Is a Web Guard a necessary layer of protection in your setup?

[Jack]

So i was reading http://malwaretips.com/Thread-Trend-Micro-Browser-Guard , and I was asking myself if a web guard is really need in a security configuration.

Why you should have a web guard :
- It will scan for iframes and exploits each web page.
- A company could block you from accessing know bad domains which have questionable content or downloads

Why you should ask yourself if a web guard it's need it or not :
- Can more or less slow down your browsing speed
- Can be ineffective when it comes to new malicious domains

What's your opinion on this subject? Do you have a web guard? Is it need it?
Do you think that the security companies are using this web guards more as publicity stunt ,basically black listing all the links available on sites like MDL just so they can look good when a test is performed ?

 

[jamescv7]

Yes a web guard component on my current AV was installed. (Windows XP SP3)

Most of the threats came from web as a vector and with web guard it could black easily without harming the system on run.

Well their duty is to blacklisted any latest URL that known to be malicious, likely not from one source list but from others too and from information received through their database.

Adding webguard component isn't a bad idea.

 

[Prorootect]

.
' Can be ineffective when it comes to new malicious domains' - then I think that web guard is bad (unnecessary) idea.

Personally I do not need a web guard because I'm confident in my IE browser security features .. they improve with time, I see - Thanks M$. But mostly I have confidence in myself - I do not click anywhere, I'm not going anywhere on the web.

 

[HeffeD]

I don't think a web guard is necessary if you have a HIPS, or a behavior blocker. Something that doesn't rely on signatures. It's also unnecessary if you sandbox your browser.

If you don't have any of these products, then yes, a web guard is probably useful.

Some may say that it adds another layer of protection to your setup even if you are using the products above, which is true, but I personally don't feel the reduced internet performance justifies its usage.

Companies like Symantec however, are so convinced such a thing is necessary, that they are tailoring their security suite towards it, at the expense of their file detection capabilities.

 

[darkelixa]

Prevention is better than cure! Nuff said

 

[MetalShaun]

Nope. Not needed. Something like Malwarebytes IP Blocker is a good idea, but a scanner that just scans http traffic is a waste of resources.

 

[McLovin]

I think that it is necessary because it's another layer of security for you and your kids (if you have any). I would like to be protected when surfing the net instead of relying on your HIPS and your antivirus. Just like having a PIN for your credit card so that you can do shopping online and you forget your PIN and to recover it you use a secret question.

Trend Micro's web guard is excellent. Love it. Blocks websites that even I don't count as dangerous.

 

[Ayanami]

Thinnk about drive-by download ,exploit kit... Why not ?

 

[Gnosis]

I run Threatfire AV at level 5, so I don't believe I will be fooling with that. I use Sandboxie more than 50% of the time as well.

 

[Ramblin]

I think people that rely on antiviruses should use it if available with their AV. If I was using an antivirus, I would. When I have tried webguards, none has slowed me down enough to make speed a factor on making the decision on whether to use one or not.

Something like Trend Micros webguard (as part of the AV) is great, others are not that good when I checked them out. Probably, TM browser guard is a great tool for people that use IE. If I used IE and did not use SBIE, I probably would be using it.

Hey Zou, running SBIE 50% of the time, doesn't cut it. .....picking what sites or programs are "suspicious" in order to run them sandboxed is not like going to the country side to do some cherry picking..... just my opinion my friend, SBIE will really help you ONLY if you use it all the time. Part of the time is not good enough, mights well not use it and use something else.

Bo

 

[malbky]

I think a web gaurd is needed as a defense. What gives a niche to the webgaurd is that the web gaurd can flag threats and prevent loading threats at the website level while the antivirus and hips components usually will detect it when the threat lands on your pc. Now another point is that if you have a full blown security software you already have a web antiviurs which scans your http traffic.
The only real advantage I can see with an external Web guard plugin is that it puts ticks around safe links in searches. Most of the suites like AVG, Kasperskyy and Avast and TrendMicro come bundled with a webRep plugin. Secondly it is totally false that 0 day domains are not effectively caught by web gaurds. Trend Micro does catch them and as far as I can tell they have one of the best Web Filters out there. Even traffic light has more than decent protection. I cannot find any slowdowns during my web surfing using traffic light. Now its user choice. For a novice its always better to have a webgaurd but someone who has techknowledge2.0 and commonsense 2012 web gaurd is not a compulsion.

 

[Gnosis]

Hey Zou, running SBIE 50% of the time, doesn't cut it.

LOL. I like the way you put the rest of that statement.

