Not happy with Online Armor

[Albinoni]

Lat year I decided to renew my Online Armor subscription for another 1 year and to say the least I am not at all happy with this FW at all, infact its one of the worse FW's I have ever used in my entire life and to me it seems the previous verison or when I tried it the first time going back 2 years ago it was not a bad program at all.

What annoys me the most about this program is when ever I install a software the numerous amount of times it pops up asking me eg to Block/Remember etc, this is that small box hat pops up and asks if I want to block or remember, install, run safer etc etc and this tends to get very annoying half the time.

3 weeks ago I bought MS Office and installed it and on a serious note it took me almost 45 mins prob more to install it, was very annoying indeed. Online Armor simply kept popping up every 5 secs asking me if I want to Remember or Block this and that and the list goes on and on, seriously I should of becomed my own firewall if Online Armor cannot think for itself and needs the user to do the thinking for it.

Anyhow once my expiry is up I wont be returning to OA unless OA can prove itself to be good. Infact I am on the verge to uninstall it soon and go for another good or free FW that does the job just as good.

Any reccomendations

[umbrapolaris]

It is the HIPS that ask you so many questions, and effectively it ask a lot. You can reduce the number of popups in the settings or just disable the HIPS but you will loose the main feature of OAP.

Try install mode. OA can detect installers, and should give you the choice of allowing whatever a specific installer unpacks.

(And yes, HIPS are a pain. Especially if you're doing any kind of compiling or software development.)

[ichito]

Quote:

Originally Posted by Albinoni

3 weeks ago I bought MS Office and installed it and on a serious note it took me almost 45 mins prob more to install it, was very annoying indeed. Online Armor simply kept popping up every 5 secs asking me

I think it can be so because new Office after installing becomes not only as some program but also as the part of the system. In this context installation of Office is a constant string of changes in system.
So...OA is effective because its function is to detect such changes

[Barthez]

Learning Mode can be enabled by pressing CTRL+ALT+L or by choosing appropriate option from OA tray menu:

Quote:

In Learning Mode, Online Armor monitors all programs to see how they behave and automatically creates rules to allow these behaviors. This will help to ensure that you do not encounter any pop-ups until you install new software or encounter potential attacks.

http://www.emsisoft.com/en/info/oa/LrnMode.shtml

Also, as others said, selecting Installer mode when installing could reduce number of pop-ups.

In Program → Options Automatically trust programs that Emsisoft deems trustworthy, In addition, automatically trust programs signed with valid digital signatures and Contact Anti-Malware Network in realtime should be checked if you want to see less pop-ups.

Above that, it's still a HIPS program (with firewall) so it's natural it can be a little chatty

[itman]

I recall that saying "Sometimes you are your worst ememy."

People today are paronoid over the recent press on bad digital signatures and the like. Worse a few promonant web sites have been recommending that people override their default HIPS firewall Trusted Publisher settings.

The result is constant complaints as presented in this thread.

Yes, digital certs. have been hacked. However, it is rare and the major certificate authorities are quick to issue revoked certificates for the rouges.

Again for the average non-tech PC user, running your HIPS firewall with it's default settings is strongly recommended.

If you insist on using "manual" control for your HIPS firewall, then become an expert in how it works. Comodo, OA, and Privatefirewall for a few all have detailed user manuals that clearly specify that when installing "trusted" software, the appropriate approach when running in manual HIPS mode is to select Installer\Learning\Training mode.

Finally, a degree of common sense is required. Everyone knows that MS Office is an extreme complex suite of software. An easy fail safe approach to install software like this is temporarily turn off the HIPS portion of the firewall.

[cruelsister]

Even suggesting that turning off part of a security program in in order to reduce popups validates Albinoni's complaint. When a program gets annoying to the point of wanting to disable it when it can be most needed points to a very flawed piece of software. A user that has to wade through a bunch of trivia often will not be alert to a warning that is actually meaningful.

A Security App that warns of everything detects nothing.

[fax]

Quote:

Originally Posted by itman

I recall that saying "Sometimes you are your worst ememy."

People today are paronoid over the recent press on bad digital signatures and the like. Worse a few promonant web sites have been recommending that people override their default HIPS firewall Trusted Publisher settings.

Again for the average non-tech PC user, running your HIPS firewall with it's default settings is strongly recommended...... HIPS portion of the firewall

Nice post, 100% agree

[Blues7]

Quote:

Originally Posted by itman

I recall that saying "Sometimes you are your worst ememy."

People today are paronoid over the recent press on bad digital signatures and the like. Worse a few promonant web sites have been recommending that people override their default HIPS firewall Trusted Publisher settings.

The result is constant complaints as presented in this thread.

Yes, digital certs. have been hacked. However, it is rare and the major certificate authorities are quick to issue revoked certificates for the rouges.

