Author Topic: Script Blocker mystery  (Read 70810 times)

0 Members and 1 Guest are viewing this topic.

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: Script Blocker mystery
« Reply #105 on: June 06, 2009, 10:16:57 AM »
Are you still here?
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.


Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: Script Blocker mystery
« Reply #107 on: June 06, 2009, 01:53:01 PM »
How about "scripts handling" in my previous post Reply #102(http://forum.avast.com/index.php?topic=45438.msg384865#msg384865)? Wouldn't that be the focus of Script Blocker?
...javascript file can only be counted as received correctly when browser sends back an OK status code per HTTP protocol to indicate the file has been received correctly.

I don't see any point reading this thread further.

Edit: "when browser sends back an OK status code per HTTP"   ;D this certainly does not happen
« Last Edit: June 06, 2009, 02:06:13 PM by lukor »

dude2

  • Guest
Re: Script Blocker mystery
« Reply #108 on: June 06, 2009, 05:00:36 PM »
How about "scripts handling" in my previous post Reply #102(http://forum.avast.com/index.php?topic=45438.msg384865#msg384865)? Wouldn't that be the focus of Script Blocker?
...javascript file can only be counted as received correctly when browser sends back an OK status code per HTTP protocol to indicate the file has been received correctly.

I don't see any point reading this thread further.

Edit: "when browser sends back an OK status code per HTTP"   ;D this certainly does not happen

Try this: http://samsclass.info/100/projects/Ethereal_HTTP_Status.doc

YoKenny

  • Guest
Re: Script Blocker mystery
« Reply #109 on: June 06, 2009, 06:43:25 PM »
Try this: http://samsclass.info/100/projects/Ethereal_HTTP_Status.doc

That's from 4-24-06 which is about as relevant today as the fear that a dinosaur will come to my cave and eat me and my loved ones:
http://74.52.59.146/~amk/invitations/dinosaur-printable-invitation.jpg


Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: Script Blocker mystery
« Reply #110 on: June 06, 2009, 08:53:20 PM »
You can make a search in wikipedia and sear for sql slammer worm

http://en.wikipedia.org/wiki/SQL_slammer_%28computer_worm%29

"Home PCs are generally not vulnerable to this worm unless they have MSDE installed. The worm is so small that it does not contain code to write itself to disk, so it only stays in memory, and it is easy to remove. For example, Symantec provides a free removal utility (see external link below), or it can even be removed by restarting SQL Server (although the machine would likely be immediately reinfected)."

You are right, most home PCs shouldn't be affected. Generally, computer worm propagates itself and sends the replicated file through the network to infect other computers. Therefore, this specific worm seems unique.

How about "scripts handling" in my previous post Reply #102(http://forum.avast.com/index.php?topic=45438.msg384865#msg384865)? Wouldn't that be the focus of Script Blocker?
...javascript file can only be counted as received correctly when browser sends back an OK status code per HTTP protocol to indicate the file has been received correctly.

The temporary internet files folder is created in the hdd not in memory. If it were created in memory your PC will slow down because the files cached in memory. So again it will be catch by the resident shield.
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: Script Blocker mystery
« Reply #111 on: June 06, 2009, 08:57:26 PM »
How about "scripts handling" in my previous post Reply #102(http://forum.avast.com/index.php?topic=45438.msg384865#msg384865)? Wouldn't that be the focus of Script Blocker?
...javascript file can only be counted as received correctly when browser sends back an OK status code per HTTP protocol to indicate the file has been received correctly.

I don't see any point reading this thread further.

Edit: "when browser sends back an OK status code per HTTP"   ;D this certainly does not happen

Try this: http://samsclass.info/100/projects/Ethereal_HTTP_Status.doc

Do you think that you know more than the experts? when Lukor said that it does not happen, it is so. Dont continue with the same discussion, as he said there is not point reading this thread, so you will not receive more replies from me.
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

dude2

  • Guest
Re: Script Blocker mystery
« Reply #112 on: June 07, 2009, 02:29:38 AM »
I don't see any point reading this thread further.
Edit: "when browser sends back an OK status code per HTTP"   ;D this certainly does not happen
Do you think that you know more than the experts? when Lukor said that it does not happen, it is so. Dont continue with the same discussion, as he said there is not point reading this thread, so you will not receive more replies from me.
How HTTP status code works to reflect its delivery status is another can of worm that may need to be handled separately in another thread to avoid this thread from getting further interwined.

It seems no more valuable input from calcu007 and lukor will be provided. Nevertheless, let me sum up what has not been clarified to me. Thus, those who have the answers or want to investigate further may pitch in.

