Author Topic: Web Shield - What does it actually do, since I read....  (Read 6008 times)

0 Members and 1 Guest are viewing this topic.

Seb2

  • Guest
Web Shield - What does it actually do, since I read....
« on: May 14, 2006, 08:28:43 AM »
Since I read somewhere that free version of Avast dont have any script blocking.
So what does it protect my browser from when visiting mean websites?
Old Norton always cryed out about evil scripts and stuff while browsing the web, or maybe viruses too that got downloaded to some internet temp-folder.

So what does this shield do really? In FREE version. Protect me from what, and what does it not protect me from?

Many thanks :)

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: Web Shield - What does it actually do, since I read....
« Reply #1 on: May 14, 2006, 09:13:34 AM »
Well Seb2,

given that I am described as an "avast evangelist" you will probably expect me to leap to  the defence of avast and tell you the Web Shield is the best thing since sliced bread.

However, as reported in other threads in this forum, to the best of my knowledge, the Web Shield ...

intercepts the calls to those ports specified for intercept in the Web Shield (by default port 80) by a list of processes determined by avast (and contained without general publication in the VPS signatures file).

Among these processes is Internet Explorer (sans version number).  Now, despite all the other comments here, there are some functions in a Win XP system that will invoke IE to do certain functions whatever your default browser may be.  (Anyone ever got Windows Update to work with anything other than IE???).

Now I will ask a specific question (again, since the avast team ignored this question when I posed it a while ago about port 110 intercepts).

Avast team, please state absolutely and without doubt:

If a port 80 call of type http by Microsoft's Internet Exporer process is intercepted by avast and then issued in fact by avast's Web Shield will it be stopped if ZoneAlarm has been told to forbid outbound access to Internet Explorer but has told to allow outbound access by ashWebSv.exe?     


Seb2

  • Guest
Re: Web Shield - What does it actually do, since I read....
« Reply #2 on: May 14, 2006, 09:28:06 AM »
Well Seb2,

given that I am described as an "avast evangelist" you will probably expect me to leap to  the defence of avast and tell you the Web Shield is the best thing since sliced bread.

However, as reported in other threads in this forum, to the best of my knowledge, the Web Shield ...

intercepts the calls to those ports specified for intercept in the Web Shield (by default port 80) by a list of processes determined by avast (and contained without general publication in the VPS signatures file).

Among these processes is Internet Explorer (sans version number).  Now, despite all the other comments here, there are some functions in a Win XP system that will invoke IE to do certain functions whatever your default browser may be.  (Anyone ever got Windows Update to work with anything other than IE???).

Now I will ask a specific question (again, since the avast team ignored this question when I posed it a while ago about port 110 intercepts).

Avast team, please state absolutely and without doubt:

If a port 80 call of type http by Microsoft's Internet Exporer process is intercepted by avast and then issued in fact by avast's Web Shield will it be stopped if ZoneAlarm has been told to forbid outbound access to Internet Explorer but has told to allow outbound access by ashWebSv.exe?     

Dont know if this is the same thing, but I recently found out my Sygate Personal Firewall did let Internet Explorer out even though it had a rule to block it. This because it did see both IE and Firefox as the same application, namely Avasts proxy which of course has to be allowed.
I did shut down the automatic proxy thing and manually tuned Firefox to use the proxy but didn't do it to IE so now it works as it should :)

BUT, regarding my question. Does the free version of Avast block evil scripts when browsing websites, and also make sure that everything is stopped before it enters my harddrive. Was so annoying when running Norton to have to clean up all these stupid small cache-files with viruses....I mean, why couldn't it stop them BEFORE they had landed on my disc :D

hlecter

  • Guest
Re: Web Shield - What does it actually do, since I read....
« Reply #3 on: May 14, 2006, 07:44:12 PM »
Since I read somewhere that free version of Avast dont have any script blocking.
So what does it protect my browser from when visiting mean websites?
Old Norton always cryed out about evil scripts and stuff while browsing the web, or maybe viruses too that got downloaded to some internet temp-folder.

So what does this shield do really? In FREE version. Protect me from what, and what does it not protect me from?

Many thanks :)

As far as my understanding of Avast Webshield goes, it simply said, protects you from the same as Standardshield protects you from concerning the files on your PC.

But it looks at the HTTP(not HTTPS) string to your browser and uses its signatures to stop malware before it reaches your PC. "Layered approach" is a popular word today, and Webshield puts in an extra layer of defence.

