Hints on using Online Armor FW-a Learning Thread 4

Re: Do all OA's exe's need www access?

The "official" word on this: You should not try to restrict OA processes from accessing the internet; in fact, you're playing with fire if you start arbitrarily limiting what processes that you know are safe do. You never know what the repercussions will be.

 

Re: Do all OA's exe's need www access?

Hi Mike,

Agreed, unless the user wants to micromanage each transaction, then at least one repercussion of blocking oasrv.exe is to prevent connection to signature downloads from the kav updater.

 

Re: Do all OA's exe's need www access?

Or Maybe checking certificate revocation lists... perhaps also doing third party DNS checks, or realtime lookups (in upcoming release).

 

Re: Do all OA's exe's need www access?

......

 

Re: Do all OA's exe's need www access?

TY, very interesting.

I did a signature update on 190 just now and the allowed www access occurred with oaui.exe and the messages said:

Downloading updates

then

Your OA is up to date

Yet srv is still blocked? How did OA pull that off?

 

Re: Do all OA's exe's need www access?

Um, OAUI retrieves updates as I recall. OASrv applies them. This may or may not be currently accurate as it depends what version you have on.

 

Re: Do all OA's exe's need www access?

Hello

To be clear, the signature updates I'm referring to are related to the AV component of version 3.0.0.190.

There is nothing unusual or unexpected that I can see happening. If I block oasrv.exe there is an error message when trying to update signatures. If I then allow oasrv.exe, signature updates are fine.

 

Re: Do all OA's exe's need www access?

TY:

This thread deals only with OA 190, that is the release I'm testing.

In my case, I don't use the OA + AV so it doesn't surprise me at all you got an error message for oasrv.exe. It's your set up and you have done well to confirm for yourself that oasrv.exe needs to have www access.

I don't with this release at this time, that's it.

Posters should know this thread is for the majority here at WSF who use OA in advanced mode and take advantage of OA's features to give more control over their own set ups.

This was confirmed by poll and I'm trying to help them. If users just want to use OA out of the box this thread is of limited value to them.

Questions for Mike Nash at OA:

1) What's the status of the OASIS updating venture? Is it happening?
2) Which of the OAxxx.exe 's in the current release need www access?
3) If new releases as you hinted at many times have real time access to OASIS what value is that if OASIS data base stay's in it's out of date current state?

I see only one exe needing www in OA 190 without AV and 2 now if user has OA 190 +. My OA help works fine as well

 

KLB with OA 190 on Quicktax 2008

It is tax time here.

There are millions of Quicktax users in NA and here for comment from Mike Nash is a jpg of the Keylogger message I got when running the program qt2008.exe. Quicktax has been approved for use by the federal government.

BTW qt2008 updates fine with the blocks in place.

The OASIS data shows it's status is "unknown" yet all the information is available. Hard to keep current with the white list I guess.

Most quicktax users with OA 190 will get this pop up in the middle of them doing their taxes and think their personal tax information is compromised. Next release?

 

Hello:

Just so this thread knows, I do like the white list concept. It is far easier to maintain in my view than a black list. It is shorter. The issue is the currency and accuracy of the OA white data base.

Testing and learning on OA 190, will continue here until OA releases version xxx.

The purpose is as in post # 1 in this thread.

When the next release arrives, I'll continue with that version when it happens but not before.

 

There's a post on my blog about whitelists, how we use them and why I think they're cool. I think it addresses the question/concerns raised.

http://onlinearmorpersonalfirewall.blogspot.com/

 

HI Mike,

I've tried the OA Free latest beta , It's light and fast. Is it nearing final release ?


John

 

Hi John,

For the past few weeks we have been battling with a bug that made OA Beta unreliable and unstable on most of our user machines. I'm pleased to say that we solved that particular issue on Friday 13th

So now, we should be in a position to release shortly. There may be one more public beta before we do.


Mike

 

looking forward to the final

 

Me too

 

Re: Do all OA's exe's need www access?

Well frankly ..... it seems Mr Nash does come here to answer questions anyway:

https://www.wilderssecurity.com/showpost.php?p=1423793&postcount=640
https://www.wilderssecurity.com/showpost.php?p=1423823&postcount=642
https://www.wilderssecurity.com/showpost.php?p=1423850&postcount=644

 

Hi Mike:

OA public beta 26 has been out since:

http://support.tallemu.com/vbforum/showpost.php?p=73947&postcount=7

So if you do go with a public beta and it takes as long again the word

translates into say 4 weeks?

 

Yep.

And if it takes twice as long , the word shortly translates into 8 weeks.

If it takes half as long, it translates to 2 weeks.

I don't understand the point you're trying to make.

We've had a build in public beta for 4 weeks. We've solve a really nasty issue. It doesnt follow the next one will be in public beta for 4 weeks just because the last one was.

 

Hi Mike:

The point is that the term "shortly" could raise user expectations too high depending on how readers interpret it. Just as you have yourself.

I would think most would read it is as days not weeks.

Maybe it's better not to make predictions of the future

 

Hello, after further research and deeper investigation we've found that OA is reacting to QT libriaries but not to the disks layout data painting work. Also, OA is calling the start of Drive Backup wizard as ScreenLogger and in History list it is called as Key Logger?!?!
Moreover, some other well known programs and applications are detected as key loggers. The only similar feature we found in all these programs (Google Earth, Team Viewer, Abby Lingvo 12, all programs from Paragon) is - QT library (www.qtsoftware.com).
Now it is up to OA to check, why do they consider every QT based software to be a key logger.

 

Hi - chances are it will be a global hook or something along those lines. However, we dont consider it to be a keylogger per se - just possible keylogger behaviour.

I will pass this onto the team to review in any case


Mike