How to Block the New Drive-by Exploits

id be interested.right now have the 0.09.5.1000 version.

 

oops I think that's a dead one.

 

here

 

did you get it, aldan?

 

just saw it now.will let you know how it goes.thanks.

 

yeah, i was going to remove that link when you have it.

 

got it up and running thanks very much.Al

 

have a happy. I have set my Avast to Hardened mode aggressive and it doesn't use that little deepscreen sandbox. it don't let anything through that is not on the webrep whitelist.

nite, nite

 

domo arigato mr roboto.

 

I am guessing the scrip filter has a web crawler that looks for infected web pages then adds it to the naughty list. If the page is clean the next time it is scanned it comes off to list. As you change pages/sites the filter checks the list before allowing you to open it. Most sites I visit are fairly secure. They may get infected but will be discovered and dealt with in 24 hrs. Many web hosts guarantee malware scans within 24 hrs. so even small timers can get that level of security.

I wonder how long a crawler's cycle is. If it is 12 hrs or less that is pretty safe. If it is 48 hrs that isn't all that safe.

 

It's very hard to tell with a lot of cloud going on these days. As you probably know, I do a lot of playing with zero/day infections and am seeing the time factor being reduced more each day. I can't believe that the filter itself has a crawler but with the almost instant cloud update from the crawlers I am thinking that the most likely method is just reversed from when it was a signature list being updated. It would appear that the updates contain a "white" list and anything that don't fit that gets thrown out. The signatures are the "black" list for the removal of anything that slips through and can be a little later than the first batch and then with good heuristics and behavioral coming into play it's a win win.