NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    840
    Care to say why? Any issue you had with this software?
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,025
    Location:
    Italy
    @Wolfram

    If you block Internet access then it will just be unable to verify signatures of signed processes BUT it will work normally.

    That is the only issue, the rest will work just fine.
     
  3. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,045
    reading the above is enough reason
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,243
    Location:
    Hawaii
    Software users are like computers: Hard to figure out and never have enough memory.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,044
    Location:
    U.S.A. (South)
    I resemble that analogy :D
     
  6. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    348
    Location:
    USA
    I installed OSA 1.4.2 on Jan 24 on a new Windows 10 Home 64 (1803) system with all current patches. OSA stopped working on Feb 6 without any notification, and couldn't be manually enabled even after reboots. I had to uninstall and reinstall OSA. No real-time AV in use except for Windows Defender.

    This is the entire MS error report:
     
  7. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania

    Thank you for your answer, NVT Developer.

    It is good to know that OSArmor will do its job, even if it can not connect to the internet.

    In my house I have a PC which is reserved for my guests. I have installed on it the latest version of MS Office 2007, and a lot of Educational software - including Simulation games -, for my nephews. The PC in question still needs protection. At least because the kids bring with them all kind of CDs with dubious applications... They also use to insert Flash Drives in the PCs USB ports. Despite the fact that I disinfect the USB Sticks, periodically, my nephews still manage to infect them again. And again. And again... (taquito.exe - a variant of the IRC-Worm.Win32 - comes across quite often.)

    I do not want to apply a "radical" solution (i.e., to permanently disable the AutoRun.inf file).

    If OSArmor can not prevent a certain, unusual type of malefic program to damage the system, I can always restore it to its last known "good" state. (Long live Deep Freeze!)

    For security reasons I decided not to connect, to my router, that PC. No Internet access allowed.-
     
  8. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    @Wolfram set OSA to max security (aka ticking almost all boxes in Advanced settings) , add Custom Blocks rules (like blocking execution from internet-facing folders) and i can tell you few things will infect you.
     
  9. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania

    Well, Umbra, again, you are right.

    But only in what concerns Windows 7-10. Windows XP is, so to speak, "much more silent" than its younger descendants.

    On my Windows XP system, Windows Update Service is disabled. (Windows Time, too; plus many other "talkative" Services.) Explorer.exe does not need to connect to the Internet.

    However, in 64-bit versions of Windows, the OS won't let you install a driver that has a digital signature issue. Even if you like it, or not, you have to allow Windows (including Explorer.exe) to access the Internet. Otherwise Windows Update (and Microsoft Update) processes will not be possible.

    Explorer.exe, on Windows 7-10, has Internet access volens-nolens. And if it has unrestricted access, and if it is "specialized" in verifying Digital Signatures, the designer of OSArmor should have put it to work.

    I might be wrong, but I think that most users have more trust in Microsoft Networks, than in China Telecom Corporation; or in EdgeCast Net. Of course, it is a subjective opinion.

    As you said it, Umbra, I do not feel more comfortable knowing that a Windows component - like Explorer.exe - connects to the Internet, instead of OSArmorDevSvc.exe.



    For those concerned about their privacy, there are programs like O&O ShutUp10, or W10Privacy, or Privacy Repairer, or Destroy Windows Spying. Those interested should also read the discussions posted here:

    "List of Windows 7 telemetry updates to avoid"
    https://www.wilderssecurity.com/threads/list-of-windows-7-telemetry-updates-to-avoid.379151/

    and here:

    "Here's how to Block Windows 10 Spying"
    https://community.sophos.com/produc...l/47019/here-s-how-to-block-windows-10-spying

    Domains like "vortex.data.microsoft.com" should be blocked at the Router level.-
     
  10. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania

    Very good advice; for all OSArmor users. +1 !
     
  11. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    879
    Very good advice indeed, but only if you know what you are doing and if you are tech-savvy enough to deal with FPs. IMO, novice users should just use default settings.
     
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    +1
    The thing i like in OSA is when you have a block, you get the opportunity to whitelist the said blocked process via a popup.
     
