NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    You know, not the first time, will not be the last.
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,243
    Location:
    Hawaii
    "Even better"? I think you mean "more perfecter." :)
     
  3. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    125
    Location:
    LA
  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,376
    Location:
    Under a bushel ...
    Me too, still.
     
  5. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania

    Here is the list you requested:
    https://community.sophos.com/produc...l/47019/here-s-how-to-block-windows-10-spying

    I can send you a dozen more links on the same subject.

    Important note: I do not work for Sophos. I do not use Windows 10. If you think that Windows 10 is not spying on you, please contact the company and ask their employees to remove the above mentioned web-page. Or suggest Microsoft to sue Sophos for "defamation".-
     
  6. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
  7. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania

    FortKnox is a Firewall with minimum HIPS capabilities. It has, instead, the Intrusion Prevention System, inherited from Symantec.
    Matousec was known for favoring the "Hips-ified" firewalls.

    I added to Fortknox, Malware Defender, to compensate for its missing HIPS capabilities.

    Suggestion: if you did not tested, personally, FortKnox, please stop writing about it.

    If you will replace - under Windows XP! -, FortKnox, with ZoneAlarm, or Kerio, or Private Firewall, or Sygate, or Net Veda's Safety Firewall, you will obtain THE SAME result: OSArmor does connect to the Internet. NVT's Developer already admited this. WHY are you insisting? What's the point?! What do you want to prove?

    And if you want to prove something, then make your own tests! Buy a copy of FortKnox, install it under Windows XP (or run it in a Virtual Machine), and show us your results. As I already did.-
     
    Last edited: Feb 15, 2019
  8. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    i bet you didn't read this: https://www.wilderssecurity.com/thr...layer-of-defense.398859/page-100#post-2808765
     
  9. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania
    If there are servers, then there are executables too. Windows 10 connects to those servers, not who knows other program. If one really wants to find out which are those, it can use a tool like WireShark. Most probably, they act under the "umbrella" named Svchost.exe.
     
  10. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    you think only Win10 gather datas? such a naive...
    so if svchost.exe or Windows Update connect to those servers, what will you do?
     
  11. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania

    Thank you very much, RioHN, for your confirmation. Even if, under Windows XP, the final destinations where OSArmor connects, do not coincide with the ones found by my *controversial* firewall, now I feel somewhat relieved. You have done a good job.
     
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    so as i said: obsolete OS, 2nd zone firewall and a huge waste of time for the dev and readers of this thread.
    Subject close for me.
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,436
    Location:
    UK
    3 off topic posts removed.
    Stay on topic or thread may get closed
     
  14. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,436
    Location:
    UK
    3 more off topic posts removed.
    Getting close to thread being closed now due to a few posters refusing to stay on topic.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,376
    Location:
    Under a bushel ...
    We need Andreas and this thread here, so please stay on topic. :)
     
  16. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    364
    Location:
    united kingdom
    +1
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,243
    Location:
    Hawaii
    Is 1.4.2 the latest OSA version? Any word on 1.5?

    ~ OT Remarks Removed ~
     
    Last edited by a moderator: Feb 16, 2019
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    Yes and no.
     
  19. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,534
    Location:
    New Mexico, USA
    This laptop is no fireball, but it isn't all that weak. 8G RAM is good. The 1.8mhz AMD quad core processor isn't the latest and greatest, but not too bad. I just don't like to bog my system down with a lot of 'stuff.' If I can be secure with a couple or 3 small programs and using common sense, I have never understood loading my machine with a dozen different programs trying to patch every possible malware point of entry. If I was that paranoid, I'd turn off the Internet.

    Nothing is 100%. Just walking down the street contains an element of danger. But if Syshardener, OSarmor and WFC or Tinywall along with Win Defender can provide 90% security, I think using the computer between my ears, I can manage the last 10%.
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,243
    Location:
    Hawaii
    How about OSA + FW + daily Imaging (LIFO) = 99.9% security?
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,341
    @novirusthanks
    After enabling of "[X] Block processes executed from RuntimeBroker" and launching of regedit.exe with administrator rights (via startmenu), OS Armor is blocking it because the parent of regedit.exe is Runtimebroker.exe
    Adding of an exclusion of course works, but perhaps it is also a good idea to add it via internal rule in the next version, so other users won't get the same block.
    Code:
    Process: C:\Windows\regedit.exe
    Parent: C:\Windows\System32\RuntimeBroker.exe
    Rule: BlockProcessesFromRuntimeBroker
    Rule Name: Block processes executed from RuntimeBroker
    Command Line: "C:\Windows\regedit.exe"
    Signer: 
    Parent Signer: Microsoft Windows
    System File: True
    Parent System File: True
    Integrity Level: High
    Parent Integrity Level: Medium
    
     
  22. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,534
    Location:
    New Mexico, USA
    I do a Macrium each month. I learned the hard way some years ago that having a current or reasonably current backup is important. As for daily, I keep my documents on an external drive. It gets updated several times a day. I do an image once a month because once I get the computer the way I want it, with the word processor I need and security, etc, it doesn't change other than for windows updates.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,243
    Location:
    U.S.A.
    FYI - regedit runs with high privileges as child of explorer.exe on my Win 10 x(64) 1809 build.
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,243
    Location:
    Hawaii
    Sounds like a good plan. However, I feel that at least weekly images are prudent. Why? Because some infections are well hidden & may not be detected until a good deal of time has passed. I would much rather revert to a clean image of 5 weeks ago than to one that is 2 months ago.
     
  25. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    With macrium, you can allow yourself to do a full image once after a clean install (that you won't delete) then an incremental one every week (and deleting those older than 1 month).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.