Online Armor Vice Malware Defender

I have uninstalled MD (Malware Defender) & switched back to OA (Online Armor). Some (not all) of the reasons:

1- OA does a much better job of protecting against keyloggers than does MD. Further, the proponent of MD has expressed disinterest in dealing with this issue. (See THIS thread).

2- OA is MUCH more user friendly than is the case with MD.

3- I am particularly fond of OA's Run Safer option, which is lacking in MD. (Also lacking in DW -- see Kees' comment HERE -- BUT DW doesn't really need that option whereas, IMO, MD does need it.).

4- Over & above its HIPS capabilities, OA also provides a full-on firewall. MD does not. (NOTE: OA's firewall is easily disabled for those who don't want one. In my case, I have an SPI/NAT-capable router, so I will only use OA's firewall for controlling outbound connections.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

By the way, in order to run OA I initially disabled MD (but didn't uninstall it). I thought disabling would be enough to avoid the usual conflict between 2 HIPS. However, I quickly experienced a couple of lock-ups plus a slooow computer. So I totally uninstalled MD. Thus far it looks like that fixed the slow-down/lock-up issues. If so, I guess that OA & MD were in conflict because of kernel hooks. Who knows, wot?

I'm trialing OA Premium for 30 days -- (I greatly prefer its additional features versus the free OA version. Well worth the price).

BUMMERS: I had a non-free OA license but let it lapse just a few weeks ago. Costly oversight -- renewal is cheaper than brand-new. My bad.

 

I have the OA++ version and am very happy with it. Once in a while I will try something different but it isn't too long before I restore my image with OA on it.

 

I've been experimenting in a similar way recently. Plus/Minuses:

- Run Safer is a great feature in OA. MD could really benefit from such a capability
- Keylogging/clipboard (etc) logging protection in OA is stronger than in MD
- MD is much lighter on my system than OA
- MD offers much more control over application configuration than OA - an obvious trade-off with user-friendliness. The logging capability in MD is awesome and gives such a clear insight into activity on your pc
- MD offers file and folder protection. I can control exactly which applications have access to my password files for example. I could not find this valuable capability in OA.

Whereas OA is HIPS for beginners (though still strong on protection), MD is HIPS for enthusiasts and is something which can be 'enjoyed'...if you're into that sort of thing. Both are superb security apps, but could benefits from their respective 'feature gaps' being filled, i.e. Run Safer and better keylogging protection in MD; file and folder protection in OA.

 

OA is easier while MD is for experts IMO.

MD is much lighter I think and also has full blown file/ folder protection and reg protection that OA lacks. File Protection in any HIPS is the feature that makes many malware just a useless junk on ur PC. Very very neat feature of any HIPS.

 

agree with eagle in this coment

 

"Eagle" is Aigle? If so, then perhaps you meant that Aigle has the eyes of an eagle (computer-wise, that is)?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

But seriously...

3 QUESTIONS:
(1) Is it a feasible idea to set "Run Safer" for ALL all my apps that connect to the internet?
(2) As to "Run Safer" -- if I set the updater for my Antivirus to "Run Safer", will the updater still be able to do its job?
(3) Any opinions as to why Xiaolin is disinterested in enforcing MD's keylogger defenses?

Good point! I hadn't considered that factor.

 

Probably not ALL. Just the usual threatgates - browsers, P2P etc.

It is strange. From my perspective either a security application is designed to protect against keyloggers in all their forms or none at all. The fact that there is protection against only certain types of keyloggers makes no sense. While you could argue that clipboard loggers are not a significant risk (whether that is true or not I don't know), not to have protection against them 'on the product roadmap' seems to be an oversight.

 

For question 1. I have all my internet facing apps, including Adobe Reader,set to run safer.

For question 2. I think the updater set to Run Safer might interfere with the updater although I am not positive. I can't see needing to set the updater on run safer anyways as there should be no threat there.

 

When you run with Run Safer, do you get any prompts, or do things just go like normal with limitations of rights? Can I install new apps. etc. with it on my browser or is there at least an easy way to install directly?

 

I presently have 6 OA licenses, and it is by far my favorite firewall / HIPs program. There are some features i would like to see added to it like being able to select a folder or file to set as trusted/allowed/block etc.. I have ran into problems many times when doing work, and not being able to stick around my desk to watch it. For example: the last time i was working on converting video's to play on my ipod i left it running, and stepped out because the conversion can sometimes take a few hours. I came back to find that OA had a pop up asking if i wanted to permit the program to run. I had already set the program to allowed, and trusted. The problem is sometimes it will not allow all the other modules of the trusted program to run. This caused the conversion to fail, and wasted hours of work. I believe it is essential that this feature be added. If there was an option to select the programs folder for the program, and trust the entire folder i would not have this type of problem. Prevx gives an option to exclude files, and folders. I would like to see the same feature in OA.

 

There is only one problem with OA , BSDO's , often and random.
Otherwise nice application.

 

the good thing about OA is the ability to run program safer MD lacks this feature it should have it too agree with bellgaming in this too

 

Run safer os one of my favorite parts of OA also.

 

Actually, I'd trade Clipboard logging protection for a Run Safer feature any day. Run Safer/Drop my Rights functionality for MD would be a great addition.

 

I agree. If everyone who is interested will send Xiaolin an email request for Run Safer, he *might* add the feature in the near future (I hope).

The support address is <support at torchsoft dot com>

 

I suggested it to Xiaolin 9-10 months ago.

If he has no time to do it, or it has a lower priority, there are other solutions..

i.e.: IMHO you can have similar protection simply creating a LimitedGroup, and running unsafe/unrecognised applications in it.. But it is difficult for all users to create it, to manage one-per-one permission and choose the best solution in terms of security-usability.. maybe if it is created by default, and from the developer, it would be better (and more secure).
There are some threads in wilders about these solutions..

 

One point - if you run so many programs with limited rights and less with
admin rights - why dont us a LUA and switch from there to "run as... admin"?
And in that case malware has from the beginning not so many options and
you dont need such strong control in any way. i dont get it...

 

cause Malware Defender does not work properly with LUA.

 

Because you may have just a few programs that you want to run with limited rights, e.g. browser, P2p - perhaps just two or three. A Run Safer option for those programs is a very useful feature.

 

And that too!

 

assuming you dont have OA or MD installed - do you think a browser in LUA
would be save from stealing password or other bad things?

assuming you have OA or* MD installed - would it prevent to create stealing
passwords with flash or browserbased pdf-view with adobe if you had that allowed?

can it prevent downloading malware within windows media player when that one
is downloading malware DRM files to watch certain malware videos?

how far is your knowledge about all those processes that you can decide whats
safe or not while using a lua or hips?

If MD or any other hips would run with LUA - would you switch user for that
and elevate only some programs for admin?

PS no need for a full quote if you only refer to a single line or question.

 

Aloha

DW is based on running safer, so it does not need it (it does this automatically or from right click context menu on demand).

Regards Kees

 

Point is that OA uses black and whitelisting as a former anti-executable. So you will be prompted when a program is trying to run. When you choose to allow unknown programs run as safer, you effectively have created a selective LUA environment (so without the 'LUA' hassle). On top of that OA will warn you when intrusions occur (like dll injection of a keyboard hook set)

Regards Kees
(by the way I am runing LUA on my old PC without HIPS)

 

Keyloggers are harmless if they can't connect out. I don't even enable keyboard monitoring in Comodo.

What's wrong with MD's network control? It' based on the Base Filtering Engine which is what Windows Firewall is based on and blocks incoming and outgoing packets. I thought it performed pretty well.