Hints on using Online Armor FW-a Learning Thread 4

Yep, really embarassing.

A bug crept in around the evaluation code.. It's not something that we test every release as we were focused on a few bigger fish. It's embarassed us, and certainly hurt our sales - but we need to run the next build through testing... which should be released on Monday

 

Missing "next" button in SCW status

Hi Farmerlee:

Over in the OA beta forum this bug has been repaired. I have confirmed it myself in testing the beta version.

Normally I don't report beta results but since we have had multiple posts here on this one I wanted to close it off.

As soon as it it is released we can all test it again!

 

Re: Release 127 OA Security Suite

Hello Learners:

OA 2 is now released at 127.

One of the "new" features is the "green" boarder around any program you have selected to run in "safer" mode. This feature as I see it is intended to deal with the fact that most users in xp run in administrative mode. I know I know that is veiwed by many as bad practice but OA decided to provide this selective feature to allow those in admin mode to set some of their exe's to limited powers.

In my case ( so far) I have M$ Office (outlook, excel, word etc) IE 7 and FF set that way. You know sort of those which have direct face to the www.

The information on what is "new" on 127 is here:

http://support.tallemu.com/vbforum/showthread.php?t=814

Don't forget to reset your OA FW interfaces to "untrusted" since it can be reset on you if you don't restore setting from older versions.

Any questions?


More later

 

Re: Release 127 OA Security Suite

Hi, My programs in run safer in Programs are the familiar aqua blue color, but no green border. I am running .127. I don't really need a green border, but I thought I'd throw it out there.

 

My web browser maked as run safer shows this green border around it

 

I have my FF marked as Run safer and my browser window has no green border around it as yours does.

 

Yes I have FF sandboxed when I click the Sandboxed browser desktop icon. Does Sandboxie still affect the green border when I don't load it sandboxed? In other words does just having SBIE installed with FF selected stop the green border?

 

Hey guys!

I know I'm going to regret asking this, but on behalf of those also wondering I will ask anyway.

If I have OA 2's latetest and greatest, with the FW, the Program Guard, the web shield and the mail shield PLUS a front line AV (KAV or Nod etc) plus image backups ,

Why do I need/want a VM or a Sandboxie tool? I'm not asking for which tool is best just the security rationale for them.

 

Here is another one I need help with:

Back many moon ago on version 119 or was it 31 )can't recall) there was a set of steps from Stem dealing with DNS Set-Up. I saved them did some editing and now re post them for updating !

My basic question is how do I do this now?

For reference I have attached my FF run safer settings showing DNS API blocked?

 

With image backup you can feel yourself safe, I think. But VM is not only about safety, it is debugging tool primarily. It just saves a lot of time in case you are experimenting. And even in case VM is rebooting you still can do something with your real PC

 

Thank alex_s,
vm is OT for this thread I think but the question arose anyway!

 

I don't understand why somebody would want to disable DNS API for a program that it's allowed to connect to internet.

 

One of my main concerns is to why browsers (such as IE and Firefox) are treated as "Trusted" by default. Is this for ease of use? If you are simply going to trust the browser, then would that not make the Internet security nonsense?

For the DNS API, well, after removing FF from trusted I was given a popup that FF wanted to access the DNS API, I did allow this (a bit obvious) but the actual options for FF remained as "ask" for this, but I was not asked~ so a bug? ( I have mentioned this before over at OA)

 

Hi Stem,

The way our file classifications currently work is:

Trusted - Centrally marked as safe (ie. not malware, adware, etc and essentially safe to run.

Unknown - We dont know

Allowed - An unknwon program the user has consented to run.

The difference (from OA perspective) is that if a program is trusted then the OA actions that are monitored are permitted without prompt. For example, if an unknown program tries to grab a global hook (which could be used for keylogging) we would prompt. If a trusted program tries it - we don't.

We also have a "Trusted Programs to access the net" option - which is on by default. So, in general terms - a program we know is not malicious is permitted to run - and access the net.

