Bad news on Online Armor

Discussion in 'other firewalls' started by MikeNash, Aug 1, 2007.

Thread Status:
Not open for further replies.
  1. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    It would be sweet to have a another OA AV option such as webwasher or avira. Would this be more 2 ur liking Trjam?
     
  2. wat0114

    wat0114 Guest

    It seems to work both ways. Either the tester gets bashed or the vendor of the tested product is bashed for not providing a secure enough product. I have expressed skepticism towards Matousec's testing, but in the end I would agree with you that he is only trying to help. The problem I see is that some people get so caught up in the apparent importance of leaktesting that they can lose sight of other, important factors, regarding proper security practices.
     
  3. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    922
    Location:
    Big Apple USA
    While I don't use OA, I do read many of Mike Nash's posts. I've come to regard him as a true gentlemen in the security business. He appears to be dedicated to his app and his customer base. You really can't ask for more than this.

    ...screamer
     
  4. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    MikeNash,

    Thanks for being a honest person, and keep your very good work... ;)

    :thumb:
     
  5. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Hi Seer,

    I agree that this is just one test, and that 7th place is not so bad. However, we *were* in third place and I had published that fact, so I had to correct it when the real tests come out.

    I'm not overly paniced about these results - but since I'd been saying "Yay! Woo! We're in third place"... even on our website - had to change it.


    Mike
     
  6. xStylezx

    xStylezx Registered Member

    Joined:
    Aug 1, 2007
    Posts:
    11
    I cant wait to give this a try when it comes out for vista.Been checking the site and forums waiting,so hopefully soon.
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,113
    Location:
    South Texas, USA
    Well all I have to say is that Mike has always been honest. Secondly, Online Armor can only get better from here! :D

    dja2k
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Personally, I am not very interested in leak-test results (or the capabilities of the firewall in this area).

    My main concern with OA firewall as always been the packet filtering capability (or lack off). As an SPI yet been added?, are even any sort of packet filter to at least filter out illigal/malformed packets?
     
  9. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Stem makes a good point.
    But what products do already have this ability?
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Most firewalls have this ability, with an SPI and/or filters for bad packets, such as comodo / Jetico / ZA / outpost /etc etc. They can, and do vary on capability (and correct working).
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Hi Stem,
    Have you done some tests on the "grey" area of SPI filtering?
     
  12. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Thanks for your reply.
    And Lucas brings up a good question.
    This would be interesting reading.
    Thanks.
    Doc
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello lucas1985, Doc,
    Yes, I do quite a lot of testing in this area.
    I do have a problem with posting results from this, unlike we have now for leak-tests, the methods used for SPI (possible) bypass are not well/ or even documented for users to try, and posting some of the methods I use would probably be against forum TOS, so results could not be easily confirmed by other members.
     
  14. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Hi Stem

    I am not 100% sure, but I do not believe this currently exists in OA's firewall.

    Mike
     
  15. appster

    appster Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    560
    Location:
    Paradise
    I'm looking for a 'lighter' FW than ZAP 7 which clearly slows down my laptop (WinXP, Pent M 1.8, 512MB RAM), which of Matousec's Exc or VG rated FWs would you guys recommend? :doubt:
     
  16. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,067
    Location:
    Serbia
    Hello Mike. :)

    So you're really after those rankings at Matousec then? Good to know you're serious about outbound protection. :thumb:
    The thing is you see, I have a folder on my machine with different installations organized in subfolders by type of app - Firewalls, AVs, HIPS, etc. Now, I have OA trial installation placed under 'Firewalls'. Should I maybe consider moving it to 'HIPS'?
    I have always considered OA to be a firewall so I would rather like to see it moving more in that direction. So generally, I have to agree with Stem on packet filtering, although I am a little surprised by his question regarding SPI. I am not very familiar with OA rules and protocol handling, but I'm just assuming at least SPI for TCP is present... o_O Well, I would actually have to install OA in order to continue on this thread...

    See ya, :)
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    On my last installation of OA,.. OA was using a "Pseudo SPI", this is basically a table of IP`s that have been connected to, and inbound packets are allowed based on this table. This in itself will block unsolicited inbound from IP`s not connect to (if no open inbound allow rule is in place), but will not filter for bad/illigal/spoofed packets.
     
  18. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,067
    Location:
    Serbia
    Got it, Stem. So that's how "pseudo-SPI" works. It only scans for packet specifications (port, IP) on a whitelist principle instead of the actual contents of a packet. This is in fact, one half of the full SPI. :D Now I see why full SPI cannot be implemented for conectionless protocols.
    But enough with the ot... "bad news" is the topic here. :)

    Cheers,
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Well, you could post some general guidelines (within the TOS) and/or general information about the current state of Windows firewalls.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.