Online Armor Free / Threatfire

Hi, Would someone be able to explain the differences between these 2 programs as far as what they protect and (if it's not against the rules) which one has the more comprehensive coverage? Thanks everyone.

 

Just an aside. I have used them together recently with no problems. I know OA Free has a top of the line Firewall and some HIPS features, while ThreatFire is considered a Behavior Blocker, with some things like an anti rootkit scanner and a quartine . If I'm correct about this and some of the more knowledgeable members please chime in, then again using them together should be all right. If I were to choose just one, at this point it would be OA Free hands down because of its support and its features.

 

Have a look here for OA and what it protects. http://www.majorgeeks.com/Online-Armor_d4872.html

 

It lists it as free, but if you read down through the features I believe they're for for the full version.

 

Well then I guess you will have to check OA's site to be sure.

 

Hello,
I believe the Vs threads are discouraged, but I can give you one simple difference: Online Armor is not made by PC Tools (aka FP). End of story. If this statement confuses you, it means OA > TF.
Mrk

 

I can give you an even simpler difference. Online Armor is a dumb HIPS (aka produces useless alerts on legit processes). End of story. If this statement confuses you, it means TF > OA.

If nothing else, hopefully you've learned that this kind of stupidity doesn't get anyone anywhere.

More comprehensive coverage goes to TF without question. OA's HIPS monitors only the application level (and not very comprehensively at that, when compared to proper HIPS like SSM and EQSecure) and registry autostart entries, and doesn't do cleanup. It's useful if you're looking to implement a default-deny policy, and not very much else besides. Sure it's got a HIPS, the popular buzzword making the rounds nowadays, only problem is that not all HIPS are created equal.

 

Sorry Solcroft not true, have a look https://www.wilderssecurity.com/showpost.php?p=1101378&postcount=2 and be free to join this thread. When you run OA free without the notification when an unknown program runs and your run it in safer mode (limited rights) you will get protection. Now do not tell me that both the unix world (standard run in limited rights) and MS Vista (UAC) are wrong to prefer limited right program execution. I do not know a company which allows its employees to run as an admin. With teh PC home market is just not that easy to combine it in a user friendly matter.

https://www.wilderssecurity.com/showthread.php?t=189209


Regards Kees

 

I see nothing in that post that invalidates my claim.

You mentioned OA using a whitelist. Unfortunately, they're a long way from perfecting it. Also, just about every behavior blocker on the market today use whitelists as well. The only difference is that smart behavior blockers contain additional inbuilt rules to distinguish between legit and malicious processes (something OA cannot do, and hence more alerts), and even with whitelists, behavior blockers do not trust whitelisted processes implicitly. This is important because no HIPS is perfect, and a legit whitelisted process can still be hijacked by malware using means the HIPS cannot detect, in which case it is imperative for the HIPS to be able to prevent the legit process from delivering the payload on the malware's behalf.

OA is a "dumb" HIPS in the sense that it does not try to recognize malware, and the responsibility is up the user to decide for him/herself whether a process is malicious or not. Also, relying on whitelists to cut down FPs is an unfeasible idea, simply because there are a thousand times more legit files in the world than malicious files. If the guys in the blacklisting business are already having problems producing a comprehensive list, what makes you think the whitelisting guys have any chance?

 

Why would I be wrong to tell you that?

Deliberately crippling yourself is only done when you do not have other less-intrusive security options at your disposal. Fortunately that is not the case here. And company policy where sysadmins have to maintain multiple production PCs is an altogether entirely situation from home users, not even comparable. If any OS or program offered to restrict your rights the way my sysadmins do at uni, I'm willing to bet you'll uninstall it in a hurry.

 

Sorry

I did not reply, because Solcroft and I differ so much in opinion it makes no sense to discuss it. Running with limited rights is the solution to so many problems. OA would provides the option to let unknown programs run safer, this is in my opinion better than a allow or block (sort of in between).

Vista will force software developers to run programs with limited rights. So it is the way to go as stated in https://www.wilderssecurity.com/showpost.php?p=1101690&postcount=5

Regards Kees

 

Yep, falls squarely in the "dumb" HIPS category. As does EQ, ProSec, NG etc.

The OA paid package can essentially be considered a firewall and antivirus if one wants to. The OA HIPS component, on the other hand, isn't that much different from, say, ProcessGuard or SSM.

 

This was the original question. PC-Tools and OnlineArmor both have forums to answer this question. Being a member of both, I would have to recommend http://support.online-armor.com/forums/ to get a quick response and more info to read. I have used both products and don't consider either "DUMB"...

 

Agree,

I had them installed on a friends computer worked great together.

OA is a anti executable it has the option to allow existing programs. OA recognises a lot of trusted programs. It;s firewall requires practically no configuration (the advantage of sharing the engine with the HIPS anti executable). You can select whether you are warned when an unknown (meaning not in the black or white list or not marked by the user as trusted) starts. You also have the option to run all your threatgate applications (webbrowser, messenger, mail, P2P, chat) in safer mode. This means it is started with limited rights (not as an admin). Most problems run well in this and it protects you from a lot of problems. All processes started by a program with limited rights also get these limitations inherited.

ThreatFire is a behavior blocker. Although some of the things TF checks for are also monitored by OA (without giving problems). TF is intelligent in that way that for instance a keylogger is not stopped immediately, but when it wants to send data over the internet. That is what is called intelligent. You can add custom rules in threatfire.

As the earlier poster said look at their forums.

So TF is an intelligent Behavior Blocker, OA is an intelligent Firewall with a straight HIPS anti executable (dumb according to Solcroft


Regards Kees

 

Much obliged to all who responded. I appreciate the help.

 

Are you using both, by chance

 

If you're referring to me...No, I never have. That's why I was wondering if they differ enough to use them both at once. If they are dissimilar, I wanted to know which was lighter/better, etc. But I know that's getting into an area that the forum frowns upon. I've tried both on my machine separately, but I'm not smart enough to know which has the features that I need. I'm fine with antivirus and firewall, spam guard, etc, which was why I wanted to compare these two products.

 

A good comparative may have been OA with TF/CBoClean....

 

OK. Thanks. So you're saying that OA does pretty much what threatfire and boclean do together?

 

I just use OA, but TF/CBoC might make a nice back-up for it. I think there is overlap between all 3 though, how much I haven't tested them together. Of the 3, I chose OA based on the support-forums, lightness and range of protection.

 

Thanks 19monty64