OA 7.0.0.1860

You don't but Emsisoft should.
It is business and it's all about money.
They need to gather more users and this is one possible way to achieve it...

 

True but I was not talking about its quality but popup layout and auto-decision feature.
You already have Mamutu with auto-block option based on community responses. Why not making it also an option in OA?
I also remember in PrivateFirewall you can choose between manual and automatic control (two styles of alerts).

 

True. I think a happy medium would be a option for advanced user that has the informative prompts.

 

See....we have a deal here....

 

From experience I can tell you this won't work. Users tend to feel they are missing out if they don't turn on the advanced mode, which is why we try to avoid it. Online Armor has an advanced mode and users regularly run into issues because of it, for exactly that reason. They think they paid for it, so they want to use all of it and feel they don't get their money's worth by just staying in standard mode.

 

Actually, Online Armor already uses the same data as EAM and Mamutu with the difference that it only allows things automatically, but doesn't block them.

 

AFAIK, avast has dumped Agnitum firewall.
They had too many problems with it.

 

Any idea what they are going to be using siketa?

 

Me too.

 

@Fabian

In the new v7...

•In firewall popups, for Current session only, have you made any change to the duration of the session behavior which is as per Help "retained until Online Armor is restarted"? I have always wanted the option to end the session manually or set a time, i.e. 5 minutes.

•Ditto for that in Create Rule the Rule fails to be listed under the Programs or Ports tabs in Firewall settings - fixed? (Mozilla's plugincontainer.exe is highly subject to this.)

•Any improvements to the Show Firewall Log in terms of readability - grids, shading?

•Ditto for that in Set Filter where selections for apps that haven't run in ages (or are even deleted) persist in the listing and apps currently running aren't listed at all?

•As one can choose separately from the tray icon pull-down, in Check for updates in Options, will the Product Updates and Signatures and Rules Only now be configured separately? (Oh please, Please, PLEASE!)

•For a product update, have you changed the way files are distributed, i.e. no more seven dozen or so separate little 100-400KB language files one at a time along with the other 70-80 files one at a time?

Thanks again!

 

I downloaded the file from emsisoft site and the version is still 6.0.0.1736.
What is this version talked about, a beta?

FOXP, i have it also that the filter function is not updating and also I can't find my browsers there. The speed graphics seem just about right when watching a video or a download test but the Down speed & Up speed details seem wrong.

 

You must have 'beta updates enabled'.
Original post title could do with being edited to reflect this.

https://www.wilderssecurity.com/showpost.php?p=2275896&postcount=2

 

I think they will use Windows firewall, but this is not for sure.

 

OK...you are the current owner of OA and it depends only on your decision in which direction will lead developing of this app...but based on landscape of existing and still new malware we can see that all kinds of loggers are in rapid growing. Stopping of development of loggers detection can be not the good direction and such statement like above can discourage potential and existing users.

An now back to new OA 7...I noticed some bugs in "Firewall" module - tabs "Interfaces" and "Computers" don't show details (Win XP SP3 32-bit) - please see on screenshots

 

Source for that information? Because looking at the data we collect from our users, that simply isn't true and I am not aware of any recently published information from other vendors supporting your position. In our experience the opposite is the case actually. Malware families, that used to be prime examples of keylogging malware, moved on to more sophisticated methods. Just look at the entire financial malware sector, that almost exclusively works based on intercepting and manipulating traffic in your browser now. The only two larger areas where key and screen logging has at least some applications still are malware targeting online games as well as RATs.

You also complete neglect that any kind of loggers that aren't strictly leak tests still need to install, guarantee their automated run on reboot, as well as actually send the gathered information out to the attacker. All of which Online Armor will alert about.

VM or actual machine? What type of network does that system use? Any other firewall products installed?

