NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. guest

    guest Guest

    1- I don't see the value for a home user to use XP anymore, the OS is obsolete and vulnerable by design. Not saying incompatibilities of all sorts with modern software as you described.
    2- You can't say you have old hardware and can't afford to buy better anymore because those day any very low-end and cheap machines can handle Win7 easily .

    To me using XP and trying to protect it, is like choosing to live in a hut and using sandbags to protect from the next hurricane instead of a solid house...
     
  2. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
    Date/Time: 2018/5/7 9:07:14
    Process: [436]C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    Process MD5 Hash: E3850484B5CDFF097EC67F263AD9CBFE
    Parent: [3160]C:\Windows\explorer.exe
    Rule: BlockSuspiciousCmdlines
    Rule Name: Block execution of suspicious command-line strings
    Command Line: "C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE" sr
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Windows
    User/Domain: ******************
    System File: False
    Parent System File: True
    Integrity Level: Medium
    Parent Integrity Level: Medium
     
  3. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    237
    In my case, I use XP Pro in a VM with the network disconnected as much as possible; I wouldn't dare use it as my main OS.
     
  4. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    237
    Although my testing has been very limited, I have had no problems with NVT OSArmor on Windows XP. Here are some possible reasons why that might be the case:

    1. I am using NVT ERP 3.1
    2. I am not using MBAE.
    3. I am very selective about which updates I install. Although I am using the POSReady 2009 hack, I have not installed most of the updates released after April 2014. However, I do install the IE 8 updates, though not necessarily every month.
     
  5. guest

    guest Guest

    pure Anti-exploits always break something, you must juggle with exclusions to avoid any breakages.
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    No problems on any of my machines with HMP.A (lately).
     
  7. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    To those who consider Windows XP dangerous, I have to say that since my two incarnations of Windows XP were installed in 2004 I have yet to experience even a single intrusion, information leakage or effects of malware. I would go further and say that ALL the Windows PCs belonging to friends and family (XP, 7 and 8.1) that I have 'breathed on' in the Internet connected era have yet to suffer any intrusion, information leakage or other effects of malware. Agnitum Outpost Firewall Pro 9.3 is set to maximum anti-leak protection on my XP systems. Every Windows PC uses MalwareBytes Anti-Exploit and the latest Avast or Panda Dome. Those Windows XP systems belonging to friends and family were retired or updated to Windows 7 in early 2014.

    If a malware event had occurred, Avast or Panda have missed it but I don't believe that is the case because any such malware has remained undetected and dormant for a very long time. I run the AVG rescue CD monthly on each system in case some malware has installed a rootkit to cloak its existence while Windows is running.

    I have NOT since April 2014 used Windows XP for online banking and other transactions where sensitive vital personal information would potentially be put at risk. This is simply good due diligence as I would be reasonably held accountable by my bank for any losses I incurred while using an unsupported OS.
     
    Last edited: May 7, 2018
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    @novirusthanks

    Is it possible that the rules below of "Attack Surface Reduction" conflict with the same OSA rules?

    "Block JavaScript or VBScript from launching downloaded executable content".
    "Block execution of potentially obfuscated scripts".

    "Block process creations originating from PSExec and WMI commands".

    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard

    TH.
     
    Last edited: May 7, 2018
  9. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    In an earthquake I would rather be in a hut with sandbags than a solid house. The number of people with Windows 7 and later whose PCs/laptops are infested with malware/PUPs and so on amazes me but it shouldn't really. The average computer user is disdainful of installing updates and is a sucker for the next scam to come along. Their defences are based on trust and a prayer. The people who inhabit WildersSecurity are among the small minority of the knowledgeable and experienced. No wonder I am popular with friends. It's not my charm or good looks, considerable though they might be. No, it's my IT knowledge and experience. I have a t-shirt on the chest of which is printed "I am root. No I will not fix your computer." :cool: I wore it when I called at the house (a solid one) of a friend of my wife's. She read the t-shirt and burst into tears. Unknown to me her Windows 8.1 laptop had received a direct and disabling hit by malware. I wasn't looking after it before that incident but I am now.
     
