OA on Win 7 64 bit

diceman · #1 August 28th, 2011, 10:13 PM

How good is Online Armor (free) on Win 7 64 bit? Can it be bypassed or defeated easier than on 32 bit? Still worth running on 64 bit? Thanks.

chris1341 · #2 August 29th, 2011, 07:39 AM

Quote:

Originally Posted by diceman

How good is Online Armor (free) on Win 7 64 bit? Can it be bypassed or defeated easier than on 32 bit? Still worth running on 64 bit? Thanks.

All HIPS products are somewhat hampered by patch gaurd restrictions on 64 bit machines but still offer good protection.

The issues is where the protection is implemented. Patch gaurd on 64 bit machines prohibits kernal patching to implement protection at the deepest and therefore most comprehensive level of the operating system. The protection is still implemented higher up it is just less comprehensive by that stage and easier to undo.

If you get comfort from such things OA still gets 340 out of 340 on the CLT.exe Proof of Concept suite of tests and prevents most key-logging POC's too. Screen cature protection, in common with every other 64 bit HIPS (other than SpyShelter) is not great though.

Definately still worth running as it is as good as you will get for 64 bit a present although Comodo are indicating 5.8 when released will offer improved 64 bit protection. We shall see.

Cheers

lordraiden · #3 August 30th, 2011, 09:20 AM

Quote:

Originally Posted by diceman

How good is Online Armor (free) on Win 7 64 bit? Can it be bypassed or defeated easier than on 32 bit? Still worth running on 64 bit? Thanks.

I don't know but I know that in the new version of Comodo, 5.8 the x64 HIPS component will be as good as the 32 bit version. This is what the developers have said.
According to matousec Comodo has the best HIPS on x32, probably OA would score quite close, http://www.matousec.com/projects/pro...ge/results.php

SLE · #4 August 30th, 2011, 10:18 AM

CLT is not valid for Windows x64, so no argument.
_
I'm wondering why comodo advertising comes in if somebody didn't asked for it.

I'm wondering why Matousec is taken serious. Of course Comodo must score good in matousecs ~~test~~ game. See yourself:

(1)Origin of test and parts of methodology

Quote:

Introduction to Firewall Leak-testing
by Carsten Fischer - Director of Product Marketing, Comodo
& David Matoušek – Analyst, DIFINEX LTD

source

(2) Strong tests or pure marketing?
Melih's statement: 40 minutes of coding, to look good in matousec tests...

Quote:

however, it was a quick job for us to do that (around 40 min to add that the code) and it was done purely for marketing gains

Source

Wow - impressive at all

/BTT

OA is a quite good HIPS on Win7x64 - IMO one of the best.

lordraiden · #5 August 30th, 2011, 11:09 AM

Quote:

by Carsten Fischer - Director of Product Marketing, Comodo
& David Matoušek – Analyst, DIFINEX LTD

Published: 2006/11/25

So you count with a test of 2006 and a comment totally out of context from 2008

Maybe we should put in jail to the Prevx and Zemana developers because they use the MRG help to improve their products and then MRG test them

Well I don't know if in your world the people work for free but today if you want a product to be tested you have to pay for it.

Quote:

done purely for marketing gains Sad, because we were put in that position. It was first and last time we will do such a thing and we don't like doing things like that. We care about building good and solid security products. Good people will appreciate and spread the word!

We have architected our software from ground up to be secure rather than trying to bolt on security to provide leak protection afterwards!

Matousec is just an HIPS test and the only one reference, all the leak test used are available to download for FREE in the website so you can check it, there is no mysterious leak test or results manipulated as your are implying and you can do for free the same tests that they do.

This is a generalist forum about firewalls, I don't see where is written that you can only talk about the product in the first post it would be quite boring. It's not advertisement, precisely this forum is plenty of advertisement, discounts coupons of many security products, OA, Agnitum, Norton, KAV... and I don't see you crying on those threads.
I think you can focus your energy ( look for a 2008 comment and take it out of context for nothing must not be easy xD ) in other threads so every time somebody mentions a product not included in the first post you can tell them that is advertisement and all this stuff that you seem to like to feel superior.

I just wanted to make him know that there are other alternatives, I didn't mention private firewall because I know that on x64 the HIPS is far from being complete.

In your opinion OA is one of the best? (I agree) but I can use your troll tactics and say.
You opinion of what? based on what? have you ever tested the OA HIPS to compare it against the rest of the products? is your opinion better founded than the matousec tests? (you don't have to answer)
I'm wondering why trolls comes in if somebody didn't asked for it.

SLE · #6 August 30th, 2011, 11:58 AM

Quote:

Originally Posted by lordraiden

I think you can focus your energy ( look for a 2008 comment and take it out of context for nothing must not be easy xD ) in other threads so every time somebody mentions a product not included in the first post ...

