I really have no idea.
So doesn’t matter what, getting the Professional edition with Script Blocker seems will get you on the safe side.
But, for those Avast Home users before their upgrade to the Professional edition, any comment on the remarks from this page?
http://www.velocityreviews.com/forums/t306748-avast-questions.html
Script blocking is a good thing to have in a layered defense - Microsoft
AntiSpyware does this too. I’m not sure whether having two script blockers
running simultaneously is a good idea, so this would be redundant for me. If
you don’t use MSAS, and if you run IE without IE-SpyAd, script blocking could be
very protective.
<<
Believing posts from 06-27-2005 are like being in a coma for 4 years and after awakening asking if you have missed much.
I think you are suffering from a terrible affliction:
http://redwing.hutman.net/~mreed/warriorshtm/ferouscranus.htm
If the two script blockers work similarly (that is, scan the scripts for virus signatures), then it migth be redundant. However, some script blockers (I mean more “browser-” than antivirus- oriented) may work differently (I don’t know… blocking according to the script origin, things like that)… it may bring something new… and get you another protection layer.
But I admit I personally didn’t try to run another script blocker side-by-side, so I don’t know if any conflicts might occur.
igor, what I was trying to say in a round about way was that these are the ramblings of a troll and I am guilty of being a particular type of troll.
Please read the Home page:
http://redwing.hutman.net/~mreed/index.htm
My persona but watch out if I have a few beers and become Jekyll and Hyde: ;D
http://redwing.hutman.net/~mreed/warriorshtm/eaglescout.htm
I need to add a point to my previous comment. Even though XP SP2 is relatively safe because of the Local Machine zone lock down, but if you try to run an already downloaded VBS file or view an already-saved-to-local web page, then the hurt by mal-scripts is still unavoidable unless you got a Script Blocker. Isn’t it?
Now, back to contemplating alternatives even they may not be as good as Script Blocker itself. If not running side by side with Script Blocker(i.e., running Avast Home only), would you recommend IE-SpyAd, Script Sentry, WormGuard, RegRun Guard, or ScriptDefender as a supplement to Avast Home to mitigate the threat from mal-scripts? Or, would you recommend using Symantec’s Noscript.exe to turn off WSH and only to turn it back on when needed? Or, would you recommend simply disabling WSH in the registry like this?
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
“Enabled”=dword:00000000
From a very old page: http://www.www.techzonez.com/forums/showthread.php?p=88655
Peep’s @Avast forum recommended the FREE program Script Sentry . Old but still does its job with scripts
<<
Agree?
dude2, why don’t you want to update to SP3 as it has been available for almost a year that has perfomance enhancements and several Critical Security Updates so in IE go to Tools then Windows Update then download and install all updates.
Putting band aids on an old leaking operating system is about as effective as chewing gum in a leaky dam.
Using posts from March 13th, 2005 as a reference is about as good as 5 week old bread and about as hard to digest.
I do not see major security difference between XP SP3 and a well updated and armed-to-teeth XP SP2, isn’t XP3 just like a cumulatively updated XP SP2?
I am more interested in the effect of Script Blocker. It is supposed to be more WSH related. Isn’t it? I mentioned about IE related security improvement on XP SP2 simply because I heard that Script Blocker’s targets may not be limited to WSH VB scripts(see Avast PRO brochure or RejZoR’s comment Reply #10) but may also apply to web page scripts. But, I got no clarification on what other scripts are scanned by Script Blocker in addition to VB scripts. Are Javascripts, ActiveX codes, and those other IE scripts the targets of Script Blocker? I don’t know. Are you ready to open that can of worms once again? I just found that XP SP2 is safer for IE scripts in general.
Avast Home may be one of the best Free antivirus softwares. But, I really hope its users can rest assured that there is no tangible vulnerability unattended without Script Blocker. So far, my quest for the comprehensive understanding of Script Blocker has grinded to a halt at these two threads:
- “Script Blocker mystery” http://forum.avast.com/index.php?topic=45438.0
- “Avast Script Blocker” http://forum.avast.com/index.php?topic=45472.0
Regarding the function of Script Blocker:
Script Blocker simply acts as Web Shield(added with some minor differences) + WSH shield. Igor’s advice in http://forum.avast.com/index.php?topic=45438.msg380636#msg380636 noted the minor differences including: (1)when someone loads a bad browser script infected web page from disk cache, only Script Blocker can protect him; (2)Script Blocker can detect encrypted pages or pages from encrypted web site.
What’s missing:
(1)No sources of reference
(2)No instances available to illustrate the cases mentioned above
(3)How redundant to have both Web Shield and Script Blocker running together?
Regarding WSH shield:
I still want to know what Avast Home users can do to somewhat mitigate the WSH vulnerability before they get a chance to upgrade to PRO for the full protection. I proposed and seeked for advices on: (1)using IE-SpyAd, Script Sentry, WormGuard, RegRun Guard, or ScriptDefender as a supplement to Avast Home to mitigate the threat from mal-scripts by detecting and stopping them from running; (2)using Symantec’s Noscript.exe to turn off WSH and only to turn it back on when needed; (3)simply disabling WSH in the registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
“Enabled”=dword:00000000
No response yet.
