"OSSS" (Online Solutions Security Suite) Beta is Out

[PaulBB]

"OSSS" (Online Solutions Security Suite) 0.8 Beta
http://www.online-solutions.ru/en/co...osss_scr01.png

Quote:

"OSSS" (Online Solutions Security Suite) is a complex protection software, that includes:

* Proactive Defense (OSPD) - new generation proactive defence system
* Personal Firewall (OSPF) - extremely powerful personal firewall

"OSSS" provides a complete computer protection against newest hacker attacks, malicious code and rootkits.

Quote:

The "OSPD" (Online Solutions Proactive Defense) proactive security system provides the integrity of software environment and blocks the activity of known and unknown malicious code in advance.

The security core comprises several technological approaches: HIPS, SandBox, AntiRootkit, AntiSpyware and an antivirus.

The "OSPD" system protects the user's computer from unknown viruses and "Trojan horses" using the advantages of the behavioral analysis technology, but is not limited to it. The behavioral method is based on the analysis of what specifically applications do in the system: some actions may be legitimate and harmless, but their combination in a certain sequence can explicitly point to malicious intentions.

Functional capabilities:

* The "OSPD" kernel is loaded before all other system drivers and takes control of the system from the very start.

* The combination of a behavioral analysis unit with an anti-virus core supporting heuristic analysis and supplied with a large signature base of modern viruses, network and email worms, trojan horses, adware, spyware, dialers and rootkits, allows you to prevent known (or similar to known) malicious code from appearing and being executed on the user's system.

* The solution interacts with the operating system on the lowest level. Malicious code can be hooked on several levels to prevent it from bypassing parts of the defense system.

* Permanent analysis of CPU tables and the structures of the OS kernel. Control of integrity of kernel-mode system modules. Suppression of low-level hooking attempts used in rootkits. Detection and prevention of kernel-mode code execution by undocumented methods.

* Monitoring of installation and usage of system services and drivers. Constant monitoring of process and system drivers hiding.

* Application rules and their flexible configuration options allow you to explicitly restrict the abilities of each program both in terms of interprocess communication and interaction with the operating system. You can create a new rule or a set of rules and assign them to any action. Interprocess communication is monitored and controlled in over 10 different aspects: access to the memory of another process, thread generation in the address space of another process, injection of a new dynamic library, etc.

See also >> integration with a firewall (full control over the system's network activity).

* Control of integrity of all applications that have rules assigned to them. Automatic scanning of suspicious applications for known viruses.

* "OSPD" provides extensive monitoring capabilities and allows you to change the OS parameters that relate to the operation (explicit and implicit) of malicious code. That is why the treatment of an infected computer is possible both in automatic and manual modes (using an expert's help) if the system was infected before proactive defense was installed.

* Control over registry-related operations: autorun, system parameters and security policies.

* Control over the installation and use of ActiveX-objects and browser extensions (BHO).

* Warnings about sites with unwanted content and their blocking during web browsing.

* Prevention of known malicious activities: modification of executable files, saving of network-based virus loaders, DNS changes, modification of Internet Explorer parameters.

* Scanning of your hard drive, memory and any objects (upon user's request) for known viruses. Analysis of suspicious objects in the system.

* Control over own kernel integrity and access to it and all of its components. Protection of internal data structures and communication between their separate parts.

* Event logging system. The system allows you to analyze the actions of specific applications in the system.

Compatibility:

* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows XP x64
* Microsoft Windows 2003
* Microsoft Windows 2003 x64
* Microsoft Windows Vista
* Microsoft Windows Vista x64

More info, download and screens:

http://www.online-solutions.ru/en/os...rity_suite.php
http://www.online-solutions.ru/en/os...ve_defense.php
http://www.online-solutions.ru/en/os...l_firewall.php
http://forum.online-solutions.ru/viewforum.php?f=6

[vijayind]

Why is it called a suite, if it only has a firewall and HIPS component ??

