NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    I mean, you turn OSArmor Off when you're installing something. I think that's kinda obvious :O
     
  2. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @Floyd 57

    Interesting scenario, to partially automate that actions to turn OSArmor on/off we could add one or two options like:

    [] Disable OSArmor while an application is in full-screen mode (i.e while watching movies or playing games)
    [] Disable OSArmor while specific processes are running (matching process + signer for safety)

    Or something similar, what are your thoughts?
     
  4. guest

    guest Guest

    The rules are explicit by themselves, if you dont understand what they do, don't select them and do some researches first.

    Those advanced settings are for knowledgeable users, hence they aren't enabled by default.
     
  5. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Surprisingly, it does not. I mean, it might possibly cause a problem, but in my experience, with the standard monthly Windows updates so far I have not seen a problem. There are internal rules. Apparently, they are set properly to handle Windows updates.
     
  6. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    If we don't know what "Prevent important Windows Services from being disabled" does, how can you turn that on?? Who knows what services that includes.
    What exactly are suspicious processes? ("Block suspicioues processes started from Rundll32")
    Who are these specific processes? ("Block specific processes from self-executing")

    You can't tell me you know that. There is no way to know what they do!
     
  7. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I turned everything on, although there are of course many things I don't understand, and I am still alive.
    It probably won't bork your computer, but it might bother you a little, because you will need to make exclusions here and there.
     
  8. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I'm just not happy with the level of information..:(
     
  9. guest

    guest Guest

    Read your services list, it is obvious which shouldn't be disabled.
    Anyway it prevent "from being disabled" (by malware or else), average users shouldn't disable services, so you don't need to really know which ones.

    If you know how most malware performs, especially those abusing rundll32, you will know. Usually cmd, powershell, etc...

    Sponsors mostly.

    So as i said previously, do some researches..
     
  10. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Great
     
  11. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    If you would do enough research to figure out exactly what OSA does, you would almost be expert enough to write the program yourself.
     
  12. guest

    guest Guest

    nonsense... i know what a motorbike does, doesnt mean i know how to build one...

    indeed, do as i did, years ago i didn't know much, i did researches, now i know more.
    i gave you hints where to look, you want learn specifics , do some researches, most of what i know is from googling...

    Part of security is about learning what processes do and how they are abused, not just using softs.
     
  13. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I guess I'll search for "specific programs" and "suspicious processes" then... All of my research could never tell me what programs are in the list, without the list. Do you get that? hmpf
     
  14. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Install the program. Put it in 'passive logging'. That way it doesn't block anything and you can see if it works with your computer setup. Add necessary exclusions if you get popup. After you have determined enough time has passed, switch program to 'Enable Protection'.
     
  15. guest

    guest Guest

    What you don't get is thatn knowing the detailed list of what is blocked isn't necessary.
    OSA was made for beginners, and beginners don't need to know the details.

    For example, "suspicious" doesnt mean "malicious" , a legit perfectly safe process/program can become suspicious because used in malicious way if abused (like cmd or powershell and many others, the list is too long to detailed here).

    Before asking what or why the program block this or that, ask yourself what malware usually do, then you will understand then know what processes are usually abused, how and why.

    If you want a starting place, read in Wilders the various Excubits or ERP threads and those from Itman reporting various attacks.
     
    Last edited by a moderator: Nov 15, 2018
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Good summation @guest in a nutshell. OSA is probably even surprised the NVT circle seeing the positive application results that require little to no effort on the end user's part.

    They done a nice job.
     
  17. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    You are certainly aware that opinions greatly vary. Because this software is made by a being with it's own Opinion. Therefore what is actually on the list will differ from what I or you can research - if the source of that is not the being whose opinion formed the list.
    All I want and all I did was wish for the list.

    -----------------------------------
    Let me remind you about ...
    ...
     
  18. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    guest is no beginner, and he uses OSA...
     
  19. guest

    guest Guest

    Indeed, with OSA the user doesn't have to think, OSA blocks and propose the possibility to exclude, opposite of ERP (default) that prompt the user to allow or not.

    OSA doesn't require extensive Windows knowledge, the user just need to know what the program he wants to exclude does.

    In ERP, the user need a deeper knowledge of processes so he can allow or block things without breaking his system.

    2 different softs, for 2 distinct type of users.
     
  20. guest

    guest Guest

    Yes, OSA's advanced settings are quite robust. And if the user can handle the custom block and exclusions rules, you have a pretty good, free, easy-to-use pseudo-SRP.
     
  21. guest

    guest Guest

    So PM the dev, but you have to consider that maybe he doesn't want the said list to be disclosed for obvious reasons.

    OSA default settings are for beginners, Advanced Settings aren't, reason why they are disabled, because beginners users who don't know about the sponsors' role can easily break things.
    Please, don't deviate the meanings of my words.
     
  22. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    +1
     
  23. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Did I say he is?
    That is what people do when they wish or ask for something... I'll pm him about it.
    I guess you mean what I quoted . That was exactly what you wrote. Not my problem if what you write is conflicting due to your determination to rely on incomprehensible subtext in order to convey information. :p
     
  24. guest

    guest Guest

    You quoted out of context. Anyway people used to my posts understood. :)
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Members or even a run of the mill casual reader who might been around the block a time or two should understand. No experience required-except for some of yours is welcome of course :cool:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.