Does Online Armor offer better protection by defualt compared to Windows Firewall?

Discussion in 'other firewalls' started by MrGump, Mar 14, 2011.

Thread Status:
Not open for further replies.
  1. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    you already know my question *puppy*


    thanks for helping :)



    p.s. free version of Online Armor, not the pay.
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Strictly firewall to firewall, not much. If you include HIPS, then yes.
     
  3. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    would you be able to recommend HIPS for me? *puppy*
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Online Armor includes a HIPS. That's what I meant.
     
  5. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Not only OA gives wider protection, also u get easier way to set up program allow/deny
     
  6. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    it will however drive you crazy with the multiple popups asking whether you wish to allow or deny, and of course as it takes no bloody notice, you'll be bald with tearing your hair out too :p
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Using Windows Firewall is like using Hip Waders when playing basketball. You can do it, but you will get tired of it real quick. :eek:

    OA is easier to use and provides much better protection in default mode, not including HIPS.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi Searching_ _ _,

    Can you give some examples of how OA is easier to use? And how it provides better protection (non-HIPS)?

    Using WinXP SP3, it is one click to enable the Windows Firewall. I ran the quick GRC port scan with these results:


    grc-scan.jpg

    thanks,

    rich
     
  9. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    All I've ever ran besides Windows firewall was kerio 2.5.1.

    I've ran windows firewall ever since I went to XP never,ever an issue,so enlighten me why it's sooooooo bad?!
     
  10. Bigabe

    Bigabe Registered Member

    Joined:
    Feb 12, 2011
    Posts:
    58
    Because you can't compare the threat lvl of malware from today to the lvl it was some years ago.
    If you never ever open unknown software, you just play games or surf on well known sites there is a high chance that you will never get infected by malware.

    But take IZarc per example. It is a well known alternative to winrar. Now, IZarc has spyware in it, but it isn't recognized as spyware because the autor tells you open about the fact somewhere in the disclaimer.

    I don't know a lot of persons who read 25 pages of the disclaimer of a program that is marked as spyware free by several know sites.

    And your firewall doesn't describe why the program wants to connect through IE. And that is the point where you might want a HIPS.

    So a HIPS isn't just protection against malware, it protects you from known software that does things you probably don't want to happen on your PC.


    Another example:
    You are tired and open a PDF file that is bundled with malware. So yea, when the malware.exe wants to connect to the Internet, your firewall will recognize it.
    And maybe your av will recognize it, too. But if the malware injects into the IE and connects through port 80 you wont recognize it at all. Because port 80 and IE are open on most PCs.

    Online Armor is very silent after 1-2 days of usage. And you are much better protected than through windows FW.

    Maybe someone will mention that you just have to use brain.exe. But in my opinion this is ******** cause there are a lot of threats where brain.exe won't work at all.
    (IZarc per example)
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Bigabe, you make very good points if you want to include outbound protection as one of the factors to consider. (This was not stated by Searching _ _ _ in his post.)

    However, to take your PDF example, any HIPS or White List program will block the malicious executable from attempting to run in the first place, thus, a firewall won't come into the picture at all.

    For many people who don't have the expertise to work with firewall rule sets, the Windows Firewall combined with a good AV and/or a White List program are a good combination.

    Several people I know use that combination and have not had any problems.

    -rich
     
  12. wat0114

    wat0114 Guest

    Keep in mind also that any 3rd-party security program(s), especially more than one, installed has the potential to interfere with the O/S and/or other applications causing instability, sluggish performance, program crashes, or bsod's, to name a few. Generally speaking and imo only, the more you can utilize already-built-in-security features of the O/S as opposed to 3rd-party offerings the better off you'll be. FTR, I exclude MS' EMET Windows Defender and anything else from them from 3rd-party applications. The only 3rd-party apps I utilize are Sandboxie, used on 2 machines in household, and SuRun (not really a security app) used on another (my own).

    To answer the original OP's question, for inbound packet filtering, I'd say Win fw probably at least equals that of OA's.
     
  13. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Just put OA in learning mode and run EVERYTHING on your computer once or twice and leave it in learning mode a few hours and you will eliminate a good 90% or more of the popups.
     
  14. Bigabe

    Bigabe Registered Member

    Joined:
    Feb 12, 2011
    Posts:
    58
    This can be caused by every kind of software, not just security programs. They tend to cause them more than other programs, but in most cases those problems are caused my the user himself and not the security software.

    Look at forums like Wilders and you will find more than one posting that is asking for help because Online Armor and Defensewall aren't working well together.
    Using two different security programs that do the same is a no-go!

    With Online Armor or Outpost I didn't notice any kind of impact on system performance except for the first system boot after installing it and running programs the first time, which it absolutely normal because they are scanned by the software.

    I wouldn't recommend Windows FW to an average user because it is too complicated, even with Windows FW Control.


    A little example:
    Imagine that there is an exploit caused by a future Windows update which causes the Windows FW to be open to a special kind of malware or worm.
    And it wouldn't be the first time in MS history that this happens. Then there is a much higher chance that a HIPS would detect the malware.