Calm down and don't be worried about my energy

Let's put arguments together and concentrate on them.

Cause it's somehow off-topic I will not discuss the whole ~~money~~matousec story here again (btw. who is behind the DIFINEX Inc. ??) The unprejudiced and interested will find much strange things about it via search.

So I will only answer to your "arguments":
(1)

Quote:

Originally Posted by lordraiden

So you count with a test of 2006 and a comment totally out of context from 2008

Yes and no.
- The tests were developt further but there are still some from the former years - so this is no real disproof of the comodo advocation.
- Second even if the introduction was published 2006. Who says f.e. Comodo didn't helped with former tests?
- Third: Yes Melihs statement is from 2008. And? Where is the proof that today things are handled different. Maybe they don't do it anymore only for marketing, maybe it tooks longer than 40 minutes today...?

(2)

Quote:

Originally Posted by lordraiden

Matousec is just an HIPS test and the only one reference, all the leak test used are available to download for FREE in the website so you can check it, there is no mysterious leak test or results manipulated as your are implying and you can do for free the same tests that they do.

I know about the tests and sometimes use them for testing but the problem remains: Is the real correspondending behaviour blocked/alarmed or only the specific laboratory-test?

Some vendors do so - and even Matousec realises that some vendors fool him and his/DIFINEX methodoloy and only block the specific tests but not the technique behind. So - Manipulation? Of course. Two examples:

Quote:

BitDefender failed SSS2 and SSS tests because its protection relies on the specific implementation of these tests. BitDefender does not protect against techniques of these test. This was proved using a slightly modified versions of these tests. Although BitDefender passes many tests it is questionable whether it can protect common users against malware.
....

source

Quote:

Outpost failed Kernel5b because its protection is effective against the specific implementation of this test only – Outpost is able to block a non-critical part of Kernel5b that can be removed from the implementation of this test. Outpost does not protect against the technique of this test. This was proved using a slightly modified version of this test.

source

And now the funny thing: Both diddlers got a "get it now" recommendation. Why? Because they are partners. Great and independent testing - yeah.

(3) Conclusion: Even matousec needs money and of course money counts much in this test:

Quote:

Currently, the vendor paying the biggest money stays on top of the ranking. Why? Every re-test costs money and the tests of all products are not performed at the same time. So it ends up in a battle of vendors paying for retests everytime a new test component is added. If you don't pay again, your product is ranked lower because there's another one paying to get the top score. Sorry, I can't support that. In my opinion that's a rip-off.

source

Quote:

Originally Posted by lordraiden

Matousec.....there is no mysterious leak test or results manipulated as your are implying and

Another manipulation is how the test are presented - they compare different test times, different numbers of tests - and reckon up all together. So they count apples and pears...
Example:

Quote:

...Hence, it organizes products by the number of possible tests rather than the total number of actual tests.
They compare products that receive the full 184 tests to products that receive 12 tests. Those are two significantly different kinds of scores. It's not objective to compare them, and outright deception to say the products with 12 tests were tested with 184 tests.

source
___

Ok I stop and come to an end: I don't say everything is bad, but the truth is written between the lines. So learn to read between them and stay critical.

Quote:

Originally Posted by lordraiden

Maybe we should put in jail to the Prevx and Zemana developers btw other because they use the MRG help to improve their products. xD

MRG has a bad & mendacious history. But nowadays I see they are endeavored, a Sveta who tries to answer questions here on wilders etc. They try there best to get trusted. While, atm I for myself don't totally trust them - but i respect their efforts and don't ignore them. But now we are totally off-topic.

lordraiden · #7 August 30th, 2011, 12:16 PM

I still don't see what is wrong about a specialize company helping to improve a part of a product, for your information Comodo was not the only vendor how has paid to Matousec for their help to retest/improve their products, since Comodo is the only product with a 100% I don't see any manipulation in the top part of the table.

The leak test are what they are, if you have any other you can sent it to Matousec and he will include it to the next test if there is any, I know that some of the leak test has been written having for reference a malware file that was sent to him

I don't see any manipulation you are inventing them, everything you think is a manipulation is written in the methodology, you should read it. After read the methodology you will understand why the pure HIPS products are in the top part, and the products with more or less HIPS capabilities are distributed in the rest of the table without any sense, if you have understood the methodology you will not care about this part of the table.

If somebody is able to write a code able to compromise your computer and is not detected by an HIPS I think there is not need to find a live malware if you want to be one step above, at least this is the aim of the developers, if somebody want to go behind the malware developing a HIPS they should follow your advices.

