NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,197
    No, you surely didn't.
    I also was a little confused by Umbra's seemingly contradictory statements on the subject, and was asking him for clarification. Now everything has been cleared up, and I am saying to myself, "Duh!"
    To sum it up in my own words: OSA was born to serve ordinary users. But the dev added advanced options, to the delight of advanced users who know what to do with them.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,055
    Location:
    U.S.A. (South)
    And it couldn't be any more simple made for the wary end user who likely sinks billfolds of spending for AV's (only for a set period of time-cash cow) and/or experiments with other vendors who's basic premise is to draw in customers to "their" $ flow, most of which seems always heads to the advertisement department or outsourced contractors who are eager to draw them their best design for "hits" and trials etc.

    Many who reap positive results from NVT owe a debt of gratitude if nothing else other than for their selfless-generous act of distributing some of the most enhanced PC security programs that won't toast your good machine with errors or bog it down either courtesy some very sharp programming implemented into products like OSA-ERP etc. to name a couple of the currently most popular.

    And for free? You won't find but the occasional mere spatter of developers/vendors willing to go to such great lengths offering expert security applications for solid end user protection like this without attaching licensing fees and subscriptions etc.

    How NVT does this? None of my business personally, but it rivals time and again other developments who's research and development isn't even in the same league. Again, IMHO.
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,359
    Location:
    Europe then Asia
    Exactly. The dev said that from the very beginning.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,359
    Location:
    Europe then Asia
    During a debate, I assume people, as I did, had at least read the product's thread and obtained basic understanding of it.

    Of course, if one didn't, my replies may appears cryptic, and make the discussion difficult.
     
  5. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    I'm not ungrateful to the dev. I offer criticism and criticism is valuable. Things like what I asked help to make this app more popular. (For, IMO, everyone, IMO, obviously) When he finishes ERP, I'll be happy to buy it. :)
    And the discussion was difficult solely because of the bullethead of yours that kept telling me that my wish to make the app more user friendly was unneeded. :rolleyes: :ouch: :D
    ^- That's an Argument. :D

    (I hope "bullethead" that isn't an offending word. "Pighead", "bullhead" and "mule" sounded more offensive to me. It's hard when you have four words to choose from in translation, that all mean the same thing - without enough explanation about when to use them...)
     
  6. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,359
    Location:
    Europe then Asia
    The problem is that you seems to want everything explained on a plate, OSA (at default) is already simple to use, the user has nothing to do.

    Visibly you don't understand the various Advanced settings, so don't use them until you research about them. People and the dev have other things to do than give you dedicated lessons about every options.

    Note that you are the only one on this thread that keep insisting, when solutions to your questions are proposed.

    Bullethead me? I don't think so.
    I won't waste my time with you anymore.
     
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    I even put an underline under user-friendliness! Come on! :D
    OK :ouch:
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,257
    Location:
    U.S.A.
  9. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Well, I hope that isn't meant literally. :D

    Anyway, I contacted @novirusthanks (It's actually what I THOUGHT I did when I asked the question here ... ) and that's that with this conversation.
     
  10. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    If you have OSArmor and EXE Radar Pro are they redundant? Can I get rid of OSArmor? What other things compliment EXE Radar Pro?
     
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,359
    Location:
    Europe then Asia
    Both can be used together. But some rules can be redundant.
    OSA has much more hard-coded rules than ERP because it is oriented to beginners, who for most, don't know how to handle rules.
    ERP has no or very few hard-coded rules, all of them must be set by the users, hence requires more knowledge.
     
  12. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    That's an interesting question actually. For the 2nd idea, I think that yes, such a feature wouldn't hurt. But then again, we have to ask ourselves, what kind of people use OSArmor? I think they can be separated into 2 types - the ones who use OSArmor as a "just-in-case, never hurts" type of security, they know when to stop and start it, and aren't likely to be infected by something they have control of, such as opening a .jpg.exe file or downloading random stuff from untrusted places. And then the other type is, I'd imagine, the main audience of OSArmor - the people who don't really know what they are doing, or don't follow safe habits, and are likely to get infected, frequently or not so frequently. For those users, stopping OSArmor might pose a risk to their system. So, for the latter type of users, I don't think such a feature would benefit them much, exclusions might be safer, if they have to use stuff that is normally flagged by OSArmor, but might also get infected if OSArmor was stopped. For the "advanced" people however, such a feature can be a big benefit. Just like the exclusions and custom block files, there could be another one where you write under what conditions OSArmor stops and for how long. Or perhaps, you can also write under what conditions OSArmor starts again. Like, when a certain process from a certain folder starts etc. This would mean, when those conditions are fulfilled, OSArmor can be 100% sure that you know what you're doing, and you need to use stuff that would normally be flagged by OSArmor, and you don't want OSArmor to interrupt you further after that point, or perhaps otherwise there'd be too many exclusions, or the user might not want to allow the given stuff to run while OSArmor is on, but only run when OSarmor is off. On the other hand, for the not-so-advanced users, running a software that OSArmor would normally flag, and they need to use, does not guarantee that further actions will not result in infections, and thus OSArmor can now go Off, which is why I think for them exclusions are better. OSArmor allows the software that is required to start, but stays on, so any further infections are prevented. Thus, I imagine there are a lot more users who wouldn't benefit from this feature than there are those who will benefit from it. Still, I think it'll be a useful feature, at least for some people