  13. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    I think you can disable checking for driver signatures

    Also, I use O&O shutup 10 along with custom tweaks, and I've never seen explorer.exe try to connect to the internet. Must be something that's being enabled by something else

    Also, I've collected many different domains from different sources, and here's my hosts file:

    0.0.0.0 vortex.data.microsoft.com
    0.0.0.0 telecommand.telemetry.microsoft.com
    0.0.0.0 oca.telemetry.microsoft.com
    0.0.0.0 sqm.telemetry.microsoft.com
    0.0.0.0 watson.telemetry.microsoft.com
    0.0.0.0 watson2.telemetry.microsoft.com
    0.0.0.0 redir.metaservices.microsoft.com
    0.0.0.0 redir2.metaservices.microsoft.com
    0.0.0.0 choice.microsoft.com
    0.0.0.0 df.telemetry.microsoft.com
    0.0.0.0 reports.wes.df.telemetry.microsoft.com
    0.0.0.0 wes.df.telemetry.microsoft.com
    0.0.0.0 services.wes.df.telemetry.microsoft.com
    0.0.0.0 sqm.df.telemetry.microsoft.com
    0.0.0.0 telemetry.microsoft.com
    0.0.0.0 watson.ppe.telemetry.microsoft.com
    0.0.0.0 telemetry.appex.bing.net
    0.0.0.0 telemetry.urs.microsoft.com
    0.0.0.0 settings-sandbox.data.microsoft.com
    0.0.0.0 vortex-sandbox.data.microsoft.com
    0.0.0.0 survey.watson.microsoft.com
    0.0.0.0 watson.live.com
    0.0.0.0 watson.microsoft.com
    0.0.0.0 statsfe2.ws.microsoft.com
    0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
    0.0.0.0 compatexchange.cloudapp.net
    0.0.0.0 sls.update.microsoft.com.akadns.net
    0.0.0.0 fe2.update.microsoft.com.akadns.net
    0.0.0.0 fe23.update.microsoft.com.akadns.net
    0.0.0.0 fe24.update.microsoft.com.akadns.net
    0.0.0.0 fe25.update.microsoft.com.akadns.net
    0.0.0.0 fe26.update.microsoft.com.akadns.net
    0.0.0.0 fe27.update.microsoft.com.akadns.net
    0.0.0.0 fe28.update.microsoft.com.akadns.net
    0.0.0.0 fe29.update.microsoft.com.akadns.net
    0.0.0.0 diagnostics.support.microsoft.com
    0.0.0.0 statsfe1.ws.microsoft.com
    0.0.0.0 i1.services.social.microsoft.com
    0.0.0.0 feedback.windows.com
    0.0.0.0 feedback.microsoft-hohm.com
    0.0.0.0 feedback2.microsoft-hohm.com
    0.0.0.0 feedback.search.microsoft.com
    0.0.0.0 rad.msn.com
    0.0.0.0 preview.msn.com
    0.0.0.0 dart.l.doubleclick.net
    0.0.0.0 dart2.l.doubleclick.net
    0.0.0.0 dart3.l.doubleclick.net
    0.0.0.0 ads.msn.com
    0.0.0.0 ads2.msn.com
    0.0.0.0 ads3.msn.com
    0.0.0.0 ads6.msn.com
    0.0.0.0 a.ads1.msn.com
    0.0.0.0 global.msads.net.c.footprint.net
    0.0.0.0 ssw.live.com
    0.0.0.0 msnbot-65-55-108-23.search.msn.com
    0.0.0.0 a23-218-212-69.deploy.static.akamaitechnologies.com
    0.0.0.0 microsoft.com
    0.0.0.0 microsoft01.com
    0.0.0.0 microsoft02.com
    0.0.0.0 microsoft03.com
    0.0.0.0 microsoft04.com
    0.0.0.0 microsoft05.com
    0.0.0.0 microsoft06.com
    0.0.0.0 microsoft07.com
    0.0.0.0 microsoft08.com
    0.0.0.0 microsoft09.com
    0.0.0.0 microsoft10.com
    0.0.0.0 microsoft11.com
    0.0.0.0 microsoft12.com
    0.0.0.0 microsoft13.com
    0.0.0.0 microsoft14.com
    0.0.0.0 microsoft15.com
    0.0.0.0 microsoft16.com
    0.0.0.0 microsoft17.com
    0.0.0.0 microsoft18.com
    0.0.0.0 microsoft19.com
    0.0.0.0 microsoft20.com
    0.0.0.0 microsoft21.com
    0.0.0.0 microsoft22.com
    0.0.0.0 microsoft23.com
    0.0.0.0 microsoft24.com
    0.0.0.0 microsoft25.com
