OSsurance

Discussion in 'other anti-virus software' started by solarpowered candle, Jul 8, 2005.

Thread Status:
Not open for further replies.
  1. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    I found this on Notoks great security source/ link page http://www.dyingsun.net/apps.htm Has anyone been brave enough to try this . It looks very interesting and a step in faith maybe. If any one actually has any practical experiences with this I would really like to hear . Thanks
     
  2. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    I tried it! Its CR@P! Messed my system real bad. Had to format :(

    Kaspersky detected some virus during install, i thought maybe a false +ve so i allowed and the next boot onwards, all i got was BSODs!

    Dont make the mistake of installing it.
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    :D Glad you like my pages :)

    I found out about it on VMyths.com and have read a lot of great reviews about it, but I think it conflicts with Ewido, which is why I haven't mentioned it :( I'm getting a new motherboard tomorrow, which will necessitate a format.. hopefully I can find some time to play with it this weekend. I'll definitely post here if I do, this thread certianly gives me motivation to do so :)
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    It works on the White List principle; seems like more and more products are based on this idea.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It does execution prevention like PG, but has some heuristics from what I understand. It will apparently detect if a program will cause a buffer overflow, for example.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Yes, I noticed that... there wasn't a lot of explanation as to exactly how that function of the program works.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Nice Site, Notok ;)
     
  8. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Thanks for the relies guys. And Notok I look 4wards to your results.
    I received an email back quite fast from their support. (same day)
    The essence of their reply regarding my question of the needfulness of firewall / AV / spyware etc was

    You do not need to run OSsurance with a software firewall nor with
    >antivirus
    >software. Neither of them is as effective as OSsurance since software
    >firewalls will not block any malicious code coming in the authorized
    >ports used by e-mail or browsers etc., and since antivirus scans file
    >appearance,
    >not running process rights. OSsurance is an application firewall,
    >screening
    >out executables.
    >
    >However, OSD will run smoothly with antivirus and firewall softwares. We do
    >not
    >recommend that users abandon their current protection if they are happy
    >with it, but we also do not suggest newly purchasing those other products
    >since they require much time, maintenance and money to identify threats,
    >in some cases, after the threats have already attacked or done damage.
    >Also, a hardware firewall is more reliable than software, but still does
    >not
    >address harm coming through legitimate ports.
    >
    >Our attitude is that software will come into the computer by some means
    >and some of that software will be malicious. Rather than try
    >unsuccessfully
    >to stop data from coming in, or try unsuccessfully to keep ahead
    >(impossible)
    >on a signature basis, OSsurance cuts to the chase and stops unwanted
    >software the second
    >it approaches the processor. Not before then. Malicious software can not
    >run.
    >
    >Using OSsurance is an act of faith that traditional protection methods were
    >not truly effective but that it is effective to prevent code execution with
    >OSD.
    >Windows NX protection is faith in limited execution screening. That said,
    >do turn it on if your processor is 64-bit and supports it.
    >Using OSsurance raises the question: what about the malicious software that
    >will indeed
    >be resident on my drive, even though it was blocked from running?
    >
    >Good question. In some cases malicious software will have attempted to run
    >and because it was unauthorized it will be in the OSsurance Event Log. You
    >may read where it is located and you may delete it if you wish. Be careful
    >not
    >to confuse files with similar names but different locations since many
    >spyware applications etc. copy legitimate Windows file names. Be sure of
    >the location.
    >It is good to research the file name on the internet before you decide
    >whether
    >it is malicious -- it might not be.
    >
    >As you suggested, you may wish to scan once per week or once per month just
    >to remove the germs (as it were). There are many free or trial antivirus
    >and
    >anti-spyware programs which you may utilize without having to subscribe.
    >
    >Definitely use the IP stealth feature if you have a firewall. This is your
    >privacy.
    >

    Well ..... feeling brave I formatted and loaded OSsurance up with only windows firewall active. I will use a few online scanners and keep an eye on things. I like this concept of total simplicity. The manual is needful to hang out with in order to understand the Authorised program list in order to not allow any mishaps. So far Kaspersky online is the only scanner that appears to give a fp .
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Now you've gotta post a screenshot, I've been dying to see :D

    Blackcat: Thanks! :) More to come, for sure
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    @solarpowered candle

    Actually i did ;) http://www.security-ops.eu.tt
    But i'm focused only on free software.

    Oh,just noticed he has link to my page too (for Infiltration Recovery Tool) :)
     
  11. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    This software is so simple. There is a small grey box on the task bar next to the time with OS in green. Right click on that and you have the options to change password/ scan to update authorized program list/ maually modify authorized program list/ disable OS protection/ review or take action on event logs. Thats it . The only consule really is "the scan to update program list" which gives options to allow the programs in the APL to run and block new programs as possible attack until added to the APL This is done by hitting the scan which will verify. If there is a need to add or deny a pop up consule appears with info and suggestion and choices to "run or not " The manual is quite well set out also . As you can guess im just no good at screenshots lol. I think you will enjoy having a play with it . especially the thrill of virtually what "appears as no security" yet possibly is as safe as. :)

    my only concern so far has been the Kaspersky online scan keeps picking on this program. No other scanner has as yet.
     
  12. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    You know you both need to be congratulated on such amazing sites .They are very impressive and informative.
     
  13. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
  14. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Great info there kareldjag and thanks for your testings .
    What another great site. This thread ( has shown me with the postings so far), just what quality and skilled members we have here at wilders . Thanks you guys.
     
Thread Status:
Not open for further replies.