OSSS: Online Solutions Security Suite v1.1 Beta - Vista support

OSSS: Security Suite. Fourth public beta (15-Aug-2009 06:30)

For the recent six weeks we have implemented a number of new functions.

The first one to mention is automatic customization of rules via Security Master already at the program installation stage.

Starting with version v1.1, search for software in use is performed during the OSSS installation, whereupon the accumulated data are analyzed on our server and the set of rules for the detected applications is generated automatically.

http://www.online-solutions.ru/common/images/osss/security-master01.jpg http://www.online-solutions.ru/common/images/osss/security-master02.jpg http://www.online-solutions.ru/common/images/osss/security-master03.jpg​

The safety level of an application is analyzed using the database of another our product Online Solutions Autorun Manager (OSAM), which contains information about tens thousands of safe and malicious applications. Thanks to excellent contribution of Julia (JM), the head of the Malware Analysis Department, our users no longer need to respond annoying requests during the first start of their computers - our server will do it for them!

Another new important feature is protection against keyloggers and mouse grabbers, which is an improved version of the previously implemented functionality. Currently OSSS detects any attempts to intercept control over keyboard or mouse thus protecting our users against banking trojans and rootkits, while stealing money through internet banking is one of the most common functions of malicious software.

http://www.online-solutions.ru/common/images/osss/anti-keylogger.jpg​

During the several recent days we have completed testing the OSSS product on the Microsoft Windows Vista x86 (32-bit version) platform. We are glad to inform, that our product is now available for users of this operating system as well. It is worth mentioning that fourth Beta is the first Windows Vista-compatible public version of our product, which causes a set of known issues (this list is not updated yet; it will be updated soon). In the closest future, we are going to put effort into resolving them and completing the functionality for work under Windows Vista.

http://www.online-solutions.ru/common/images/osss/windows-vista.jpg​

In OSSS v1.0 the self protection feature was included, so uninstalling the product required disabling the self protection module. The current version provides the possibility to turn self protection off during uninstallation. This will have no impact on the system safety level because this functionality will be unavailable for malicious software.

We keep working on the program interface and usability improvement. In the current version, formatting and data selection have been improved in activity dialog boxes. On no longer has to carefully read the entire text to answer a request, but only needs to take a glance at the window and make the right decision. Moreover, text scrolling is now available in the "Suggestion" and "Details" blocks.

Unfortunately, we have not had time to test the Russian localization, but we hope to publish the multi-language version in 2 or 3 weeks. If you are eager to be the first to see our program in Russian, you are welcome to contribute in testing it. Feel free to apply for the Russian version by the following e-mail address: rus@online-solutions.ru.

We are glad to inform all the numerous users of our Online Solutions Autorun Manager (OSAM) program that we have resumed this project after almost a year since the last release. For the recent six weeks we have considerably improved the code, sped up scanning, implemented the algorithms for analyzing FAT32 and NTFS partitions without using operating system mechanisms. In a few weeks we are going to release a new version of the product, which allows for detecting and removing practically all known malicious software that is beyond the power of most antiviral programs.

Here is another good novelty for our users. We are keeping on development of the OSSS server side, which will allow for implementing a number of new promising approaches to computer and user security. Within the closest months we are going to work hard in this direction and we need your help in checking the implementation of our concepts. If you are interested in becoming our beta-tester, contribute to the development of a complicated and high-quality software product, cooperate with inspired people, feel free to apply on participation in beta-testing by the following e-mail address: beta@online-solutions.ru.

The "Online Solutions" company is a small but very purposeful team that permanently seeks for and uses advanced methods and techniques. In our everyday work we target at improving our solutions that ensure computer and user security. Within a short period of time, our team managed to create a world-class product. However, we keep on improving and expanding the product functionality. What we want is to create the best product for your security!

Original: http://www.online-solutions.ru/en/news/company/osss-security-suite-fourth-public-beta.html

_________
Remember that in order to update the OSSS v1.0 Beta (with self-protection) to the new version, it is required to disable a self-protection module before uninstalling v1.0 Beta, otherwise the uninstallation process will be simply impossible. Step-by-step manual is here.

