Hey guys, Do we really need webshields and email scanners? Or are they just a marketing ploy to get more customers?
This is how I look at it,
Turn Web Shield off.
Download Eicar test file. detected
Turn Web Shield on
Download eicar test file. detected
They are both being detected even while on one occasion the web shield is off, Why run another process since the resident detects it anyway?
This also applies for email scanners… They both work in pretty much the same way.
So far no body has been able to give me a solid answer. just yes or no, not the technical reasons why!
Note; I am not picking on Avast! alone, It’s a general question for all programs that use Web shields\email scanners.
As you say yourself on the COMODO forum, these features are included in avast! Home which is given away for free, so as a “marketing ploy” it very nearly approaches the ingenuity and cleverness of the Underpants Gnomes! “Step 1. Get underpants… step 3. Profit.”
Seriously, nearly all the replies there answer your question, especially this one from sded but your later comments indicate that you either didn’t understand or accept it.
You say you want only facts but on this issue there are none to be had. Your theory that web shields and email scanners offer no extra protection, however well supported by your experience, can only ever be considered to be a hypothesis. As such it is always possible that some equally valid subsequent experience could show it to be entirely or partly incorrect, meaning that it then must be rejected or modified.
Note:Absolute proof is usually impossible. It means proving a universal negative, which requires universal knowledge, which is not generally available.
e.g. It was once hypothesized that all swans are white, a useful working theory… which fell when the black swans were “discovered” in Australia. Maybe there are some green ones somewhere too! ???
Needless to say, as I write this I have the web shield, network shield and IMAP email scanning on. (Now that is a fact.)
Of course, this is just my opinion, but just because you say something in CAPITAL LETTERS, it doesn’t mean anybody is necessarily going to give two figs.
I had to use capital letters as people will just read half the question. I already explained that I was not angry, just wanted answers - After all this is a support forum.
Resident scans all new; Created, Modified and accessed - Such as when downloading the “eicar” as example, when the file is downloaded it is being accessed by a process, creating a new directory etc -which is being scanned by the resident.
Is that correct?
@Vlad, I am talking about AV"S in general - I said that I’m not picking on “JUST” avast!, It is probably (the) or one of the best free apps.
I use the Avast (Home) Web Shield - it is free and it has no adverse effects - so why not use it?
I do not use the Avast (or any other) Email Scanner. I used to use AVG 7.5 but that slowed incoming emails very significantly but, more importantly, I had to use ScanDisk almost every day (which worked) to fix my regular email corruption problems.
Like DavdR, I have used MailWasher (the free version in my case) for many years which has enabled me to delete any emails that are unsolicited or look prospectively damaging; since my incoming traffic is not heavy this is a quick process.
I would especially value DavidR’s opinion if, as is usual, he can find the time to comment.
You asked two questions. Regardless of the answer to the first question, if Avast were not to offer those facilities, when their competitors do, then doubtless they would lose market share and that would likely mean, for us, the withdrawal of their free product.
I have three products which “immediately” detect an eicar test. If I, or you, turn them all off, then eicar or any real infection would go undetected.
Vladimyr’s answer, based upon his vast knowledge and experience, was honest and to the point
I am interested in my own methods and level of effective protection and there was absolutely no point in starting a new thread when the vein, though not the generality, is similar to yours.
Yes. It’s the better balance having dedicated providers and reduced global sensitivity level. The ability of configuration is an advantage of avast.
avast is free for home users. The providers are available for both pro and home versions. Alwil company has a serious marketing program. Shortly: no, it’s not there to get more customers.
Thanks TECH, Can you please explain to me why? It’s not that I don’t believe you, It’s just I would much rather something to back it up than someones word.
So basically there are different “levels of security”, as an example level 5 is highest and 1 being the lowest,
Having different modules can allow the user to have the appropriate level of security based on the environment, so having level 5 may be great for browsing the net, while level 3 is a nice level for the on demand access for your computer.
Oh dear, any more of that and I’ll need a bigger hat! ;D
Kyle
Didm’t mean to seem angry. I do tend to go on a bit when I’m between tasks.
