Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.
Care to say why? Any issue you had with this software?
If you block Internet access then it will just be unable to verify signatures of signed processes BUT it will work normally.
That is the only issue, the rest will work just fine.
reading the above is enough reason
Software users are like computers: Hard to figure out and never have enough memory.
I resemble that analogy
I installed OSA 1.4.2 on Jan 24 on a new Windows 10 Home 64 (1803) system with all current patches. OSA stopped working on Feb 6 without any notification, and couldn't be manually enabled even after reboots. I had to uninstall and reinstall OSA. No real-time AV in use except for Windows Defender.
This is the entire MS error report:
Thank you for your answer, NVT Developer.
It is good to know that OSArmor will do its job, even if it can not connect to the internet.
In my house I have a PC which is reserved for my guests. I have installed on it the latest version of MS Office 2007, and a lot of Educational software - including Simulation games -, for my nephews. The PC in question still needs protection. At least because the kids bring with them all kind of CDs with dubious applications... They also use to insert Flash Drives in the PCs USB ports. Despite the fact that I disinfect the USB Sticks, periodically, my nephews still manage to infect them again. And again. And again... (taquito.exe - a variant of the IRC-Worm.Win32 - comes across quite often.)
I do not want to apply a "radical" solution (i.e., to permanently disable the AutoRun.inf file).
If OSArmor can not prevent a certain, unusual type of malefic program to damage the system, I can always restore it to its last known "good" state. (Long live Deep Freeze!)
For security reasons I decided not to connect, to my router, that PC. No Internet access allowed.-
@Wolfram set OSA to max security (aka ticking almost all boxes in Advanced settings) , add Custom Blocks rules (like blocking execution from internet-facing folders) and i can tell you few things will infect you.
Well, Umbra, again, you are right.
But only in what concerns Windows 7-10. Windows XP is, so to speak, "much more silent" than its younger descendants.
On my Windows XP system, Windows Update Service is disabled. (Windows Time, too; plus many other "talkative" Services.) Explorer.exe does not need to connect to the Internet.
However, in 64-bit versions of Windows, the OS won't let you install a driver that has a digital signature issue. Even if you like it, or not, you have to allow Windows (including Explorer.exe) to access the Internet. Otherwise Windows Update (and Microsoft Update) processes will not be possible.
Explorer.exe, on Windows 7-10, has Internet access volens-nolens. And if it has unrestricted access, and if it is "specialized" in verifying Digital Signatures, the designer of OSArmor should have put it to work.
I might be wrong, but I think that most users have more trust in Microsoft Networks, than in China Telecom Corporation; or in EdgeCast Net. Of course, it is a subjective opinion.
As you said it, Umbra, I do not feel more comfortable knowing that a Windows component - like Explorer.exe - connects to the Internet, instead of OSArmorDevSvc.exe.
For those concerned about their privacy, there are programs like O&O ShutUp10, or W10Privacy, or Privacy Repairer, or Destroy Windows Spying. Those interested should also read the discussions posted here:
"List of Windows 7 telemetry updates to avoid"
"Here's how to Block Windows 10 Spying"
Domains like "vortex.data.microsoft.com" should be blocked at the Router level.-
Very good advice; for all OSArmor users. +1 !
Very good advice indeed, but only if you know what you are doing and if you are tech-savvy enough to deal with FPs. IMO, novice users should just use default settings.
The thing i like in OSA is when you have a block, you get the opportunity to whitelist the said blocked process via a popup.
I think you can disable checking for driver signatures
Also, I use O&O shutup 10 along with custom tweaks, and I've never seen explorer.exe try to connect to the internet. Must be something that's being enabled by something else
Also, I've collected many different domains from different sources, and here's my hosts file:
Also, if you're going to use OSArmor for that purpose (blocking execution from certain folders), you might as well use excubits bouncer or memprotect (they do mostly the same thing). This comes with (one of them being) the added bonus of also blocking all kinds of MZ files, including .drv, .dll, .sys etc. not just exes. For example, let's say your browser is only allowed to write to one folder, a downloads folder (you can force it to do so using something like pumpernickel) Then, you disallow any process access to that folder, and you only allow the browser to write to that folder. Result = nothing can run or modify or use etc. the files in the folder, except the browser who can only write to the folder
Thank you for your answer, Floyd 57.
Your extended list of "must-to-be-blocked" domains is welcome. I appreciate your documentary effort.
I also appreciate the fact that you mentioned those two programs. Your specifications are useful to all the readers of this thread.
Why I brought in discussion Explorer.exe?