 

Change list for OSSS: Security Suite v1.1 Beta

Change list for OSSS: Security Suite v1.1 Beta (15 Aug 2009 06:30)

1. Support of 32-bit versions of Windows Vista and Windows 2008 operating systems has been included.
2. "Security Master" for customizing the system automatically during installation has been added.
3. Protection against keyboard and mouse control interception has been significantly improved.
4. Interface of requests has been improved. Formatting and contents of displayed text has been changed. Scrolling in request dialog boxes has been implemented.
5. In the OSPD (Proactive Defense) module the "Allow Most" policy has been restored.
6. The possibility to uninstall the program without manual turning off the self security module has been implemented.
7. Generating rules for installing drivers and services and for working with physical disks has been improved.
8. The set of predefined rules has been improved.
9. Fixed:
   • Working with visual themes under Windows XP SP0 with self protection enabled;
   • GUI freeze while working with docking panels in the "Events" tab (special thanks to Denis Porfiryev for reporting the problem).

Screenshots of improved user interface and action request windows (Click on picture to view it fullsize):

http://www.online-solutions.ru/common/images/osss/osss_scr01_100.jpg http://www.online-solutions.ru/common/images/osss/osss_scr02_100.jpg http://www.online-solutions.ru/common/images/osss/osss_scr07_100.jpg http://www.online-solutions.ru/common/images/osss/osss_scr03_100.jpg

http://www.online-solutions.ru/common/images/osss/osss_scr04_100.jpg http://www.online-solutions.ru/common/images/osss/osss_scr05_100.jpg http://www.online-solutions.ru/common/images/osss/osss_scr08_100.jpg http://www.online-solutions.ru/common/images/osss/osss_scr06_100.jpg


Quick links:

• More information about new beta-release
• Download OSSS v1.1 Beta...
• Manual to update OSSS v1.0 Beta...
• List of the known issues and functions, not included in this release (v0.8; not updated yet)

 

I'v already tested this beta in the last days, it's a powerful HIPS, very configurable, and Security Master now gets the installation very smooth. My suggest is: get a proof, try it.

 

thanks for the info i may try it very soon

 

Updated: 01-Sep-2009 20:15
Reason: support for new kernels (native and other)

We also planning to update support for new kernels tomorrow.
So, if you want to install on your system, please use KernelChecker to check compatibility and upload unknown kernels.

 

I am very interssted in this project. Sounds great so far!

What about Windows 7 64-bit support? I read this at your HP:

Will the OSSS be a free product? That would be awesome!

What AntiVirus Signatures do you use?

Best regards.

 

No reply?

 

You answered it yourself.

The company is currently working on providing full support of these operating systems:
Microsoft Windows 2000
Microsoft Windows XP x64
Microsoft Windows 2003 x64
Microsoft Windows Vista x64
Microsoft Windows 2008 x64
Microsoft Windows 7 x86/x64

 

Windows 7 (x86) support, probably, will be public available in the next OSSS beta - v1.3 (current beta is v1.2). Regarding x64 versions for any platforms (OS versions): at this moment I can't say exactly when support will be provided.

It was a free, but currently the policy is changed (please ready why).

We use our own product as antivirus engine - OSAM (Autorun Manager).

 

Sorry, I did not seen your question before.

 

tried it a couple of weeks ago and it just froze my pc.... don`t know what to say...i was interested with their hips but it just froze my pc.

 

You can write to their support, they helped me the last summer for a similar problem.

 

What OS and service pack do you use?

When and what were frozen? Please explain more.

Thank you.

 

Thanks Mihail! Hope to test the 64-bit suite soon.

 

Hello. I have been running the "kernel checker" daily, since about Oct 16.

I noticed new versions of the installer were released Oct 19 and Oct 22. I have downloaded and tried running each of these newer versions.

Always the same "you must please check back more later in a few hours" result.

my (WinXP SP3) ntoskrnl.exe hash is
78fcc97cd878d4cf5b5d2158a5a7cf92

 

It's very strange, that your Kernel was not added to this installation packages. Probably, kernel uploading errors?

Please download current installation package. It must support your OS.

