Need advice please: Online Armor, ProcessGuard, Antihook, Ewido, ZA 6 Pro, Ewido, etc

Mike, thanks for the great post. It certainly helped with my understanding of how OA works.

I had previously looked at the tallemu site for OA, and read the shorts on OA's abilities. They were helpful and informative to a point

I'm still curious to have someone throw a number of CWS, Aurora etc spyware/trojans against it

....although I understand that should wait until after you add their behaviours to your database (although a before and after test would be interesting)

The thing that has impressed me the most is OA's ability to track the installation of malware, and then allow you to completely uninstall them (can this be used for more than just malware?)....I presume though, that this may not extend to malware that <has been user allowed to> installs a kernel level driver ? <If I remember right, OA will also throw up a warning saying something is trying to install a driver, so it 'should' get caught>

However, OA's tracking ability isn't the only thing that I like. I like the DNS server check. I like the Keylogger behavioural checker <hoping you'll also add global hook prevention techniques...I think you mentioned you would in another post>, and I like your exe control verified against a database...actually I like how you verify lots of things against a database...I find it very impressive (because I only know of Prevx1 that is doing a similar thing <but not accross the same range of things>, when it only makes sense to me to make HIPS this way).

Lol, just thinking OA's installation tracking ability could be used to replace the windows uninstaller ?


Once again, thanks for the info Mike...I'm sure I've given your typing fingers a workout over the last few weeks.

 

try installing elite keylogger. It installs drivers which can be removed by OA rollback - in fact, if I recall correctly (and I may not) I was able to remove PrevX in the same way. I'll have to give it another test.

Of course, if the program takes active measures to keep itself there it could be a different story with the kernel level stuff. We already have code available to do some driver related things, but you'll have to wait and see because my fingers are about ready to fall off.

 

Lol, fair enough. Thanks again for the info. I do get more and more impressed with it, the more you explain it