I only use Sandboxie if I am in unfamiliar territory or doing general surfing. If I am on one of my favorite 20 or 25 sites, such as michealsavage.com, weather.com, etc., I don't utilize it. On the other hand, if I am surfing the web for news, photos, or general information on how to do something (basically clicking on one foreign link after another via search engine), I use it religiously.

Nonetheless, your educated opinions, and guesses are always appreciated.

picking what sites or programs are "suspicious" in order to run them sandboxed is not like going to the country side to do some cherry picking

I get it. I really do. Malware is everywhere, but I use Sandboxie with calculated risks in mind. Where the risk is much lower, such as on sites I frequent and trust much more than random sites, I don't want the tediousness of multiple steps to extract a download, and I let Threatfire level 5 be the watch dog. But when I go hypersonic in web hyperspace and know I will be making hundreds or thousands of foreign clicks with much more speed and frequency than caution, that is when I require Sandboxie's amazing assistance.

Once again, for people that are not extremely experienced users, my methods are highly unorthodox and could be catastrophic, so close your eyes when you see me talking about my lean security setup and related personal opinions and educated guesses.

Furthermore, Sandboxie allows me to not have huge volumes of security add-ons and piles of real-time security programs, which is my primary goal in computing, second only to malware prevention--A VERY CLOSE SECOND.

If it makes you feel any better, I am using Opera to access malwaretips.com with lone protection of Threatfire AV, but I am utilizing a proxied and sandboxed Firefox for the rest of my surfing, as we speak.

 

[Ramblin]

LOL. I like the way you put the rest of that statement.

I knew you like it.

I don't want the tediousness of multiple steps to extract a downloads

Personally, I prefer to choose if and when I recover a download to my real system but for people that don't want it that way, like you, you can set SBIE downloads to bypass Sandboxie and to be downloaded without having to recover.

Enable Direct file access to the folder that you use for downloads and you wont have to do any recovery. Try it out, here is how you set it up.

Sandbox settings> Resource access> File access> Direct access>

...and choose the folder that you use for downloads. Zou, you can set SBIE the way that you want it.

Bo

 

[Gnosis]

Excellent. That is good information. I am going to try it out.

 

[Ramblin]

I think you are going to like it.

Using direct access works better when you force your download folder to open in its own sandbox. That can only be done in the registered version but in the free version you can use a sandboxed Windows Explorer to navigate to the download.

Either way works great and you will keep using SBIE even though your download has been recovered. Personally, I don't see any good reason to stop using SBIE....just because the file has been recovered.

Bo

 

[Gnosis]

Sandboxie is "good stuff". If you would have told me a year ago that I would be using Threatfire AV at level 5 with Sandboxie, and no other real-time security, I doubt I would have believed it. I like where my real-time security has evolved to. That said, if things did go haywire due to infections, I have a ton of on-demand and bootable scanners that are even nastier than the malware that is out there.

 

[Littlebits]

I currently use Avast Web Shield because it doesn't appear to slow down web applications but in the past I didn't use any web guard protection because it use to slow down web applications. I probably could get by just fine without it since I never get infections thanks to my knowledge to known what not to do to put myself at risk.

Benefits of web protection:
* Can block many threats before they load in your web application (best for novice users who put themselves at risk)
* adds an extra layer of security

Disadvantages:
* many will slow down web applications
* sometimes have false positives that block safe sites
* are NOT very effective at blocking rogueware (especially most zero-day)

Thanks.

 

[woomera]

yes i do:
-Emsisoft Anti-Malware which has web blocking feature
-Panda URL Filtering
-Bitdefender trafficlight

i do think its needed, in fact if you are doing alot of browsing i think its the main security feature.
me personally i barely get any flash drive from friends and family so im not worried about getting infected with those and for that i could just use an on-demand scanner and disable auto-runs but when it comes to internet browsing i rather the phishing/scamming websites gets blocked completely rather than wait for it to load its files then AV blocks it.

 

[Gnosis]

To each their own. Everyone has to do what they feel is best for them based on a plethora of expert advice. Avast (and it's guard, I'm sure) is a great defender. If your security is keeping you from getting infected, and you are happy with the overall performance of your system, good for you.

 

[Overkill]

I always use a web filter or two or 3 lol, like darkelixa said..."Prevention is better than cure! Nuff said" I agree totally so let me list what I'm using...
none of these slow me down and it may be overkill but i'm ok with that

wot - all browsers
opendns
EAM (surf protection) hp hosts
mvps hosts,hp adservers,peter lowe's list and cameleon in hostsman
k9 web protection

edit: forgot to mention admuncher and adblock