Clarification of Web shield settings

[olddog]

When you open the Web shield dialogue, there is a tick box entitled "Scan Web (HTTP) traffic"
The help file says:

"Scan Web (HTTP) traffic - this checkbox turns on/off the web scanning feature (URL blocking is not affected). This is always on by default, but if you do not want or need your web browsing activity to be scanned, you can turn it off here."


If you open the Web shield Expert Settings, there are two more tick boxes. The first of these is entitled ""Enable Web Scanning"
The help files says:

"Web scanning - this box is checked by default. By unchecking this box, you can turn off the web scanning feature without affecting the URL blocking, which will remain active".


My first question is "What is the difference in action between these two tick boxes? If there is no difference as suggest by the help files, why have two individual settings?".

The second tick box on the expert settings page is entitled "Use intelligent stream scanning".
The help file says:

"Use intelligent stream scanning - this is also checked by default. When checked, files that are downloaded are scanned in real-time i.e. during the actual download process. The packets of data are scanned as soon as they arrive - and the next ones are downloaded only when the previous packets have been verified to be infection-free. If this feature is disabled, by unchecking the box, the whole file will be downloaded to a temporary folder first and then scanned."


My question is "Does intelligent stream scanning only apply when files are being downloaded?.

[DavidR]

Well I would say that there is something wrong with both statements, since version 5 'doesn't have URL blocking' in the web shield. That has been removed and is only in the AIS firewall module.

Everything that comes down is a file of sorts as you browse or download using HTTP on port 80 (as that is what is being monitored), .http, .jpg, .js (javascript) files, etc. make up a web page; then you have any file that you download, .exe, .zip, etc. So as you see they are all effectively files. There are protocol commands which travel in both directions which aren't files but commands to carry out what it is that you are doing, browsing, downloading, etc.

The only difference is that a file in a lot of instances is greater than the maximum packet size so it is broken down into packets of data which will be joined together at the end of that process. So the choice is to check the packets as they are downloaded or wait until all the packets are downloaded and the file is complete before scanning. Personally the Intelligent streme scanning is the better option.

[olddog]

Well I would say that there is something wrong with both statements, since version 5 'doesn't have URL blocking' in the web shield. That has been removed and is only in the AIS firewall module.

Hi David,
Thanks for your response. If version 5 doesn't have URL blocking in the web shield as you say, and if it is only provided in the AIS firewall module, then the free Avast 5 Home version would not have this form of protection at all and the two statements from the help file I quoted become unfortunately quite misleading, as they may lead users to disable URL blocking in other software on the basis that it exists in the Avast Home version.

It still leaves the question of why there is a tick box for "Enable Web Scanning" in the expert settings as well as the tick box for "Scan Web (HTTP) traffic" in the basic settings, when they both appear from the explanations in the help file to do the same thing.
 

[olddog]

Well I would say that there is something wrong with both statements, since version 5 'doesn't have URL blocking' in the web shield. That has been removed and is only in the AIS firewall module.

David,
Just to further complicate the issue, the following is from the Avast download page for Avast Free Antivirus - Technology Tab at http://www.avast.com/free-antivirus-download#tab2

It says the the URL blocking is part of the Network Shield.

Network Shield

Provides protection against network-based viruses. The module has two main components: a URL blocker, designed to block malicious URLs (as defined by the Virus Lab), and a lightweight intrusion-detection system.

[DavidR]

URL Blocking really wasn't a great feature in the 4.8 web shield and certainly not one that I would consider additional protection. By the time you find out about a site that you may want to block it may be too late.

In the network shield either as there is no user configuration in the network shield other than disabling it completely, image1. The network shield has two tasks, to monitor common exploit ports used by worms, etc. and it maintains a list of known malicious sites (via the virus database updates, which you have no input in adding to the list or excluding from the list), if you or another process tried to access one of the sites then it is blocked and an alert made.

So the URL Blocking mentioned about the network shield on the download page is nothing like what was in the old web shield nor what is in the firewall element, as it isn't user configurable.

[Hermite15]

the network shield also refers to a black list, so URL blocking could be relevant when applied to it...remains to know what they refer to in the web shield help files, the network shield, or the AIS feature, previously part of the web shield in Avast 4...one being related to detected web threats + a black list, the other one being just a sort of parental control.

 Anyway, un-ticking "enable web scanning" (expert settings) and "scan web traffic" (basic settings) is the same (one single function there); it just stops the web shield (without deactivating the module, but making it completely idle anyway).
 As to the "URL blocking" reference in the help files, it shouldn't be there, it's completely irrelevant.

[miscreant]

Does scan all files really need to be used in web scanner expert settings?.If not, is there a list of extensions that can be used instead?.There is an option to put in the relevant extensions, however i wouldnt know what to put in there.Isnt there a recommended list that can be copied there?
m

[Hermite15]

Does scan all files really need to be used in web scanner expert settings?.If not, is there a list of extensions that can be used instead?.There is an option to put in the relevant extensions, however i wouldnt know what to put in there.Isnt there a recommended list that can be copied there?
m

there's already a default exclusion list with a few items, runs fine like that (ie all the rest is scanned)

[miscreant]

Theres nothing showing in the extension list box on W7 64 bit .Is this normal?.I would have assumed that the default list would show there?
tia
m

[olddog]

Theres nothing showing in the extension list box on W7 64 bit .Is this normal?.I would have assumed that the default list would show there?
tia
m

Look under Webshield ->Expert Settings->Exclusions.

[miscreant]

I only see 4 entries there..and they are excluded from web scanning.Shouldnt the  extension list box actually show a list of extensions ( the default list?) that web scanner will scan?Or is that box always empty and only shows manually added extensions?
tia
m

[olddog]

David, Logos,

I agree that the way you have described it is the way it would appearto be, however it is not normal practice to both unnecessarily duplicate a setting in the same area, and also make the help file statement for the two tickboxes so ambiguous, so perhaps Awil had a different concept in mind.

Whilst there will always be differing views about the pros and cons of URL blocking, perhaps one feature that should have been included in whatever module it is in is the provision to turn it off

[olddog]

I only see 4 entries there..and they are excluded from web scanning.Shouldnt the  extension list box actually show a list of extensions ( the default list?) that web scanner will scan?Or is that box always empty and only shows manually added extensions?

miscreant,

On Webshield->Expert Settings->Web scanning, the default is to scan All files (other than items that have been excluded on Webshield->Expert Settings->Exclusions)

If you chose to Not scan all files, then it will not scan ANY that you haven't specified. Which puts the onus of getting that right completely on your shoulders. So there are two options, scan ONLY the files that you specify, or scan ALL of the files EXCEPT the ones you specify.