The reference is a pdf made by matousec where they explain it? oh yes I see a lot of manipulation xD jajaja they even take care of prove it.
They are strictly following the methodology, I don't see how this is bad?

From the legal point of view if you buy a company with a debt you have to pay the debt, the debt is with OnlineArmor company if there is any contract, not with OnlineArmor product, but with the unprofessional answer from emsisoft and the lack of the details...

Matousec updates all the tests for free every year, at least this is what he has been doing, if you want an additional test you have to pay, I dont see nothing wrong unless some vendors get angry when they see their beloved products failing

Quote:

Ok I stop and come to an end: I don't say everything is bad, but the truth is written between the lines. So learn to read between them and stay critical.

Yes once you read the methodology you will learn to read the results of the table discarding some unreal results.
Read this in order to improve your understanding
http://www.matousec.com/matousec/blo..._real_malware_

I you look at matousec test taking into account all that have been said you can still get some good information, if you are unsure, download the leakteast and check it by yourself. If you think the test does not represent a good test for HIPS tell me what is your reference or what you look for in a new HIPS appears in the market tomorrow.

I agree with you in that you can not see the results and take a conclusion but you can understand the results and take a conclusion.
So if you think is manipulated what I do is des-manipulated and take conclusions, so for me is still valid and a good reference.

SLE · #8 August 30th, 2011, 12:37 PM

Thx, but I know the methodoly and don't need to be instructed about it. And all yout text contains no real argument against the cons i wrote.

And yes, it's clear that only HIPS products can stay at top in such tests - tests were designed for such products.
Nevertheless:
- There are real examples that vendors fool matousec and only pass the specific test. But when you are a partner you even then got a Recommendation.
- The presentation of the results has failures and leads to wrong conclusions.
- The testing of non-Hips products in a hips test is nonsense. Yes readers can ignore it - but to include them in those tests is also far from reality.

And after all: The topic is about OA and Win7x64 - and matousec says nothing about that, neither about OA nor about x64.
Now - back to OA.

lordraiden · #9 August 30th, 2011, 12:46 PM

Quote:

Originally Posted by SLE

Thx, but I know the methodoly and don't need to be instructed about it. And all yout text contains no real argument against the cons i wrote.

Each con has it argument, read it again, really.
Not all the products are tested again all the leak test and this is explained in the methodology (but you haven't read it), for you this is manipulation, for me is common sense, time saving and malformation of the low part of the table, so I don't care about this part of the table and this does not affect any of the real HIPS products.

http://www.matousec.com/projects/pro...hodology-rules
http://www.matousec.com/projects/pro...llenge/faq.php

Quote:

Originally Posted by SLE

And yes, it's clear that only HIPS products can stay at top in such tests - tests were designed for such products.
Nevertheless:
- There are real examples that vendors fool matousec and only pass the specific test. But when you are a partner you even then got a Recommendation.

You really don't understand how an HIPS work at developer mode, many time during the development of some HIPS the devs think that they have done the correct implementation to avoid the general problem but sometimes this does not work and the implementation is not good enough. This just happens in 1 test of more than a hundred, so if the product is still above the recommendation % will be recommended.
And matousec have discovered them, they have reported it, so there are not fools, and they have granted a pass according to the methodology (yes, this part that you haven't read), since the methodology says which files will be used, only scammer would have changed the methodology.

Quote:

Originally Posted by SLE

- The presentation of the results has failures and leads to wrong conclusions.
- The testing of non-Hips products in a hips test is nonsense. Yes readers can ignore it - but to include them in those tests is also far from reality.

I really don't care how the results/table is represented, I care about the pdf, so you can get to a wrong conclusion not me, so for me is still a valid and good reference.

Quote:

Originally Posted by SLE

And after all: The topic is about OA and Win7x64 - and matousec says nothing about that, neither about OA nor about x64.
Now - back to OA.

I see that you still don't get how a forum works, if you were not so worried about somebody talking about other products there will not be offtopic in this thread. I still wonder why you are not on other threads crying because somebody is talking about other product or thing RELATED, and you care so much about about this.

Since the OA HIPS on x64 is not as good as the 32bit version I gave him my recommendation of another product that is able to offer what he is looking for, the same protection in 32bits than in x64 taking into account that the 32bit HIPS is one of the best, if you have any problem with this report it to a forum moderator.
http://support.emsisoft.com/topic/38...le-than-32bit/

I agree with you in that you can not see the results and take a conclusion but you can understand the results and take a conclusion.
So if you think is manipulated what I do is des-manipulated and take conclusions, so for me is still valid and a good reference.

SLE · #10 August 30th, 2011, 01:37 PM

I don't make any further effords - cause here come no real arguments. Always posting "read read read" and not being able to bring exact rearguments is no discussion style.
And of course nobody never ever has coded only with the aim to pass that test, no reality is just "...many time during the development of some HIPS the devs think that they have done the correct implementation". And the earth is flat...

