Online Armor Vice Malware Defender

Discussion in 'other anti-malware software' started by bellgamin, Mar 7, 2010.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I have uninstalled MD (Malware Defender) & switched back to OA (Online Armor). Some (not all) of the reasons:

    1- OA does a much better job of protecting against keyloggers than does MD. Further, the proponent of MD has expressed disinterest in dealing with this issue. (See THIS thread).

    2- OA is MUCH more user friendly than is the case with MD.

    3- I am particularly fond of OA's Run Safer option, which is lacking in MD. (Also lacking in DW -- see Kees' comment HERE -- BUT DW doesn't really need that option whereas, IMO, MD does need it.).

    4- Over & above its HIPS capabilities, OA also provides a full-on firewall. MD does not. (NOTE: OA's firewall is easily disabled for those who don't want one. In my case, I have an SPI/NAT-capable router, so I will only use OA's firewall for controlling outbound connections.)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    By the way, in order to run OA I initially disabled MD (but didn't uninstall it). I thought disabling would be enough to avoid the usual conflict between 2 HIPS. However, I quickly experienced a couple of lock-ups plus a slooow computer. So I totally uninstalled MD. Thus far it looks like that fixed the slow-down/lock-up issues. If so, I guess that OA & MD were in conflict because of kernel hooks. Who knows, wot?

    I'm trialing OA Premium for 30 days -- (I greatly prefer its additional features versus the free OA version. Well worth the price).

    BUMMERS: I had a non-free OA license but let it lapse just a few weeks ago. Costly oversight -- renewal is cheaper than brand-new. My bad. :oops: :doubt: :doubt:
     
    Last edited: Mar 7, 2010
  2. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I have the OA++ version and am very happy with it. Once in a while I will try something different but it isn't too long before I restore my image with OA on it.
     
  3. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    I've been experimenting in a similar way recently. Plus/Minuses:

    - Run Safer is a great feature in OA. MD could really benefit from such a capability
    - Keylogging/clipboard (etc) logging protection in OA is stronger than in MD
    - MD is much lighter on my system than OA
    - MD offers much more control over application configuration than OA - an obvious trade-off with user-friendliness. The logging capability in MD is awesome and gives such a clear insight into activity on your pc
    - MD offers file and folder protection. I can control exactly which applications have access to my password files for example. I could not find this valuable capability in OA.

    Whereas OA is HIPS for beginners (though still strong on protection), MD is HIPS for enthusiasts and is something which can be 'enjoyed'...if you're into that sort of thing. Both are superb security apps, but could benefits from their respective 'feature gaps' being filled, i.e. Run Safer and better keylogging protection in MD; file and folder protection in OA.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    OA is easier while MD is for experts IMO.

    MD is much lighter I think and also has full blown file/ folder protection and reg protection that OA lacks. File Protection in any HIPS is the feature that makes many malware just a useless junk on ur PC. Very very neat feature of any HIPS.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    agree with eagle in this coment;) :thumb:
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    "Eagle" is Aigle? If so, then perhaps you meant that Aigle has the eyes of an eagle (computer-wise, that is)? ;)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    But seriously...

    3 QUESTIONS:
    (1) Is it a feasible idea to set "Run Safer" for ALL all my apps that connect to the internet?
    (2) As to "Run Safer" -- if I set the updater for my Antivirus to "Run Safer", will the updater still be able to do its job?
    (3) Any opinions as to why Xiaolin is disinterested in enforcing MD's keylogger defenses?

    Good point! I hadn't considered that factor.
     
    Last edited: Mar 7, 2010
  7. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Probably not ALL. Just the usual threatgates - browsers, P2P etc.

    It is strange. From my perspective either a security application is designed to protect against keyloggers in all their forms or none at all. The fact that there is protection against only certain types of keyloggers makes no sense. While you could argue that clipboard loggers are not a significant risk (whether that is true or not I don't know), not to have protection against them 'on the product roadmap' seems to be an oversight.
     
  8. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    For question 1. I have all my internet facing apps, including Adobe Reader,set to run safer.

    For question 2. I think the updater set to Run Safer might interfere with the updater although I am not positive. I can't see needing to set the updater on run safer anyways as there should be no threat there.
     
