OA on Win 7 64 bit

How good is Online Armor (free) on Win 7 64 bit? Can it be bypassed or defeated easier than on 32 bit? Still worth running on 64 bit? Thanks.

 

All HIPS products are somewhat hampered by patch gaurd restrictions on 64 bit machines but still offer good protection.

The issues is where the protection is implemented. Patch gaurd on 64 bit machines prohibits kernal patching to implement protection at the deepest and therefore most comprehensive level of the operating system. The protection is still implemented higher up it is just less comprehensive by that stage and easier to undo.

If you get comfort from such things OA still gets 340 out of 340 on the CLT.exe Proof of Concept suite of tests and prevents most key-logging POC's too. Screen cature protection, in common with every other 64 bit HIPS (other than SpyShelter) is not great though.

Definately still worth running as it is as good as you will get for 64 bit a present although Comodo are indicating 5.8 when released will offer improved 64 bit protection. We shall see.

Cheers

 

I don't know but I know that in the new version of Comodo, 5.8 the x64 HIPS component will be as good as the 32 bit version. This is what the developers have said.
According to matousec Comodo has the best HIPS on x32, probably OA would score quite close, http://www.matousec.com/projects/proactive-security-challenge/results.php

 

CLT is not valid for Windows x64, so no argument.
_
I'm wondering why comodo advertising comes in if somebody didn't asked for it.
I'm wondering why Matousec is taken serious. Of course Comodo must score good in matousecs test game. See yourself:

(1)Origin of test and parts of methodology

source

(2) Strong tests or pure marketing?
Melih's statement: 40 minutes of coding, to look good in matousec tests...

Source

Wow - impressive at all

/BTT

OA is a quite good HIPS on Win7x64 - IMO one of the best.

 

So you count with a test of 2006 and a comment totally out of context from 2008
Maybe we should put in jail to the Prevx and Zemana developers because they use the MRG help to improve their products and then MRG test them
Well I don't know if in your world the people work for free but today if you want a product to be tested you have to pay for it.

Matousec is just an HIPS test and the only one reference, all the leak test used are available to download for FREE in the website so you can check it, there is no mysterious leak test or results manipulated as your are implying and you can do for free the same tests that they do.

This is a generalist forum about firewalls, I don't see where is written that you can only talk about the product in the first post it would be quite boring. It's not advertisement, precisely this forum is plenty of advertisement, discounts coupons of many security products, OA, Agnitum, Norton, KAV... and I don't see you crying on those threads.
I think you can focus your energy ( look for a 2008 comment and take it out of context for nothing must not be easy xD ) in other threads so every time somebody mentions a product not included in the first post you can tell them that is advertisement and all this stuff that you seem to like to feel superior.

I just wanted to make him know that there are other alternatives, I didn't mention private firewall because I know that on x64 the HIPS is far from being complete.

In your opinion OA is one of the best? (I agree) but I can use your troll tactics and say.
You opinion of what? based on what? have you ever tested the OA HIPS to compare it against the rest of the products? is your opinion better founded than the matousec tests? (you don't have to answer)
I'm wondering why trolls comes in if somebody didn't asked for it.

 

Calm down and don't be worried about my energy Let's put arguments together and concentrate on them.

Cause it's somehow off-topic I will not discuss the whole moneymatousec story here again (btw. who is behind the DIFINEX Inc. ??) The unprejudiced and interested will find much strange things about it via search.

So I will only answer to your "arguments":
(1)

Yes and no.
- The tests were developt further but there are still some from the former years - so this is no real disproof of the comodo advocation.
- Second even if the introduction was published 2006. Who says f.e. Comodo didn't helped with former tests?
- Third: Yes Melihs statement is from 2008. And? Where is the proof that today things are handled different. Maybe they don't do it anymore only for marketing, maybe it tooks longer than 40 minutes today...?

(2)

I know about the tests and sometimes use them for testing but the problem remains: Is the real correspondending behaviour blocked/alarmed or only the specific laboratory-test?

Some vendors do so - and even Matousec realises that some vendors fool him and his/DIFINEX methodoloy and only block the specific tests but not the technique behind. So - Manipulation? Of course. Two examples:

source

source

And now the funny thing: Both diddlers got a "get it now" recommendation. Why? Because they are partners. Great and independent testing - yeah.

(3) Conclusion: Even matousec needs money and of course money counts much in this test:

source

Another manipulation is how the test are presented - they compare different test times, different numbers of tests - and reckon up all together. So they count apples and pears...
Example:

source
___

Ok I stop and come to an end: I don't say everything is bad, but the truth is written between the lines. So learn to read between them and stay critical.