Again for the average non-tech PC user, running your HIPS firewall with it's default settings is strongly recommended.

If you insist on using "manual" control for your HIPS firewall, then become an expert in how it works. Comodo, OA, and Privatefirewall for a few all have detailed user manuals that clearly specify that when installing "trusted" software, the appropriate approach when running in manual HIPS mode is to select Installer\Learning\Training mode.

Finally, a degree of common sense is required. Everyone knows that MS Office is an extreme complex suite of software. An easy fail safe approach to install software like this is temporarily turn off the HIPS portion of the firewall.

That said, I did a little testing yesterday (for what it's worth) with Private Firewall with default configuration versus my manual configuration on the Comodo Leak Test and there was a 70 point difference (in favor of the manual configuration). I'm not an expert by any means but I am able to read and follow the user manual to make settings changes which do not require extensive knowledge of configuring the various firewall and HIPS settings for individual apps. The results were simple enough to achieve with "macro" type settings.
(I also realize that the CLT can give varying results when run multiple times, so one has to take the "mean" into consideration imho.)

And though I'm sure that default settings are fine in many cases, one thing I've read over the years from users of Outpost Pro Firewall, Comodo, Private Firewall and other firewalls is that the default settings can often be too permissive in their "allowing all" so as not to frustrate the neophyte.

Online Armor was the exception, as I recall, in being quite effective with just its default settings. Unfortunately, it no longer works well on my system due to an issue or issues I've never been able to discover.

[fax]

Quote:

Originally Posted by Blues7

... and there was a 70 point difference

70 points measured by ? A test I guess... A test is a test and can be far away from the reality out there and user configuration and/or habit.

[Blues7]

Quote:

Originally Posted by fax

70 points measured by ? A test I guess... A test is a test and can be far away from the reality out there and user configuration and/or habit.

I absolutely agree with you. (By the way I edited my post prior to reading yours and added that it was the Comodo Leak Test I was using.)

Fact is that I doubt anything is going to get through Sandboxie to begin with, and on the off chance it did, there's a good chance that the FW/HIPS or the behavior blocker of EAM (an Emsisoft product like Online Armor) or a signature from the AV or anti-malware would sound the alarm. But I was only reporting the score of the FW/HIPS alone.

[Baserk]

Quote:

Originally Posted by cruelsister

Even suggesting that turning off part of a security program in in order to reduce popups validates Albinoni's complaint. When a program gets annoying to the point of wanting to disable it when it can be most needed points to a very flawed piece of software. A user that has to wade through a bunch of trivia often will not be alert to a warning that is actually meaningful.

A Security App that warns of everything detects nothing.

I'd say that not using the quite obvious installer options offered by the program; 'Learning Mode' and 'Install Mode' shows either a lack of knowledge on the program (which had been used for more than a year) or an unwillingness to use these options.
Online Armor is(can be) extremely user-friendly if only you use the built-in options.
There is absolutely no need to torture yourself by ignoring these options when installing software.

[Blues7]

Quote:

Originally Posted by Blues7

That said, I did a little testing yesterday (for what it's worth) with Private Firewall with default configuration versus my manual configuration on the Comodo Leak Test and there was a 70 point difference (in favor of the manual configuration). I'm not an expert by any means but I am able to read and follow the user manual to make settings changes which do not require extensive knowledge of configuring the various firewall and HIPS settings for individual apps. The results were simple enough to achieve with "macro" type settings.
(I also realize that the CLT can give varying results when run multiple times, so one has to take the "mean" into consideration imho.)

And though I'm sure that default settings are fine in many cases, one thing I've read over the years from users of Outpost Pro Firewall, Comodo, Private Firewall and other firewalls is that the default settings can often be too permissive in their "allowing all" so as not to frustrate the neophyte.

Online Armor was the exception, as I recall, in being quite effective with just its default settings. Unfortunately, it no longer works well on my system due to an issue or issues I've never been able to discover.

Addendum

I just wanted to add some new results. I went back and retested PrivateFirewall in virtually every fashion I could...Default settings as they would be upon install...default settings with advanced options, default settings enhanced by moving sliders to highest protection...then the same with advanced options added...and finally with my own "custom" settings.

Well, today's results were pretty consistent...I could get 300 out of 330 in virtually each configuration.
(I made sure to remove any "memory" of the test in the firewall/process monitor settings before each instance of running CLT.)

So, I made a liar out of myself but the truth needed to be told...

My understanding is that Online Armor will max out the test in default configuration without any user elected options but it's been a while since I've had it installed due to the issues I alluded to.

Going to stand in the corner now...

[Blues7]

Quote:

Originally Posted by cruelsister

Even suggesting that turning off part of a security program in in order to reduce popups validates Albinoni's complaint. When a program gets annoying to the point of wanting to disable it when it can be most needed points to a very flawed piece of software. A user that has to wade through a bunch of trivia often will not be alert to a warning that is actually meaningful.

