Online Armor - permanent TCP connection - why?

Discussion in 'other firewalls' started by rolygate, May 10, 2009.

Thread Status:
Not open for further replies.
  1. rolygate

    rolygate Registered Member

    Joined:
    May 10, 2009
    Posts:
    6
    Why does Online Armor need a 24/7 outside line?

    Why does any firewall need a connection except once a month to update?
     
  2. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    I am only aware that Online Armor needs the internet connection during installation in order to verify your license key...

    Of course, you could be referring to the times when Online Armor contacts OASIS or its whitelist to verify what you are downloading/running is considered safe... but once it is in your list of programs, it doesn't need to verify that anymore...

    Regards -
    -Bob
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It doesn't.
    I have not seen OA make any permanent connections.
    Have you any details of the connection made?

    - Stem
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Hello:

    Must admit I don't understand what you mean by a 24/7 outside line:doubt:

    Do you mean you are using a telephone based ISP ?

    A FW only is needed when the user is connected to the www. If you didn't connect to the internet you could remove the firewall forever.

    If you mean that OA is showing up as a connected ip/site that is normal for OA for updates as has been suggested but also for it's other services to look up sites that may be missing from it's white list and to verify the DNS of any protected sites you may have listed. OA is a suite not just a FW.
     
  5. rolygate

    rolygate Registered Member

    Joined:
    May 10, 2009
    Posts:
    6
    I only became aware of this a couple of days back, and every time I've checked, OA has been connected. Therefore I assume it's 24/7.

    I said 'outside line' in the same way as 'phoning home', just a casual expression.

    I've attached 2 screenshots.

    C:\Program Files\Tall Emu\Online Armor\oaui.exe -- seems to be connected permanently to IP 66.100.171.84

    If you block this connection -- with an OA rule :) -- then you get the typical CPU burst of a trojan every 30 seconds as it tries to get out.

    Can anyone tell me please:

    a) Why would a firewall need to connect more than once a month?
    b) Why on earth is this one connected 24/7?
    c) What are they doing at TallEmu with a million endusers connected?
    d) Why do they need this information?
    e) Has anyone with the capability to do so analysed the traffic?

    And lastly I suppose I should apologise in case there is a local fault on my PC, or I have a trojan that has somehow spoofed OA's ID, file location etc. Anything's possible I guess.

    attached: 2 screengrab gifs showing IP and servername connected.
     

    Attached Files:

  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,270
    Location:
    England
    If you open Online Armor and look under options, do you have 'send anonymous information etc' ticked? If so try unticking it.

    What version and build of OA are you using?

    It would probably benefit you, support wise, to post over on the OA forums where you will get help with this, as it is not something that you should be seeing so often.
     
  7. rolygate

    rolygate Registered Member

    Joined:
    May 10, 2009
    Posts:
    6
    Thanks.

    'Send info' is not ticked.

    Version is OA 3.0.0.190Free

    I'll give it a couple of days then do as you say, probably.
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes,

    Which version have you installed?(free, full)
    What build number?
    Where did you download from?


    I will check it out.


    - Stem
     
  9. rolygate

    rolygate Registered Member

    Joined:
    May 10, 2009
    Posts:
    6
    Downloaded from TallEmu as far as I remember. Wouldn't get a firewall or a/v from anyone except the authors, a bit risky otherwise, unless you know the download site people well maybe.
     
  10. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Try going to http://www.tallemu.com/downloads.html and upgrading to the 3.5.0.14 version and see if that solves the problem. Lots of changes since the original release, so rather OBE for troubleshooting by now.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi rolygate,

    There is a connection going out when the option to "send anonymous information about programs I chose to allow or deny", is enabled, but the connection is closing and not staying connected.
    You could disable that option to see if it that then solves the problem. (Options- General tab)


    - Stem
     
  12. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    There are several different reasons OA can connect its home site:

    1.) "send anonimous info about programs used" (can be turned off)
    2.) OASIS realtime lookups (can be turned off)
    3.) Detect your external IP (can be turned off)
    4.) Updates check (can be turned off)

    If having all the above turned off you still have OA connecting home it's definitely a bug and it's to be reported to Tall Emu.
     