 

No uploading error. During one run, I examined the transaction via WireShark. The kernel checker utility established an FTP connection to your server, logged in, and successfully uploaded an ascii file containing the 32 character hash to the /incoming directory.

Kernel_checker today indicates the current OSS build is now compatible.

Ouch, I hadn't noticed this in my earlier reading. Hopefully you will consider adding a "custom install" option, allowing the user to opt out from using an initial ruleset based on a pre-established whitelist. Whereas you (and most other devs) feel compelled to whitelist OutlookExpress and whatever "known" apps, personally I view MSOE (and its components) as a vulnerability vector. Additionally, although I'm eager to "beta test" OSS, I'm not eager to share a manifest of my installed apps.

Given the choice, I would install the HIPS component only. Let's see how it goes. Once the OSS app has been installed... with the non-HIPS features disabled, I will be inclined to uninstall OSS if it still requires continual (between version updates) "phone home" capability.

 

nice!
-- Install does offer the choice to install HIPS only
-- default rules were created only for Firefox, Opera and MSIE browsers (and native MS utilities)

As suggested by the screenshots I had viewed at the online-solutions.ru site, the interface is wonderful. Both the firewall & application rule-setting dialogs within the interface are among the best I've ever seen.

This OSS beta certainly has "issues", though.
In learning mode, across 12+ shutdown / restart cycles... I've only seen 3 clean shutdowns (vs hanging at the "windows is shutting down" screen). Each restart, it's a crapshoot whether WinXP SP3 will fully load. Sometimes it isn't even getting to the login portion of Windows start; instead goes BSOD or hangs at "executing wlnotify". Different startup bugginess each run, like getting to the login and painting the desktop wallpaper... then hanging without ever painting the desktop icons. I'm charging the batteries for my digicam with the hope of snapping screens of the startup errors. Some of them contain "stuff" that I've never ever seen through the years, like: ?"application tried to blahblah but this memory address isn't writable" text within a redX Windows error dialog popup.

Aside from the startup/shutdown glitches, all the OSS protective functionality seems to be working flawlessly.

I have experienced a few bugs with the interface, though & will report them via the vendor's support forum.

The few sticking points I've found (or seem to) so far:

-- OSS pays special attention to marshalling DNS. Wonderful, thank you... but I have it covered. The OSS inbuilt DNS caching is a detriment in my usage & there's apparently no way to disable the caching.

-- I haven't found a way to export the ruleset, for backup. (Can't even find a ruleset datafile on disk.) Similarly, the logfile is *.odb (not human readable) & the logfile is protected (can't even be copied for backup, short of doing so via windows SafeMode).

-- Aside from the text name (label) applied to a rule, the app doesn't provide a way to enter a description (tickler, reminder, rationale) for a given item. Similarly, a 'description' field is exposed onscreen for each 'group', and it accepts mouse cursor focus... but is grayed-out and doesn't accept freeform text.

Of the preset/default rules, I only found two which I felt were undesirable & both were minor (probably a matter of user preference). The preset list of protected registry keys seems too-short, but I haven't yet examined this thoroughly. Many of the rules employ wildcards in the declared registry path; hopefully the list is "short, but well thought".

The app seems to have a hefty memory footprint (comparable to the Agnitum and Comodo firewalls) and with its protections enabled, many operations are noticeably slow. For me, one of the most noticeable delays results each time I click the desktop shorcut to open "C:\WIN\explorer.exe /n,/e, c:\app". On a related note, SandBoxie is working with OSS, but is dog slow while OSS protections are active. I didn't list Sandboxie as a Trusted app with OSS, and it took 8 or so restarts in learning mode for Sandboxie to actually load.

 

inka, thank you for your complete report! It is really useful for us.

I will prepare detailed answer in some days. Currently I will answer only for one indent of your message.

List of the protected registry keys is very big and complete, but major partion of it is implemented as a set of hidden rules and does not accessible for user. You can try to modify some of the keys/values that is not show to user, to see how it works.

Thank you!

 

These steps resolved the startup / shutdown instability:
-- boot to SafeMode & remove SBIECtrl.exe from autostarts
-- uninstall/reinstall OSSS (custom install, HIPS only)