MRG has a bad & mendacious history. But nowadays I see they are endeavored, a Sveta who tries to answer questions here on wilders etc. They try there best to get trusted. While, atm I for myself don't totally trust them - but i respect their efforts and don't ignore them. But now we are totally off-topic.

 

I still don't see what is wrong about a specialize company helping to improve a part of a product, for your information Comodo was not the only vendor how has paid to Matousec for their help to retest/improve their products, since Comodo is the only product with a 100% I don't see any manipulation in the top part of the table.

The leak test are what they are, if you have any other you can sent it to Matousec and he will include it to the next test if there is any, I know that some of the leak test has been written having for reference a malware file that was sent to him

I don't see any manipulation you are inventing them, everything you think is a manipulation is written in the methodology, you should read it. After read the methodology you will understand why the pure HIPS products are in the top part, and the products with more or less HIPS capabilities are distributed in the rest of the table without any sense, if you have understood the methodology you will not care about this part of the table.

If somebody is able to write a code able to compromise your computer and is not detected by an HIPS I think there is not need to find a live malware if you want to be one step above, at least this is the aim of the developers, if somebody want to go behind the malware developing a HIPS they should follow your advices.

The reference is a pdf made by matousec where they explain it? oh yes I see a lot of manipulation xD jajaja they even take care of prove it.
They are strictly following the methodology, I don't see how this is bad?

From the legal point of view if you buy a company with a debt you have to pay the debt, the debt is with OnlineArmor company if there is any contract, not with OnlineArmor product, but with the unprofessional answer from emsisoft and the lack of the details...

Matousec updates all the tests for free every year, at least this is what he has been doing, if you want an additional test you have to pay, I dont see nothing wrong unless some vendors get angry when they see their beloved products failing

Yes once you read the methodology you will learn to read the results of the table discarding some unreal results.
Read this in order to improve your understanding
http://www.matousec.com/matousec/blog.php?blog=147-Proactive_Security_Challenge_vs._real_malware_

I you look at matousec test taking into account all that have been said you can still get some good information, if you are unsure, download the leakteast and check it by yourself. If you think the test does not represent a good test for HIPS tell me what is your reference or what you look for in a new HIPS appears in the market tomorrow.

I agree with you in that you can not see the results and take a conclusion but you can understand the results and take a conclusion.
So if you think is manipulated what I do is des-manipulated and take conclusions, so for me is still valid and a good reference.

 

Thx, but I know the methodoly and don't need to be instructed about it. And all yout text contains no real argument against the cons i wrote.

And yes, it's clear that only HIPS products can stay at top in such tests - tests were designed for such products.
Nevertheless:
- There are real examples that vendors fool matousec and only pass the specific test. But when you are a partner you even then got a Recommendation.
- The presentation of the results has failures and leads to wrong conclusions.
- The testing of non-Hips products in a hips test is nonsense. Yes readers can ignore it - but to include them in those tests is also far from reality.

And after all: The topic is about OA and Win7x64 - and matousec says nothing about that, neither about OA nor about x64.
Now - back to OA.

 

Each con has it argument, read it again, really.
Not all the products are tested again all the leak test and this is explained in the methodology (but you haven't read it), for you this is manipulation, for me is common sense, time saving and malformation of the low part of the table, so I don't care about this part of the table and this does not affect any of the real HIPS products.

http://www.matousec.com/projects/proactive-security-challenge/#methodology-rules
http://www.matousec.com/projects/proactive-security-challenge/faq.php

You really don't understand how an HIPS work at developer mode, many time during the development of some HIPS the devs think that they have done the correct implementation to avoid the general problem but sometimes this does not work and the implementation is not good enough. This just happens in 1 test of more than a hundred, so if the product is still above the recommendation % will be recommended.
And matousec have discovered them, they have reported it, so there are not fools, and they have granted a pass according to the methodology (yes, this part that you haven't read), since the methodology says which files will be used, only scammer would have changed the methodology.

I really don't care how the results/table is represented, I care about the pdf, so you can get to a wrong conclusion not me, so for me is still a valid and good reference.

I see that you still don't get how a forum works, if you were not so worried about somebody talking about other products there will not be offtopic in this thread. I still wonder why you are not on other threads crying because somebody is talking about other product or thing RELATED, and you care so much about about this.

Since the OA HIPS on x64 is not as good as the 32bit version I gave him my recommendation of another product that is able to offer what he is looking for, the same protection in 32bits than in x64 taking into account that the 32bit HIPS is one of the best, if you have any problem with this report it to a forum moderator.
http://support.emsisoft.com/topic/3820-oa-64-bit-more-vulnerable-than-32bit/

I agree with you in that you can not see the results and take a conclusion but you can understand the results and take a conclusion.
So if you think is manipulated what I do is des-manipulated and take conclusions, so for me is still valid and a good reference.

