???
This is a very good question for which I have no answer at the moment.
Maybe the Avast Team will jump in on this one.
The Web Shield monitors and filters all HTTP traffic coming from the Web sites on the Internet for an increasing number of viruses (and other malware, such as adware, spyware and dialers).
The only way I can think of to test it, is to go to a site known to download “crap”
If you have Adaware or Spybot, look in their data list for a site and try it.
Try downloading the Eicar test virus at http://www.eicar.org/anti_virus_test_file.htm and watch avast! light up. Or anything from one of the warez/crackz type sites if you are confident.
Webshield is a nice addition to Avast. I’m still using CA Etrust though. For some reason I like the dull simplicity of it. :-X And my WinXP volume icon is back. That is a bug with WinXP though. I’m obssessed with that volume icon in the taskbar. If I install software and the icon disappears because of it then I normally uninstall the software and the the icon returns. If the new software is not compatible with the volume icon in the taskbar then out goes the new software. Like I said, I’m obssessed with the volume icon. I can stare it for hours on end.
Is this what you’re talking about: http://support.microsoft.com/kb/279435/EN-US/ ?
The icon is cool but - are you joking? You can stare at it for hours? ;D
Aye matey! Dat be da one!
There’s a bug in WinXP where the volume icon is concerned. The icon is not set to show in the taskbar on startup but if you select it to do so, in some cases, you may have a problem with it disappearing entirely. The web is full of posts with XP users complaining about their volume icon disappearing to no avail.
I think I will keep Avast! on my Win98 machine until my subscription runs out on Etrust at which point I’ll migrate Avast! to my WinXP machine. I hate to dump Avast! entirely just because of my obssession with the the WinXP volume icon in the taskbar. I do love that icon.
Click here to download the eicar test…
If nothing happens, well, your WebShield is not well configurated :-\
Hey Technical et al, any AV program will alarm on that EICAR test file. What would be cool is a website to test the effectiveness of the “webshield” for what it is designed to prevent or protect against. Seems Awil should already have a test web page with harmless stuff on there to sound off the webshield sonar. Going around looking for dangerous web pages just to test the webshield is a little dangerous. But, what else are pirates for?
I’ve tested myself four or five times… Infected files (downloaded) were on my Chest, they would not even saved in my HD (like it should be) 8)
Still want a comprehensive web page to test the webshield. “My kingdom for a horse.”
I turned off my firewall on machine where i run web server and there was not 5 minutes when avast web shield anwser…
Best way to test Web Shield is to download ZIP version of EICAR. You can also try with double zipped EICAR. These files are normally not detected by avast! with disabled Web Shield.
You know what? That doesn’t make any sense since any other anti-virus program should sound off to an EICAR file with or without a so-called “webshield.” I am beginning to think most users don’t even understand what the developers meant by adding on the new “webshield” provider. Every test I was recommended in this thread would be caught by any standard resident shield on any AV program.
And what does this mean…" I turned off my firewall on machine where i run web server and there was not 5 minutes when avast web shield answer…" Why would you stop halfway through the detail? I’m not going to fill in the blanks.
I’m sure the webshield works like it is intended to do but I’m not getting any satisfaction on testing it out because there is nothing to test with. I guess I will keep an eye out for a published review or something.
Year ago I used a version of PC-illin that had a so-called “webshield” and it worked fine but you never new it because there was really no way to test it. It just kept a vigil for what it would consider hostile scripts.
The Avast webshield has to be something above and beyond basic in the wild virus protection. It scans html and such while your viewing the page your pointing at.
From the Avast website:
Web Shield
The main highlight of avast 4.6 is undoubtly the new avast! on-access scanning provider - Web Shield. It is able to monitor and filter all HTTP traffic coming from the Web sites on the Internet. Since an increasing number of viruses (and other malware, such as adware, spyware and dialers) are being distributed via the World Wide Web, the need for an effective countermeasures has also increased. The Web Shield acts as a transparent HTTP proxy and is compatible with all major web browsers, including Microsoft Internet Explorer, FireFox, Mozilla and Opera.