Avast 5 is slated for this year. Hope these problems will be addessed by then.
If they add their firewall and other thing to the pro and stay Home like that. I think its would be great for what im guessing.
But well let wait for what they offer us.
Be patient. Be awarded. 
Mr.Agent
[quote author=dude2 link=topic=45438.msg381542#msg381542 date=1243142096]
(1)when someone loads a bad browser script infected web page from disk cache, only Script Blocker can protect him [quote]
Wrong. The bad scripts from disk will be catch by the resident shield too, so if you have the home version you are protected too. You are requesting ‘secret’ technical information that can’t be share with public, so dont ask the same things again, again. Dont complicate things.
No, definitively not. I don’t seek for ‘secret’ technical information or any secret answer without source of reference. Where Web Shield and Script Blocker “seem” both capable of scanning “browser scripts”, but from http://www.avast.com/eng/avast-4-professional-antivirus-antispyware.html, I am not so sure about how Resident Shield handle browser scripts. How do you draw the conclusion that computer file system protection implies Resident Shield scan engine capable of scanning locally cached “browser scripts”? If your version can be verified, I will modify my current conclusion at Reply#28 to reflect that:
http://forum.avast.com/index.php?topic=45438.msg381542#msg381542
To avoid a back and forth hearsay campaign, please back your words with an official source of reference.
Are you m…n or what? It is common sense. Each file that is executed, accessed or opened from your hard disk(including scripts) is scanned by the resident shield. You want prove, then open resident provider settings screen, open customise, open scanner(advanced), you will see a option called “always scan WSH script files”. Also you can open the HELP of avast (click F1) and search the word WHS
Don’t be nasty unless you can get a bonus for that. People come and discuss things that are not very clear to them. So, please focus on the subject “the difference with/without Script Blocker”. You may not agree with my summary quoted from Igor’s regarding Script Blocker:
http://forum.avast.com/index.php?topic=45438.msg380636#msg380636
Script Blocker may detect something more.
In particular:
- If the file doesn’t come from web, but rather from disk (i.e. if you load an infected web page from disk, which includes browser cache - even though in that case you must have visited the site previously anyway), then it cannot be detected by Web Shield, of course.
<<
You think things are already built in for Resident Shield. But, are you sure that Script Blocker is not needed to be installed for the advanced scanner option to scan for WSH scripts or to deal with locally cached or saved web pages’ browser scripts? Besides, I was still unable to find your mentioned settings from my Avast! Home 4.8 Simple User Interface.
Hi dude,
I still have a feeling you are missing one important difference between script blocker and other file/URL based scanners in avast (on-demand, resident standard shield, webshield).
Script blocker checks the script code just before it gets executed. No matter how it is encrypted, obfuscated or disected into tiny parts (e.g. in a web page) it must be eventually merged together and executed to do any harm - thats exactly when the script blocker checks the script.
The database is the same, but the content which is scanned may be different.
This also includes various means of generating the script code (be it Javascript, VBS script or other registered script language) on the fly and then executing it via some scripting trick - e.g. evaluate( ) method.
Hi Lukor,
So eventually, what’s the difference with and without Script Blocker in addition to WSH scripts scanning and protection? I like to know Script Blocker’s functions first and then maybe its methods if needed and allowed. For example, without Script Blocker, won’t Web Shield or Resident Shield sift through online or locally cached/saved web pages and check for bad scripts? I haven’t found much online document exploring this subject.
Right click in the Avast icon, then On-Access Protection control, then select standard shield, then chose customize, then tab Scanner(advanced)
Here we come again. The Webshield scan EVERY file accessed by the browser through internet traffic including scripts.What part you dont understand? The locally cached/saved web pages are scanned by the resident shield when they are accessed. Remember they are detected using the virus signatures. You are asking the same thing. it was answered lot of times
Got that screen. Thanks calcu007! The “Always scan WSH-script files” box is already selected as default. But, does it mean I don’t need Script Blocker or Avast PRO to have WSH script scanning and protection function kick in and work in the background? Not quite the same as advertised by Avast PRO.
I didn’t see whether JavaScript or other browser pages scripts would be handled by the look of the Resident Shield configuration screen, at least not as obvious as WSH scripts, and not sure about how much difference between the Resident Shield engine, the Web Shield engine, or the Script Blocker engine. If scan engines are different, could it make any difference even if the virus signature DB is the same? Plus, does any scan engine use heuristic analysis for proactive protection so that the scan results will not be limited to the virus DB? Lukor seems to have touched that subject and noted Script Blocker is capable of handling polymorphic or encrypted scripts; hopefully, he will share more.
I hope Igor can join the discussion.
If you check the resident confg screen there is a option “scan modified/created file” below that option appears only files with selected extension. There you will see the extension of the scripts(JS for javascript) ect. Also you can add more extension if you know the extension of other scripts. Or you can chose the option “scan all files”. There are heuristics in the mail and outlook providers, but it only give you a alert about a “suspicious message” alert, it uses the virus db to give you a virus alert.