Internet Explorer as an antivirus app
Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Internet Explorer as an antivirus app

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242

    Internet Explorer as an antivirus app

    Strange as it sounds, one of the best antivirus apps on any given Windows PC is...Internet Explorer.

    That's right: Internet Explorer.

    I've worked as a field tech over the last few years. I learned early on what a time killer it can be updating someone's AV client. Or replacing it. Brand name AV apps can be a big headache. Sometimes you need a special file just to remove them. You can lose some real time there. So I just by-pass them now and go straight to IE.

    The much-maligned (deservedly so) ActiveX technology, embedded in Windows and Internet Explorer, has one redeeming feature. It enables a user to scan their computer for viruses from a number of commercial AV sites. Some popular ones are Trendmicro and Panda. There's dozens out there, including spyware scanners. Most are reputable, though I'm leary of some spyware scanners. But our focus here is viruses and, by and large, these sites are great. In fact, the good online AV scans will find spyware too.

    My personal favorite is Panda's online scan. For others, it's Trendmicro. Norton, McAfee, I believe they have online scans available, too. RAV had an absolutely great scanner until Microsoft bought them out and shut it down. These scanners, in fact, rival any of the AV clients for finding viruses. But don't count on them to remove much of anything. That's OK though.

    Finding viruses is one step, removing them is another. Don't worry, there's a slew of great removal tools. Norton's tools rank among the best. I've got a thumbdrive (usb drive) full of them. F-Secure and other outfits offer them too. These small exe's are only designed to remove a specific virus. They aren't going to find or remove anything else. You'll find readme's with these AV tools, so RTFM! Pay attention.

    The one requirement for running these online AV scans is that ActiveX must be enabled in Internet Explorer. Being the default setting from Microsoft, this is seldom a problem. Any user advanced enough to disable ActiveX and tweak Windows' security settings probably isn't going to need a technician anyway. With XP's service pack 2, you are going to be prompted to install an ActiveX applet. No applet, no scan.

    Also note these online scans aren't going to typically work using Firefox, even with their ActiveX plug-in. All of the ones I ever tried required IE. Once in a while, the online scans will generate false positives, so you want to do your homework and google file names if need be.

    Happy Hunting (again)!

    p.s. -- let me add, IE as an AV app is no substitute for an updated AV client on your PC. It's a great supplemental tool and very useful in the field.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #2
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    I would just like to add that trendmicro's online scan works with Firefox (it uses a Java plug-in). Anyway like brokencrow said USE IE as a secondary backup and not as your first line of defense for viruses.

    I have no idea how good panda is I have never tried it. But I would seriously like users to take a look at http://safety.live.com/site/en-US/default.htm (Its by microsoft, so it only works with IE). The virus scanner is great I have scanned with trendmicro and Symantec before I went to this site and it still found viruses on my PC (although only one's that affect mobile phones, ESP series 60 and 80) but I think this is still help full because I have heard that mobile viruses also double up as Trojans on PC but I don't remember where I head it.


    Anyway brokencrow and excellent work mate online scanners are always the best backup's.

    Thanks mate.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #3
    Anyway like brokencrow said USE IE as a secondary backup and not as your first line of defense for viruses.
    Your first line of defense should be local security policies and service restrictions.

    No matter what anybody tells you, AV's are a "reactive" technology. If they find something, it means you have already been compromised. You need to prevent this.

  4. #4
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    while synja has a valid point, I like your discovery, brokencrow. It is somewhat fast and practical. However, I don't think that I would bet my life on it because of the Active X. I have had a bad experience from Active X malware.
    there's always a way in...

  5. #5
    I have had a bad experience from Active X malware.
    Now... shall I quote myself?

    Your first line of defense should be local security policies and service restrictions.
    This means locking down scripting services on your machine as well. And not just ActiveX, but also VBS, JS, Perl if you have it, etc...



    Antivirus software does not *defend* you from anything. It merely cleans up the effects fo poor security.

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    I enjoyed reading your post, and the information you present in it. But without a doubt, Synja is 200% (feel free to add as many 0's as you wish) correct.

    You need to keep in mind that there are quite a few malware out there in the wild that alter Active X settings, and some actually disable the ability to use the online scanners via redirects. I have had several users bring notebooks to me (not company ownered, personal) that have been so infected that the ability to get to trendmicro or panda has been impossible. In some cases, I have found that the service for the local AV has been disable in the registery.

    And while updating AV software, or installing it if it isnt even there, can be a headache (I guess... never thought of it as a problem) it has a benefit the online scanners don't. IT can handle real time detection, and the online versions can't. Nothing in the online scanners will prevent reinfection.

    Just tidbits to keep in mind...
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  7. #7
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    I totally agree with you synja. I was just amused by brokencrow's method.


    by the way, I want to add, say, five zeros.....
    Originally posted here by MrCoffee
    I enjoyed reading your post, and the information you present in it. But without a doubt, Synja is 200% (feel free to add as many 0's as you wish) correct.
    there's always a way in...

  8. #8
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Antivirus software does not *defend* you from anything. It merely cleans up the effects fo poor security
    Have to disagree with that one, a properly updated Anti Virus Software will stop "known" malware from getting onto your machine, Trend Micro Internet 2005 has a very useful internet lockdown when encountering java byte type trojans, or in the "wild" types, and while you are correct that these programs do for the most part catch the malware after the machine has been infected, it is still down to the user to properly update all definitions/patterns/patches that are available, as most reputable vendors will try to get the updates out as fast as possible..this includes windows security patches for IE....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  9. #9
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Properly configured and updated, Antivirus software can also catch "known" maleware in e-mails, before they infect a computer, even if the computer has a vulnerability still left unpatched.

    Properly locking down a computer helps with the "unknown" that the AV missed because, well, it is unknown to it.
    And the rate at which these things are coming out and being mutated, there are a lot of "unknowns" out there.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  10. #10
    Have to disagree with that one, a properly updated Anti Virus Software will stop "known" malware from getting onto your machine, Trend Micro Internet 2005 has a very useful internet lockdown when encountering java byte type trojans, or in the "wild" types, and while you are correct that these programs do for the most part catch the malware after the machine has been infected, it is still down to the user to properly update all definitions/patterns/patches that are available, as most reputable vendors will try to get the updates out as fast as possible..this includes windows security patches for IE....
    Ugh... malware getting to any place that a AV scanner can see it means you need to harden your machine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •