´m thinking for and that avast can´t scan the webstream itself is right, too … otherwise it would be a security risc, but I thought avast can scan it, because the ssl stream ends on my computer (not elswhere in the net) and so here it is still decrypted.
But than avast (I think) have to be a art of plugin in the webbrowser to scan it, after the browser decryted it and before it load it … right? And thats a little bit difficult I think!?

You must read about eicar.com and it's behavior... Seems perfectly normal what is happening in your computer.
ok ... ! :D Than i will be quite!

My interest is still satisfied for today … :slight_smile:

I think (maybe I’m wrong) that will be impossible.

Web > Web Shield > Browser > Standard Shield
All data is first checked and then passed to the browser, and if the data is cached it can be also checked by Standard Shield.
So there is much smaller chance of getting infected by some exploit if the data is scanned before it actually hits the browser itself. In other words, the idea of the web shield is to scan the http stream, to detect any possible virus infection before it has time to get established on the local disk.
The plugin will work as the Standard Shield… just after the file is saved…

Sorry, it was not my intention to be rude.

Actually, it is possible for a local proxy to filter https/ssl.

Those familiar with the Proxomitron will know what I mean. This page has some information on implementation.

Needless to say, I can’t conjecture on exactly how this could be implemented in avast. However, inasmuch as, from my understanding, avast is here functioning as a local proxy, it seems possible.

The acceptance of certificates is undertaken by the proxy (in our hypothetical case, by avast), and the certificate sent to the browser, using the model in the link, would belong to avast.

I don’t see any real security issues involved in such a setup, provided it is implemented correctly.

Maybe I’m wrong, as I’m not an expert on it. But, I think one thing is redirecting https/ssl traffic and other, completely different, is scanning this traffic, reading the ‘code’, the informations passing through. Proxomitron (and any other annonimizer application) and other proxy filters just redirect the traffic but does not analyse it.