Monday, July 23, 2012

Food for Thought: Does locally installed antivirus solves your website problems?

If you are a website owner that knows nothing about network and security; this post is for you! In this post we would describe briefly classical security vulnerability and observe the difference between local and external antivirus scanning.

How does a web-server works for us?

When you type the following url on your browser address bar,
 few things happens just before you see the text and images.
  • The browser connect to and “say”: “hey: can I have /articles/cooking” 
  • server “looks” (mostly in a database) and reads all the cooking articles  
  • then the server wraps up all the information in a browser native language (yap! that’s HTML)  
  • sends to the browser

Let’s say a users wish to post a comment.
  • The browser connect to and “say”: “hey: Can you store “THE VISITOR COMMET” under /articles/cooking”
  • server stores the comment in the database and tag it under cooking articles
  • then the server wraps the page content in HTML
  • sends it to the browser. 
So far everything looks fine and normal, so what is the problem?

What if the comment a user just posted to /articles/cooking looks like that: **********************************************************************************
 “I just found another article using a completely different approach bla bla…… Take a look at“ ← malicious site ********************************************************************************** 

 So the comment is now stored in the database and your local antivirus should detect it, right?
Well, probably not, there are plenty of databases out there with different formats that your local antivirus cannot read, also the comment might be stored encrypted to prevent local antivirus detecting it.

That’s the magic of external antivirus scanning, it sees your website exactly the same way as your users do (like opening the website on a browser), it doesn’t matter anymore where and how the comment is stored in the database, if it out there on your website the external antivirus will detect it. Simple yes, but it works like a charm :-)

No comments:

Post a Comment