[Peter2150]

Wonder exactly how this is "new generation" I love how someone re invents the wheel, and calls it brand new technology.

[firzen771]

looks interesting

[Ilya Rabinovich]

It looks very similar to the current firewall solutions like Comodo, Online Armor and others. Nothing special, no innovations.

And it doesn't work with DefenseWall installed. At all.

[Kees1958]

Quote:

Originally Posted by Peter2150

Wonder exactly how this is "new generation" I love how someone re invents the wheel, and calls it brand new technology.

[Mihail Fradkov]

Quote:

Originally Posted by Ilya Rabinovich

It looks very similar to the current firewall solutions like Comodo, Online Armor and others. Nothing special, no innovations.

Nothing to comment here. I think you didn't tested it on real-bypass technics used in modern itw-malware (for latest six monthes, for example).

Quote:

Originally Posted by Ilya Rabinovich

And it doesn't work with DefenseWall installed. At all.

The reason of the problem - DefenseWall and it manipulation with processes starting (Service is killed by services.exe, if DW is started before). Anyway, today we resolved this problem and you can get new build of installation package.

Thank you for report and other information!

[blacknight]

It doesn't install on my XP Pro SP3 updated. It says that the kernel of my system is not compatible with OSSS. I tried to install OSSS after I uninstalled my security softwares and cleaned the system. May be that the problem is Vista Inspirat BricoPacks ? But BricoPacks runs with every other HIPS and security suite...

[Mihail Fradkov]

Quote:

Originally Posted by blacknight

It doesn't install on my XP Pro SP3 updated. It says that the kernel of my system is not compatible with OSSS. I tried to install OSSS after I uninstalled my security softwares and cleaned the system. May be that the problem is Vista Inspirat BricoPacks ? But BricoPacks runs with every other HIPS and security suite...

Navy, if you already uploaded your kernels following this manual, then you need to get a new build of installation package (where your kernels are taken into account). We uploaded a new build of installation package today (19.03.2009) to our site at 20:50 (GMT+03). Please check it and say how it is. Thank you!

[Durad]

nice GUI i like it

[Ilya Rabinovich]

Quote:

Originally Posted by Mihail Fradkov

I think you didn't tested it on real-bypass technics used in modern itw-malware (for latest six monthes, for example)

No, I didn't. You see, I was talking not about bypass techniques, I was talking about basic architecture. It's outdated.

And, from the user's point of view, there is no difference between Comodo and OSSS. Stop to think as a developer.

[-NiCeGuY-]

Quote:

Originally Posted by Mihail Fradkov

Navy, if you already uploaded your kernels following this manual, then you need to get a new build of installation package (where your kernels are taken into account). We uploaded a new build of installation package today (19.03.2009) to our site at 20:50 (GMT+03). Please check it and say how it is. Thank you!

interesting ! I follow steps and done ! Kernetchecker said OSSS supported now ! And then downloaded the lastest version but still not working for my system ? WHY ??

[Espresso]

Compatibility is actually as follows:

Quote:

Compatibility:
Microsoft Windows XP
Microsoft Windows 2003

The company is currently working on providing full support of these operating systems:
Microsoft Windows 2000
Microsoft Windows XP x64
Microsoft Windows 2003 x64
Microsoft Windows Vista x86/x64
Microsoft Windows 2008 x86/x64
Microsoft Windows 7 x86/x64

[Mihail Fradkov]

Quote:

Originally Posted by Ilya Rabinovich

You see, I was talking not about bypass techniques, I was talking about basic architecture. It's outdated.

How you can talk "about basic architecture" if you didn't see anything regarding software? (Excepting installation process, of course).

Quote:

Originally Posted by Ilya Rabinovich

And, from the user's point of view, there is no difference between Comodo and OSSS. Stop to think as a developer.

