anyone heard of Online Armour?

Discussion in 'other anti-malware software' started by angarahad, Jun 8, 2005.

Thread Status:
Not open for further replies.
  1. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Have we ever :'(

    So far that one is proving a bit tougher, but we'll get it!


    Mike
     
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Ok, thanks. ;) :)
     
  3. zzz

    zzz Guest

    Can someone help me as OA site is still offline for me.
     
  4. zzz

    zzz Guest

  5. zzz

    zzz Guest

  6. zzz

    zzz Guest

    You weren't kidding about the detail there mike. You can probably hack my computer easily with this information (at least make it so much easier) I am sending Watcher and Logs to you. That's it right?

    Here is the problem again: Dialog has disappeared so no way of clicking the buttons and no way to shut OA down other than hard reboot.

    http://img350.imageshack.us/img350/278/screen2sa.jpg
     
  7. zzz

    zzz Guest

    Sorry for the multiposts. Mike, I need the address to send.
     
  8. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Morning :)

    It's mike at tallemu.com

    Mike
     
  9. World Industries

    World Industries Registered Member

    Joined:
    Jul 28, 2005
    Posts:
    29
    Since the new version of Online Armor came out I decided to trial it and I like it alot, it also adds some good protection to my system...Nice work :)

    World Industries
     
  10. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi Mike

    Rmus put a post here https://www.wilderssecurity.com/showthread.php?p=541736#post541736 which got me to thinking...if we install a piece of software we are uncertain of, how, without manually searching the registry etc, would we gain an idea if it had done something it shouldn't have (ie installed spyware etc) <if it wasn't on the black list of course>

    OA tracks installation. So I was wondering if OA would be able to produce a small report that we (the users) can access, showing two things :

    1. if the program has installed anything outside the chosen installation directory
    2. Registry Changes (with autorun keys highlighted)

    Just seems to me like it would be a nice little extra analytical tool.
     
  11. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    The problem with that is that the average user wouldn't have a clue. In OA v1.2, which I am feverishly finishing off the list of things to do, our registry protection is much improved.

    For at least the winlogon entries that RMUS commented on, OA 1.2 would spit out an alert saying that autoruns were being generated; especially the winlogon autorun. That would have got a nasty, nasty red alert because it's possible to abuse them very seriously.

    Assuming that msmsgs.exe is a signed windows file, a second alert would prevent this file being installed as it has the same name as a signed windows exe - an indicator of nefarious activity.

    So, in this case - OA 1.1 would have gievn an autostart warning; Its one of the reasons why 1.2 is being released - to keep improving the protection.

    I didnt have the trojan (so I dont know what other alerts OA 1.1 would have generated) - but you may like to see this post as an example of where OA alerted me (ok, ok, I PERSONALLY knew it was dodgy) to strange activity.

    http://www.tallemu.com/forum/viewtopic.php?t=91

    Hope this helps.


    Mike
     
  12. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Heh, actually, I wouldn't have a clue either. I would think it odd if installations occurred outside the installation folder, do a google search to see what I found, and also hopefully also make sure 'it' didn't access the internet (if it wasn't supposed to)....then make up my mind whether or not I wanted to keep it from there...and uninstall it through OA if I didn't want to keep the program :)

    I know OA and other programs would alert people in other ways to such activities...but as ever I'm curious about such things :)

    Still I quite understand not including such a utility, lol, I suppose I just like things to play with.
     
  13. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    I'm not ruling it out for an advanced mode. I just think that for this example, a couple of bright red warnings saying "This is up to no good" would beat a "Here is an audit of what this install just did".

    It woudl be fairly easy to add the ability to right-click and print the created objects list in OA.
     
  14. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    That's fair enough....


    ...Hmmm...my brain isn't working tonight I think...OA with registry protection will throw up an alert for any autostart registry changes that are not whitelisted (or are blacklisted)...so really all that would be needed was an alert to exe installations outside the installation folder...which is something I think I put on a wishlist once...

