Is OA Free actually useful vs. persistent malware?

Just realized something about OA Free: as far as I can tell, it does very little to prevent malware persistence.

e.g. say some application is compromised. Online Armor can prevent it from doing anything nasty on the spot, or from executing a nasty program on the spot.

But if it drops a file somewhere in your home directory, then creates an autorun entry in the registry telling Windows to run the nasty before OA starts? Looks like that's it.

Can anyone confirm this? How many other freeware FW/HIPS have such limited autostart protection?

(And mind, I am kicking myself for not noticing this, because it says on the OA website that the free version's autostart protection is limited. D'oh!)

Edit: Hmm, UAC probably takes care of this issue on Windows Vista and 7 (to an extent anyway). On XP, though, users of the free version may not be very well protected.

 

OA Free is very effective as a standalone HIPS and is even stronger in conjunction with its firewall.

My AV already comes with a behavioral blocker so this is very strong security.

 

I agree with you.the online armor firewall is one of the best firewalls out there.

 

Not to be trollish, but have either of you ever observed OA Free preventing infections? On how many occasions?

(Free, mind, not Premium. Marketing tactics aside, I have no problem with paying for the Premium version; I just want to gauge how effective Free is.)

 

Online Armor is a firewall in the first place and it controls network traffic.This is the reason i personally use it on W7.
In Advanced mode the paid firewall has a lot of features indeed ,but you may notice bugs.


The HIPS component from the free ,on the other hand ,should stop autoruns and such as it seems to be able to kill legit drivers when you do not set the permissions for them.

If Online Armor free would feature Configuration Import/Export ,ICMP settings and RAW settings it would be a perfect freeware choice.

If you don t like it there is no problem , use Private Firewall (that blocks the whole operating system from autoruning) ,Zone Alarm free (to have your morning banners ) or Comodo (so they know what you are doing).Or get Linux.

Maybe you should also install an antivirus to fight "persistent malware" though.

 

Yeah - you have to be careful - you can turn your computer into a brick if you don't know what you're doing and tell OA to block every process running on it!

 

OA starts very early and therefor makes sure you can't run a "nasty" before it.

Besides this - OA'd prompt you about autorun entry creation, so you're protected in this case too (and it doesn't matter where the actuall "malware" file would be dropped to. It'd be either intercepted on start or on registering it somewhere as autorun).

Well, if you click-out each popup window by pressing "Allow" button without reading its contents then you will most likely allow a possible malware

If you have such a malware that bypasses OA - please feel free to contact me at our support forums (support.emsisoft.com) and I'll get it fixed

 

Your not being entirely fair to online armor here.When ive used it i ran it alongside avast free AV and it provided excellent protection.
Only reason im not using OA at the moment is because of the compatibilty issue with sandboxie.

 

I'd appreciate if you'd send me your OS version (including sp version if any), a list of other security software installed and steps to reproduce the issue.

Thank you in advance.