    0.0.0.0 microsoft26.com
    0.0.0.0 microsoft27.com
    0.0.0.0 microsoft28.com
    0.0.0.0 microsoft29.com
    0.0.0.0 microsoft30.com
    0.0.0.0 microsoft31.com
    0.0.0.0 microsoft32.com
    0.0.0.0 microsoft33.com
    0.0.0.0 microsoft34.com
    0.0.0.0 microsoft35.com
    0.0.0.0 microsoft36.com
    0.0.0.0 microsoft37.com
    0.0.0.0 microsoft38.com
    0.0.0.0 microsoft39.com
    0.0.0.0 microsoft40.com
    0.0.0.0 new_1-a.ads1.msn.com
    0.0.0.0 new_2-a.ads1.msn.com
    0.0.0.0 new_3-a.ads1.msn.com
    0.0.0.0 new_a-0002.a-msedge.net
    0.0.0.0 new_a-0004.a-msedge.net
    0.0.0.0 new_a-0005.a-msedge.net
    0.0.0.0 new_a-0006.a-msedge.net
    0.0.0.0 new_a-0007.a-msedge.net
    0.0.0.0 new_a-0008.a-msedge.net
    0.0.0.0 new_a-0009.a-msedge.net
    0.0.0.0 new_ac3.msn.com
    0.0.0.0 new_ad.doubleclick.net
    0.0.0.0 new_adnexus.net
    0.0.0.0 new_01.auth.nym2.appnexus.net
    0.0.0.0 new_01.auth.lax1.appnexus.net
    0.0.0.0 new_01.auth.ams1.appnexus.net
    0.0.0.0 new_ns1.gslb.com
    0.0.0.0 new_ns2.gslb.com
    0.0.0.0 new_ads.msn.com
    0.0.0.0 new_ads1.msn.com
    0.0.0.0 new_de-1.ns.nsatc.net
    0.0.0.0 new_es-1.ns.nsatc.net
    0.0.0.0 new_b.ns.nsatc.net
    0.0.0.0 new_nl-1.ns.nsatc.net
    0.0.0.0 new_uk-1.ns.nsatc.net
    0.0.0.0 new_aidps.msn.com.nsatc.net
    0.0.0.0 new_ns1.a-msedge.net
    0.0.0.0 new_ns2.a-msedge.net
    0.0.0.0 new_ns3.a-msedge.net
    0.0.0.0 new_apps.skype.com
    0.0.0.0 new_az512334.vo.msecnd.net
    0.0.0.0 new_bs.serving-sys.com
    0.0.0.0 new_65choice.microsoft.com
    0.0.0.0 new_db3aqu.atdmt.com
    0.0.0.0 new_choice.microsoft.com.nsatc.net
    0.0.0.0 new_c.msn.com
    0.0.0.0 new_c2.msn.com
    0.0.0.0 new_diagnostics.support.microsoft.com
    0.0.0.0 new_fe2.update.microsoft.com.akadns.net
    0.0.0.0 new_ns1.msft.net
    0.0.0.0 new_ns3.msft.net
    0.0.0.0 new_ns4.msft.net
    0.0.0.0 new_flex.msn.com
    0.0.0.0 new_g.msn.com
    0.0.0.0 new_i1.services.social.microsoft.com
    0.0.0.0 new_lb1.www.ms.akadns.net
    0.0.0.0 new_live.rads.msn.com
    0.0.0.0 new_m.adnxs.com
    0.0.0.0 new_m1.adnxs.com
    0.0.0.0 new_m2.adnxs.com
    0.0.0.0 new_m3.adnxs.com
    0.0.0.0 new_m4.adnxs.com
    0.0.0.0 new_m5.adnxs.com
    0.0.0.0 new_m6.adnxs.com
    0.0.0.0 new_m.hotmail.com
    0.0.0.0 new_msedge.net
    0.0.0.0 new_msntest.serving-sys.com
    0.0.0.0 new_msnbot-65-55-108-23.search.msn.com
    0.0.0.0 new_redir.metaservices.microsoft.com
    0.0.0.0 new_redir2.metaservices.microsoft.com
    0.0.0.0 new_s0.2mdn.net
    0.0.0.0 new_db5.skype.msnmessenger.msn.com.akadns.net
    0.0.0.0 new_schemas.microsoft.akadns.net
    0.0.0.0 new_secure.adnxs.com
    0.0.0.0 new_secure1.adnxs.com
    0.0.0.0 new_secure2.adnxs.com
    0.0.0.0 new_secure3.adnxs.com
    0.0.0.0 new_secure4.adnxs.com
    0.0.0.0 new_secure5.adnxs.com
    0.0.0.0 new_secure6.adnxs.com
    0.0.0.0 new_secure7.adnxs.com
    0.0.0.0 new_secure.flashtalking.com
    0.0.0.0 new_settings-sandbox.data.microsoft.com
    0.0.0.0 new_sls.update.microsoft.com.akadns.net
    0.0.0.0 new_statsfe1.ws.microsoft.com
    0.0.0.0 new_statsfe2.ws.microsoft.com
    0.0.0.0 new_telemetry.appex.bing.net
    0.0.0.0 new_telemetry.urs.microsoft.com
    0.0.0.0 new_view.atdmt.com
    0.0.0.0 new_www.msftncsi.com
    0.0.0.0 new_www.msftncsi2.com
    0.0.0.0 new_a-0003.a-msedge.net
    0.0.0.0 new_cs697.wac.thetacdn.net
