Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: trigan on May 21, 2008, 04:04:28 PM
-
It says in the Avast FAQ that :
Web Shield is an on-access scanning provider which is able to monitor and filter all HTTP traffic coming from websites on the Internet. It’s implemented as a HTTP proxy running on your PC. Connections from your Web browser are redirected to the Web Shield module. Web Shield in turn connects to the requested web server and while downloading the content it scans it for viruses and Trojans. Only the clean data is delivered to the browser, every malware is stopped before it gets saved on your PC.
I always thought that viruses and other malaware can infect your computer ONLY when you are downloading software from the Internet.
Does this mean that my computer can become infected with malaware EVEN IF I am not downloading software ?
Thank you.
-
Of course ;)
Malware can be implemented in homepage as scripts, in pictures, in videos or whatever...
And you also can get infected if you aren't even connected to the internet via a CD/DVD or USB-stick...
bad software is waiting nearly everywhere just to destroy your computer...! 8)
onlysomeone
-
Thank you for the wonderful news ! ! !
So since nothing is ever perfect, can you tell in your estimate how effective Web Shield and Standard Shield are effective at stopping malaware from infecting my computer ?
Does downloading mean that you are exposed to much more dangerous malaware or is this irrelevant ?
Thank you.
-
Many web sites are infected with malware. The malware generally uses exploits which are patched in up to date versions of web-facing software.
See the link in my sig.
Your first line of defence is to update all web-facing software. The best way to do this is to use the Secunia Software inspector.
Again, follow the link in my sig.
avast! WebShield is another line of defence. It can alert you to infected web sites, and may just save your skin if you've missed an update somewhere.
-
Thank you very much indeed for bringing this to my attention, freewheelinFrank.
In your blog, I read that a web site can be compromised (hacked) or contain compromised third-party content (typically ads from hacked ad servers).
I have a tripod website which I have worked hard at creating.
What will it mean exactly if my website gets hacked ?
Does it mean that I will not be able to access it anymore in order to alter the information that is on my own website ???
Suppose Web Shield tells me that it is hacked.
What can Web Shield do about it ?
How can I destroy the malaware on my website ?
Will my web hosting service be able to do something about it ?
I urge everyone out there to give me as much input about this as they can for this is a very alarming state of affairs.
I certainly would not want visitors to my website to get infected as a result of visiting my website.
Thank you again everyone.
-
The security of your web site is down to Tripod, there is little you can personally do to avoid it getting hacked. The hackers are hacking the hosting software and commonly inserting iframe tags into all pages on the Hosted tripod user pages.
The web shield can only alert you to the fact that something isn't right (infected alerts) and block the download to your HDD.
-
^what David said.
Also keep your own computer clean so you're not uploading infected HTML pages.
-
Thank you David and Frank.
David wrote:
" The web shield can only alert you to the fact that something isn't right (infected alerts) and block the download to your HDD. "
By infected alerts, does this mean that if I visit an infected website, Web shield can alert me WITHOUT ME downloading it in any way into my hard drive such as I assume by saving it as a bookmark or a html document in my hard drive.
I have never seen an alert. What is it exactly ? With all these malaware infested websites, I think I ought to be on the lookout....LOL
Thank you.
-
You can visit the eicar test site:
http://www.eicar.org/anti_virus_test_file.htm (http://www.eicar.org/anti_virus_test_file.htm)
With WebShield running, you'll get an alarm when viewing the text file page:
http://www.eicar.org/download/eicar.com.txt (http://www.eicar.org/download/eicar.com.txt)
The page contains an innocent character string that AV's will detect as if it were a virus.
WebShield blocks the malicious content detected on a web page before it arrives on the hard disk. Unaffected parts of the web site will still be downloaded, and be stored in the broswer cache/history etc.
-
Thank you David and Frank.
<snip>
By infected alerts, does this mean that if I visit an infected website, Web shield can alert me WITHOUT ME downloading it in any way into my hard drive such as I assume by saving it as a bookmark or a html document in my hard drive.