    ...last time I ever listen to the gnomes !
     
  15. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Don't knock the gnomes ! Your change is on the list :)
     
  16. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Lol alright !!!

    Thanks !
     
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Ad-mucher is now fixed! It's in testing along with the PC-Cilling bug reported and a number of cosmetic issues and minor tweaks.

    Assuming all goes well, I plan on a service release on Monday/Tuesday of next week.


    Mike
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Any timeline on the firewall being added Mike?

    Cheers :D
     
  19. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Hiya Blackspear,

    Simple question - long answer :)

    First of all - we have reworked the OA version numbers. So, the current version is 1.1.x ; next version will be 1.2; what I have described as 1.2 previously in this thread will be called 2.0. There's nothing to this other than a request from some sales partners not to stick forever to 1.x numbering :)

    So, with that in mind:

    1.2 - this will contain Kernel mode implementation of some OA features - specifically the Keylogger detector functions so we're able to detect these nasties, as well as rootkits. This should enter beta testing within the next week. Based on that, I would say that 1.2 will be about 3-4 weeks away (given that we only release to beta when we're fairly sure it does what it says on the tin).

    Because of the current rootkit/keylogger situation, I decided to get this into 1.2 rather than hold off for 2.0. I think it's that important as people expect OA to be able to detect keyloggers - period.

    At the same time as 1.2 - we're working on the OA toolbar - initially for IE only, but with other browsers coming soon. The toolbar is currently in internal testing; It's a free tool that is basically a cross between Spoofstick and Fraud Eliminator - no nags, no price tag - although *if* you have OA installed it will integrate to give you control of some OA features from the browser to save diving down to the task tray.

    On OA Toolbar - I'm hoping early December for it to hit the streets as well.

    For the Firewall - it's going to be implemented in 2.0 - that's now decided for certain. OA 2.0 will start realistically in early January - depending on how 1.2 release goes - and probably it will take a month or so to get out there.

    Fortunately, by getting some of the Kernel mode stuff completed earlier it will make it that much easier to do the 2.0 features, including the firewall.

    So, I would say it looks a bit like this:

    OA 1.2 -- early December
    OA Toolbar -- also early december
    OA 2.0 with firewall -- Feb/March 06.

    Obviously, if there is any possibly way to bring it forward - I'll do it - and these estimates are subject to my whim (such as "wow, we need a toolbar" or "Kernel mode keylogger detection is really important") or the whims of fate ("It will take you ages to solve this BSOD problem" (or not :D)

    Hope that helps!


    Mike
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Indeed it does, and thank you very much, appreciated.

    Cheers :D
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Mike, any plans on implementing a Process Guard 3 style of program/dll blocking/execution system?

    Cheers :D
     
  22. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Hi Blackspear,

    OA already has execution protection in place - covers EXE , msi, rundll, etc - so not quite sure what you mean. There's a fairly comprehensive (and growing) whitelist to avoid unneccessary popups too.

    Am I missing something that PG3 is doing that I am not? Unless you mean protecting other programs from being killed which will come in 2.0


    Mike
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Sorry Mike, that part I had a brain freeze :rolleyes: ;) :D


    I mean that as well.

    Cheers :D
     
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Mike, you mention automated intergration of MVPS Hosts file in this thread, the only thing that bugs me about all hosts files is that they include advert/tracking sites, I don't like adverts, but at the expense having a non-functioning website such as www.bigpond.com where clicking on "my account" bounces you to secure-au.imworld.com and that in turn stops me entering further into the site, I’d rather keep adverts/tracking out of the hosts file.

    So, with a direct import from MVPS, does it come in allowing you select or not adverts/tracking if you wanted to, a clickable step within OA? This brings up another question, if OA blocks you from going to a site listed, it's going to need some form of warning, and bypass function.

    Cheers :D
     

    Attached Files:

  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    It won't block :) Just won't allow ActiveX and so on... does that help?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.