    0.0.0.0 new_db5.settings.data.microsoft.com.akadns.net
    0.0.0.0 new_co4.telecommand.telemetry.microsoft.com.akadns.net
    0.0.0.0 new_oca.telemetry.microsoft.com.nsatc.net
    0.0.0.0 new_telemetry.appex.search.prod.ms.akadns.net
    0.0.0.0 new_t.urs.microsoft.com.nsatc.net
    0.0.0.0 new_watson.microsoft.com.nsatc.net
    0.0.0.0 new_statsfe2.ws.microsoft.com.nsatc.net
    0.0.0.0 new_dart.l.doubleclick.net
    0.0.0.0 ssw.live.com.nsatc.net
    0.0.0.0 urs.microsoft.com.nsatc.net
    0.0.0.0 geo-prod.dodsp.mp.microsoft.com.nsatc.net
    0.0.0.0 new_c.microsoft.akadns.net
    0.0.0.0 choice.microsoft.com.nstac.net
    0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
    0.0.0.0 settings-win.data.microsoft.com
    0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
    0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
    0.0.0.0 vortex-win.data.microsoft.com
    0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
    0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
    0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
    0.0.0.0 corp.sts.microsoft.com
    0.0.0.0 i1.services.social.microsoft.com.nsatc.net
    0.0.0.0 ca.telemetry.microsoft.com
    0.0.0.0 cache.datamart.windows.com
    0.0.0.0 spynet2.microsoft.com
    0.0.0.0 spynetalt.microsoft.com
    0.0.0.0 treasuredata.com
    0.0.0.0 in.treasuredata.com
    0.0.0.0 redshell.io
    0.0.0.0 api.redshell.io
    0.0.0.0 a.ads2.msads.net
    0.0.0.0 a.ads2.msn.com
    0.0.0.0 a.rad.msn.com
    0.0.0.0 a-0001.a-msedge.net
    0.0.0.0 a-0002.a-msedge.net
    0.0.0.0 a-0003.a-msedge.net
    0.0.0.0 a-0004.a-msedge.net
    0.0.0.0 a-0005.a-msedge.net
    0.0.0.0 a-0006.a-msedge.net
    0.0.0.0 a-0007.a-msedge.net
    0.0.0.0 a-0008.a-msedge.net
    0.0.0.0 a-0009.a-msedge.net
    0.0.0.0 ac3.msn.com
    0.0.0.0 ad.doubleclick.net
    0.0.0.0 adnexus.net
    0.0.0.0 adnxs.com
    0.0.0.0 ads1.msads.net
    0.0.0.0 ads1.msn.com
    0.0.0.0 aidps.atdmt.com
    0.0.0.0 aka-cdn-ns.adtech.de
    0.0.0.0 a-msedge.net
    0.0.0.0 apps.skype.com
    0.0.0.0 az361816.vo.msecnd.net
    0.0.0.0 az512334.vo.msecnd.net
    0.0.0.0 b.ads1.msn.com
    0.0.0.0 b.ads2.msads.net
    0.0.0.0 b.rad.msn.com
    0.0.0.0 bs.serving-sys.com
    0.0.0.0 c.atdmt.com
    0.0.0.0 c.msn.com
    0.0.0.0 cdn.atdmt.com
    0.0.0.0 cds26.ams9.msecn.net
    0.0.0.0 cs1.wpc.v0cdn.net
    0.0.0.0 db3aqu.atdmt.com
    0.0.0.0 ec.atdmt.com
    0.0.0.0 flex.msn.com
    0.0.0.0 g.msn.com
    0.0.0.0 h1.msn.com
    0.0.0.0 lb1.www.ms.akadns.net
    0.0.0.0 live.rads.msn.com
    0.0.0.0 m.adnxs.com
    0.0.0.0 m.hotmail.com
    0.0.0.0 msedge.net
    0.0.0.0 msftncsi.com
    0.0.0.0 msntest.serving-sys.com
    0.0.0.0 pre.footprintpredict.com
    0.0.0.0 pricelist.skype.com
    0.0.0.0 rad.live.com
    0.0.0.0 s.gateway.messenger.live.com
    0.0.0.0 s0.2mdn.net
    0.0.0.0 schemas.microsoft.akadns.net
    0.0.0.0 secure.adnxs.com
    0.0.0.0 secure.flashtalking.com
    0.0.0.0 static.2mdn.net
    0.0.0.0 statsfe2.update.microsoft.com.akadns.net
    0.0.0.0 view.atdmt.com
    0.0.0.0 www.msftncsi.com
    0.0.0.0 choice.microsoft.com.nsatc.net
    0.0.0.0 sO.2mdn.net
    0.0.0.0 ui.skype.com
    #
    0.0.0.0 gfwsl.geforce.com
    0.0.0.0 gfe.geforce.com
    0.0.0.0 telemetry.nvidia.com
    0.0.0.0 gfe.nvidia.com
    0.0.0.0 telemetry.gfe.nvidia.com
    0.0.0.0 events.gfe.nvidia.com

