Jump to content

How does ESET check URLs - online or offline ?


Recommended Posts

How does ESET's web access protection & antiphishing protection check the URLs the user visits?

 

Is this done online (i.e. all visited URLs are transmitted to one of ESET's servers)

or offline (i.e. the URLs are just compared with the offline virus databases).

 

Does it make a difference whether LiveGrid is enabled or not ?

 

Offline comparison would be similar to what Firefox does (it downloads a list of

malicious URLs and then compares the URLs you visit with its offline list).

 

 

Take a look here:

hxxp://blog.emsisoft.com/2015/05/10/emsisoft-anti-malware-emsisoft-internet-security-10-available-2/

 

They claim:

"9 out of 11 well known antivirus/anti-malware products track and submit all your visited websites to some far-away server [...]"

 

which is of course a rather bold claim and i hope that this can be dismissed as "marketing" ;)

 

So, what about ESET :huh::rolleyes:

 

Thank you and cheers

Raynor

Edited by raynor
Link to post
Share on other sites
  • Administrators

1, URLs are checked both online and offline, if needed.

2, Having LiveGrid enabled makes a difference. As of version 9, disabling LiveGrid will turn protection status red.

Link to post
Share on other sites

1, URLs are checked both online and offline, if needed.

 

Thank you for your reply.

 

Could you please elaborate a bit on what you mean by "if needed"?

 

Does that mean that URLs are usually checked offline against the virus databases

and then, ONLY if something looks suspicious, are checked online in addition?

 

Or does that mean that all URLs are ALWAYS chekced offline AND online?

 

Thanks again!

Raynor

Link to post
Share on other sites
  • Administrators

Any url you open in a browser is checked online. During an on-demand scan of files on a disk the offline url blacklist is used.

Link to post
Share on other sites

Oughh... :blink:

Not that pretty.

 

Is the URL at least hashed before it's checked online? (If so what hashing algorithm is used?)

And maybe much more important: Is this check done via HTTPS?

 

And the thing with offline scan is confusing: So if you scan the disk offline you can only can find some URLs in browser histories or as (very rarely used) .url or .lnk files. What else with URLs could you find?

So if you find a malicious URL in the browser history - what do you do with it? Delete it? :lol:

And what is much more interesting: If you already have the offline database why don't just use it for all checks?

 

BTW this only affects the detection of malicious URLs, doesn't it? Because the phishing database is updated every 15 minutes and is used offline?

 

And another strange thing: If the check would be done instantly online why do you even need VSD updates before you e.g. unblock a false positive website?

Edited by rugk
Link to post
Share on other sites
  • 3 weeks later...
  • Administrators

1, The communication with ESET's LiveGrid servers is secured.

2, Browser's history is not checked.

3, The offline database does not contain most current data. Otherwise a huge amount of data would have to be downloaded every while.  It makes no sense to use it for everything, especially when it comes to email and web protection.

 

We won't disclose internal information of how our security program works for obvious reasons so not all questions may be answered at times.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...