Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Lars-Erik on December 13, 2003, 12:32:06 AM
-
How is the protection againts web-content like scripts and applets in avast! ? The older version of McAfee I had earlier had it's own Internet scan, whilst the new one does like avast! and scans the files as they are written to "Temorary Internet Files". But can't the damage allready have been done then? Isn't some content executed in the browser before the file is written to the cache.... or.... ?
How about web-mail client with message previews. They act like web-pages? Can I protect myself against them as safely as the mail-scanner (can't intecept POP and SMTP there) ?
PS! Even though I ask a lot, I still think you have a good program. Even without the mail-scanner installed you gived the same protection as McAfee (ok, not script stopper in the Home edition) but with a much smaller program, and with free virus-database updates. Byt everything can be even better can't it (I'm a software developer/integrator myself :-)
-
The Professional version of avast! has so called "Script blocker" - that scans the scripts (JavaScript/VBScript) executed within the web browser (and denies access if they're found infected).
Yes, it's possible that in some cases (e.g. when your IE doesn't have the necessary security updates applied) a malicious content of a HTML file is executed before written to disk (in fact, I think the cache items are written to disk independently on their execution - but I may be wrong). An example of such a behavior is the VBS:RedLof virus.
As for the web-mails... I'd guess they're just a simple web browsers, but I may easily be wrong - don't know anything about them.
-
Does anybody knows if Script Defender 1.02.exe (http://www.analogx.com/files/sdefendi.exe) does the same job as 'Script Blocker' of avast?
I mean, if it is well configurated... ;D
-
excellent question.
wait the answer ;D
-
Technical ..you may wish to try scriptrap too.Its similar to script defender ,and script sentry but has path to your virus scanner too so that when it intercepts script you can scan with avast from the programme itself.It also has excludes list so you can run safe scripts and not be prompted all the time.More info /ratings etc and other progs here... (bottom of page)
http://www.spychecker.com/software/virus.html
-
I have analogx script defender and it only intercepts scripts, it doesn't scan them, nor does it have an ignore list. It doesn't appear to intercept scripts in temporary internet files, I guess thats because it would intercept every script asking you to run/abort it and that would create a mayhem of warnings.
Avast would scan and block the script only if its infected.
-
I would assume script trap would also not intercept temporay internet files as, although you can create a ignore list you would be forever adding files to it. The ignore list would therefore be for user run scripts that you have in your own personal folders or email. Yes it has the benifit over analogx that it can send the file off for scanning but it would still intercept all scripts first (unless on ignore list).
-
Doesnt setting the home edition to High, scan all downloaded files anyway? So you would pick up an infected script before its run?
-
Scriptrap (and i believe script sentry and script defender) intercepts script that attempts to run automatically or that you attempt to run.Obviously if a script is in temp internet files but not attempting to run then it wont intercept it, until you actually click the link or something executes it.The ignore list is particulary useful for word or excel documents that you may have made personally.Obviously you know that the particular file is safe so its placed on the ignore list.More info here...
http://keir.net/scriptrap2.html
http://keir.net/scriptrap.html
me
-
I know it intercepts scripts only at runtime but, my temporay internet folder has loads of java scripts from chat rooms which are executed to run the chat and they dont get intercepted. :-\
Hmmn thats odd, I just opened a .js script up manually in temporay internet folder and it DID intercept it. So either the files are downloaded and never used, Why? or it allows them to be opened by websites or something? :-\ :-\ :-\
(using analogx)
-
We need a technical 'final word' for this: the temporary scripts must be intercepted or they won't be scanned (using the 'go to' or redirect feature of scriptrap to avast) or blocked (analogx)... There is something more behind the avast Blocker than this ::)
-
Extract from an article about analogx ScriptDefender I found:
It does nothing to disable or manage the execution of scripts embedded in web pages or HTML Email messages unless the particular exploit of some vulnerability creates local "script files" of the types handled by
ScriptDefender. ???
http://lists.jammed.com/incidents/2002/05/0151.html (http://lists.jammed.com/incidents/2002/05/0151.html)
-
I installed script sentry for testing. Scriptrap is sort of old now. It's like 4 years since last update.
-
Extract from an article about analogx ScriptDefender I found:
It does nothing to disable or manage the execution of scripts embedded in web pages or HTML Email messages unless the particular exploit of some vulnerability creates local "script files" of the types handled by
ScriptDefender. ???
http://lists.jammed.com/incidents/2002/05/0151.html (http://lists.jammed.com/incidents/2002/05/0151.html)
As we can see, only "local" script files are handled and blocked... Maybe Waldo could tell us about the level of this security... ::)
-
Technical is correct, scriptdefender doesn't really protect against scripts automaticly launched from websites ect :( but only comes in action when you actualy activate (excecute) the script local.
It is no "real" blocker like the function in avast Pro or ZA 4 pro. But has it use.
It's a great tool, uses NO resouces at all. But doesn't gives "complete" protection. Offcourse it's better than nothing.
You can test (script defender) with this file (harmless demo from Finjan website) :
http://www.virusdefence.co.nz/security/tetris_demo.js
And see what happens if you don't run Active X script defender. ;)
I wouldn't run without it !
Waldo
-
According to this Script Sentry will provide protection from bad scripts through IE.
http://aroundcny.com/technofile/texts/bit052301.html
http://aroundcny.com/technofile/texts/bit092502.html
-
Also, found this nice test bed:
http://www.esafe.com/home/csrt/eSafe_Demo/TestPage.asp
-
One question still, If Script Sentry does work with scripts embedded in web pages, then does it warn you of every script that tries to run? Surely theres loads of them, and loads of warnings, until you've built up a huge allow list? Annoying? Anyone use it, what happens?
-
One question still, If Script Sentry does work with scripts embedded in web pages, then does it warn you of every script that tries to run? Surely theres loads of them, and loads of warnings, until you've built up a huge allow list? Annoying? Anyone use it, what happens?
I haven't received a script warning yet during general browsing. In fact, I think that Script Sentry works much like Script Defender. I ran all the tests in the link above and the only thing Script Sentry gave a warning for was the macro scripts downloaded. My machine past all the tests so the browser and/or firewall has adequate defenses to at least pass these tests. I didn't bother with the EICAR file test because I already know that Avast catches it.
A script embedded in a web page and designed to be opened should be caught be Script Sentry. I ran the esafe js file test above and ran to open the file instead of download and Script Sentry threw up a warning showing what the script would do if allowed to run.
So, as you can see. I'm still not convinced on exactly how script sentry works as far as web surfing goes.
I would like to find a test page on the net with an embedded script file set to run from the webpage before I'm convinced. Run the same webpage with Script Sentry on my machine and get someone with Avast Pro to check the same page and compare the results.
-
I tried to run the test file and the file wasn't added to desktop and no option to download/open it. I have latest windows updates so maybe that stopped it, I know some updates prevent malicious code execution so maybe I'm ok anyway.
I have script defender installed and no warning given. IE6 security also set to medium.
-
Another test bed:
http://www.scanit.be/bcheck
-
I tried to run the test file and the file wasn't added to desktop and no option to download/open it. I have latest windows updates so maybe that stopped it, I know some updates prevent malicious code execution so maybe I'm ok anyway.
I have script defender installed and no warning given. IE6 security also set to medium.
My biggest concern is Internet Explorer vulnerabilities. I don't worry about the other browsers as much. You check and make sure you have the latest updates for your version of IE if you are using it.
http://www.microsoft.com/security/security_bulletins/20031111_windows.asp
-
Hi Culpepper :)
I tried this linkhttp://www.scanit.be/bcheck (http://www.scanit.be/bcheck)
I found this a very thourgh test & tested it with Mozilla 1.6/IE 6 sp1 & updates & Opera 7.23.The first 2 browsers were safe & had no probs & so did opera, but it did say there were 3 medium risks, but not to worry as Opera was safe
I hope U dont mind, but i sent that link to a few of my friends just so they can test themselves, so many many thanks for posting the link :)
PS i use Script Defender as well & find it a great prog, so far never had any alerts other than the test file it comes with :)
Cheers
BaNzI ;D
-
No problem. IE 5.5 has one remaining low risk vulnerability based on those tests and MS doesn't provide a patch for it. MS wants you to upgrade to the latest version of IE 6.0. Since it is low risk, I'm still using IE 5.5 for the time being. I mostly use other browsers anyway.