This is for useability purposes, as you suggest. I don't believe that this results in a hole - firstly, unknown programs can't manipulate trusted programs without user consent. This includes starting them, using DDE, etc.

I believe that the security benefit in not trusting the browser is minimal - because most users, the first thing they will do is allow it anyway.

Regarding the last bug comment - I think the last issues with OA remembering incorrect rules have now been resolved.... (I think this was the case of "customize rules, remove firefox from programs list - customized rules are remembered" - but, feel free to pull me up if I have misunderstood you.


Mike

 

Hi Mike,

I was always of the thinking that control was the best form of defence. I would not expect a security application to give "Trusted" to an application that could possibly give me problems, maybe you know better?

I will check, but I think there are still problems!

 

Hi ggf31416!

Hey, all I did was post what the settings were!

I did zip myself other than set FF to Run Safer and post the jpg!

FWIW, I don't use or need the DNS service myself.

What are your own settings for your browser? Can you post them for learning purposes?

Take care!

 

This is the "easy to use" versus "additional security" trap for vendors.

It's exactly the same with KIS 8, an application has to be in the Trusted group to have access to the internet without any prompt.
Nothing else remains to be done than put popular browsers, mailclients etc. to the Trusted group.
Which is sheer nonsense reflecting to security.

The same applies to OA, "Automatically allow trusted programs to access the internet" is a smart idea, user-friendly etc.
But given the fact that this option exists, the vendor will tend to "Trust" browsers, mailclients, filesharingclients etc.
Of course this is again sheer nonsense reflecting to security.
But if the vendor doesn't "Trust" many risky applications, he will render his biggest "easy to use" feature useless.

Sometimes it's difficult to make decisions.

Cheers

 

Agree. But is it really possible to control every CPU instruction, for example ? Or every API call ? What does mean "control" ? Is it every-time asking like Vista or just once asked ? Is it alerting every new address your browser connects while you are surfing internet ?

I think all of the above is for one impossible, for two even if possible it turns your system in completely unusable tool. Imagine, I'm a doctor and I need to find info ASAP to safe a life. Do you think I will read all the sensless alerts super-controlling security s/w will show ? NO, I will not. So in all the cases there should be found some reasonable balance between complete security and usability. Avarage computer user today is not a coder or sysadmin, this is unexperienced user. And yes, he needs security software for control, but he prefers that this control took as little of his time and forces as possible.

Another story is with experts, of course, but difference is while expert can do everything avarage user does, avarage user cannot do everything expert can. So total balance is in favour of inexperienced user numerologically and also logically.

 

Why is it nonsense? I'd be interested in your views on that.

 

Hi Mike:

Giving subset the benefit, I think this one of those wording issues.

He seems to say these mail clients, file sharers and browsers are "risky" but it is unclear to use the word "nonsense" in this context.

IMHO,these exe's can be risky no question and a user needs the option to "untrust" them and thus tune their PC to their risk profile.

If they don't understand tuning, (99% don't) then IMHO they are better off using the security software defaults built by developers who do understand the risks better.

IMHO, the issue of DNS API testing is a more important matter in this thread.

 

Nonsense.. makes no sense...
Sometimes it's difficult when your brain speaks german and your fingers write english words. Ever tried? However.

What I try to say is, it's... nonsense (monkeyshine, flimflam) to trust browsers per default in the program but to tell everyone in OA forums to use the "Run Safer" feature for browsers.
Program default is in direct contradiction to forum default.

Cheers

 

Some time ago all the known browsers were set to RunSafer. Then there were complaints (especially about IE) - "I cannot update Windows", "I cannot restore my tabs in Opera" etc.

RunSafer creates system provided restricted security context, this is why this may have some unexpected side effects, this is why by default this option is not set, but still this is recommended way to run default browser.

Taking all this in account does it make sense ? Defaulting it to RunSafer you meet complaints, non defaulting you also get complains. Then what ? Remove the feature to avoid complains or remove default but make user know about such a feature ?