I asked a more general question on this over on Wilders forums but I have more specific question on Webshield functions when using SSL connection. Specifically on identifying driveby downloads etc.
On HTTPS connections such as with banking, shopping etc. it will check for phishing but obviously cannot check the HTTPS stream. Is this also true when using SSL tunneling such as a VPN or SSL proxy (E.G. Zenamte addon for Chrome). So oddly am I more secure browsing unknown sites over HTTP, so the shields can see the traffic before it hits my browser? I would prefer to run a VPN permanenty (for privacy and wifi security) but want to understand if this adversly affects other layers of security.
Userlevel 7
There is a number of parts to the question but since you are talking about driveby downloads and banking related questions is more a client quesion. Any files that are dropped no matter if you are using a VPN/Proxy/HTTS will be analysed by the client (unless you a running some sort of sandbox enviroment). So for instance the Zeus/Citadel banking trojans are probably the most popular banking trojans will be mopped up by the client. I use a number of Chrome plugins myself (https everywhere,disconnect etc) and I havent had any issues with WSA.
That helps clarify and I am aware that the client is another layer that mops things up. I am more intrigued about whether I potentially get better protection from the web shield if it can read the HTTP stream and so analyse it before it hits the browser. My preference of keeping a VPN on all the time does provide privacy and MITM protection but any website data from comprimised sites would be fed into the browser unchecked. Obviously, either way, the web shield would still provide phishing & search protection and the other shields file system & identity protection.
It is a topic of interest rather as there is no problem with WSA and any SSL solution I use.
It is a topic of interest rather as there is no problem with WSA and any SSL solution I use.
Userlevel 7
I am not 100% on the Web shield but if the client can communicate with the browser session that web filtering should protect you. If you do a google search while on a VPN session and you get the little green checkboxes then it should be working. I am assuming that your VPN that you are connecting to is a secure/clean one too 🙂 None of this will effect the client and its other shields from work as you have already stated.
Yes, the search checkboxes, phishing etc. are fine through a VPN. I am more interested in protecting from driveby downloads once at a website.
Userlevel 7
What would you like to know?
- 70% of drive by`s are due to an iFrame exploits, 20-25 % percent Java exploits according to MS.
- So I would advise completely removing Java unless you need it
- Install adblock/no script if you want
- A visited site is scanned before its displayed and it goes through our database
- All files dropped by the browser will be scanned
- If they are known bad they wont even finish downloading let alone execute
- Unknown files will be monitored by the client
- If they are later classified bad the changes are rolled back
Very interesting list but I think I was little unclear in the question. How does using a VPN (or any SSL tunnel or connection) affect the ability of the web shield to do the items on your list?
For example, does the entry "A visited site is scanned before its displayed and it goes through our database" mean that the HTTP stream is scanned as it is transferred but before it is displayed (which could not be done over SSL) or that the shield scans the remote requested URL before retrieving it locally? I guess I am really asking if any of the web shield relies on scanning the HTTP stream (as many AV web shields work) then it is therefore inhibited by an SSL connection (outside of the browser with a VPN or with browser add-ons such as Zenmate proxy or HTTP Anywhere, I 'm not talking about native HTTPS connections within the browser for secure sites such as banking). If it is then I might think I am less protected from drivebys when using a external SSL connection.
Hope this makes sense, thanks for the useful info and looking forward to the big changes!
For example, does the entry "A visited site is scanned before its displayed and it goes through our database" mean that the HTTP stream is scanned as it is transferred but before it is displayed (which could not be done over SSL) or that the shield scans the remote requested URL before retrieving it locally? I guess I am really asking if any of the web shield relies on scanning the HTTP stream (as many AV web shields work) then it is therefore inhibited by an SSL connection (outside of the browser with a VPN or with browser add-ons such as Zenmate proxy or HTTP Anywhere, I 'm not talking about native HTTPS connections within the browser for secure sites such as banking). If it is then I might think I am less protected from drivebys when using a external SSL connection.
Hope this makes sense, thanks for the useful info and looking forward to the big changes!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.