A Security App that warns of everything detects nothing.

Interesting you say this, because it was during this past week's Microsoft security updates that Comodo drove me insane. All of the updates save one (the MS framework updates) were handled without issue...but Comodo kept on wanting to sandbox (as an unrecognized/unknown app) the uddate for that particular item.

It drove me nuts as no matter how fast I clicked "do not sandbox in future" it kept crippling the next attempt to install.

Finally, I removed Comodo, reinstalled PF and when the update notice came around again it was able to be managed with no drama whatsoever by answering the prompts that PF raised.

I realize that each app has its own pluses and minuses but even Comodo is not without its warts in this regard.

When I ran OA, I don't remember having any difficulties allowing a new app to install as long as the prompts were answered during the process.

This is a timely and interesting discussion...I'm glad it's been raised.

[umbrapolaris]

I didnt have this issue with CIS and the latest Windows updates, did you uncheck some options like "automatically trust files from trusted installers" or "create rules for safe applications" ?

[Scoobs72]

Albinoni, what version of Online Armor are you running? This MS Office problem was meant to be fixed in 5.5.0.1557.

[Blues7]

Quote:

Originally Posted by umbrapolaris

I didnt have this issue with CIS and the latest Windows updates, did you uncheck some options like "automatically trust files from trusted installers" or "create rules for safe applications" ?

Yes, "automatically trust all files from trusted installers" was unchecked (based upon the recommendation in the past from someone far more experienced with Comodo than me.)

"Create rules for safe applications" was off by default in D+.

But if it was a safe or trusted app or installer, I don't know why Comodo would be indicating that it wanted to sandbox it as "unknown". I guess if I had that setting, once I told Comodo that I trusted the installer, it wouldn't have popped up again blocking multiple attempts to run the update.

I don't doubt that some lack of familiarity or expertise on my part may have prevented my finding a quick solution to the issue but the fact remains that once it was quite frustrating and with PF the solution was as simple as answering the pop-ups and proceeding with the install. I hadn't had this problem with installing apps with Comodo in the past.

[blasev]

I'm not a fan of HIPS, but.. Aren't popup alert are the main reason to buy it?
As far as I know, all hips fans are excited with robust and complete protection for every minor detail.

If one person hate too much pop up, I think they should keep away fom it, just like I do

[zip]

I've tried a zillion fw's , but I always came back to ZoneAlarm.

[paniccom]

How are these I/O Read Bytes and Peak Memory Usage numbers compared to other firewalls? Running XP SP3. Seem high, but running smooth, so just wondering if anything unusual here.

[King Grub]

How long is the system up-time?

[Manny Carvalho]

Quote:

Originally Posted by cruelsister

Even suggesting that turning off part of a security program in in order to reduce popups validates Albinoni's complaint. When a program gets annoying to the point of wanting to disable it when it can be most needed points to a very flawed piece of software. A user that has to wade through a bunch of trivia often will not be alert to a warning that is actually meaningful.

A Security App that warns of everything detects nothing.

Installing software and running in a production environment are two different things. Installing software from a trusted source poses no threat unless the copy of the code was obtained from a dodgy source.

It's not that HIPS is at fault, it's only doing what you asked it to and shouldn't be viewed as flawed software. This happens with all HIPS software so unless you consider the concept flawed then this is what you paid your money for. That is for the HIPS program to intercept calls that might be considered malicious and that's just what it's doing. All those prompts are meaningful.

The problem here is that those call are also used by "good software" and only the user can really tell whether it's good or not. The HIPS software is just noting the intercepts. When installing good software why then would you subject yourself to unnecessary prompts? Either turn it off the features or use the auto learning. If a user insists on doing installs manually with full protection on, this is exactly what one should expect. It's the nature of the beast.

I happen to be an Outpost user and see the same thing. This is more of learn what your firewall can do as opposed to complaining about prompts. One has to know how to separate the trivia from the useful. There's no real way around it regardless of how much can get done without user intervention.

[paniccom]

Quote:

Originally Posted by King Grub

How long is the system up-time?

About half an hour or so after a restart. Not using PC heavy, just a little browsing (Firefox).

[zip]

Quote:

Originally Posted by zip

I've tried a zillion fw's , but I always came back to ZoneAlarm.

I'm now running OA Free, emisoft has worked the bugs out of OA Free.

I don't miss ZA. OA Free works great.

I liked Outpost Free, but it's full of bugs.

From what I hear, Agnitum isn't interested in fixing the bugs in Outpost Free.

[paniccom]

How are your I/O Read Bytes, zip? (See my post #20 above). I agree OA Free works great, I just never saw such high numbers (later on went to 18 billion+ before I restarted again.)