NoVirusThanks OSArmor: An Additional Layer of Defense

For me, if my subscription ends, NVT pop's up every time I restart Windows. However, as plat1098 posted, it stops working. I have to close that window.

Robert

 

If asked, "What type of security app is OSArmor?" I would answer: It's a Behavior Blocker.

QUESTION: Agree with my answer?

 

it makes sense yes

 

This program is not for home users. Program constantly gives false positive results. how do I know which is right and which is wrong ? with each new release, many errors, false positives appear. Developers sell the program, which is in beta, as if it were a full version.

 

Not my experience with Medium Protection Profile.

What Protection Profile are you runnng?

 

I don't use right now. my license expired 3 months ago. I've never been involved in the settings.

 

Not my experience with Extreme Protection plus some exclusions, either. I haven't seen a pop-up window from OSA for a long, long time. OSA runs smoothly in the background, protects my machine and works as advertised. No problems here whatsoever.

BTW, OSA is supplemented by SysHardener (another useful tool from NVT) which, unfortunately, has not been updated for 4 years.
@novirusthanks: Is SH still supported? OSA and SH is the perfect security combo, so I do hope SH will not turn into "abandonware" sooner or later.

 

@osmandemi -- OSA is a behavior blocker. That is, OSA "watches" what an application is actually doing, where it is doing it, & what it is doing it to. If the application is doing something that is the same sort of thing that a virus would do, OSA reports it to you as a "suspicious behavior". There are NO actual false positives. Why? Because, when OSA says that an application is acting suspiciously, then that application IS acting suspiciously. It is up to the you, the user, to decide whether the suspicious behavior is or is not actually the work of a virus.

=>Real life example of a suspicious behavior: Someone is breaking into my home.
=>My protection: My house has a burglar alarm system.
=>Event: One night, while I am sleeping, the burglar alarm sounds and awakens me. Someone is breaking into my home!
=>Result: It turns out that my neighbor saw a fire in my kitchen & called the firemen. The firemen knocked but I didn't answer so they broke in the front door and entered my home so as to put out the fire.
=>Conclusion: It was a False Positive.
=>Question: Should I get rid of my burglar alarm?

 

No but I'd suggest buying new fire alarms / smoke detectors.

 

Good one!

Re smoke detectors -- there are smokeless fires. An ionization detector plus smoke detector combo is safer. That's what I have, as recommended by one of my fireman poker buddies.

 

@bellgamin

as you have so often done throughout these forums, you have summarized, in this particular case with articulate perfection, how OSA works and how the user should deal with its alerts. This post of yours deserves at least a five/five star rating

I'm surprised at how often "false positive" is being used over and over again throughout this thread, when OSA is simply doing its job as its meant exactly to do. If one thinks about it, ninety nine percent of HIPS alerts are on system actions that are both normal and harmless, but no one ever calls them "false positives".

Just as with HIPS security utilities, OSA is a security utility meant for advanced users to decide if its alerts are harmless or not, and if they decide the former then an Exclusion rule can be created from the alert so that the particular alert doesn't happen again.

 

I would say passive behavior blocker or heuristic behavior blocker, there is no intelligent evaluation whatsoever

 

As of now, NO computer is "intelligent, nor is any computer app "intelligent." As of now, computers can only have deterministic (hence, Artificial) Intelligence (AI) -- see https://martinxluptak.github.io/docs/can_computers_think.pdf and https://www.csee.umbc.edu/courses/471/papers/turing.pdf.

Building AI algorithms into an AV app is a good sales technique & sounds very scientific. However, to be of any significant degree of competency, AI's need a lot of computing power & large databases. Ergo,it is MUCH preferable that AI be done in the cloud, and not in an end-user app such as OSA. Ergo, the advertised AI in an end-user AV is either very weak, or it is primarily the front end for gathering & sending specified data to the AV producer's main computers for AI analysis "up there.".

AI programming, by the way, is quite different from other types of programming that is done in common computer languges such as C, C++, Forth, etc. See HERE. Many businesses see AI as the main wave for eaning big profits in the future. As a result, AI-capable programmers are now in VERY high demand -- see HERE. The highest skilled AI programmers will tend to go where the big salaries are, & most AVs are quite low on that totem pole.

MY POINT IS: The "intelligence" built into OSA is not "artificial' -- it is human, in the form of:
=>(a) You, me, & other users who decide which rules to apply & exclude, & which "special" rules we want to develop on our own.
AND
=>(b) Of equal or greater importance is the human crew at NVT (Andeas & his staff). No doubt, NVT has computers that compile data and do basic "analyses" to assist NVT's personnel in developing new & improved rules but I am paying for NVT's human judgment, not some invisible, built-in AI on an end-user app.

 

algorithms are something else entirely than simple rule matching

my point stands, I call it intelligent and/or active when an intelligent attack (dynamically adapting) is stopped by an intelligent (dynamically adapting) defense system. e.g., the code/script is changed dynamically as to adapt to the defenses in an attempt to circumvent them, OSA has no such fail safe or any adaptability for the matter, if something doesn't matches the rules it passes through, there are no complex decisions based on algorithms (e.g. ensemble methods), digression: ml is fast enough to be deployed live and locally, dl is not used by every AV btw. most on them rely on ml only or mainly on ml

that's why I said passive, some rules are written by an "expert" and that's that, which is OKey-ish, some malware behaviors are stopped tout-court even before more intelligent defense countermeasure is deployed which reduces resource usage, malware just don't get the chance to start, if I understand it correctly (not sure if malware gets picked by both say AV and OSA, or just by OSA if OSA stops it - would be interesting to know)

 

Interesting comment. I'm curious -- have you reverse engineered OSA's code in order to make such an assertion?

