Online Armor new features - opinions

Discussion in 'other firewalls' started by subset, Apr 8, 2008.

Thread Status:
Not open for further replies.
  1. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    there are new features in 2.1.0.127.

    - some installers with digital signatures are allowed to run without any prompt from OA,
    nor is there any popup during installation.
    In Programs a permanent rule for this installer is auto generated,
    as said without any prompt for the user, simply hidden.
    I experienced such behavior with Opera and HauteSecure installers,
    both are signed by VeriSign.
    There is actually no option to deactivate this feature.

    - deleted rules in Programs from applications of OA's whitelist are always restored to Allowed and Trusted,
    if you ever start these applications again.
    Again this restoration is without any prompt for the user,
    he will have no clue, this happens completely silent.
    Only if a deleted rule was from an unknown application (not in OA's whitelist),
    at next start of this application the rule will be restored to Ask and Unknown.
    Therefore a prompt will show up for this application again.
    There is also actually no option to change this behavior in any way.

    I'd be interested in knowing what you think about this features.

    Cheers
     
  2. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    My opinion is security software should ask as little as possible. Ideally there only should be questions about really dangerous actions. So I think OA has a lot to improve in this direction. There are people who like just opposite, to control everything. I dunno how to make these two approaches to live in peace. The only idea that cames to my mind is "Paranoid mode" :)
     
    Last edited by a moderator: Apr 8, 2008
  3. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Er... there is alright an solution for your approaches, Standard mode and Advanced mode.

    But a problem is that features (like some installers with digital signatures) are implemented without a line in the release notes and without any consideration of Standard mode and Advanced mode.

    After installation of 2.1.0.127 I downloaded the latest Opera installer and started it. :argh:
    Couldn't get my mouth shut, no prompt, what's wrong?!
    The answer in OA forum was "Yes, it would relate to the signature" o_O

    What's next? Deleted firewall rules are restored to allow if an application signed by whomever wants to send data to the net.

    Maybe you as a beta tester know it, common users like me have to deal with it.

    Cheers
     
  4. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    All I know is yes, it relies on signature. Do not ask me how it does it, I don't know :)

    I think OA trusts not the fact a file is signed, but somehow it looks at certificate issuer and signature owner. Once they both are known as trusted and signature is valid (digitally), what should be a sence to ask signed file about starting ?
     
  5. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Well, you answered your questions somehow by yourself.
    As long as not even beta testers know for sure how a feature works, I would really prefer at least one "tries to run" popup. :D

    Cheers
     
  6. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I don't know because I don't care. I have my testing fun in other things. For example I test every real malware and every rootkit I can find and then report the fails to Mike. That is to say it was long ago when OA failed real malware in my tests last time. BTW, if you have interesting examples, you are welcomed ! :)
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Subset

    I think the answer lies in who is really targeted as the market for OA. Almost anyone who frequents this forum problably isn't a common user in the sense of the target market.

    Most users don't know how to answer so if the program is known safe why ask. Now that being said in Advanced mode you can tailor things so they ask.

    Pete
     
  8. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hm,

    this reminds me somehow of solcroft's post about HIPS and prompts.
    https://www.wilderssecurity.com/showpost.php?p=1164402&postcount=28

    But now it seems like the vendor wants to get a watered-down program...
    So be it.

    Cheers
     
  9. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    HIPS is not about asking, HIPS is about protecting. If you have an example where such behaviour brought someone to the danger, I think the concept might be reviewed. But until then this is just "my wish vs your wish" or "speculation vs another speculation" ..
     
  10. Shotwick

    Shotwick Suspended Member

    Joined:
    Jun 15, 2006
    Posts:
    12
    If you look at the filesizes from the OA applications, you see it has been programmed really messy.

    If you look at the behaviours/misbehaviours/popup layout/missing configurability/..., you see that it has been programmed really dumb.

    If you look at the system impact/slow window reactions/you see that it has been bloatly programmed.

    If you look at the scores it tries to achieve at cloudy sites like Matousec, yet look at all the misbehaviours/bugs/cpu-hungry parts compared to better HIPS software, you see that is has been programmed to attract money instead of offering security.
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I wish you a happy looking weekend Shotwick.
    I won't do that but instead use OA without issues.

    Gerard
     
  12. danny9

    danny9 Departed Friend

    Joined:
    Feb 18, 2004
    Posts:
    678
    Location:
    Clinton Twp. Mi
    Same here Gerard. :D
     
  13. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I leave your estimates to you, but please, gimme an example where it really failed in a sense of security. Virus-name, malware-name, rootkit-name or something. Cause I don't care about size, some tempt misbehaviour, but I care that real beast was stopped.
     
  14. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Thank you Mr Shotwick for this great post :rolleyes: , any proof of that o_O?
    What you recommand as being a HIPS programmed by genius ?

    MaB
     
  15. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Exactly but still being capable to switch in some sort of paranoid mode.
     
  16. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I dunno, but I think that while packet filtering is a real security, packet sniffer is just a service function to debug and diagnose. A bit different tasks for those who understand at least what those network packets are for. The same with HIPS. Not to forget that every false alert is a "time is mony" for a user.
     
  17. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    :eek: Gee!

    Opinions on OAs new features was the title of this thread, do you remember?
    I know Shotwick came around to put out my little flame with gasoline.
    But as OAs fire and rescue service admins rushed in instantly,
    everything should be save now. :shifty:

    Cheers
     
  18. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    OK, OK, OK .. If to talk about new features I'd like to see taskmanager like process explorer and a way to setup and manage running processes like in Programs.
     
  19. Shotwick

    Shotwick Suspended Member

    Joined:
    Jun 15, 2006
    Posts:
    12
    I know that nice new feature when I updated firefox, and OA made the 9th dumblicate rule for it.:blink:
     
  20. Jon_T

    Jon_T Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    38
    The new feature I would really appreciate the most is some good printable documentation that explains how to use all of OA's features/settings.
     
  21. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    I'd like to see a new feature in online armor concerning
    anti arp & anti spoofing properties
    more protection and functions concerning the local network whether "wired or wireless lan"
     
  22. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Full anti-arp protection is not possible in case attacker spoofes your router with your fake mak address. I think all this antiarp stuff is very overestimated. Any linux router can detect arp-spoofing in the lan and show the source of attack. And h/w routers can handle it better than any s/w firewall. I think this is irrelevant for now.
     
Loading...
Thread Status:
Not open for further replies.