Online Armor Free

Let me spell this out in greater detail since people are confused.

This means you *cannot*

a) Set a process to connect out only to a certain ip address or range
b) Stop a process to connect out to a certain ip address or range (while allowing the rest).

 

Thanks for your efforts but you don't really reduce the confusion. It probably won't make coffee either.

The interesting thing is what it will do - in particular what you can do with Windows processes (I don't trust whitelists) and control protocols like DNS and DHCP. That's why the details in the user guide or help file are so important.

 

Hi Mike:

Thanks for your reply, you are working too hard. Since this thread is about OA Armor free and I now have OA Armor paid, I have my detailed reply to you over on your forum. See you there.
For those interested, it is http://support.tallemu.com/forums/viewtopic.php?p=14676#14676

 

Hi Mike,

If I may comment.

It was requested that having a whitelist was optional, has this changed? (in free or paid),.. to be able to ether edit the list, and /or disable the list.

I do re-call, due to some PM`s, I did make some test for "leaks" with the full version some time ago, there was a problem due to one of the leaks bypassing OA. This did cause confusion, as you had stated that the "leaktest" in question was one that OA would block. It was eventually found that the "leaktest" could bypass due to the fact it had been placed into the "Whitelist" by OA.

Even if such an option was only in the full version.
But having a firewall or HIPS allowing a program to run/ access the Internet is something I want full control of.
I will not use a firewall with Hard_coded rules, and for me, a whitelist that cannot be edited or disabled is, to me, Hard_coded rules.

 

Hi Stem,

Long time no see...

Yes, the leaktest did pass due to being on the whitelist and I remember our conversations.

The current (free/paid) version of OA deals with it thus:

a) You can turn on/off the auto allow of trusting programs to access the internet, and

b) You can make programs Untrusted (overriding the whitelist) although the default behaviour is for OA not to display trusted programs in the GUI, you can now display and change their rights.

So, it's still very much streamlined for automatic (let's not say hardcoded, because it's not, really) rules generation but you can override it.

Probably, that's not exactly what you're looking for - but I think a version of OA that did not have any auto-allowing at all would be very hard for the average user to use and cause all sorts of support issues.

As always - I'm open to suggestion

Cheers

Mike

 

Hi Mike,

Very busy, just cant get the staff these days lol

Mistakes do happen, but prefer to make these myself, not made by an application that should protect from such.

As we know, a program allowed to execute with allowed privilege can certainly gain internet access indirectly. I do know you will do your best to prevent such, but even so, I would still prefer the ability to completely disable any whitelist . Personally, and I know with others, would prefer a popup for any execution

As with an option to allow auto internet access, could not an option to auto allow/block trusted applications execution be implemented?


Regards,

EDIT:
I have been informed (via PM) that whitelists in the full version can be completely removed. This for me is good. I will check this when I have time.

 

As far as I remember, that mistake happened because the leaktest was digitally signed with something trusted. Another layer different from white/black lists.

 

Ungrateful aren't we? Though you must admit a personal firewall that does not filter by ip is kinda of unexpected, so your won't make coffee comment is unwarranted.

In a word no.

 

The only valuable task for a personal firewall (and for any other security product as well) is "to protect" with the minimum human interaction. I'm quite sure 80% of the features the current software has is just "a pay to the geeks". In the other words, according to "The Pareto principle", 80% of the people don't use 80% of the features

 

I have been unable to activate the free version of Online Armour. The activation code says "Free", but it is not accepted. Any suggestions? I have disabled all real time security, bit this does not help.
Allen

 

Restart the pc and put in the code you have received during installation via e-mail.You put your e-mail during the installlation.

 

Worked!
Thanks,Allen

 

There's an updated help file available here:

http://support.tallemu.com/forums/viewtopic.php?t=1822

It does not yet differentiate between Online Armor and the free version, but it's a good start.

Mike

 

Hello,
I don't know if this metter has been mentioned already or not, but
after installing OA Free my ping in games has increased in many times...
It's like i had ping about 30-60ms and with OA Free it's about 600-2000...
Thats insane! I don't know maybe im doing something wrong but its like that...

Best Regards.

 

That is a bit crazy! Please, set the game executable to "Trusted"

 

I did! Thats why im asking... Aplication is set to trusted, i think if it wasn't set to trusted i wasn't be able to join that game at all, right ?

 

If it wasn't set to trusted it would cause a popup requesting network access to be allowed.

 

After being on the fence about whether to use Online Armor Free or Webroot Desktop Firewall, I have decided to use OA Free. While it may not offer quite as much protection as WDF does with DSA enabled, it is still a top notch HIPS and has better Leak Test results. Also although WDF may have some kind of self protection, I know that OA Free not only protects itself, but it can also can protect other programs from termination which I like. It was hard to make this decision as WDF is a very fine program, but after seeing Mike so involved with helping people in this forum, I must say it helped make it easier to get off the fence.

 

I just wonder of theres really anything to be gained if one was to impliment in combination OnlineArmor (free) in tandem with say SSM or another popular HIPS eqsecure? Overlap is always the talk of the town when combining a pair of interceptors that impliment drivers at ring0 level or SDDT table.

I further speculate just which instructions of that Table are enough to sufficiently acclaim your system as adequately covered. For example, SSM hooks nearly the entire table as seen thru IceSword or another viewer for this level of the system as opposed to other HIPS that only position theirself in at most less than a dozen entries.

This subject gets little press or open discussion in these forum circles compared to rootkit forums and such but IMO would help better clarify the actual coverage and purpose as relates to various Table hooks.

Thanks EASTER

 

I would let others talk to the benefits of running multiple HIPS - suffice to say that the goal of OA is to be a single application which will give a user sufficient protection all in one integrated box.

I know that our beta test guys run with programs such as Pro Security, App Defend, Process Guard and so on without aparent issue. Whether this is because they perceive that this provides extra protection or it is because they enjoy testing more than one app is an open question One comment I have heard is that running two provides you with a "second chance" - two sets of prompts. For me - well, I'm focused on reducing as far as possible the OA popups - so running another would not be an option. Of course - I'm also somewhat biased

 

I see.

Well congrats and best of luck on a successful run in OnlineArmor. I find it (free version ATM) a welcome change of pace and am even impressed by it's aggressive HIPS feature as well as firewall. The alerts are no so uncommon as experienced in any HIPS, plus i must add in my early review of it the alerts are not so frequent as to become of concern.

Running multiple HIPS is been an area of my own delight in the past, and i have little worry to pair OA up with others as i so often done, and if they can compliment each other, yes i would agree, a "second chance" is one of the benefits.

But it's duly understood OA can stand up quite nicely on it's own as intended so it should definitely fill a long awaited need for users given the added protection of a solid firewall too.

Thanks EASTER

 

Hi - just had it pointed out that my initial post links to a pre-release version of OA.

Would appreciate it if one of the mods could change the link to our OA Free download page, which is:

http://www.tallemu.com/online_armor_free.html

Cheers

Mike

 

Done.

Cheers

 

The neat thing about OA. (If everything is working good for you atm) is that it allows the possibilty of mixing in your own AV. And or firewall.

 

Hi,

Good news, but.....
How ?