 

I don't make any further effords - cause here come no real arguments. Always posting "read read read" and not being able to bring exact rearguments is no discussion style.
And of course nobody never ever has coded only with the aim to pass that test, no reality is just "...many time during the development of some HIPS the devs think that they have done the correct implementation". And the earth is flat...

/EOD.

 

"The earth is flat..." I see that you have nothing better to say

You are really blind
http://www.matousec.com/projects/proactive-security-challenge/#methodology-rules

So not all the products are tested against all the leaktest, only the real HIPS or good enough HIPS get all the tests.

So they can not change the files during the course of a test because a vendor has tried to fool them (if this was the case since you are inventing it), but they have report it and explained it. By the way is not a false positive because it was able to block the leak test and but no a modification of it.

The rest is written in my posts, obviously you were lying when you said that you have read the methodology and avoiding any argument that you didn't had an answer.

Of course there can not be an argument style when you are writing ignoring all the facts written in the methodology, please come again and tell me that you have read it

 

Now I see, wee was obviously partly talking about different things:

That exactly was one core point of my critique above:

The table says "Products tested against the suite with 148 tests" but they were not - if you drop out on an early level (according to the methodology of course) you are not testet against all tests. If a product f.e. drops out on level 5 it is counted as it would have failed all possible further tests - in reality it was never testet against all further tests.

So the table is misleading. That was my point about presentation critique. You can only compare products that reached the same level. The pdf's are ok - i never said something different.

All clear, nevertheless fooled.

 

Start with an invalid conclusion like this and you end up in a right mess, like you have done. Matousec's test are nothing like a "what is the best HIPS" test. They are a HIPS bypass test and by their own published analysis only a small percentage of their 'tests' are used by real malware.

The tests are utterly useless as a means of determining the 'best HIPS". In fact it's difficult to say what purpose the tests serve at all. I don't think Matousec even explains what he believes the purpose is on the website. So we have a bunch of tests with no meaningful or relevant defined purpose?

Secondly, when being tested all products are set at their maximum settings. Everyone who knows Comodo knows what that means - popup hell. Totally unusable.

The real star of the Matousec tests was Online Armor, which was able to score 100% in its default settings, the same settings that make for the low pop-up solution used by its customers day-in, day-out.

Comodo is the best HIPS based on Matousec's tests? Don't make me laugh.

@the OP, a lot of effort was put into OA 64bit version and while all x64 versions can't provide the same level of protection as x86 I think you'll find it a very competent solution.

 

@SLE as I said before I don't look at the table, I know that the table is not fair but I don't care since I don't look at it.

It's valid according to the pdf and the methodology.
Matousec is an HIPS test including 148 different tests, of course is not complete but do you know any other reference? have you made your own testing?, or you just sit down saying "this HIPS is the best based in the air..."

Why you are lying?, Matousec made a post choosing just 20 malware (in an aleatory way and not detected by 2 av engines) files to see what technique they use, that does not mean what you are saying, I wonder why you lie if is so easy to see it xD
Do you have something better apart from the usual troll techniques?

The puropose of most of the leaks is explained in the website http://www.matousec.com/matousec/blog.php?blog=147-Proactive_Security_Challenge_vs._real_malware_
For the rest you can use google or the pdf's

WOW men you discover the world not just Comodo simply any HIPS will show a popup you have to determine if you want to block it or not.
I don't know why are you lying I'm using Comodo in paranoid mode and I got more or less the same popups than when I used the OA 5.1 betas. You just have to use the training mode that is like the initial scanning done by OA after the installation, of course if you want a full HIPS you need to have popups not just a popup to allow everything like OA does with some group of leaks, so the taking into account this the conclusion is that Comodo is better because is more detailed and this is what the HIPS are for.
Anyway since Comodo uses the sandbox so most of the users does not have to deal with complicated HIPS popups.

That means that you get more popups, Comodo works with a sandbox so does not need to work in paranoid mode to avoid all the leaks, so the user don't need to deal with the popups, Comodo block the leaks silently.

Even if you don't know how to read is in the matousec website, you can check all the pdf's and then do the test by yourself if you really know how to do it.
Anything intelligent to say? or we can laugh of your non sense, without any argument?

That's a lie the OA developer said that in OA 6 the x64 HIPS will be better than the 32bit version

 

The answer is here and despite what the others did I posted it before, so you can really close the thread since there isn't anything else to discuss because nobody knows more than an OA developer.

http://support.emsisoft.com/topic/3820-oa-64-bit-more-vulnerable-than-32bit/