    Now about the 1st idea, unless a game/movie/whatever will cause OSArmor to block it, I don't think there should be a reason why would OSArmor should go Off when the above is ran. OSArmor consumes little system resources, I imagine even less so when there aren't processes running around for OSArmor to scan and log, thus the benefit is small, and while technically people aren't likely to get infected while doing that stuff, I imagine it won't hurt to have OSArmor on, just in case. If that software is getting blocked, adding it to the exclusions already solves that problem without compromising the security of the system. And for everything else, I imagine, there's the internal rules, for popular stuff like commonly used programs etc. Thus, I don't see a benefit to turning OSArmor off, other than the ones coming from the 2nd idea. Although, a checkbox to hide notifications but still log them while something is fullscreen would be nice. Or even if not specifically in fullscreen but maybe in borderless fullscreen etc. If it's covering 95%+ of the screen, chances are people who have checked that checkbox won't like a notification appearing on top of the given application

    Also it would be nice if you could make OSArmor UI open-able with just 1 left-click from the tray icon, rather than having to click twice. Cuz, one click is faster. #firstworldproblems
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,421
    @novirusthanks
    There seems to be an internal rule which is allowing "trusted" installers launching of Internet Explorer if "Block execution of Internet Explorer" is enabled.
    A good example is NoVirusThanks Process Lister (the installer is launching Internet Explorer)
    Code:
    The installer is launching IE:
    Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Parent: C:\Users\xxx\AppData\Local\Temp\xx-xxxxx.tmp\process_lister_setup.tmp
    Parent Signer: NoVirusThanks Company Srl
    Commandline: "C:\Program Files\Internet Explorer\iexplore.exe" http://www.novirusthanks.org/post-install/?program=process-lister
    
    IE is launching another instance and this instance is blocked by OS Armor:
    Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Parent: C:\Program Files\internet explorer\iexplore.exe
    CommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:17410 /prefetch:2
    
    This means, OS Armor is allowing Internet Explorer but it is also blocking it :cautious:
    I think that if "Block execution of Internet Explorer" is enabled, internal rules shouldn't be able to launch it at all. Else OS Armor is fighting itself (Internal rule [=allow] vs. "Block execution of Internet Explorer" [=block])

    Perhaps internal rules should be modified to mitigate this.

    Another mitigation is to add IE to the file "CustomBlock.db" which i have done now and IE is now definitely blocked and internal rules won't be able to launch it:
    Code:
    [%PROCESS%: c:\Program Files (x86)\Internet Explorer\iexplore.exe]
    [%PROCESS%: c:\Program Files\internet explorer\iexplore.exe]
    
     
  14. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    228
    @novirusthanks
    Being able to temporarily suspend protection from the main GUI would be a nice usability enhancement. Average computer users may not think to look in the disappearing system tray for the tiny OSArmor icon.

    Phil
     
  15. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    779
    Location:
    Land o fruits and nuts, and more crime.



    Thanks that does work!
     
  16. jks52

    jks52 Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    11
    I'm new to Windows 10 v1804 and realize that Powershell is very much integrated within the system. What would be the best settings for Powershell security using OSArmor to work smoothly with Win 10? There are quite a few selections dealing with Powershell in OSA, just not sure what would be the best for my general usage. Help would be appreciated.
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,359
    Location:
    Europe then Asia
    @jks52 home users don't need powershell at all.
    You can select to block all of them.
     
  18. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,710
    Location:
    Hollow Earth - Telos
    The GUI maybe should have a setting to check or uncheck if you are a home user or not.
     
  19. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,359
    Location:
    Europe then Asia
    Advanced settings were unticked by default so home users won't have issues.
    Those advanced settings are more oriented to those having admin-level skills.
     
  20. jks52

    jks52 Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    11
    Thanks, that's what I thought since i never use powershell for anything; just wasn't sure about Win 10.
    jks
     
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,197
    Windows 10 does use Powershell behind the scenes, every once in a while. And so do some 3rd party apps, such as the Dropbox desktop updater, for instance.
    But OSA comes with internal rules to allow the known scripts used at the present time by Windows and common 3rd party apps.
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,026
    Location:
    Italy
    Here is a new v1.4.2 (pre-release) test1:
    https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build1.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

    So far this is what's new compared to the previous pre-release:

    + Added option to password-protect power options (all options in the right-mouse-button in the system tray icon)
    + Fixed some false positives
    + Improved internal rules to block suspicious process activities
    + Improved internal rules to block new LOLBins
    + Minor improvements

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any issue or FPs with this new beta build.
     
    Last edited: Dec 16, 2018
  23. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,359
    Location:
    Europe then Asia
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,421
    Right after installation a password is needed to open the GUI but i haven't set any password yet and i don't know the "current" password :cautious:
     
  25. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,026
    Location:
    Italy
    @mood

    Could reproduce that issue, for a quick workaround just browse to:

    C:\Program Files\NoVirusThanks\OSArmorDevSvc

    And open OSArmorDevCfg.exe, then open the "Password" tab and click "Reset Password" button.

    Will fix it tomorrow.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.