NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,612
    Location:
    USA
    Request: An Anti-Exploit rule to protect Thunderbird.
    Thank you
     
  2. I have the application for you, but it's now OSArmor Software. If DLL was implemented into the security, I could help create some rules to help prevent DLL code injection through Thunderbird.

     
  3. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    imuade- if you use AppGuard as it is intended to be used there would be no need for OSA, as the default installation preclusions will protect you (well, actually perhaps not- malware with a VERY high signed certificate can bypass it as I demonstrated a few years ago. But this certificate was acquired at an extremely high cost (I could have gotten it cheaper if I wore a shorter skirt...) and would only be used against high value targets and certainly not Mooks like you and me. Now if you ignore AppGuard alerts and install stuff that you think is OK anyway then you would still need a good AV first. So either way I personally don't see the need for OSA in this scenario.

    BlackBox Hacker- a dll is really nothing more than an executable needing a trigger (Oh God! I can see the critics coming because of that statement!). So a general rule stopping such stuff would be both a very, very complicated thing to do and I feel the Developers would be insane even to try dong this. Please remember that OSA is NOT intended to be the primary protection (and please, please, please NVT- do not make it so!!!!!).

    Regarding TB- by default OSA will stop any scripts that spew out from a TB email, and common sense on the part of the user should stop any executables from being run.
     
    Last edited: Jan 23, 2018
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    With Appguard at standard settings, there is still room for OSA. For instance, with OSA you can block cmd.exe but make exceptions for the things you need.
     
  5. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    But the cmd.exe would only come out of an application initiated by a company that is on an extremely limited Whitelist, and thus would in all probability be allowed (and rightfully so) by the user.
     
  6. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    @cruelsister
    Actually, I mentioned AppCheck by CheckMal, not AppGuard...
    *off topic remark removed
     
  7. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    Yikes!!! looks like a certain someone should ACTUALLY READ a post before responding! If AppCheck is used OSA would be an excellent addition just for the worm protection alone (I am sooo embarrassed...).

    OT- perhaps...
     
  8. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    OK thanks, that was my understanding too :)

    :eek::eek::eek: *puppy**puppy**puppy* :D:D:D
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,419
    Location:
    Under a bushel ...
    :argh:

    But @cruelsister, nonetheless, for a home user, do you think OSA would be a good replacement for AppGuard? Would there be significant protections missing in OSA?
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    Everything you said is right when we are talking about Appguard at high settings, and by that I mean protection level=lockdown.

    But with Appguard at standard settings (protection level=protected), like it is on my system, cmd.exe could come out of:
    1 any process with a valid digital sig
    2 a guarded app such as the browser or the PDF reader or the dreaded MS Word

    In both 1 and 2, malware would not gain persistence, but it could still modify files and steal data in user space locations without privacy protection.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,381
    Location:
    Hawaii
    I hope so. I understand OSA better than I ever did for AppGuard.
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    Appguard has important features that OSA doesn't presently have. These are some of them:
    1 block unsigned files executing anywhere in user space, not just in appdata (and with lockdown mode, it blocks even signed files)
    2 memory protection
    3 privacy protection
     
  13. Rebsat

    Rebsat Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    34
    Location:
    My Desk
    @paulderdash Thanks for your question bro :thumb:


    @shmu26 Thank you for pointing out that question regarding AppGuard bro ;)
     
    Last edited: Jan 23, 2018
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    Your question is an interesting one, but the discussion should be continued either on a Spyshelter thread or an Appguard thread.
     
  15. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Could you please elaborate? What would you wish for OSA to do WRT Thunderbird? I use both and am scratching my head.
     
  16. Rebsat

    Rebsat Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    34
    Location:
    My Desk



    @novirusthanks I would greatly appreciate it if you could fix those issues with Avast Free Antivirus in the next pre-release. Thank you for your great effort bro. Keep up the good work :thumb:
     
    Last edited: Jan 23, 2018
  17. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    +1 :p
     
  18. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    Interesting you guys say that. When I look in the advanced tab of OSA, I ask myself what all those file types are, and what all those commands do, and I wonder how much I will mess up my system if I start flipping them on and off...
     
  19. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,011
    Location:
    Canada
    Yeah, same for me. And so far I haven't touch anything in the advance tab...:confused:
     
  20. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    Paul- I mean this with absolutely zero criticism for OSA, but it is not and is not and will never be a replacement for primary protection (unless, God forbid, they make in into a BB...). If one uses something like AppGuard or CF, OSA is not at all needed. But for those Mooks that still rely on a traditional AV it would be essential.

    The protection missing in OSA that AG (and obviously CF) has would be the prevention of malware packages that will work outside of any realistic prevention that a rule based security application can provide (see my video). However as the bulk of society still uses traditional based security applications (AV's), I would consider the use of OSA mandatory as it would stop various VB and Powershell scripts that my Cat can code that can bring down Western Civilization.

    So for those few that are reading this thread please, please do not either ask or expect OSA to stop everything! This will destroy what is currently a very useful and elegant application.
     
  21. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    +1:thumb:
     
  22. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I don't know what all those do either, what I meant is it's very easy to set up (simply tick or untick an option) compared to AppGuard...Andreas has it preconfigured already so not much to tweak :thumb:

    With AG, it blocks lots of stuff, so I have to constantly ask the forum is this safe or should I change a setting etc
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,419
    Location:
    Under a bushel ...
    :argh: :thumb:
     
  24. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    129
    Location:
    LA
    @novirusthanks Does OSA protect folders from ransomware like WD does? If not could you add that feature?
     
  25. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,709
    Location:
    New Mexico, USA
    That answers my question. I'm running Comodo IS Premium. I've thought of dumping the AV and just using the firewall, but I'm too lazy to spend the time. I like OSA and did play with an earlier version but am definitely NOT a geek and all the sections and boxes to check or not is way beyond me.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.