    Also, if you're going to use OSArmor for that purpose (blocking execution from certain folders), you might as well use excubits bouncer or memprotect (they do mostly the same thing). This comes with (one of them being) the added bonus of also blocking all kinds of MZ files, including .drv, .dll, .sys etc. not just exes. For example, let's say your browser is only allowed to write to one folder, a downloads folder (you can force it to do so using something like pumpernickel) Then, you disallow any process access to that folder, and you only allow the browser to write to that folder. Result = nothing can run or modify or use etc. the files in the folder, except the browser who can only write to the folder
     
    Last edited: Feb 11, 2019
  14. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania

    Thank you for your answer, Floyd 57.

    Your extended list of "must-to-be-blocked" domains is welcome. I appreciate your documentary effort.
    I also appreciate the fact that you mentioned those two programs. Your specifications are useful to all the readers of this thread.

    Why I brought in discussion Explorer.exe?
    On my Windows XP Pro system, when I want to check the Digital Signature of a certain installed program (usually, an EXE file), as soon as I click on "Details", Explorer.exe requires access to the internet:


    Explore.exe requests Internet access.png

    Note: the IP corresponds to my DNS.

    Digital signature check for KVRT.png

    To illustrate I choose KVRT (which is not installed: it is only present in Program Files folder).

    Something similar happens on the occasion of any verification. I never allow Explorer.exe to connect to the Internet. Not even when Windows offers to search, on the Internet, "for the latest driver software".

    Do you think that, under Windows XP, Explorer.exe behaves abnormally?

    P.S. In the web-page mentioned below it is explained why (and where) is making Windows Explorer external connections, in the newer Windows versions:
    https://security.stackexchange.com/...-windows-explorer-making-external-connections
     
    Last edited: Feb 12, 2019
  15. Wolfram

    Wolfram Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    31
    Location:
    Romania
    Wolfram: "- I want to post a new - alarming - comment."
    NVT: "- Oh, no, not again... Again?"
    Wolfram: " - Yes, again."



    Today I checked a few installers. Before testing-installing a program, I always check its installer using at least four [reputed] websites specialized in computer software checking; and namely: VirusTotal, OPSWAT (MetaDefender Cloud), VirScan, and Hybrid-Anylysis.

    I included osarmor_setup.exe (v. 1.4.2.0) among the installers to be checked. Just in case.