 

did you reverse engineer every single programme you commented on?

I have the forum, the authors' website and even some email exchanges I had, thats pretty enough to get an idea

Nothing to take away from the programme, I am just discussing it being passive that is, depending on the situation that passiveness might be considered a quality, e.g., pair it with something else like an AV, a programme focused on network security etc

 

Your assertions about OSA's capabilities were so definitive that I assumed you have either reverse engineered OSA or you have tested it against the types of threats where you assert it is ineffective.

As to the latter possibility, if you have tested OSA & discovered a specific weakness versus what you term an "intelligent attack (dynamically adapting)" -- where such attack would nullify effective application of one or more of OSA's protective "rules" -- then it would be helpful if you provided that information so that I (& other users) could adjust our security set-ups as warranted. Otherwise it's just a play on redefining words to no productive end as to the purpose, usage, and value of OSA.

 

I would like your aggressiveness level to go down a notch, thank you

its you that asked help in defining OSA remember (or you did not and I understood all wrong)? If you can't bear a discussion then don't start it.


I replied to you because I am interested in defining OSA too

I said it is a "passive (un-intelligent) behavior blocker" in my opinion, as it doesn't implement ml or statistical algos, at least from the sources I mentioned it would seem so (checked 1 year ago or more, maybe something changed?) /thread
of course I am not an security expert but my understanding of intelligent would be some system based on statistics, ml or dl and "active" as it adapts and makes decisions depending on the situation, and that learns from new samples, human-like so to speak not just bunch of rules, alot of rules and good hard work but still just heuristics, if they are not regularly updated they are dead (thus another key difference is autonomy or partial autonomy versus complete human supervision). I don't understand what is that you don't understand

non intelligent doesn't mean the product is bad,
actually I am trying to implement both active and passive systems, both have great value

 

"non intelligent" is a derogatory term. That's why I objected to it, because OSA is an excellent security app.

To say that a computer app is "non intelligent" infers that there are computer apps that DO posses intelligence. Computer apps do what they are coded to do. Nothing more, nothing less. The "intelligence" of a computer app is solely vested in the human systems analysts & programmers who created that app.

AVs may seem "intelligent: because they are designed for use by mass market, & that largely consists of folks who are indifferent to security.

On the other hand, OSA is designed such that it will be most effective when teamed up with a security-conscious user.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Many AVs are "suites" that include a Behavior Blocker (BB) component. Their BB components follow an invisible-to-user list of built-in rules that are similar to those visible-to-user rules used by OSA. However, AVs that generate a lot of FPs will soon become unpopular so AVs generally exclude the types of rules that OSA's configurator lists in red text.

Thus, AV's BB components generally:
=> (a) Curtail behavioral rules & add code so as to reduce FPs
AND
=> (b) Enable users to whitelist apps & files from further alerts by the AV, across-the-board.

OSA works differently:
=> (a) OSA does not constrain its BB rules to prevent FPs. Not at all. That action is up to the user, not to some programmer who is trying to keep the delicate balance between aggressive protection VERSUS reducing FPs and minimizing alerts. Thus, OSA puts into red-text those rules that may generate a significant number of FPs, & lets the user (a) decide OSA's degree of aggressiveness, and (b) tweak OSA so as to specify exactly which rules are to be applied.
=> OSA does not enable the user to easily give any file or process across-the board exclusions. Instead, the user must apply exclusions to each specific file or process on a case by case, rule by rule basis. Yes, that takes a bit of thinking and judgment by the user. If someone places a high premium on computer security, OSA is a superb security tool.

 

no I can hear non intelligent, stupid or dumb in scientific literature in non derogatory fascion, no such thing was intended, I swear I've seen it, when I find it I will upload link, thanks for your comment. It just describes a mechanism

Intelligence is learning on mistakes,
stupidity is not learning (capitalizing) on mistakes
An intelligent system learns on mistakes, examples are ml, dl that learn on their own
OSA does not learn on mistakes on its own

 

Except for program bugs, Behavior Blockers (BB) are incapable of making mistakes. A BB's job is to detect suspicious behavior. If OSA pops an alert, there actually has been suspicious behavior. It is up to the user to decide if that specific behavior by that specific app or file is acceptable or not.

OSA is designed for users who want to make such decisions on their own. If someone prefers a BB that relieves them of most of those decisions, then that's what they should use instead of criticizing OSA for doing just exactly what it was designed to do. OSA's design is why perceptive users are using it.

If you want OSA to add new features, I suggest you contact NVT directly at

Code:

support@osarmor.com

.

 

Well, duh! OSA was never designed to "learn" without human intervention. If you want that, use VS. But don't compare OSA to something it's not, and never intends to be.

 

Doesn't "learning" depend on some kind of data collection? I don't believe OSA collects anything from the end-user so I would simply accept things as they are. It lives on my daily driver and I'm pretty happy with it.

 

The discussion was about defining OSA , I don't compare OSA to something it's not, and never intends to be for the sake of a moot argument but in an attempt to define/distinguish OSA from different products, when u define something you first need to compare it. Definitionas are like that they oversimplify by discarding known comparisons

I have put forward my definition (based on bellgamin's definition): passive (dumb) behavior blocker

I think it doesn't collects anything, at least 1 year ago that I checked it did not,

No that AI definition of learning from mistakes was bad, AI learns from new samples,
like a brain (far away from human brain, more like reptile brain)

nobody is critisizing anything, it was just an attempt to define/classify OSA, answering the question what makes OSA different or what is OSA , I thought that BB that are based on AI could be called active, and BB that do not passive

 

actually, this sounds like a fair definition to me. but, then again, bb's are intrinsically "passive (dumb) [sic]" sw, imo.