There is a very big difference between OSSS and Comodo (just for example; from your quote), and tests on ITW will say more for you. It's "just" a powerful kernel for future work. What you will add later to this basis - it's not important, if you have a good basis. But if you have a bad basis, there is no difference what kind of "roof" you will try to attach. This building will collapse.

As user's point -- I know about what you talking -- you don't know a plans and feature list of OS company to know exactly what we do and what we will release in near future (for users, who don't want to know WHAT is going on their computers, just want to be PROTECTED, and don't be bothered).

Future will say who was right.

[Mihail Fradkov]

Quote:

Originally Posted by -NiCeGuY-

interesting ! I follow steps and done ! Kernetchecker said OSSS supported now ! And then downloaded the lastest version but still not working for my system ? WHY ??

It's very strange, we need to analyze this case. (Probably, there is some desynchronization between KernelChecker's data and data put into installation package).

Could you send to us by attach by mail (or upload to any free web-service) two files from your OS?
%SystemRoot%\system32\win32k.sys
%SystemRoot%\system32\ntoskrnl.exe

E-mail: tsdep@online-solutions.ru

Thank you for you report!

[kareldjag]

Hi,

I've taken a look at when OSAM was advertised on Sysinternals board last year (in Russian), and i it appeared to me that these soft were promising (as often "with made in Russia" softwares).
I concede to be quite disappointed by hostile welcome comments.
The presentation of the soft on the web site is honest (like Softsphere, Sandboxie etc), and there is no pretentious/bling bling marketing, or worse, non honest marketing as it is the case with PrevX (as said the song of Simple Minds: " promise me a miracle... la la la " ).
Of course it would be a joke to talk about new kind of product and technology: such product (System Expert HIPS is the pro terminology for behavioural based HIPS like OSSS) exist since the early 2000's (and even before if we take into consideration Invircible).
I suggest to take a look at my old blog via a google search: http://www.google.de/search?client=f...G=Google-Suche
And for more information the overview done for Kaspersky by Alicia : http://www.viruslist.com/en/analysis?pubid=204791972

There's no need to test it against recent "in the wild malware": i have no doubt that it passes minimum 80% of the benchmark test methodology done for DefenseWall.
But like most antimalwares (HIPS, AV, Antimalware Suite), it might be vulnerable to doc format malwares, browser based malwares (client/server side like web worms for instance), and of course non-OS dependent "malwares"/threats (boot/vm/bios/firmware rootkit, hardware keylogger for instance.
But the main problem as i said in the viruslist article is still the user.
There is not the user on a side and the computer/line defense on the other side: both are involved in the same security process.
The AV industry has understood since a long time that it's better to release very easy to use soft, even with colander like/ineffective protection; in order to reach a viable and profitable business model (the black list and signature/pattern file concept require the need of a new license every year).
More than any other security soft, firewall included, System Expert HIPS like OSSS (or Antihook, OA, MD, Micropoint and co) rely to the configuration and final cut/decision (answer to pop up alerts) of the user.
Unfortunately, the average user is ready to make efforts in learning the abc of Emule and P2P, but not to learn the abc of the registry and malware's behaviours.
Therefore, the efficiency of system expert HIPS is user's knowledge and experience dependent.
And power/advanced/expert users may represent only 5% of internet users.
Even if this kind of HIPS has some future in the corporate environment (Landesk seems to be a sucess : http://www.landesk.com/products/secu...ite/index.aspx ), i really doubt of it in the home environment.
The knowledge required to use it, the pop up fatigue, the possible evolution of Windows to kernel virtualization (Midori), and the cemetery of discontinued HIPS like Viguard or SSM...all these arguments let me quite pessimistic about the future of system expert HIPS in general and OSSS in particular.
More than white list HIPS which are only suited in restrictive environments, i am convinced that Sandbox/virtualisation HIPS have the best chance to continue their life-cycle.
And Ilya, Tzuk and co can find a confirmation that they have taken the right approach (well balanced with ease of use and efficiency) with the introduction of some leaders in such "technology":
Microsoft OS and future browser: http://www.osnews.com/story/20349/Mi...onfirms_Midori
http://www.osnews.com/story/21120/Mi...ed_on_Gazelle_
Symantec: http://www.csoonline.com/article/476...irtual_Browser