    The result?

    **All results removed please see here
    https://www.wilderssecurity.com/thr...otti-virus-total-results.180057/#post-1040840

    (Note: OSArmor, being free, I have nothing against the secret "monetizing" attempts of their developers. But ONLY as long as the users' privacy is not affected.)



    It might, or it might not be a "Wrong detection". Who am I, to question the professionalism level of a company like Filseclab?!
    I am not working for the ******* (God forbid!).



    Being confused, I took a step forward. I decided to submit, osarmor_setup.exe, to Hybrid-Anylysis, for further investigations. Here is what H-A found:
    ***

    1. To contact, as soon as possible, Filseclab Corp., and to convince them that osarmor_setup.exe contains "not even one atom of Adware". Filseclab's "detection" is preposterous (absurd, ridiculous, foolish, outrageous, risible, ...) Then, to inform us what Filseclab communicated to NVT about the detection.

    2. To clarify the matter with the team behind Hybrid-Analysis. NVTs reputation is at stake.

    3. For our peace of mind, to contact ReversingLabs; and to present us their detailed report of inspection over OSArmor.
    https://www.reversinglabs.com/

    Something is not exactly "kosher" with this program.

    I would like to read some responses, from NVT, supported by the evidence provided by ReversingLabs. A simple verbal assurance will only amplify the existing suspicions.-

     
    Last edited by a moderator: Feb 12, 2019
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,082
    Hi Wolfram

    You are in my opinion suffering from paralysis by analysis. I think most of the users here just trust Andreas and stop there. I've had all of the software from NVT discussed here on my systems with nothing suspicious ever seen. If you are that concerned then I just wouldn't use it. Simple.
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    @Wolfram if i had to do all you did, i won't even bother using OSA, either you trust an app or you don't, then not use it. no need trying to find "the yeti".

    and honestly, Fileseclab... check their website *cough* cough* , i had a good laugh reading it :argh:
     
  18. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,436
    Location:
    UK
    No doubts here using NVT's software.
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,929
    I think Peter is absolutely right. I've used NVT's software for years also and never have any doubts about it whatsoever as stapp mentions.
     
  20. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,025
    Location:
    Italy
    @Wolfram

    Please don't state things you can't elaborate/demonstrate and do not make wrong statements.

    1) The report on hybrid-analysis just shows what OSA setup file is doing (nothing wrong there) and it also says "whitelisted", it means OSA setup file is in the safe list of programs.

    2) VirusTotal report is showing no detections, and in case there are any, they are false positives (all our programs are digitally signed by us). The detection of FileSecLabs on OPSWAT is of course a false positive, period.

    3) Then again, none of our programs are sending data outside, some of our programs can check for updates or validate the serial number, but that's all.

    4) We never bundled any of our programs with adware or other pests.

    5) We don't care about users data, we're not a marketing or advertising agency, we develop software and web services (SaaS), and we have a passion for what we do, that's all.

    6) If you are too paranoid or if you have doubts about our programs, ask us your questions, if that is not enough don't use them, we're not forcing anyone to use our programs.

    7) Why would we need to ask (and pay) ReversingLabs to reverse our programs (that is against our EULA)? We developed them, ask us if you have questions, simple.

    Life is so hard, keep it simple at least while using the PC :)

    Hope this helps :)
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,376
    Location:
    Under a bushel ...
    :D
    :thumb:
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    Not saying, worrying about OSA with such "anxiety", i don't dare imagining what @Wolfram psychological state will be if he tries to analyze Win10 , he will probably flee in panic ...bwahahahahahahaahaha :D
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,243
    Location:
    U.S.A.
    Watching this discussion in this thread, I will add that it is a great example of security software paranoia reaching new and unparalleled heights. I would think one would have more productive ways of spending their time. I agree with Peter's comment 100%. That is if one has security doubts about any software, just don't use it.
     
  24. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    44
    Location:
    Brooklyn, NY
    Currently can't imagine being without at least one NVT software, now it's OSArmor. It just fills the bill, even with the sidebar thing going on. NVT software should be making one less paranoid, right? Way less.

    Agree with itman.
     
  25. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    What's the worst thing that can happen on your home PC? Put 2FA on your bank account / paypal / whatever and call it a day


    (preferably not SMS 2FA but better than nothing)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.