<snip>
The web shield uses a localhost proxy to pre-scan the http port 80 traffic that would be downloaded to your browser cache. If something is infected the alert is raised and the only option given is to abort the connection, stopping it being downloaded into your browser cache, etc.
-
Thank you for your reply, Frank.
I checked that Web Shield was running. It was set at Normal not high sensitivity.
I went to the eicar text file page:
http://www.eicar.org/download/eicar.com.txt
A web page opened with the following string at the top of the page with a white background.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
I did not see any alert come up.
How can I be sure that Web Shield has indeed responded to this threat ?
-
trigan,
since you are using a Win9x operating system you need to set up a proxy in your browser to make the Webshield function for your system.
See the links to the tutorial for setup here (http://forum.avast.com/index.php?topic=35275.msg296504#msg296504).
-
Alan,
Thank you for your reply.
I followed the link to the Avast tutorial on how to install proxy setting in Firefox if you have Wndows 98.
I succeeded but the instructions need to be altered as follows :
In Firefox 2.0.0.14 click Tools > Options
There is no tab that is called General as the tutorial is showing. Instead you click Advanced > Network > Settings
And there you see the Manual proxy configuration radio button and you carry on as the tutorial shows you.
Now my question is:
Just beneath the HTTP proxy there is an option box which asks you whether you want to use the HTTP proxy server for all protocols ? What should I do ?
What proxy settings should I have for SSL proxy , FTP proxy etc.as listed in the wndow ? Should I leave these blank ?
Since security is the subject of this thread, under the Encryption tab, it asks when a website requres a certificate do I click the option of the compuer selecting one automatically or for it to ask me each time ?
Thank you very much indeed. Security is very important given the information that has been made known on this thread !!
-
Leave them blank as the web shield doesn't monitor those ports only the HTTP port 80 traffic is monitored.
Encryption effectively screws the web shield as it can't monitor encrypted traffic (that is the whole purpose of encryption, to keep prying eyes out). So leave that alone also, the only requirement to get the web shield scanning your HTTP traffic is already covered by what is in the tutorial.
-
Thank you David.
You write that Web Shield only monitors the HTTP port 80 traffic.
But the avast tutorial told me to specify Port 12080 and not 80.
Can you clarify this detail for me please ?
-
Thank you David.
You write that Web Shield only monitors the HTTP port 80 traffic.
But the avast tutorial told me to specify Port 12080 and not 80.
Can you clarify this detail for me please ?
If you're using 2k/XP/Vista, the scanning is transparent (automatic) on port 80.
If you use 9x/Me, you need to use the proxy scanning at 12080.
To manually configure your browser see the following tutorials:
For IE and permanent connection users:
http://www.avast.com/files/tutorials/ws_ieproxy.htm
For IE and dial-up users:
http://www.avast.com/files/tutorials/ws_ieproxy_dialup.htm
For Firefox users:
http://www.avast.com/files/tutorials/ws_ffproxy.htm
-
Thank you for the clarification Tech.
To Alan,
I followed the link to the Avast tutorial on how to install proxy setting in Firefox for those having Wndows 98. I installed those settings. So now Web shield should be able to monitor web pages that I open in Firefox on my Windows 98 system.
I have tabs in FF all displaying different web pages and one of them is the Eicar test page:
http://www.eicar.org/download/eicar.com.txt
For the past hour or more, I have had the Web Shield Window telling me what it is doing because I have ticked the box in its settings for it to do so. It has scanned hundreds of web pages and none have been infected.
So far for some weird reason Web Shield has not scanned the eicar web page !!
Other than shutting down all the tabs, is there another way that I can tell Web Shield to specifically scan the eicar test page ?
Thank you.
-
That is the proxy port that the web shield uses (in the web shield settings), it redirects port 80 traffic to port localhost 12080 (for those OSes that support the transparent proxy function).
