Hints on using Online Armor FW-a Learning Thread 4

Discussion in 'other firewalls' started by Escalader, Oct 26, 2007.

Thread Status:
Not open for further replies.
  1. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Re: Do all OA's exe's need www access?

    The "official" word on this: You should not try to restrict OA processes from accessing the internet; in fact, you're playing with fire if you start arbitrarily limiting what processes that you know are safe do. You never know what the repercussions will be.
     
  2. terminal velocity

    terminal velocity Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    24
    Re: Do all OA's exe's need www access?

    Hi Mike,

    Agreed, unless the user wants to micromanage each transaction, then at least one repercussion of blocking oasrv.exe is to prevent connection to signature downloads from the kav updater.
     
  3. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Re: Do all OA's exe's need www access?

    Or Maybe checking certificate revocation lists... perhaps also doing third party DNS checks, or realtime lookups (in upcoming release).

    :)
     
  4. terminal velocity

    terminal velocity Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    24
    Re: Do all OA's exe's need www access?

    :D ......
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Do all OA's exe's need www access?


    TY, very interesting.

    I did a signature update on 190 just now and the allowed www access occurred with oaui.exe and the messages said:

    Downloading updates

    then

    Your OA is up to date:D

    Yet srv is still blocked? How did OA pull that off?
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Re: Do all OA's exe's need www access?

    Um, OAUI retrieves updates as I recall. OASrv applies them. This may or may not be currently accurate as it depends what version you have on.
     
  7. terminal velocity

    terminal velocity Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    24
    Re: Do all OA's exe's need www access?


    Hello :)

    To be clear, the signature updates I'm referring to are related to the AV component of version 3.0.0.190.

    There is nothing unusual or unexpected that I can see happening. If I block oasrv.exe there is an error message when trying to update signatures. If I then allow oasrv.exe, signature updates are fine.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Re: Do all OA's exe's need www access?

    Doesn't make sense to me either. Kind of like putting the prison guards in a cell with the inmates.
     
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Do all OA's exe's need www access?

    TY:

    This thread deals only with OA 190, that is the release I'm testing.

    In my case, I don't use the OA + AV so it doesn't surprise me at all you got an error message for oasrv.exe. It's your set up and you have done well to confirm for yourself that oasrv.exe needs to have www access.

    I don't with this release at this time, that's it.

    Posters should know this thread is for the majority here at WSF who use OA in advanced mode and take advantage of OA's features to give more control over their own set ups.

    This was confirmed by poll and I'm trying to help them. If users just want to use OA out of the box this thread is of limited value to them.

    Questions for Mike Nash at OA:

    1) What's the status of the OASIS updating venture? Is it happening?
    2) Which of the OAxxx.exe 's in the current release need www access?
    3) If new releases as you hinted at many times have real time access to OASIS what value is that if OASIS data base stay's in it's out of date current state?

    I see only one exe needing www in OA 190 without AV and 2 now if user has OA 190 +. My OA help works fine as well:D
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Re: Do all OA's exe's need www access?

    Frankly, Escalader, I don't see why Mike would bother to come here to answer those questions. You could get them by trying the latest public beta, or in the public beta forum, which is freely accessible. Testing on 190, is rapidly approaching being a futile exercise.

    Pete
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    KLB with OA 190 on Quicktax 2008

    It is tax time here. :thumbd:

    There are millions of Quicktax users in NA and here for comment from Mike Nash is a jpg of the Keylogger message I got when running the program qt2008.exe. Quicktax has been approved for use by the federal government.

    BTW qt2008 updates fine with the blocks in place.

    The OASIS data shows it's status is "unknown" yet all the information is available. Hard to keep current with the white list I guess.

    Most quicktax users with OA 190 will get this pop up in the middle of them doing their taxes and think their personal tax information is compromised. Next release?
     

    Attached Files:

  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Escalader

    I have to admit, I don't like the white list concept, either Oasis in OA or Prevx, mamutu, etc, for just the reason you mentioned.

    That being said I still am not sure I see the point in the level of testing you are putting into Build 190. Although the last release, it's getting so it's almost obsolete. I understand you may not want to test on beta's and thats fine, but maybe the most productive thing at this point is waiting. Testing and asking questions on stuff from 190 is not very fruitful.

    Pete
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello:

    Just so this thread knows, I do like the white list concept. It is far easier to maintain in my view than a black list. It is shorter. The issue is the currency and accuracy of the OA white data base.

    Testing and learning on OA 190, will continue here until OA releases version xxx.

    The purpose is as in post # 1 in this thread.

    When the next release arrives, I'll continue with that version when it happens but not before.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    It's not just an OA issue, but an issue for any publisher maintaining a white list.
     
  15. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
  16. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    HI Mike,

    I've tried the OA Free latest beta , It's light and fast. Is it nearing final release ?


    John
     
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Hi John,

    For the past few weeks we have been battling with a bug that made OA Beta unreliable and unstable on most of our user machines. I'm pleased to say that we solved that particular issue on Friday 13th :)

    So now, we should be in a position to release shortly. There may be one more public beta before we do.


    Mike
     
  18. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    looking forward to the final:)
     
  19. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Me too :)
     
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Do all OA's exe's need www access?



    Well frankly ..... it seems Mr Nash does come here to answer questions anyway::rolleyes:

    https://www.wilderssecurity.com/showpost.php?p=1423793&postcount=640
    https://www.wilderssecurity.com/showpost.php?p=1423823&postcount=642
    https://www.wilderssecurity.com/showpost.php?p=1423850&postcount=644
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Mike:

    OA public beta 26 has been out since:

    http://support.tallemu.com/vbforum/showpost.php?p=73947&postcount=7

    So if you do go with a public beta and it takes as long again the word
    translates into say 4 weeks?
     
  22. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Yep.

    And if it takes twice as long , the word shortly translates into 8 weeks.

    If it takes half as long, it translates to 2 weeks.

    I don't understand the point you're trying to make.

    We've had a build in public beta for 4 weeks. We've solve a really nasty issue. It doesnt follow the next one will be in public beta for 4 weeks just because the last one was.
     
  23. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Mike:

    The point is that the term "shortly" could raise user expectations too high depending on how readers interpret it. Just as you have yourself.

    I would think most would read it is as days not weeks.

    Maybe it's better not to make predictions of the future:D
     
  24. Paragon_Support

    Paragon_Support Infrequent Poster

    Joined:
    Mar 2, 2009
    Posts:
    3
    Hello, after further research and deeper investigation we've found that OA is reacting to QT libriaries but not to the disks layout data painting work. Also, OA is calling the start of Drive Backup wizard as ScreenLogger and in History list it is called as Key Logger?!?!
    Moreover, some other well known programs and applications are detected as key loggers. The only similar feature we found in all these programs (Google Earth, Team Viewer, Abby Lingvo 12, all programs from Paragon) is - QT library (www.qtsoftware.com).
    Now it is up to OA to check, why do they consider every QT based software to be a key logger.
     
  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Hi - chances are it will be a global hook or something along those lines. However, we dont consider it to be a keylogger per se - just possible keylogger behaviour.

    I will pass this onto the team to review in any case


    Mike
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.