The good thing IMO is that compressed files are scanned by default in Webshield, so go to Eicar.org and try to download the zipped version, and you will see what I mean.

No scriptbloking in free version, but you can use Url-blocking in different ways to accomplish blocking of almost everything you want.
This because wildcards are accepted.
 
Personally, I feel that the Webshield has a very great potential, and is a great feature of Avast.  ;)

I'm beginning to sound like an evangelist, but I'm not for sure.  ;D
HLecter

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Web Shield - What does it actually do, since I read....
« Reply #4 on: May 14, 2006, 08:32:37 PM »
alanrf,

Quote
If a port 80 call of type http by Microsoft's Internet Exporer process is intercepted by avast and then issued in fact by avast's Web Shield will it be stopped if ZoneAlarm has been told to forbid outbound access to Internet Explorer but has told to allow outbound access by ashWebSv.exe?

This is indeed off-topic in this thread, but anyway, I'll try to answer. ;)
Since the WebShield filter is ABOVE ZoneAlarm's one, ZoneAlarm sees the following:

- iexplore.exe accessing localhost:12080
- ashWebSv.exe accessing the remote host:80.

That is, this is what needs to be permitted. And the same applies for the mail scanner (with different port numbers, of course).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86804
  • No support PMs thanks
Re: Web Shield - What does it actually do, since I read....
« Reply #5 on: May 14, 2006, 09:05:13 PM »
Quote from: alanrf
Now I will ask a specific question (again, since the avast team ignored this question when I posed it a while ago about port 110 intercepts).

Avast team, please state absolutely and without doubt:

If a port 80 call of type http by Microsoft's Internet Exporer process is intercepted by avast and then issued in fact by avast's Web Shield will it be stopped if ZoneAlarm has been told to forbid outbound access to Internet Explorer but has told to allow outbound access by ashWebSv.exe?     
My first thoughts on this is avast shouldn't get involved in any way with the blocking of the calling/initiating program as it is just the conduit. Any blocking of programs using the web shield localhost proxy would/should be down to the firewall.

So I did a small test:
I blocked IE in my Outpost Pro firewall, opened the avast help file Technical Support page and clicked on the forums link (http :// www . avast.com/forum) as I know that it opens IE and not the default browser.

Now that resulted in a Hidden Process requests network access because it is svchost.exe that calls IE to display the avast forum, so I could block at that stage or allow it.
Block is obvious it doesn't go any further if I allow svchost.exe to act as a hidden process, IE is opened and it would appear that it is going to work, but it fails with page can't be displayed error. Now the same url in firefox is then redirected to the usual forums.avast.com index page.

So I tried another url avast.com/i_kat_81.html in the FAQ pages of the avast help file and the same error page can't be displayed but that url in firefox redirects correctly to the avast.com FAQs

So my firewall is blocking attempts by a blocked application regardless of the web shield proxy, see image of the attempts to connect by IE being blocked. I guess someone needs to try this with ZA firewall.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: Web Shield - What does it actually do, since I read....
« Reply #6 on: May 14, 2006, 10:31:03 PM »
ZA lets IE through automatically as a trusted programme even if deleted from the allowed programmes

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86804
  • No support PMs thanks
Re: Web Shield - What does it actually do, since I read....
« Reply #7 on: May 14, 2006, 10:45:35 PM »
Then you would need to specifically block it, I had to add it to my blocked applications list.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

por100pre1

  • Guest
Re: Web Shield - What does it actually do, since I read....
« Reply #8 on: May 15, 2006, 04:46:00 AM »
Seb2:

You can disable the Windows Scripting Host (the windows component that executes VBScripts) using Noscript.exe:

http://www.symantec.com/avcenter/venc/data/win.script.hosting.html

or you can catch scripts before they are executed with Script Defender:

http://www.analogx.com/contents/download/system/sdefend.htm

CharleyO

  • Guest
Re: Web Shield - What does it actually do, since I read....
« Reply #9 on: May 15, 2006, 07:06:02 AM »

So my firewall is blocking attempts by a blocked application regardless of the web shield proxy, see image of the attempts to connect by IE being blocked. I guess someone needs to try this with ZA firewall.



I just tried this with ZA Free and when set correctly, it does indeed block IE from from accessing the internet. It will not even load Windows Update site. See the picture below for the settings.