Resident Shield will scan all files on HDD upon their creation or accessing if it is properly configured. If all web pages need to be downloaded to [temporary internet files] directory(or compared with cached version) per GET REQUEST command when reading a web page, then Resident Shield should be able to scan bad browser scripts in [temporary internet files] directory. The reason Web Shield or Script Blocker is needed I guess could be file access control or data flow related. For example, if Resident Shield is neither locking the scanned files during the on-access scanning nor located upstream to intercept the infected page content before it gets delivered to the browser handler, then Resident Shield may be able to detect the bad scripts but still unable to stop the damage in time.

But, if the above assumption holds true, wouldn't Resident Shield also fail to protect users from bad scripts when they are reading locally cached or saved web pages?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Script Blocker mystery
« Reply #113 on: June 07, 2009, 02:35:42 AM »
Sorry, but this thread is effectively dead nothing new is being covered all the answers given by the developers of avast and other avast users is basically discounted by you and you keep repeating the same question worded slightly differently.

So it could get quite lonely in this topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dude2

  • Guest
Re: Script Blocker mystery
« Reply #114 on: June 07, 2009, 03:07:49 AM »
Sorry, but this thread is effectively dead nothing new is being covered all the answers given by the developers of avast and other avast users is basically discounted by you and you keep repeating the same question worded slightly differently.

So it could get quite lonely in this topic.
To question experts who help you is not a smart move; to challenge authority is even worse. But, if it is the price for getting closer to the truth, then some moves have to be made regardless how painful it is or how lonely you may end up with.

dude2

  • Guest
Re: Script Blocker mystery
« Reply #115 on: June 10, 2009, 07:53:54 PM »
Got something to add to my own Reply#112.
I tested the functions of the On-Access Standard Shield protection:

Here are the test results:
================
1. Standard resident shield DOES scan both online(or locally cached) and locally saved web pages
Avast! Home scanned locally saved web pages as well as online pages on "High"(or "Custom" for all file types instead of defaults) settings w/wo Web Shield started.
As I stated before, it scans all temporary internet files which are either freshly downloaded from the web or reloaded from the local directory if not expired.

2. Standard resident shield DID carry out script blocking on certain operations as I had set up so.
Avast! Home successfully blocked my test scripts, not Javascripts though, to create files(open for writing) or to delete files as I had specified in the "Blocked Operations" in [Blocker] tab.
When I disabled certain script blocking functions such as Open-file-for-writing or Deleting-file, my test scripts then had the latitude.

Yet, I haven't found a way to test the extra layers of protection provided by Avast! Home's Web Shield or Avast! PRO Script Blocker.
More explicitly, I still don't know the functional difference w/wo Script Blocker other than the possible counter-measures against the memory-bound MSDE SQL slammer. For now I don't even have MSDE on hand to worry about or to test with though. If someone can show me other differences from the spec, I might try to download and test out Avast! PRO.

I wonder if this thread will ever reach a conclusion dialectically or empirically to solve the mystery.
« Last Edit: June 11, 2009, 03:43:58 AM by dude2 »

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Script Blocker mystery
« Reply #116 on: June 10, 2009, 08:08:15 PM »
Sorry, but this thread is effectively dead nothing new is being covered all the answers given by the developers of avast and other avast users is basically discounted by you and you keep repeating the same question worded slightly differently.

So it could get quite lonely in this topic.

As David Said:

You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

YoKenny

  • Guest
Re: Script Blocker mystery
« Reply #117 on: June 10, 2009, 10:37:29 PM »
Sorry, but this thread is effectively dead nothing new is being covered all the answers given by the developers of avast and other avast users is basically discounted by you and you keep repeating the same question worded slightly differently.

So it could get quite lonely in this topic.

As David Said:

We need a Pole:
Who is dumber Donovansrb10 or dude2?

Maybe they could star in Dumb & Dumber II?

dude2

  • Guest
Re: Script Blocker mystery
« Reply #118 on: June 11, 2009, 01:47:43 AM »
A beaten dead horse many times is buried along with a mystery and served like a spell to scare people away. If this trick is openly sponsored by forum moderators, I am afraid the forum itself may become the dead horse surrounded by pinata players. Therefore, I do not like the dead horse slogan. I am just trying to solve this mystery dialectically or empirically. I thought that is what this forum is all about.

Can we get over with this dead horse thing? After my test results are posted, some of my questions are very much alive. Doesn't matter if the mystery itself one day will come to a conclusion, let's handle this without prejudice.

Mike Buxton

  • Guest
Re: Script Blocker mystery
« Reply #119 on: June 11, 2009, 03:21:52 AM »
Hi dude,

Igor and Lukor are busy with critical work for the good of all Avast users. They have devoted considerable time and effort in considering your questions (as have others).

The debate must have held some interest to have continued so long and in such detail; however it is now, I believe, the almost unanimous opinion that this thread should be "physically" closed.

My regards