But there is also reasons for HOPE: the success of Comodo prove that it is possible, the evolution of PrevX to an hybrid technology (+ in the cloud approach) prove that there is other ways to follow, and most of all...LADA is still alive isn't it!
In all case best wishes for OSSS.

ps: Ilya: there's no need to use DW with OSSS or any other HIPS: its effectiveness makes it highly sufficient by itself!

Rgds

[NoIos]

The problem with almost all the security software nowadays is not the technology they use but the fact that they display informations that have no sense for a great % of the pc users. The greatest technology that they can invent will be the one that will trigger pop ups when necessary and will explain
the danger to the user in a way that can make the right decision without the need of experience or knowledge. This is what we need...
So if a hips can make its language understandable to the common person I don't see why should not be a valid solution in the future.

The quoted statement below demonstrates that the guys that have created OSSS seem to go almost to the right direction...and yes future will always tell the truth. So for me as a consumer...having another option for my security can be only positive.

Quote:

Originally Posted by Mihail Fradkov

As user's point -- I know about what you talking -- you don't know a plans and feature list of OS company to know exactly what we do and what we will release in near future (for users, who don't want to know WHAT is going on their computers, just want to be PROTECTED, and don't be bothered).

Future will say who was right.

[jmonge]

cool coments

[Ilya Rabinovich]

Quote:

Originally Posted by kareldjag

ps: Ilya: there's no need to use DW with OSSS or any other HIPS: its effectiveness makes it highly sufficient by itself!

Yes, I know, I just installed it on my test virtual computer where I usually test malicious modules under sandbox restrictions and had the issue. Usually, I always report about problems in security software to its vendors they could improve their products.

[Mihail Fradkov]

Problem of desynchronization between KernelChecker and installation package is fixed. We have renewed the installation package (updated: 20.03.2009 13:15 GMT+03). All guys, who got the message "Kernel is not compatible" while installing software, but KernelChecker wrote that "kernel is compatible", now can use fixed installation package.

Also, please do not send kernel files directly to us by e-mail, please use KernelChecker instead. (Now all will be OK).

Thanks for reports!

[Mihail Fradkov]

UPDATE. New kernels added. Installation package is updated:20.03.2009 14:20 (GMT+03).

[blacknight]

Quote:

Originally Posted by Mihail Fradkov

Navy, if you already uploaded your kernels following this manual, then you need to get a new build of installation package (where your kernels are taken into account). We uploaded a new build of installation package today (19.03.2009) to our site at 20:50 (GMT+03). Please check it and say how it is. Thank you!

" please recheck for OSSS installation package update in several hours.

[Mihail Fradkov]

For guys, who already installed OSSS (today build only; previous builds are OK), it's recommened to re-install (uninstall previoud build and install a new one). We fixed one problem with resources that may affect on several descriptions and messages (in the previous build they can appear as empty strings, empty descriptions or some of messages were mixed and so on).

Sorry.

New build: 20.03.2009 17:00 GMT+03

P.S. This update is only for resources bug-fix, no new kernels added. Working on.

[Mihail Fradkov]

Quote:

Originally Posted by blacknight

please recheck for OSSS installation package update in several hours.

If you uploaded kernels some hours ago, please check new installation package from the site. Your kernel must be added already. Please say how it is - success or not. Thank you.

[-NiCeGuY-]

Quote:

Originally Posted by Mihail Fradkov

If you uploaded kernels some hours ago, please check new installation package from the site. Your kernel must be added already. Please say how it is - success or not. Thank you.

yeah , new package is working on my XP sp3 , didnt try on my vista SP1, another question Proactive Defense setting just can choice learning mode or allow all , no other choice & why ?

thanks