Online Armor Free / Threatfire

Discussion in 'other anti-malware software' started by JCorliss, Oct 24, 2007.

Thread Status:
Not open for further replies.
  1. JCorliss

    JCorliss Registered Member

    Joined:
    Dec 9, 2006
    Posts:
    84
    Hi, Would someone be able to explain the differences between these 2 programs as far as what they protect and (if it's not against the rules) which one has the more comprehensive coverage? Thanks everyone.
     
  2. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Just an aside. I have used them together recently with no problems. I know OA Free has a top of the line Firewall and some HIPS features, while ThreatFire is considered a Behavior Blocker, with some things like an anti rootkit scanner and a quartine . If I'm correct about this and some of the more knowledgeable members please chime in, then again using them together should be all right. If I were to choose just one, at this point it would be OA Free hands down because of its support and its features.
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Have a look here for OA and what it protects. http://www.majorgeeks.com/Online-Armor_d4872.html
     
  4. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    It lists it as free, but if you read down through the features I believe they're for for the full version.
     
  5. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Well then I guess you will have to check OA's site to be sure.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    I believe the Vs threads are discouraged, but I can give you one simple difference: Online Armor is not made by PC Tools (aka FP). End of story. If this statement confuses you, it means OA > TF.
    Mrk
     
  7. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I can give you an even simpler difference. Online Armor is a dumb HIPS (aka produces useless alerts on legit processes). End of story. If this statement confuses you, it means TF > OA.

    If nothing else, hopefully you've learned that this kind of stupidity doesn't get anyone anywhere.

    More comprehensive coverage goes to TF without question. OA's HIPS monitors only the application level (and not very comprehensively at that, when compared to proper HIPS like SSM and EQSecure) and registry autostart entries, and doesn't do cleanup. It's useful if you're looking to implement a default-deny policy, and not very much else besides. Sure it's got a HIPS, the popular buzzword making the rounds nowadays, only problem is that not all HIPS are created equal.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sorry Solcroft not true, have a look https://www.wilderssecurity.com/showpost.php?p=1101378&postcount=2 and be free to join this thread. When you run OA free without the notification when an unknown program runs and your run it in safer mode (limited rights) you will get protection. Now do not tell me that both the unix world (standard run in limited rights) and MS Vista (UAC) are wrong to prefer limited right program execution. I do not know a company which allows its employees to run as an admin. With teh PC home market is just not that easy to combine it in a user friendly matter.

    https://www.wilderssecurity.com/showthread.php?t=189209


    Regards Kees
     
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I see nothing in that post that invalidates my claim.

    You mentioned OA using a whitelist. Unfortunately, they're a long way from perfecting it. Also, just about every behavior blocker on the market today use whitelists as well. The only difference is that smart behavior blockers contain additional inbuilt rules to distinguish between legit and malicious processes (something OA cannot do, and hence more alerts), and even with whitelists, behavior blockers do not trust whitelisted processes implicitly. This is important because no HIPS is perfect, and a legit whitelisted process can still be hijacked by malware using means the HIPS cannot detect, in which case it is imperative for the HIPS to be able to prevent the legit process from delivering the payload on the malware's behalf.

    OA is a "dumb" HIPS in the sense that it does not try to recognize malware, and the responsibility is up the user to decide for him/herself whether a process is malicious or not. Also, relying on whitelists to cut down FPs is an unfeasible idea, simply because there are a thousand times more legit files in the world than malicious files. If the guys in the blacklisting business are already having problems producing a comprehensive list, what makes you think the whitelisting guys have any chance?
     
  10. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Why would I be wrong to tell you that?

    Deliberately crippling yourself is only done when you do not have other less-intrusive security options at your disposal. Fortunately that is not the case here. And company policy where sysadmins have to maintain multiple production PCs is an altogether entirely situation from home users, not even comparable. If any OS or program offered to restrict your rights the way my sysadmins do at uni, I'm willing to bet you'll uninstall it in a hurry.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    As of the last version of SSM, it didn't identify malware either. User had to make that decision. Also OA was designed to out of the box give a mom and pop user reasonable protection, which it does. The average mom and pop user would be lost with SSM and a few others. Different products for different targets, but both good products.
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sorry

    I did not reply, because Solcroft and I differ so much in opinion it makes no sense to discuss it. Running with limited rights is the solution to so many problems. OA would provides the option to let unknown programs run safer, this is in my opinion better than a allow or block (sort of in between).

    Vista will force software developers to run programs with limited rights. So it is the way to go as stated in https://www.wilderssecurity.com/showpost.php?p=1101690&postcount=5

    Regards Kees
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Yep, falls squarely in the "dumb" HIPS category. As does EQ, ProSec, NG etc.

    The OA paid package can essentially be considered a firewall and antivirus if one wants to. The OA HIPS component, on the other hand, isn't that much different from, say, ProcessGuard or SSM.
     
  14. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    This was the original question. PC-Tools and OnlineArmor both have forums to answer this question. Being a member of both, I would have to recommend http://support.online-armor.com/forums/ to get a quick response and more info to read. I have used both products and don't consider either "DUMB"...
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Agree,

    I had them installed on a friends computer worked great together.

    OA is a anti executable it has the option to allow existing programs. OA recognises a lot of trusted programs. It;s firewall requires practically no configuration (the advantage of sharing the engine with the HIPS anti executable). You can select whether you are warned when an unknown (meaning not in the black or white list or not marked by the user as trusted) starts. You also have the option to run all your threatgate applications (webbrowser, messenger, mail, P2P, chat) in safer mode. This means it is started with limited rights (not as an admin). Most problems run well in this and it protects you from a lot of problems. All processes started by a program with limited rights also get these limitations inherited.

    ThreatFire is a behavior blocker. Although some of the things TF checks for are also monitored by OA (without giving problems). TF is intelligent in that way that for instance a keylogger is not stopped immediately, but when it wants to send data over the internet. That is what is called intelligent. You can add custom rules in threatfire.

    As the earlier poster said look at their forums.

    So TF is an intelligent Behavior Blocker, OA is an intelligent Firewall with a straight HIPS anti executable (dumb according to Solcroft :)


    Regards Kees
     
  16. JCorliss

    JCorliss Registered Member

    Joined:
    Dec 9, 2006
    Posts:
    84
    Much obliged to all who responded. I appreciate the help. :) :thumb:
     
  17. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Are you using both, by chanceo_O
     
  18. JCorliss

    JCorliss Registered Member

    Joined:
    Dec 9, 2006
    Posts:
    84
    If you're referring to me...No, I never have. That's why I was wondering if they differ enough to use them both at once. If they are dissimilar, I wanted to know which was lighter/better, etc. But I know that's getting into an area that the forum frowns upon. I've tried both on my machine separately, but I'm not smart enough to know which has the features that I need. I'm fine with antivirus and firewall, spam guard, etc, which was why I wanted to compare these two products.
     
  19. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    A good comparative may have been OA with TF/CBoClean....
     
  20. JCorliss

    JCorliss Registered Member

    Joined:
    Dec 9, 2006
    Posts:
    84
    OK. Thanks. So you're saying that OA does pretty much what threatfire and boclean do together?
     
  21. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I just use OA, but TF/CBoC might make a nice back-up for it. I think there is overlap between all 3 though, how mucho_O I haven't tested them together. Of the 3, I chose OA based on the support-forums, lightness and range of protection.
     
  22. JCorliss

    JCorliss Registered Member

    Joined:
    Dec 9, 2006
    Posts:
    84
    Thanks 19monty64 :)
     
Loading...
Thread Status:
Not open for further replies.