  13. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    I was going to say the same thing.... well, mostly I was thinking of OASIS, the real-time data base checker hosted by TallEmu, a Godsend, if you ask me.

    As you state, any or all of these four issues may be turned off at user's discretion. No attempt by OA to "phone home" in an untowardly manner. Voluntary assistance and/or support are the only reasons I've seen for OA to send out any information.

    Sam

    |||
     
  14. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I have forgotten one more reason to "call home". This is reason N5 -- trusted DNS check :)
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    And these are all in the free versiono_Oo_O


    - Stem
     
  16. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    If I recall, no... Now that I think about it, OASIS is not in the free version... Geez... been running this version TOO long... keep forgetting what is in the free version...

    Free version has a firewall and program guard... it will want to register itself upon installation and if you choose to subscribe to the newsletter, it will send that home as well... otherwise, I don't think it dials back home for anything except if you have elected to send anonymous information about programs you choose to allow or deny...

    Regards -
    -Bob
     
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    I have just checked my OA - and it's not got this connection, nor should it.

    We had some server problems recently, so it could be possible that it's tried to connect for some reason and failed and the connection is erroneously held open (putting more load on our server :( ) - are you still seeing this behaviour ?

    OA should not be doing this for anything other than stated reasons.
     
  18. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Unfotunately, I'm not sure about the free version, I don't use it. I just tried to enumerate all the possible reasons :)
     
  19. Rain_Train

    Rain_Train Registered Member

    Joined:
    Aug 27, 2008
    Posts:
    139
    Well, as sded said, the OP is using an outdated version (3.0.0.190). So even if it is a bug, it might be fixed in more recent versions. This seems the probable cause, as I do not have that connection on my machine.

    To the OP: try the recent 3.5.0.14. It's faster, lighter, and chances are, will fix your problem :) .
     
  20. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Using OA FREE 3.5.0.14. No connection whatsoever with Tall Emu.
     
  21. rolygate

    rolygate Registered Member

    Joined:
    May 10, 2009
    Posts:
    6
    @RainTrain
    Upgrading sure fixed the problem.

    Downloaded 3.5.xxx and stuck that in. Whoops. Mega crash, totally lunched my Windoze. Went into a partial boot-shutdown-reboot continuous loop. Couldn't even boot in safe mode, got a BSOD every time.

    Fun eh.

    Well, I guess you need to know that I run W2K.SP4.rollup1, this is my main work machine. No probs with W2K of course, it's the best OS they ever released for basic work, IMO. Simple, fast, instant networking, all hardware and software works, no issues. What else do I need for work??

    But the trouble is, it's getting harder to support. You need another machine with XP for games or anything complex, sure.

    Anyway - OA's website says "W98, WME not supported, XP and Vista supported". Spot the omission. I saw that and wondered. Well, W2K not supported, I think we can safely conclude now :)

    So: install disk image, rebuild life, start again. Time for a new FW.

    Consult Matousec results for next FW to trial. Install PC Tools ("W2K supported"). Wrong, it isn't. First install: no GUI - the first true 'background' firewall maybe. 2nd install: crashed. Uninstall PC Tools.

    Back to Matousec. Install Outpost Free. Works fine.

    So there you go - hours of harmless fun with a PC. That I could have done without...

    Maybe the original problem with the 24/7 connection from OA was because of version problems / update issues or something.
     
  22. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  23. rolygate

    rolygate Registered Member

    Joined:
    May 10, 2009
    Posts:
    6
    Shame because OA is a fine FW, sorry to lose it.

    [edit]
    Hey, just saw the link you gave there, I'm d/l-ing now. Looks interesting. Thanks.
     
  24. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Your welcome :). I hope it works well for you.
     
  25. Rain_Train

    Rain_Train Registered Member

    Joined:
    Aug 27, 2008
    Posts:
    139
    rolygate:

    Sorry to hear that I hosed your Windows :( . Not being able to reboot even in Safe Mode is a shocker to me; something must've really screwed up. Still, I did not know before this post that you were running W2K :doubt: .

    In any case, you said Outpost Free works fine, so at least you have that to fall back to, incase OA v3.1 doesn't work out.

    Good luck :) .
     
Loading...
Thread Status:
Not open for further replies.