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    When you run with Run Safer, do you get any prompts, or do things just go like normal with limitations of rights? Can I install new apps. etc. with it on my browser or is there at least an easy way to install directly?
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I presently have 6 OA licenses, and it is by far my favorite firewall / HIPs program. There are some features i would like to see added to it like being able to select a folder or file to set as trusted/allowed/block etc.. I have ran into problems many times when doing work, and not being able to stick around my desk to watch it. For example: the last time i was working on converting video's to play on my ipod i left it running, and stepped out because the conversion can sometimes take a few hours. I came back to find that OA had a pop up asking if i wanted to permit the program to run. I had already set the program to allowed, and trusted. The problem is sometimes it will not allow all the other modules of the trusted program to run. This caused the conversion to fail, and wasted hours of work. I believe it is essential that this feature be added. If there was an option to select the programs folder for the program, and trust the entire folder i would not have this type of problem. Prevx gives an option to exclude files, and folders. I would like to see the same feature in OA.
     
    Last edited: Mar 7, 2010
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    I run both OA ++ MD and Sandboxie.

    Both have different strengths and weakness, and the combo of the two is great. I've had no conflicts.

    I don't worry about MD's lack of the extra keylogger stuff. Those aren't serious threats if they can't run. If you allow them, you've already lost a big part of the battle.

    Pete
     
  12. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    There is only one problem with OA , BSDO's , often and random.
    Otherwise nice application.
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    the good thing about OA is the ability to run program safer;) MD lacks this feature it should have it too:D agree with bellgaming in this too:cool:
     
  14. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Run safer os one of my favorite parts of OA also.
     
  15. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Actually, I'd trade Clipboard logging protection for a Run Safer feature any day. Run Safer/Drop my Rights functionality for MD would be a great addition.
     
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I agree. If everyone who is interested will send Xiaolin an email request for Run Safer, he *might* add the feature in the near future (I hope).

    The support address is <support at torchsoft dot com>
     
  17. _kronos_

    _kronos_ Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    126
    I suggested it to Xiaolin 9-10 months ago.

    If he has no time to do it, or it has a lower priority, there are other solutions..

    i.e.: IMHO you can have similar protection simply creating a LimitedGroup, and running unsafe/unrecognised applications in it.. But it is difficult for all users to create it, to manage one-per-one permission and choose the best solution in terms of security-usability.. maybe if it is created by default, and from the developer, it would be better (and more secure).
    There are some threads in wilders about these solutions..
     
  18. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,736
    One point - if you run so many programs with limited rights and less with
    admin rights - why dont us a LUA and switch from there to "run as... admin"?
    And in that case malware has from the beginning not so many options and
    you dont need such strong control in any way. i dont get it... o_O
     
  19. _kronos_

    _kronos_ Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    126
    cause Malware Defender does not work properly with LUA.
     
  20. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Because you may have just a few programs that you want to run with limited rights, e.g. browser, P2p - perhaps just two or three. A Run Safer option for those programs is a very useful feature.
     
  21. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    And that too!
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,736
    assuming you dont have OA or MD installed - do you think a browser in LUA
    would be save from stealing password or other bad things?

    assuming you have OA or* MD installed - would it prevent to create stealing
    passwords with flash or browserbased pdf-view with adobe if you had that allowed?

    can it prevent downloading malware within windows media player when that one
    is downloading malware DRM files to watch certain malware videos?

    how far is your knowledge about all those processes that you can decide whats
    safe or not while using a lua or hips?

    If MD or any other hips would run with LUA - would you switch user for that
    and elevate only some programs for admin?

    PS no need for a full quote if you only refer to a single line or question.
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aloha

    DW is based on running safer, so it does not need it (it does this automatically or from right click context menu on demand).

    Regards Kees
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Point is that OA uses black and whitelisting as a former anti-executable. So you will be prompted when a program is trying to run. When you choose to allow unknown programs run as safer, you effectively have created a selective LUA environment (so without the 'LUA' hassle). On top of that OA will warn you when intrusions occur (like dll injection of a keyboard hook set)

    Regards Kees
    (by the way I am runing LUA on my old PC without HIPS)
     
  25. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Keyloggers are harmless if they can't connect out. I don't even enable keyboard monitoring in Comodo.

    What's wrong with MD's network control? It' based on the Base Filtering Engine which is what Windows Firewall is based on and blocks incoming and outgoing packets. I thought it performed pretty well.
     
Loading...
Thread Status:
Not open for further replies.