On my Windows XP Pro system, when I want to check the Digital Signature of a certain installed program (usually, an EXE file), as soon as I click on "Details", Explorer.exe requires access to the internet:
Note: the IP corresponds to my DNS.
To illustrate I choose KVRT (which is not installed: it is only present in Program Files folder).
Something similar happens on the occasion of any verification. I never allow Explorer.exe to connect to the Internet. Not even when Windows offers to search, on the Internet, "for the latest driver software".
Do you think that, under Windows XP, Explorer.exe behaves abnormally?
P.S. In the web-page mentioned below it is explained why (and where) is making Windows Explorer external connections, in the newer Windows versions:
Wolfram: "- I want to post a new - alarming - comment."
NVT: "- Oh, no, not again... Again?"
Wolfram: " - Yes, again."
Today I checked a few installers. Before testing-installing a program, I always check its installer using at least four [reputed] websites specialized in computer software checking; and namely: VirusTotal, OPSWAT (MetaDefender Cloud), VirScan, and Hybrid-Anylysis.
I included osarmor_setup.exe (v. 18.104.22.168) among the installers to be checked. Just in case.
**All results removed please see here
(Note: OSArmor, being free, I have nothing against the secret "monetizing" attempts of their developers. But ONLY as long as the users' privacy is not affected.)
It might, or it might not be a "Wrong detection". Who am I, to question the professionalism level of a company like Filseclab?!
I am not working for the ******* (God forbid!).
Being confused, I took a step forward. I decided to submit, osarmor_setup.exe, to Hybrid-Anylysis, for further investigations. Here is what H-A found:
1. To contact, as soon as possible, Filseclab Corp., and to convince them that osarmor_setup.exe contains "not even one atom of Adware". Filseclab's "detection" is preposterous (absurd, ridiculous, foolish, outrageous, risible, ...) Then, to inform us what Filseclab communicated to NVT about the detection.
2. To clarify the matter with the team behind Hybrid-Analysis. NVTs reputation is at stake.
3. For our peace of mind, to contact ReversingLabs; and to present us their detailed report of inspection over OSArmor.
Something is not exactly "kosher" with this program.
I would like to read some responses, from NVT, supported by the evidence provided by ReversingLabs. A simple verbal assurance will only amplify the existing suspicions.-
You are in my opinion suffering from paralysis by analysis. I think most of the users here just trust Andreas and stop there. I've had all of the software from NVT discussed here on my systems with nothing suspicious ever seen. If you are that concerned then I just wouldn't use it. Simple.
@Wolfram if i had to do all you did, i won't even bother using OSA, either you trust an app or you don't, then not use it. no need trying to find "the yeti".
and honestly, Fileseclab... check their website *cough* cough* , i had a good laugh reading it
No doubts here using NVT's software.
I think Peter is absolutely right. I've used NVT's software for years also and never have any doubts about it whatsoever as stapp mentions.
Please don't state things you can't elaborate/demonstrate and do not make wrong statements.
1) The report on hybrid-analysis just shows what OSA setup file is doing (nothing wrong there) and it also says "whitelisted", it means OSA setup file is in the safe list of programs.
2) VirusTotal report is showing no detections, and in case there are any, they are false positives (all our programs are digitally signed by us). The detection of FileSecLabs on OPSWAT is of course a false positive, period.
3) Then again, none of our programs are sending data outside, some of our programs can check for updates or validate the serial number, but that's all.
4) We never bundled any of our programs with adware or other pests.
5) We don't care about users data, we're not a marketing or advertising agency, we develop software and web services (SaaS), and we have a passion for what we do, that's all.
6) If you are too paranoid or if you have doubts about our programs, ask us your questions, if that is not enough don't use them, we're not forcing anyone to use our programs.
7) Why would we need to ask (and pay) ReversingLabs to reverse our programs (that is against our EULA)? We developed them, ask us if you have questions, simple.
Life is so hard, keep it simple at least while using the PC
Hope this helps
Not saying, worrying about OSA with such "anxiety", i don't dare imagining what @Wolfram psychological state will be if he tries to analyze Win10 , he will probably flee in panic ...bwahahahahahahaahaha
Watching this discussion in this thread, I will add that it is a great example of security software paranoia reaching new and unparalleled heights. I would think one would have more productive ways of spending their time. I agree with Peter's comment 100%. That is if one has security doubts about any software, just don't use it.
Currently can't imagine being without at least one NVT software, now it's OSArmor. It just fills the bill, even with the sidebar thing going on. NVT software should be making one less paranoid, right? Way less.
Agree with itman.
What's the worst thing that can happen on your home PC? Put 2FA on your bank account / paypal / whatever and call it a day
(preferably not SMS 2FA but better than nothing)
Separate names with a comma.