    Last edited: May 7, 2018
  10. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    maybe you shouldn't be blaming the OS but the security suites you use to protect those OSes? Panda and Avast, please, give me a break.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Question:
    When I'd set Sandboxie container folder to D:\
    I used to need exclusion [%PROCESS%: D:\Sandbox\bjms\]
    Now, with Sandboxie container set to D:\Sandbox\User\.
    I'm not needing exclusion.
    Was there an internal change to "Block ALL processes outside system partition (e.g. C:\)".

    test62 all rules checked
     
    Last edited: May 7, 2018
  12. guest

    guest Guest

    You expect OS Armor to block files in D:\Sandboxie\... because of the selected Rule [X] Block ALL processes outside system partition (e.g. C:\) but files aren't blocked, right?

    I assume that the process was launched by a parent process which is internally whitelisted by OS Armor (and therefore the process isn't blocked)
    This doesn't mean that the rule "doesn't work" but it only means that as long as the process is launched by a parent process which is internally whitelisted, the process is allowed to launch.
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Okay, IIRC my Firefox sandbox was blocked requiring exclusion.
    Now, my Firefox sandbox with Sandboxie container set to D:\Sandbox\User\ runs without exclusion.

    Rule works... e.g.,: 2788.png
     
    Last edited: May 7, 2018
  14. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Here is a new v1.4 (pre-release) test63:
    http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test63.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

    So far this is what's new compared to the previous pre-release:

    + Improved OSArmor self defense (basic)
    + Improved Block suspicious command-lines
    + Fixed some false positives

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    If you find any false positive or issue please let me know.

    @Tomin2009 @Sampei Nihira @Gandalf_The_Grey @Krusty

    All reported FPs should be fixed, please confirm if possible.

    Thanks for sharing the FPs!

    @Sampei Nihira

    No there should be no conflicts.

    That FP seems related to 1803 update, should be fixed now.

    Yes, I will think about this.

    @bjm_

     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Confirmed! My FP while running PrivaZer is fixed. :thumb:

    Thanks for developing a great program and allowing us to help protect our machines for free. :)
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    2790.png

    Firefox sandbox runs okay with Sandboxie container set to D:\Sandbox\%USER%\%SANDBOX% without [%PROCESS%: D:\Sandbox\bjms\].
    2792.png
    Guess, I'm not remembering why I had added [%PROCESS%: D:\Sandbox\bjms\].
     
    Last edited: May 8, 2018
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    :thumb: Another Big Thanks!
     
  18. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    What is the problem with Avast and Panda Dome? Why should I not have confidence in their protection?
     
  19. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    I can't see any problems here. Just keep these apps if you are happy with them.
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    It's about various conflicts and issues that some people have reported, it's not about their actual protection power. If they behave well, then good. But if various issues crop up on your system, they might be the culprit.
     
  21. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    I am very happy with them. The host systems run well and smoothly. Neither has reported FPs (yet?) but the occasional PUP is reported. For those with old hardware Panda Dome 18.05 still runs on pre-SSE2 processors and the single irritant is resolved by disabling the Panda Devices Agent service which oddly requires a SSE2 compliant processor. Outpost Firewall Pro 9.3 recognises both Avast and Panda and running the Outpost installer enables it to adjust to Avast or Panda for improved compatibility. Outpost is a good bedfellow with Avast or Panda Dome. When the systems are idle, the System Idle Process hovers at 99%. Processes almost never abort.
     
  22. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    no it's not about incompatibilities, it's the joke they call Panda security suites.
    Avast is like okay, but Panda, burn it with fire.
     
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    Thanks.
     
  24. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Updated last night to the latest build. So far so good. Thank you!
     
  25. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    @mekelek , sorry for misinterpreting your post!
    I have seen a lot of complaints about bugs with Avast lately, so I wrongly assumed that is what you meant.
    I know you follow AV zero-day testing closely, so I take your word for it about Panda.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.