That is why you are having to set manually set your browser to use the proxy as your OS doesn't support the transparent proxy function, you have to tell the browser what to use.
-
@Tech,
trigan had the links earlier in the thread but was pointing out that the avast tutorial is now out of date for Firefox and has not kept up to date with the layout of Firefox 2 (soon to be Firefox 3).
@trigan,
the pages are scanned by avast as they are opened. If you had the eicar tab open before you set up the proxy then it will not be scanned again until you re-open the eicar page.
-
Alan,
I read your above post and so I shut down the tab of the Eicar text file page. I made sure that the proxy settings were still directed to port 12080 in FF options and that Web Shield was up and running and scanning.
I then clicked on History > Show in Sidebar and clicked on the Eicar text file web page to re-open it. It opened up in a new tab.
AND STILL NO MESSAGE CAME UP as it usually does when I open a new web page in a tab or refresh a web page that is already open in a tab in Firefox.
But this time, I happened to notice that WebShield was scanning the following web page which I did not have in FF as a tab which I thought suspicious.
http://ab.google.com/safebrowsing/update?client=navclient-........-version 2.0.0.14=............
I could not see the end of it.
What is going on ?
Something tells me that I have to change something in Options or the Customize tab in Web Shield but what ?
-
trigan,
to check I just brought up my old Windows Me laptop which like your Win98 system uses a proxy to work with the Webshield. When in Firefox I click on the eicar link you posted earlier FF opens a new tab - I get a yellow and red popup warning above the systray followed by avast's siren and popup window alerting me of the virus.
Are you using Google extension for Firefox for "safe browsing"? The page link you posted suggests that you are. I do not know if that is affecting your attempt to get to the eicar page.
-
Alan,
Thank you very much for going through the trouble of checking this out for me on your Windows98 me system. At least I know it should work.
How can I check whether I am using Google extension for Firefox for safe browsing please ?
There may be some other proxy setting that needs to be filled.
I right-clicked on the Avas systray icon and selected PROGRAM SETTINGS > UPDATE (CONNECTIONS)
I clicked on the PROXY tab and a new window called Proxy Server Settings came up.
I selected the Select Proxy Server radio button. I typed in 12080 in the Port box but did not know what HTTP Address to type in. I then clicked on Test connection but after some time, it said that the test had failed.
Also do I need to specify anything in the Alerts section ?
-
That isn't the correct proxy, this relates to the auto update process only, then only if you use a proxy to connect to the internet (I don't believe you do). If you did you use a proxy to connect you would have to enter the proxy port that your ISP determines you should use, not the web shield proxy, as that I believe would cause your auto updates to fail.
You have to manually set the browser to use the web shield browser and that is port 12080. The update process is a whole different kettle of fish and is not required for browsing, so I would suggest you reverse the changes you made in the Program Settings, Update (Connections).
-
Thank you for your common sense reply, David. I wasn't thinking !!
I am happy to say that Web Shield has finally detected the Eicar text file page. But only after I booted the computer once or twice, each time I shut the Eicar page down before shutting down the computer.
So hurray!! Thanks to all of you I now KNOW that Web Shield is able to detect a threat even when I am casually surfing the Web. It is just as well because the Secunia Software Inspector that Frank told me about I found does not cater to Windows 98 unfortunately.
http://secunia.com/software_inspector/
And besides it only checks your computer's software in order to alert you to update it. It does not shield you from malaware like Web Shield does.
Incidentally I love the wonderful ALERT WINDOW that Avast brings up.
I wanted to make a jpg of it so that I could download it with my post to show you all. With my system specs, can you tell me whether I can and if so how ?
On another note, every time I boot up, Avast keeps on popping a green notice at the systray saying that there is an upgrade. Any idea of how I can stop Avast having this pop up each time I boot up ?
Since the 1201 version seems to be geared to tweaking Avas to Windows XP, I do not see the point of upgrading. Would you agree ? Also I am not sure whether the 1201 has a Simple User Interface or not. I do like the Simple User Interface J
trigan
-
I wouldn't agree, that the update is simply geared to just tweaks for xp and vista.