/EOD.

lordraiden · #11 August 30th, 2011, 01:43 PM

Quote:

Originally Posted by SLE

I don't make any further effords - cause here come no real arguments. Always posting "read read read" and not being able to bring exact rearguments is no discussion style.
And of course nobody never ever has coded only with the aim to pass that test, no reality is just "...many time during the development of some HIPS the devs think that they have done the correct implementation". And the earth is flat...

/EOD.

"The earth is flat..." I see that you have nothing better to say

You are really blind
http://www.matousec.com/projects/pro...hodology-rules

Quote:

Testing levels

There are several testing levels in Proactive Security Challenge. Each level contains a selected set of tests and it also contains a score limit that is necessary to pass this level. All products are tested with the level 1 set of tests. Those products that reach the score limit of level 1 and thus pass this level will be tested in level 2 and so on until they reach the highest level or until they fail a limit of some level.

So not all the products are tested against all the leaktest, only the real HIPS or good enough HIPS get all the tests.

Quote:

the tests are part of Security Software Testing Suite, which is a set of small tests that are all available with source codes. Using this open suite makes the testing transparent as much as possible. For each test the tested product can get a score between 0 % and 100 %. The tests can be simply passed or failed only and so the product can get 0 % or 100 % score only. It should be noted that the testing programs are not perfect and in many cases they use methods, that are not reliable on 100 %, to recognize whether the tested system passes or failed the test. This means that it might happen that the testing program reports that the tested system passed the test even if it failed, this is called a false positive result. The official result of the test is always set by an experienced human tester in order to filter false positive results. The opposite situations of false negative results should be rare but are also eliminated by the tester.

So they can not change the files during the course of a test because a vendor has tried to fool them (if this was the case since you are inventing it), but they have report it and explained it. By the way is not a false positive because it was able to block the leak test and but no a modification of it.

The rest is written in my posts, obviously you were lying when you said that you have read the methodology and avoiding any argument that you didn't had an answer.

Of course there can not be an argument style when you are writing ignoring all the facts written in the methodology, please come again and tell me that you have read it

SLE · #12 August 30th, 2011, 02:04 PM

Now I see, wee was obviously partly talking about different things:

Quote:

Originally Posted by lordraiden

So not all the products are tested against all the leaktest, only the real HIPS or good enough HIPS get all the tests.

That exactly was one core point of my critique above:

Quote:

Originally Posted by SLE

Another manipulation is how the test are presented - they compare different test times, different numbers of tests - and reckon up all together. So they count apples and pears...

The table says "Products tested against the suite with 148 tests" but they were not - if you drop out on an early level (according to the methodology of course) you are not testet against all tests. If a product f.e. drops out on level 5 it is counted as it would have failed all possible further tests - in reality it was never testet against all further tests.

So the table is misleading. That was my point about presentation critique. You can only compare products that reached the same level. The pdf's are ok - i never said something different.

Quote:

So they can not change the files during the course of a test because a vendor has tried to fool them (if this was the case since you are inventing it), but they have report it and explained it.

All clear, nevertheless fooled.

Scoobs72 · #13 August 30th, 2011, 02:10 PM

Quote:

Originally Posted by lordraiden

According to matousec Comodo has the best HIPS on x32

Start with an invalid conclusion like this and you end up in a right mess, like you have done. Matousec's test are nothing like a "what is the best HIPS" test. They are a HIPS bypass test and by their own published analysis only a small percentage of their 'tests' are used by real malware.

The tests are utterly useless as a means of determining the 'best HIPS". In fact it's difficult to say what purpose the tests serve at all. I don't think Matousec even explains what he believes the purpose is on the website. So we have a bunch of tests with no meaningful or relevant defined purpose?

Secondly, when being tested all products are set at their maximum settings. Everyone who knows Comodo knows what that means - popup hell. Totally unusable.

The real star of the Matousec tests was Online Armor, which was able to score 100% in its default settings, the same settings that make for the low pop-up solution used by its customers day-in, day-out.

Comodo is the best HIPS based on Matousec's tests? Don't make me laugh.

@the OP, a lot of effort was put into OA 64bit version and while all x64 versions can't provide the same level of protection as x86 I think you'll find it a very competent solution.

JRViejo · #14 August 30th, 2011, 02:32 PM

May I remind all Wilder Members that the subject is OA on Win 7 64 bit. Let's focus on that topic, otherwise this thread will close.

lordraiden · #15 August 30th, 2011, 05:29 PM

@SLE as I said before I don't look at the table, I know that the table is not fair but I don't care since I don't look at it.

Quote: