"OSSS" (Online Solutions Security Suite) Beta is Out

Any news for Win7 64-bit?

 

I tried it. It is definitely a BETA. Thank goodness I made an image before doing so.

It's okay, I guess. . .

+Needs a restart during install. Thus, testing it with Shadow Defender is n.g.

+Auto detects your network

+Uses a whitelist, of some sort, during install

+Evidently needs MS Visual C+++

+Install loaded my default browser & OSSS's website. I immediately closed the browser. Maybe I shouldn't have done so -- see my next entry.

+OSSS said it couldn't detect my internet connection & asked for a restart.

+OSSS goes through *something* during startup -- BEFORE the Windows welcome. I restarted again later & it did it again. Maybe it does this every time there is a startup. It's okay, maybe, but other classic HIPS I have used (SSM, Prosec, EQsecure, OnlineArmor, MalwareDefender etc etc etc) ---- NONE of them ever put my computer through these startup gyrations.

+Despite its whitelist, OSSS popped up every time a system file activated -- it gave me several pop-ups just for services.exe. This took place even though OSSS claimed to be in learning mode. Ugh!

+During install OSSS gave options as to what to install. I opted NOT to install the firewall, but OSSS installed it anyway.

+I liked the GUI. Fairly intuitive to use (for a classic HIPS, that is)

+Compared to MD (Malware Defender), OSSS seemed to have pretty much the same coverage, PLUS a full-scope firewall. One exception (I *think*) is that its file protection did not seem to be anywhere near to being as granular as MD's.

+Uninstall hung for over 1 minute -- but it was loading my default browser to go to its website & ask why I was uninstalling. It asked that question in Russian, however.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Despite all the comments I have made, OSSS looks to be a VERY promising classic HIPS, & (for a beta) it is pretty stable. My real-time set-up almost always consists of ONLY a classic HIPS and an AV. So I am very happy to see a new HIPS coming on, even if I wouldn't use it at the moment.

P.S. I hope Kees1958 takes this puppy for a spin.

 

i tried it but it made nuts all the pop ups

 

For the first, thank you for you review/feedback and comments.

It is automatically checking your system for malware and rootkits using our other product: OSAM

Do not afraid, it's just for information about new versions, when you using an installer that may be downloaded some weeks or monthes ago.

It is not used as part of internet connection detection or something.

It is required to know what OSSS wrote to you exactly. I think it was a normal case (when, for example, you using LAN for connect to the Internet). But I can't say and be sure - need to have screenshot and information about your connection from you.

It's because of OSSS is more powerfull than these systems. I will quote some text from your site:
from OSPD description:

from OSPF description:

So, it is not a problem, it is an advantage

To give a correct answer on this issue I need to have a copy of requests and/or screenshots.

OSPF part cannot be "removed" from OSSS. It is a one common kernel. So, when you disabling "Personal Firewall" option in setup, it is just disabling it in configuration, so all connections are allowed. (You can checkout Firewall options after installation)

Thank you

What do you mean about file protection? I just did not understand, sorry.

Hm... Really strange. It must use the language that were used during uninstall.

Thank you!

BTW, we made an official (first) release two weeks ago. Here is a news. Here is a changelog.

 

Is this going to be a free product?

 

konata add this hips to mamutu and you are set to go
note:this hips is very chatty but is still good

 

i think that this hips will detect a rootkit loading cause it loads even before windows does and before all program loads this is a plus for me

 

I rarely try BETA softwares.
But once officially released I'll definitely try this. ^^

 

i am currently testing this program with malware but i notice some thing when malware is executed and after the installer allow to run it follow by malware trying to change registry or modify system files and apply a block rule but the blocked malware is still running in memory it will be nice to have an option to block and terminate it is safer
note:the hips protected my registry and protect againts system modification but it will be nice to have a block and terminate or terminate and block feature

 

now i will install OA and compare i want to have a nice hips in my systems

 

Looks interesting, if i get my VM up again i'll definitely try it

 

ok OA++ is way faster in my system

 

Congrats for second place on Matousec.

 

I am trying this program in a spare snapshot for the first time...looks interesting.

I wish there was a current 'help file'...the only reference to one, was in this post > "where is the help file of OSSS?" > http://forum.online-solutions.ru/viewtopic.php?t=554

P.S. Also, I have a thread in > 'other firewalls' > https://www.wilderssecurity.com/showthread.php?t=278343

 

How does OSSS stack up as a HIPS, in terms of features ? (it did excellent on matousec)

Specifically, ...........


1. Does OSSS have user configurable protection for the following:

a) User configurable - Registry autorun entries ?

b) User configurable -File and Folder protection?


2. Does it have a Sandbox feature ?

3. What are the basic differences in the protection approaches between OSSS and MD ?

 

OSSS have a really flexible protection settings: all type of actions can be configured by user. So, answer for two your questions -- YES. (You can use masks, etc).

In the current market's meaning - no.

 

I requested OSSS to test their HIPS against keyloggers, but there was no reply.

Ergo, OSSS is untested against the keylogger genre (testing POC is available from spyshelter.com and zemanausa.com). IMO, OSSS is not reliable for primary protection against THE most dangerous type of exploit -- the keylogger. (A malware infection is a minor inconvenience, whereas a rampant keylogger is a downright DISASTER!)

 

if that is you opionion how do you explain the good matousec results?

And in generall keyloggers have to act like trojans as well (autostarts, remote connect and so on).

I think OSSS is one of the best HIPS available.

 

There were not reply at this moment, because we are working on new beta version that will be released soon (in several days). And also, request in a form 'before I start to test your software, download this test and test it yourselves' seems a small incorrect...

Ofcourse, OSSS protect against keyloggers. You can try spyshelter's test (really primitive, and only 1 way), and zemana's tests.

Thank you for your attention.

 

helloo

osss dont have a solid antikeyloger

no anti-screen logger no anti-clipboard protection no webcam protection

and fail with a lot of spyshelter test

 

Prove it.
OSSS protect against keyloggers.

We already answered about these "actions". Why they are not "controlled".

We can code a lot of so-called "tests", that other products will "fail". But there is nothing common with a real system protection.

 

good to see a new beta version soon

 

The burden is on you to prove what OSS can do. Not vice versa.

OSSS offers rationalization. Online Armor and Outpost Pro offer actual results by passing the tests.

Now that we have effective, low-cost imaging software --plus superb scanners such as Hitman, Immunet, MBAM, Bugbopper -- malware infections have become, at worst, a minor inconvenience.

Keyloggers, on the other hand, can be downright disastrous.

I WANT OSSS to be proven effective against the full spectrum of the keylogger genre. When that happens, I am a paying customer.

 

No, it is not on us, if someone just saying "it does not protect at all". This is a primitive trolling. Someone saying something and othery guys must to prove that this 'something' is not a true. That's funny.

Anyone can use the same methods like - "you eating infants every morning". And later say "the burden is on you to prove that this is not true".

On what facts someone decide that this assertion is not a mere assertion?

If someone accusing somebody, he/she need to buttress up this accusation by facts. Or anyone will talk anything. I can give a link to wikipedia too: Praesumptio innocentiae.

Also, if we will spend a time to prove every user (the most are unprofessional in this area, and cannot correctly appreciate technical details), then we will unable to do something useful.

Example: user is asking us to test (not he tested -- we must test for him!) spyshelter's tests. This test for keylogging using a primitive technics like SetWindowsHook() and "injecting" a .dll to all processes. "System protection" test is writing registry value to "Run" key... About what we can discuss here? And later we got: "OSSS is not protecting against keyloggers". And we must prove that we are not idiots. Any ideas how to do this in such cases?

We are not oriented to any tests. We are working on user's system protection, not on a tests bypassing.

Show me at least one product on market, who booting so early on the system as OSSS doing. Does users know this? Users understand this? Can users compare this with other products? How you will advise to say something about this?
(It's just a sample, nothing more).

I have nothing to say regarding this.

Vendor should not have any relation to testing and proving the effectiveness of the product. However, this does not mean that doing testing can be absolutely anyone who does not have an appropriate mix of knowledge and experience (in particular, referring to the real ITW/0day threats).

 

Well Said !! And agree with you ...

Any competitive vendor can code a test software, that other products will "fail" to block , and we have saw that in past a lot...