Hi guys... I'm going to test Online Armor today... Free version... Do u know any nice leaktest I could try with OA? Some rare ones ^^ The leaktest I own so far are the ones downloadable from testmypcsecurity.com Let me know asap also with private messages if u don't want the file to be public
srry guys haven't tested it yet ^^ I'll test it tomorrow maybe, due to lack of time... soz.. I know...I used the word leaktest but I meant every program that could attack our computers...like keyloggers, etc to test if OA reacts in a good way
I disagree. Yes, there are some completely silly leaktests (IMHO), but others are very good POCs that every decent security soft should pass. For example memory access control, windows messaging control, OLE control, DDE control, registry control etc ... I just think this relates more to HIPS, than to firewalls.
...testing it.... It has failed some tests of the APT test suite from diamondcs...processes can be easily killed...
Then tell me, what is more better? These are examples- A rootkit that has been blocked from download. (This is what a firewall's inbound traffic does, except its not rootkits.) OR A rootkit that has already gone into your system, infilterated your AV, made itself stealth, and acsess? (outbound) A skilled hacker will not really be bothered about an outbound traffic firewall, AND also, a hacker always uses THE LATEST technology, and are leaktests updates every day? NO.
I agree with you but I'm sure it's implicit in your message that leaktests are not used by hacker cause they're old and so they are blocked easily by HIPS... how comes HIPS can't stop them all? You say they're useless, old, well but HIPS can't stop them yet!!! ^^
You mean apt. Yes, it was possible. The same killtask prevention worked in spt and taskmanager but didn't work in apt. Seems like wrong implementation. But the day after this was reported it was fixed.
I didn't say HIPS could catch 'em all. The company knows how to stop it, but are just concentrating on more important stuff. Another disadvantage is that AV's seem to target these software these days...
Either one is good in case rootkit is stopped, except a zero-day rootkit. Then the only option is HIPS. And, please, do not overestimate those hackers. Yes, they work day and night looking for the holes, but most of "zero-day" malware is just modification of the old ideas and code. I deal with malware. 95% of this can be disabled manually with only regeditor. 5% needs something like Gmer, Sysprot. 0.1% needs Debugger and disassembler. And I didn't see something revolutionary new for a pretty long time.
Then, may I ask, what have you done to search for a 'revolutionary' thing. Also, if we overestimated them, I wonder why they are still in buisness...
They're still in business because a good amount of people have poor security setups, little (if any) security knowledge and they fall victim of social engineering tricks and drive-by downloads. You don't need a super-stealth malware to build a big enough botnet. And the hundreds of rogue scanners are simple pieces of coding, as simple as Notepad.
I did nothing, but collected everything I could reach. And they are in business because too many people do not care about their security.