There’s a good thread on another forum about Anti Virus products that feature network and/or web scanning vs Anti Virus products that do not have these features. One school of thought is that a good resident scanner will scan files as they access memory. If you download something it will sit in memory until downloaded and a good resident scanner will pick it up as it’s being downloaded. So people say a network scanner or web scanner is not necessary. Is this the case?
How exactly does Avast resident shield and other Anti Virus resident scanners work? Do they all scan memory access all of the time?
How is the network and web shield more effective than a good resident scanner?
I for one think the more layers involved in catching a malicious file, the better.
I’d say a resident scanner only detect the malware if it gets active - and to do that it already has to be on your computer.
if an antivirus-product has a webshield it can stop the malware before it gets into your computer (like avast does) and remove malware from your computer is always more difficult than just stop it from getting in…
in my opinion a resident scanner and a web- and net-shield always should work together to be most efficient.
but a webshield alone isn’t efficient enough, because malware can also get via USB-sticks to your computer, and so on…
i don’t know exactly how the resident shield of avast! works, but i think that (depending on the sensitivity in the settings) all files and programs which start or get opened are scanned for malware… additionally avast contains some behavioral techniques like monitoring how many e-mails are sent (to detect a spam-bot or something)…
a good combination of modules is always the best - exactly like avast! has it
I should have reworded my post a bit, I didn’t mean to imply using a web scanner instead of resident scanning(standard shield). I just want to know if the resident scanner would pick up malware while being downloaded because it sits in memory.
An AV web scanner uses a proxy to intercept files coming in from the web on port 80, and scans them before they get to your browser. Thus you can stop malware from downloading and getting into your browser cache. A resident scanner doesn’t see it until it is opened or stored, so it can sit in your browser cache until then, but the Standard Shield will then allow you to delete or quarantine it. From a security standpoint, they should be equivalent, but because of peculiarities of malware and anti-malware programs (and users) , might not be. Thus those with web scanners tout them, those without say they are unnecessary, security wonks say they should be equivalent. And then you get into not needing AVs at all because of HIPS and other interesting discussions. A layered approach is to get malware out as early as you can, and I have the Web Shield enabled on both Avast! and Online Armor. And then use the Standard Scanner and HIPS to beat on the rest, along with Prevx Edge as a behavior blocker. And then offline tools if something looks suspicious, and image backups just in case.
A layered approach is to get malware out as early as you can, and I have the Web Shield enabled on both Avast! and Online Armor. And then use the Standard Scanner and HIPS to beat on the rest, along with Prevx Edge as a behavior blocker. And then offline tools if something looks suspicious, and image backups just in case.