#1 How does avast scan a download, as it is being downloaded, and kill the download if malware is detected?
#2 WHY does avast scan a download, as it is being downloaded, and kill the download if malware is detected?
Please explain so a child can understand.
I have a Rocket Scientist that can’t comprehend the hows and whys of an AV.
Thanks in advance!
David
How, by use of a proxy, an intercept on http port 80 traffic (so only those downloads using the http protocol and port 80 will be intercepted) if an infected file of element it detected avast alerts and aborts the download so it doesn’t get on to your system).
Why, because prevention is better than cure and intercept that stops it getting on your system is much better and probably easier to remove/deal with.
Thank You DavidR!
This also applies to IM and P2P, right?
The same principals apply to the resident shields that use a proxy and for me that is the Web Shield and Internet Mail, I don’t use IM or P2P applications so I don’t know much about their inner workings.
The Instant Messaging provider avoids this kind of infection. It monitors the folder where the received and sent files are stored. Whenever the content of the folder changes (a new file appears, a file is modified, etc.), avast! immediately performs a scan.
So from this no it doesn't apply to the Instant Messaging provider because it isn't scanning before they arrive on your HDD.
I assume this is the same for P2P applications.
The how is different for the P2P & IM providers. There are no standards for P2P and IM transmissions so avast cannot detect in transmission. Avast determines those from the process name and scans the files written by the selected processes.
Well, there is a certain file via P2P that I occasionaly use for demonstration purposes. A little over 1100KB in size, it has an SDBot in it. It usually makes it to about 90K and avast kills it.
Works for me!
Thanks people!
David
Your welcome.
The principal of P2P as far as my understanding (limited as it is), is that it downloads multiple parts and then it is all cobbled together at the end so avast must be scanning the parts as they are downloaded to the area and detected when the part is created.