Unlike most competitive solutions, the Web Shield’s impact on browsing speed is almost negligible. This is because of a unique feature called “Intelligent Stream Scan” that lets the Web Shield module scan objects on-the-fly, without the need of caching them locally. Stream scanning is performed in operating memory only (without the necessity to flush the contents to disk), providing maximum possible throughput rates.
You know what? That doesn't make any sense since any other anti-virus program should sound off to an EICAR file with or without a so-called "webshield."
That is the only way. Do you think a normal user has access to viruses or even wants to be connected to them? One single infection and I consider doing a reformat!!!
You can see after doing that test that it is indeed WebShield and not the Standard shield that grabs the virus first before it reaches your browser.
And what does this mean..." I turned off my firewall on machine where i run web server and there was not 5 minutes when avast web shield answer..."
This is not a case of a virusinfection warning or webshield I think. It was another Avast component called ‘Network Shield’ that is not a virusscanner. Useful to have to remind that your firewall is not doing it’s job.
What’s the point of the webshield if a basic standard shield is enough protection? That would amount to wasting resources on the machine. Not with redundant protection but duplicate protection. Just call one a standard resident shield and the other webshield? No, I still believe the developers have something else in mind where the webshield provider is concerned and I’m sure there are ways to test it. Just like there are ways to test a firewall.
Web Shield checks all HTTP traffic including archived files (most common web infectors are JAR archives with payload). This is very useful for content that is not cached,but rendered directly. Standard On-Access providers of many antiviruses simply don’t scan archives because they make way too high overhead. Web Shield avoids this issue and scans only the most important data that is transmitted from the web.
Such files are those JAR (JS) that i mentioned before and JPEG exploited images.
The main difference between Web Shield and Standard Shield is this:
Standard Shield example
Web → Browser → Standard Shield
(data is scanned when it’s already passed through browser)
Standard Shield example
Web → Web Shield → Browser → Standard Shield
Now do you see the differene? All data is fist checked and then passed to Browser,and if the data is cached it can be also checked by Standard Shield.
So there is much smaller chance of getting infected by some exploit if the data is scanned before it actually hits the browser itself.
The idea of the web shield is to scan the http stream, to detect any possible virus infection before it has time to get established on the HDD.
Rather than wait until it has downloaded and placed itself in one of the windows system folders, created a registry entry, etc. etc. This is mainly due to people browsing the web with administrator privileges which allows the virus the same priviliges.
Prevention has got to be beter than cure.
When you attempt to download the eicar.com test file it should be picked up by the web shield and it offers the option to abort the connection (just that item being downloaded, not the dial-up or broadband connection). Doing that stops it in its tracks, it doesn’t get on your HDD, so there is a way to test web shield by clicking on the link that Technical gave you.
I can confirm the two previous posts: before Webshield I used to get a lot of exploits and Trojans in my Java cache. AVG used to detect them during a system scan, and avast! 4.5 would sometimes detect them when they had passed through the browser and into the Java cache on the hard disk.
Now with avast! 4.6 and webshield, this malware is intercepted before it has a chance to get on my hard disk. (As a previous post said, before it even reaches the browser).
All this malware was not dangerous anyway, because it was designed to attack the Microsoft Virtual Machine, and doesn’t affect the Java Run Time environment. But I think this is a valid real-world test of Webshield: it blocked malware which could have installed a Trojan on a system with an old version of IE vulnerable to this exploit.
Of course the real test of Webshield will be when a new browser or browser plug-in security vulnerability gives rise to a new malware attack: if the Webshield definitions are updated quickly enough and it manages to block the new malware before security updates have been issed, that’ll be a real success.
Will Webshield block the Java applet Trojan currently targeting alternative browsers?
That would be an interesting test. (The Trojan relies on users clicking ‘yes’ to a Java applet despite security warnings.)
http://www.edbott.com/weblog/archives/000562.html
http://www.f-secure.com/v-descs/openstream_t.shtml
Could WebShield be based on Heuristics and not only on signatures?