I’m serious about the answers being in the COMODO forum though.
Goose18 “I prefer having a webshield. Now I can’t into a huge technical reason why but I like Avast’s webshield because (correct me if wrong) It will detect the infection right when you click a link or start the download.”
sded
“The avast! email scanner is a proxy inline between your email client and the internet (via localhost). Not sure what you mean by being “the results from the main guard process”, which happens later, between your email client and the rest of the system. But agree, should be caught anyway-just a bit later.”
Remember ‘eicar.com’ is not a trojan or an encrypted polymorph. It’s a test file. It doesn’t matter at what point your AV catches it because it can’t do any harm. But a reall threat is best avoided at the first point of contact.
Vlad, Goose just gave his opinion, that’s no good to me I need some detailed reasons why, Please don’t bother to post in this thread in the future unless you have some facts you can provide as it’s taking up space from other readers and annoying to answer. AV’s uses a Global hook - so before it’s run it is scanned by the av, if it’s detected then ok, if not - it continues to run. So in other words (no security is 100%) ~99.9% will be scanned before it is allowed to run so that is no problem whether you have a REAL virus in as a .EXE from downloading or getting the .EXE from a USB, they are both scanned before being run.
I think that I’m on ‘Par’ with Tech, I’ll wait for his reply.
Well, that is not true - as somebody was trying to explain on the comodo forum.
If there’s a vulnerability somewhere (browser, e-mail client, whatever that’s already running) - the malicious code can be executed in this vulnerable process - without being saved to disk, without starting a new process. That’s the moment when e-mail or web scanner might save you.
Thank you Igor, So lets say “Internet Explorer” just an EXAMPLE.
You visit a nasty site, the malware finds a exploit, and uses IE to modify, steal etc etc what it wants without actually being on the disk? So the Webshield is scanning scripts?- not just files?
I’m not saying that it is always so, in most cases the files will be transferred through disk, but yes, it’s possible.
(A very nice example, even thought not exactly the case we are talking about, was the Slammer worm in 2003. It was never saved to disk, it existed only in a form of a malicious network packet or in memory - which is why quite a few people got confused when they were looking for a sample.)
I don’t know what exactly you mean by “files”. WebShield scans whatever is transferred through the HTTP protocol - webpages, scripts, but also downloaded executable files, etc.
I understand you Igor, thank you probably 1 of the first that has given me some decent answers lol
I should probably ask this on Comodo, I’ll ask here as well;
Edit::: CPF3 protects from script exploits etc, So a Webshield isn’t needed, for me?
"Web Shield is a unique feature of avast! that enables it to monitor and filter all HTTP traffic coming from the Web sites on the Internet. Since an increasing number of viruses (and other malware, such as adware, spyware and dialers) are being distributed via the World Wide Web, the need for an effective countermeasures has also increased. The Web Shield acts as a transparent HTTP proxy and is compatible with all major web browsers, including Microsoft Internet Explorer, FireFox, Mozilla and Opera.
Unlike most competitive solutions, Web Shield’s impact on browsing speed is almost negligible. This is because of a unique feature called “Intelligent Stream Scan” that lets the Web Shield module scan objects on-the-fly, without the need of caching them locally. Stream scanning is performed in operating memory only (without the necessity to flush the contents to disk), providing maximum possible throughput rates."
Thank you Vladimyr and Igor I had trouble finding that sort of information. This is handy for someone who doesn’t use a HIPS or a a watered down HIPS. Personally I am fine With out a webshield as I use CPf3 so that renders the cross scripting pretty safe (I know that nothing is 100%)
No. I’m trying to say that using the files scanner (Standard Shield) at High security level (or custom but scanning open/created/modified files) will use more resources to achieve some security level that could, thanks to avast configurability, achieved using less resources and dedicated providers. So the security level could be different to different parts of the system, optimizing the protection and the performance.
Don’t be so bitter…
imho, WebShield can’t be replaced by Comodo Defense+ (HIPS).
