Avast Home may be one of the best Free antivirus softwares. But, I really hope its users can rest assured that there is no tangible vulnerability unattended without Script Blocker. So far, my quest for the comprehensive understanding of Script Blocker has grinded to a halt at these two threads:
1. "Script Blocker mystery"
http://forum.avast.com/index.php?topic=45438.02. "Avast Script Blocker"
http://forum.avast.com/index.php?topic=45472.0Regarding the function of Script Blocker:
Script Blocker simply acts as Web Shield(added with some minor differences) + WSH shield. Igor's advice in
http://forum.avast.com/index.php?topic=45438.msg380636#msg380636 noted the minor differences including: (1)when someone loads a bad browser script infected web page from disk cache, only Script Blocker can protect him; (2)Script Blocker can detect encrypted pages or pages from encrypted web site.
What's missing:
(1)No sources of reference
(2)No instances available to illustrate the cases mentioned above
(3)How redundant to have both Web Shield and Script Blocker running together?
Regarding WSH shield:
I still want to know what Avast Home users can do to somewhat mitigate the WSH vulnerability before they get a chance to upgrade to PRO for the full protection. I proposed and seeked for advices on: (1)using IE-SpyAd, Script Sentry, WormGuard, RegRun Guard, or ScriptDefender as a supplement to Avast Home to mitigate the threat from mal-scripts by detecting and stopping them from running; (2)using Symantec's Noscript.exe to turn off WSH and only to turn it back on when needed; (3)simply disabling WSH in the registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Enabled"=dword:00000000
No response yet.
Avast 5 is slated for this year. Hope these problems will be addessed by then.