Author Topic: Protection against web-content (scripts, applets etc) ?  (Read 12108 times)

0 Members and 1 Guest are viewing this topic.

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Protection against web-content (scripts, applets etc) ?
« on: December 13, 2003, 12:32:06 AM »
How is the protection againts web-content like scripts and applets in avast! ?   The older version of McAfee I had earlier had it's own Internet scan, whilst the new one does like avast! and scans the files as they are written to "Temorary Internet Files". But can't the damage allready have been done then?  Isn't some content executed in the browser before the file is written to the cache.... or.... ?

How about web-mail client with message previews. They act like web-pages?  Can I protect myself against them as safely as the mail-scanner (can't intecept POP and SMTP there) ?

PS!  Even though I ask a lot, I still think you have a good program. Even without the mail-scanner installed you gived the same protection as McAfee (ok, not script stopper in the Home edition) but with a much smaller program, and with free virus-database updates. Byt everything can be even better can't it (I'm a software developer/integrator myself :-)
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Protection against web-content (scripts, applets etc) ?
« Reply #1 on: December 13, 2003, 01:38:11 PM »
The Professional version of avast! has so called "Script blocker" - that scans the scripts (JavaScript/VBScript) executed within the web browser (and denies access if they're found infected).

Yes, it's possible that in some cases (e.g. when your IE doesn't have the necessary security updates applied) a malicious content of a HTML file is executed before written to disk (in fact, I think the cache items are written to disk independently on their execution - but I may be wrong). An example of such a behavior is the VBS:RedLof virus.

As for the web-mails... I'd guess they're just a simple web browsers, but I may easily be wrong - don't know anything about them.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Protection against web-content (scripts, applets etc) ?
« Reply #2 on: December 14, 2003, 02:15:29 AM »
Does anybody knows if Script Defender 1.02.exe does the same job as 'Script Blocker' of avast?

I mean, if it is well configurated...  ;D
The best things in life are free.

gamez

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #3 on: January 08, 2004, 11:03:19 PM »
excellent question.

wait the answer  ;D

bassbag

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #4 on: January 08, 2004, 11:28:42 PM »
Technical ..you may wish to try scriptrap too.Its similar to script defender ,and script sentry but has path to your virus scanner too so that when it intercepts script you can scan with avast from the programme itself.It also has excludes list so you can run safe scripts and not be prompted all the time.More info /ratings etc and other progs here... (bottom of page)

http://www.spychecker.com/software/virus.html

stevejrc

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #5 on: January 09, 2004, 12:04:43 AM »
I have analogx script defender and it only intercepts scripts, it doesn't scan them, nor does it have an ignore list. It doesn't appear to intercept scripts in temporary internet files, I guess thats because it would intercept every script asking you to run/abort it and that would create a mayhem of warnings.

Avast would scan and block the script only if its infected.

stevejrc

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #6 on: January 09, 2004, 12:19:53 AM »
I would assume script trap would also not intercept temporay internet files as, although you can create a ignore list you would be forever adding files to it. The ignore list would therefore be for user run scripts that you have in your own personal folders or email. Yes it has the benifit over analogx that it can send the file off for scanning but it would still intercept all scripts first (unless on ignore list).

stevejrc

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #7 on: January 09, 2004, 12:28:22 AM »
Doesnt setting the home edition to High, scan all downloaded files anyway? So you would pick up an infected script before its run?

bassbag

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #8 on: January 09, 2004, 12:32:19 AM »
Scriptrap (and i believe script sentry and script defender) intercepts script that attempts to run automatically or that you attempt to run.Obviously if a script is in temp internet files but not attempting to run then it wont intercept it, until you actually click the link or something executes it.The ignore list is particulary useful for word or excel documents that you may have made personally.Obviously you know that the particular file is safe so its placed on the ignore list.More info here...
http://keir.net/scriptrap2.html
http://keir.net/scriptrap.html
me
« Last Edit: January 09, 2004, 12:35:12 AM by bassbag »

stevejrc

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #9 on: January 09, 2004, 01:20:45 AM »
I know it intercepts scripts only at runtime but, my temporay internet folder has loads of java scripts from chat rooms which are executed to run the chat and they dont get intercepted.  :-\

Hmmn thats odd, I just opened a .js script up manually in temporay internet folder and it DID intercept it. So either the files are downloaded and never used, Why? or it allows them to be opened by websites or something?  :-\ :-\ :-\

(using analogx)
« Last Edit: January 09, 2004, 01:42:22 AM by stevejrc »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Protection against web-content (scripts, applets etc) ?
« Reply #10 on: January 09, 2004, 02:36:13 AM »
We need a technical 'final word' for this: the temporary scripts must be intercepted or they won't be scanned (using the 'go to' or redirect feature of scriptrap to avast) or blocked (analogx)... There is something more behind the avast Blocker than this  ::)
The best things in life are free.

stevejrc

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #11 on: January 09, 2004, 02:46:14 AM »
Extract from an article about analogx ScriptDefender I found:

It does nothing to disable or manage the execution of scripts embedded in web pages or HTML Email messages unless the particular exploit of some vulnerability creates local "script files" of the types handled by
ScriptDefender.   ???

http://lists.jammed.com/incidents/2002/05/0151.html

Culpeper

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #12 on: January 14, 2004, 06:03:22 AM »
I installed script sentry for testing.  Scriptrap is sort of old now.  It's like 4 years since last update.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Protection against web-content (scripts, applets etc) ?
« Reply #13 on: January 15, 2004, 01:24:45 AM »
Extract from an article about analogx ScriptDefender I found:

It does nothing to disable or manage the execution of scripts embedded in web pages or HTML Email messages unless the particular exploit of some vulnerability creates local "script files" of the types handled by
ScriptDefender.   ???

http://lists.jammed.com/incidents/2002/05/0151.html

As we can see, only "local" script files are handled and blocked... Maybe Waldo could tell us about the level of this security...  ::)
The best things in life are free.

Waldo

  • Guest
Re:Protection against web-content (scripts, applets etc) ?
« Reply #14 on: January 16, 2004, 09:16:28 PM »
Technical is correct, scriptdefender doesn't really protect against scripts automaticly launched from websites ect :( but only comes in action when you actualy activate (excecute) the script local.

It is no "real" blocker like the function in avast Pro or ZA 4 pro. But has it use.

It's a great tool, uses NO resouces at all. But doesn't gives "complete" protection. Offcourse it's better than nothing.

You can test (script defender)  with this file (harmless demo from Finjan website) :

http://www.virusdefence.co.nz/security/tetris_demo.js

And see what happens if you don't run Active X script defender.  ;)

I wouldn't run without it !


Waldo

« Last Edit: January 16, 2004, 09:20:37 PM by Waldo »