Whilst many new functions aren't available because of the old OS used there are other function that are still available like the integration of the anti-spyware and any bug fixes, etc. for any security based software it is best to ensure you have the latest version if it has any security related fix, etc.
If you were not to update, the same would be true of the next and the next program update when you get to a point that it may no longer update as in the past there have been changes to how the updates are performed and that requires the program to be at a certain minimum version.
All versions of avast have the SUI as the GUI for the on-demand scans.
-
Thank you DavidR once again for very important information.
I successfully updated Avast anti virus program and made a virus scan.
Typically after the virus scan, something odd happens. The Quick Launch icons on the left side of the taskbar disappear along with the icons next to my Word documents in my Windows Folders.
This happened after virus scans in the previous version as well although the computer keeps on working normally.
Any idea how Avas anti virus program is causing icon disappearance to take place ?
How I can stop this from happening other than by restarting the computer ?
Thank you.
-
It isn't avast causing this, however scans place quite a load on your system as it will be running at high CPU and memory utilisation.
If you search the forums for this win98 phenomenon you will see it is basically down to win9x's poor resource management.
Prior to starting a scan I would advise shutting down any non-essential applications.
-
Hi David,
I decided to find out exactly how much Windows memory each program was using. And luckily Norton System Doctor could provide me with that information.
According to the Norton System Doctor, the amount of memory the following programs use is as follows :
Norton System Doctor 38 MB
Avast anti virus 16.6 MB
ashmaisv.exe 10.8 MB
ashwebsv.exe 9.31 MB
Avast simple user interface 14.4 MB
Word document 20.4 MB
When I opened Zone Alarm firewall program, the memory used up by Norton System Doctor program dropped down from 38 MG to 22.9 MB for some reason, but the values remained the same for the other programs.
The amount of memory used up by the new program was as follows :
Zone Alarm Firewall 9.29 MG opens up with vsmon.exe 15.2 MB
When I opened Firefox browser program, the memory used up by Norton System Doctor program dropped down from 22.9 MG to as little as 6.93 MB for some reason, but the values remained the same for the other programs.
The amount of memory used up by the new program was as follows :
Firefox browser 50 MB
----
I ran a virus scan with the Word document, Zone Alarms and Firefox shut down and after the scan, the Quick Launch icons remained there.
The only puzzle now is how come the amount of Windows memory that Norton System Doctor uses drops down so drastically but the amount that other programs use, remains the same.
Thank you DavidR for the vital clue as to how to avoid the icons disappearing.
-
The system resources is a little more complex than just the RAM used, but having more RAM available to the avast scan should help that anyway.
I have no idea on the reported drop in memory use of Norton System Doctor, that may simply be windows trying to reallocate its memory to other applications when RAM is low.
Firefox can be a big memory hog.
-
Thank you for your comments.
I just realized a twist to the above.
When Avast starts up at boot up, ashmaisv.exe and ashwebse.exe start running.
I have noticed that ashwebsv.exe program crashes for no apparent reason after Avast makes a virus scan. It happened another time when Superantispyware made its own scan. However, the Quick Launch icons remain there.
But if I press CTRL ALT DEL buttons, ashwebsv.exe is the only program in the list that is listed as NOT RESPONDING. Yes, the probable reason boils down to not enough RAM and or processing power.
Thankfully I found I can easily remedy this by ending this program and then re-starting it.
But it does not happen with ashmaisv.exe or the SAS program. Any idea why ?
-
You can either pause or Stop providers, right click the avast 'a' icon and select those you wish to pause/stop, stop is probably the better option, answer No to the persistence question or it won't start next boot.
To restart these providers, left click the avast 'a' icon, this will display the avast on-access control, select the provider you want to start and click the start button.
Whilst running other security scans like SAS I would suggest you pause the standard shield provider.