Internet Security

Web Anti-Virus

Whenever you use the Internet, the information stored on your computer becomes subject to the risk of infection from dangerous programs. These can infiltrate your computer while you are downloading free software, or browsing known safe websites, which have been subject to hacker attacks before you have gone on them. Moreover, network worms can penetrate your computer before you open a webpage or download a file just because your computer is connected to the Internet.

The Web Anti-Virus component is designed to ensure security while using the Internet. It protects your computer against data coming in via the HTTP and HTTPS protocols, and also prevents dangerous scripts from being executed on the computer.

Web protection monitors the data stream that passes only through the ports included in the monitored port list. A list of ports that are most commonly used for data transfer is included in the Kaspersky Internet Security installation package. If you use any ports that are not included in this list, add them into the list of monitored ports to ensure protection of data streams being directed via them.

A collection of settings called the security level, determines how data stream will be scanned. If Web Anti-Virus detects a threat, it will perform the assigned action.

Kaspersky Lab advises you not to configure Web Anti-Virus settings on your own. In most cases, it is enough to select an appropriate security level.

Component operation algorithm

Web Anti-Virus protects the data reaching your computer and transferred from it over HTTP and HTTPS, and prevents hazardous scripts from running on the computer. By default, scanning is disabled for secure connections (via HTTPS), you can enable and configure it.

Data is protected using the following algorithm:

1. Each web page or file that is accessed by the user or an application via the HTTP or HTTPS protocols, is intercepted and analyzed for malicious code by Web Anti-Virus. Malicious objects are detected using both Kaspersky Internet Security databases and the heuristic algorithm. The database contains descriptions of all the malicious programs known to date and methods for neutralizing them. The heuristic algorithm can detect new viruses that have not yet been entered in the database.

   Threat detection technology for threats that cannot be detected using Anti-Virus databases. It allows detecting objects suspected of being infected with an unknown virus or a new modification of known viruses.

   The use of a heuristic analyzer detects up to 92% of threats. This mechanism is fairly effective and very rarely leads to false positives.

   Files detected by the heuristic analyzer are considered suspicious.

   Databases created by Kaspersky Lab’s experts and containing a detailed description of all current threats to computer security as well as methods used for their detection and disinfection. These databases are constantly updated by Kaspersky Lab as new threats appear. In order to achieve a higher quality of threat detection we recommend that you copy databases from Kaspersky Lab’s update servers on a regular basis.

2. After the analysis, you have the following courses of action available:
   • If a web page or an object accessed by the user contains malicious code, access to them is blocked. A notification is displayed that the object or page being requested is infected.
   • If the file or web page does not contain malicious code, the program immediately grants the user access to it.

Scripts are scanned according to the following algorithm:

1. Each script run is intercepted by Web Anti-Virus and is analyzed for malicious code.
2. If the script contains malicious code, Web Anti-Virus blocks this script and informs the user of it with a special pop-up message.
3. If no malicious code is discovered in the script, it is run.

Web Anti-Virus intercepts only scripts using the Microsoft Windows Script Host functionality.