    Relying on build in FW or security software is like using IE:
    I don't call MS into question, they did a great job and I like using their backup in Windows 7 and I love Windows 7 really, but the more ppl use one software the more likley it is that a malware dev is looking for an exploit especially for this software.
    It is a fact that most of injections my malware is made into IE through port 80.
    Why not Safari for Windows which is known for needing always a week minimum to patch their leaks?
     
  15. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Bigabe,

    Nice explanation,but I still dont see what the big advantage is,as many people I personally know,download files,and still have no issues with windows firewall or have any issues with their PC's.
     
  16. Bigabe

    Bigabe Registered Member

    Joined:
    Feb 12, 2011
    Posts:
    58
    http://howto.wired.com/wiki/Build_your_own_botnet_with_open_source_software

    This declares everything you ask. Referring to Wikipedia there is a estimated number of 30 million zombie bots in the greates spam botnet and there are still above 10 million PCs infected with Conficker bot.

    So there are several million PCs on this earth infected with malware and they don't know it. How could they? Those bots inject into IE or some other Windows process and you don't recognize the injection when it isn't on your AVs blacklist.
    You won't feel or see anything as it doesn't use a lot of bandwith and has near zero system impact. It is just waiting for a call from the outside and then you might wonder why your PC is so sluggish on that day or something like that.

    If Windows FW and some free AV is everything you need than how would you start to explain those numbers?

    On several websites you can even buy DOS attacks or brute force attacks for 50$ and upward. And they don't hide, they promote it freely.

    And did you hear of those SSL certificates that were stolen from Comodo some days ago. Because of this the hacker would have been able to hack the Firefox Addon site. So you go there and the browser shows you that it is a trusted site.
    You install a Firefox addon and boooom!
    As Firefox is good to go by your FW rules the FW wouldn't warn you. The AV would probably not recognize it because it is a 0-day release of new malware. And then you are a bot. Or you are giving them you online banking files and so on.

    Some years ago I played with a trojan horse to test my security solution. It wasn't very hard to hide it from Kaspersky or Antivir or other AVs. You just had to hexedit the infected file and change some letters. Not more. And the AV didn't recognize anything at all.
     
    Last edited: Mar 28, 2011
  17. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    They are 100% clean, and besides,there's more to these PC's security then a firewall,nice try though!
     
  18. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    The only reason why I use 3rd party software firewall is simply because they are usually harder to disable. Might be useful in a "real attack" situation if the security software is still there and operating, instead of disabled or removed. Otherwise the WinFw is as good packet filter as all the others, atleast for inbound traffic.
     
  19. Bigabe

    Bigabe Registered Member

    Joined:
    Feb 12, 2011
    Posts:
    58
    The last thing I wanted is to say is that the PCs of the ppl you know are infected because they have no HIPS.
    As I stated above if you know the steps you have to look at to stay clean you will probably not get infected ever.I never said that the Win FW is a bad product, it is quite good and if you don't mistake a simple FW with an antimalware program it might does its job maybe better than a lot of 3rd party FWs.
    And you also can get infected if you use an AV+FW+HIPS+behavior blocker, even if you use them the right way and you stay away from shady websites.


    But what I meant is that there is an incredible high number of zombie bots out there and for me the main reason number one is that ppl are trusting in Windows FW because they misunderstand the meaning of a firewall itself, which is handling connections and not preventing getting infected.

    And the second reason is that they believe that they are safe because of their free AV software.
    If heuristic AV and Windows FW is enough for the average user then there must be some kind of magic involved because how else are 10 million infections even possible?


    Go and try PCFlank leak test, the one you have to download. It injects into IE and is logging your key strokes. And this might happen when you visit a hijacked website. Or get an infected file by sb you trust because he knows a person who knows someone who also knows someone who found the bloodpatch for game xyz on a very cool site.

    But the OP wanted to ask if Online Armor does provide better protection than Windows Firewall and as some ppl stated above it does because of
    -HIPS
    -easy to handle FW and popups that say where a program wants to connect, resolving the IP
    -and blocking ports that are open by default in Windows FW and providing outbound FW for XP users as well
     
    Last edited: Mar 28, 2011
  20. monkeybutt

    monkeybutt Registered Member

    Joined:
    May 18, 2009
    Posts:
    126
    I like Sphinx's Win 7 firewall, great little program.

    They have a free version also.
     
  21. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Is Vista v. Windows 2000 firewalls a fair comparison?

    Default firewall in Windows Vista does not offer outbound protection and is unavailable in XP. To get outbound protection in Vista you must enable the advanced Firewall.

    http://en.wikipedia.org/wiki/Comparison_of_firewalls
     
  22. zip

    zip Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    359
    Location:
    Mars
    +1

    I use the free version of Windows 7 Firewall Control in concert with the

    Windows fw. ;)
     
  23. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    144
    Depends what you're running and doing. Inbound protection with XP's firewall should be as good as OA's. That said, OA will give you outbound as well as it's HIPS feature. Think Windows 7/Vista comes with inbound/outbound. Up to you if you want the extra beef OA offers. I'm running XP and had a subscription to OA and ++. Note: had :). I liked it but it's kinda heavy for my needs.
     
Loading...
Thread Status:
Not open for further replies.