 

Fabian...it's not a some specific statistic...it's a trend that is already mentioned, considered and analysed few years back. Look at this two image from Kaspersky Lab reports from different years...trend is always the same - "UP".
Firts

http://www.securelist.com/en/images/vlpub/0703_keyloggers_chart1.png
source - http://www.securelist.com/en/analys...s_How_they_work_and_how_to_detect_them_Part_1
Second

http://www.securelist.com/en/images/vlill/mashhevsky_crimeware_apr2010_pic02.png
source - http://www.securelist.com/en/analysis/204792115/Crimeware_A_new_round_of_confrontation_begins

Next thing - maybe your current data don't point "that all kinds of loggers are in rapid growing" but...as the developer of security app...you should always have in mind the motto which I have found on MRG page
"Only by looking to the future can you protect the present.
The threat landscape is changing so rapidly that if you focus on what you think is happening today, you will always be one step behind the criminals. To keep up with current threats, you must aim high and look at tomorrow, next month and next year today, as this is what the criminals are doing."

It's the real system without other firewall...earlier there was L'n'S. Do you think that some drivers are still in system?

 

Sorry, all that shows is that keyloggers were relevant 8 years ago. Before the boom of modern financial malware like Zeus, Citadel, SpyEye etc.. Any more recent information you would like to share?

That entire article refers to malware families that don't use keylogging, but man in the browser attacks. Quite frankly it supports what I said earlier: That malware authors moved away from primitive key and screen loggers, intercepting and manipulating traffic within the browser instead, a long time ago.

As a developer, I first and foremost have to be concerned about my product being actually usable. The best protection means nothing if it gets on the user's nerves so he just turns it off or uninstalls it. A product that is just focused on blocking every leak test imaginable, is simply not usable, as it will completely overwhelm the user with questions, that he simply can't answer. All you do is to train him to just allow everything, because otherwise his stuff doesn't work. And believe it or not, most people want to actually use their system, so they will do what ever it takes to make sure it keeps running, which includes just blindly trusting everything.

That could be possible. For some reason Online Armor seems to be unable to see any network adapters on your system. Can you enable debug mode, switch to the Debug menu and send me the content of the Diag tab? Ideally to oasupport@emsisoft.com. Don't forget to turn debug mode off after that.

 

So far I have been liking OA 6 free. Some logging complaints and a bit conflicts with Sandboxie and Fabian posted that OA 7 might have that Sandboxie incompatibility fixed. I am not going to try betas as I so much hate BSODs.

As to keylogger posters, I had the hardest time with Replay Video Capture program. OA got me to popping hell in that program and my Windows 7 normal user account and i have confess to say mine is not a payed one. But the software is screen video capturing one, so just a legitimate one could have caused that I guess with its behaviour? Moms and Pops maybe not use such software, but anyways was hard for me too.

I eventually did put OA to learning mode for that. It is now listed in my OA Anti-Keylogger part. Which is good if it contains some baddies cause of the cracked program I have and not so good for a normal payed user if it is a harmless program as I suspect.

 

Hi Fabian,

Does this latest beta address the trusted application issue that some users were experiencing w/Win8? I had to remove OA because it was suffering from dementia and prompting about common trusted MS processes really regularly and was driving me nuts.

Thanks!

 

It does . Keep in mind though that you need to do a clean install as an upgrade install or plain update won't cause Online Armor to flag the now trusted files on your system as actually trusted. Of course you can import your settings later on.

You can get the 7.0.0.1860 setup here:

http://tmp.emsisoft.com/oa/trunk/7.0.0.1860/OnlineArmorSetup.exe

Also make sure to enable beta updates. Otherwise Online Armor will downdate to the latest stable version during the next update.

 

Cool, thanks - I removed it fully in anticipation of a future build fixing that issue so I'll reinstall and enable beta updates

 

Like the performance of OA 7 so far. Good job Emsisoft team.

 

I have a suggestion. Can we have a update button in the right click menu in system tray. As it says free version have only manual updates it will be convenient to have this feature.

 

I would like to see "Export-Import settings" in the free version....