anyone heard of Online Armour?

The load order is :

1. Drivers
2. Services
3. Programs

The protection is provided by the driver. The GUI is either a service or program (can't remember). So even though the GUI loads last, you are still protected prior to that.

Unfortunately I can't tell you at what exact moment the internet connects to your computer, because I've never figured that out myself.

 

shouldnt ur internet access be available as soon as teh ethernet driver loads?

 

On my mahine I can`t get internet access till ZA loads...and that`s usually the last one to load.

 

Hi all,

For the last couple of weeks, I have been running Online Armor alongside ProcessGuard and RegDefend. It has performed flawlessly. I am particularly pleased with its "Web Screen", which provides me with lots of additional information as well as "well informed" alerts. There is redendant protecton with ProcessGuard, but at this point I do not mind, since I am using the two packages to verify each other in test mode. I still very much appreciate the features of PG, which are quite suitable to me, but OA is a very nice package indeed. I am looking forward to purchasing this package.

Regards,
Rich

 

I can already forsee many people going on a HIPS buying binge.....before it is all said and done many people will have probably bought 4 or 5 HIPS programs. I think this is hilarious!!!

Back that trailer on up so I can load up my HIPS. I used to be addicted to scanner signature updates but now I got a serious jones for HIPS!!!


Hip, Hip Hooraay!!!

 

Signature updates are so 80/90s don't you think?

Today someone actually asked me what HIPS is. Talk about clueless.

 

Yeah, my grandma has already bought two hips.

 

You probably told him he needs hips to protect himself

edit : beaten

 

Hi,

I have a question for Mike Nash about OA, or anyone who is knowledgeable and can answer it.

Will OnlieArmour prevent the installation of the infamous Hacker Defender Gold rootkit? Not the free version of Hxdef, but the Gold version that is claimed by the author to be able to be undetectable to all rootkit/malware scanners.

Also would OA be able to stop HxDef Gold after it was already installed on a PC?

Thank you for any help.

 

Looks like we have a hackdefender fan on how hands.

Why not just ask in a post.

Can ProcessGuard, Online Armor , Antihook etc prevent Hackdefender gold from being installed?

As a class most likely, as long as they block driver installs. Not sure if these 3 do.

All you could just run a limited user account.

Rootkits don't have any magic way of installing themselves, they are good at hiding themselves once installed though.

Can ProcessGuard, Online Armor , Antihook etc detect Hackdefender gold if installed?

No.

 

If it really is undetectable, then no. If it is not, then yes. I know that sounds like a flippant answer but every spyware/keylogger author describes their wares as "completely undetectable!" and most of it is not.

OA would prompt and log actions taken on install of this - there is no way to tell, without testing of course, whether OA could detect the product if it were installed and then OA installed on the machine afterwards.

But, that is *not* what OA is designed to do. OA is designed to say "hey, this thing is installing and doing XYZ, you really sure about that?" - and, if you make a mistake, to give you the chance, if possible, to roll it back.

Once someone has a rootkit on your computer, it's not your computer anymore - it's theirs. The challenge is to keep it getting on in the firstplace.

 

Exactly. Are we sure if the rollback will always work. How comprehensive is the rollback anyway? What's recorded?

Given that it is able to evade even specific anti-rootkit tools which use many clever methods to try to find them, I somehow doubt OA, PG etc can detect them once they are installed.

Unless OA has some specific rootkit detection system I'm not aware of?

 

The rollback records reg entry creation, file creation at this point. I've said earlier in the thread that the core registry engine will be improved in upcoming versions.

I agree completely with your comment about "once installed" progs. like OA won't be able to detect them. It depends on the rootkit itself if OA is able to remove it. Again, though - I have to stress - it's not what OA is supposed to do. If a thorough programmer creates a rootkit (which deliberately tries to conceal itself, and does the job properly), and the user installs it - even if OA (or any other program) is able to track it, removing it would be all but impossible unless you were able to boot into a non-contaminated environment (bartPE is good for this) and remove the offending files.

Even then, you'd need to build your bootable disk before your system was compromised. This is probably a good facility for a later version of OA.

 

Hey Rich,

This is good news. I can't believe I somehow missed this thread entirely! I guess to much work and surfing at Wilders at strange hours will do that to you. If I had seen this, I would have definitely jumped in on the beta testing bandwagon.

After reading all the posts in this thread, it appears to me that OA is a great product that will continue to get better with age. Mike and his prompt tech support alone is enough for most users to feel comfortable/confident with there purchase.

Congrats to you Mike and your team. I look forward to trialing your product when it becomes available.

Best Regards,

Jag

 

well u can actually trial it now, just ask mike for a key.

 

how long does the trial last for?

 

15 days

 

Hi Jag,

Just email me if you would like an evaluation key and I'll sort you out.

Right now, the status is we've closed off the beta program, and have mostly moved over to our new server. We have a couple of things to do, and hopefully at the end of the week the new site will be online, and OA will be launched.


Mike

 

Hi Mike,

If it is easier for you I can wait til the end of the week. There is no rush.

BTW, what is your email addy? Or do you want me to PM you or vice versa?

Regards,

Jag

 

Hey Jag - makes no difference for me--- my email address is mike at tallemu dot com.

Mike

 

Mike - Email sent.

 

So's the key

 

Possible conflict with bitorrent. With both enabled, there is 100% CPU usage at all times

http://img77.imageshack.us/img77/2375/bit3eb.jpg

 

Yes Mike, when I click "start transfer" CPU climbs - but prior to this OA asks for permission but it flashes (text in dialog) I noticed if I don't click ok rapidly several times my entire desktop will hang. I also notice several bt files that are identical (as many as ten so I "end process" on all but one. The client is TorrentStorm 1.2