Bad news on Online Armor

It would be sweet to have a another OA AV option such as webwasher or avira. Would this be more 2 ur liking Trjam?

 

It seems to work both ways. Either the tester gets bashed or the vendor of the tested product is bashed for not providing a secure enough product. I have expressed skepticism towards Matousec's testing, but in the end I would agree with you that he is only trying to help. The problem I see is that some people get so caught up in the apparent importance of leaktesting that they can lose sight of other, important factors, regarding proper security practices.

 

While I don't use OA, I do read many of Mike Nash's posts. I've come to regard him as a true gentlemen in the security business. He appears to be dedicated to his app and his customer base. You really can't ask for more than this.

...screamer

 

MikeNash,

Thanks for being a honest person, and keep your very good work...

 

Hi Seer,

I agree that this is just one test, and that 7th place is not so bad. However, we *were* in third place and I had published that fact, so I had to correct it when the real tests come out.

I'm not overly paniced about these results - but since I'd been saying "Yay! Woo! We're in third place"... even on our website - had to change it.


Mike

 

I cant wait to give this a try when it comes out for vista.Been checking the site and forums waiting,so hopefully soon.

 

Well all I have to say is that Mike has always been honest. Secondly, Online Armor can only get better from here!

dja2k

 

Personally, I am not very interested in leak-test results (or the capabilities of the firewall in this area).

My main concern with OA firewall as always been the packet filtering capability (or lack off). As an SPI yet been added?, are even any sort of packet filter to at least filter out illigal/malformed packets?

 

Stem makes a good point.
But what products do already have this ability?

 

Most firewalls have this ability, with an SPI and/or filters for bad packets, such as comodo / Jetico / ZA / outpost /etc etc. They can, and do vary on capability (and correct working).

 

Hi Stem,
Have you done some tests on the "grey" area of SPI filtering?

 

Thanks for your reply.
And Lucas brings up a good question.
This would be interesting reading.
Thanks.
Doc

 

Hello lucas1985, Doc,

Yes, I do quite a lot of testing in this area.
I do have a problem with posting results from this, unlike we have now for leak-tests, the methods used for SPI (possible) bypass are not well/ or even documented for users to try, and posting some of the methods I use would probably be against forum TOS, so results could not be easily confirmed by other members.

 

Hi Stem

I am not 100% sure, but I do not believe this currently exists in OA's firewall.

Mike

 

I'm looking for a 'lighter' FW than ZAP 7 which clearly slows down my laptop (WinXP, Pent M 1.8, 512MB RAM), which of Matousec's Exc or VG rated FWs would you guys recommend?

 

Hello Mike.

So you're really after those rankings at Matousec then? Good to know you're serious about outbound protection.
The thing is you see, I have a folder on my machine with different installations organized in subfolders by type of app - Firewalls, AVs, HIPS, etc. Now, I have OA trial installation placed under 'Firewalls'. Should I maybe consider moving it to 'HIPS'?
I have always considered OA to be a firewall so I would rather like to see it moving more in that direction. So generally, I have to agree with Stem on packet filtering, although I am a little surprised by his question regarding SPI. I am not very familiar with OA rules and protocol handling, but I'm just assuming at least SPI for TCP is present... Well, I would actually have to install OA in order to continue on this thread...

See ya,

 

On my last installation of OA,.. OA was using a "Pseudo SPI", this is basically a table of IP`s that have been connected to, and inbound packets are allowed based on this table. This in itself will block unsolicited inbound from IP`s not connect to (if no open inbound allow rule is in place), but will not filter for bad/illigal/spoofed packets.

 

Got it, Stem. So that's how "pseudo-SPI" works. It only scans for packet specifications (port, IP) on a whitelist principle instead of the actual contents of a packet. This is in fact, one half of the full SPI. Now I see why full SPI cannot be implemented for conectionless protocols.
But enough with the ot... "bad news" is the topic here.

Cheers,

 

Well, you could post some general guidelines (within the TOS) and/or general information about the current state of Windows firewalls.