ProSecurity vs. Online-Armor

I hate to disagree with you Mike, but it seems that saying that PS and OA are compliments "for now" ignores the direction you claim OA is heading.

 

Ok i am confused . . i think he means "for now" meaning it is a compliment at this moment but may not be soon if its more advanced. perhaps ?

 

For now, PS has a kernel mode implementation of some process protection stuff that OA (release) version does not.

When the Kernel Mode version of OA is released, then OA will overlap significantly with PS as it will contain most of the PS features.

 

Yea, but my point is that he knows that OA is going to be "more advanced" in the near future (as evidenced by his mention of Kernel level protection earlier in this thread) and at that time the two products will likely be redundant.

It seems that people buy security products to secure their systems not for a fixed point in time, but rather for a duration of time (industry standard seems to be a year). I guess my point is that if you were going to advise someone to buy both, wouldn't you be saying that your kernel level protection is not going to be released for quite a while (i.e. a year)?

 

Ah, sorry for the confusion. I'm not recommending anyone buy Pro Security. Just saying that *right now* it should work fine with OA if you choose to run them together.

FWIW, I am hopeful that January will see the release of OA v2 - so I don't expect a long delay.

 

This has been an interesting thread, though most comments seem to have come from OA users (maybe there's not as many PS users here?). If PS is anything like SSM then it would cater to a different market than OA is aiming at, so it seems to me that any comparison would be flawed, or biased towards the writers preferred 'type' of security.

As for OA, I've been an OA user and sometime beta tester for a while now. That said, I'm only just beyond a novice when it comes to firewalls. The only software firewall I'd ever used was ZoneAlarm (I had tried a number of others, but uninstalled them immediately after installation, due to their confusing GUI's). I have to say that (from a novice point of view) I was very impressed with OA's F/W GUI -elegant, informative and intuitive.

 

Indeed

PS is pretty similar to SSM - I like the PS gui and prefer the way SSM works. Day to day I use SSM mostly and test OA or PS

I think you hit the nail on the head - OA version one lacked the driver based protection that PG, Appdefend, SSM and PS all have.

When I first started with OA I continued with PG to provide that extra bit- people here myself included tend to have an excessive amount of security SW. That overlaps and never catches anything because there is not that much to catch in the first place. Which is of course fine.

SSM or PS would confuse most normal users OA would work for them ..

 

Actually, it seems to me the thread is full of OA beta testers, while PS doesn't seem to have as big a beta program except for TechWG. Betatesters who have committed so much time and effort are naturally more supportive or even defensive of the product even if they get nothing out of it besides the honor of being known as one. Team spirit and all that...

I have noticed this effect quite a few times, personally even and had to reverse myself to counter that effect.

There are PS people, but none (or few) are beta-testers

 

Whilst this thread is very informative (thanks to Dallen for starting it) I am still none the wiser. I suspect that a lot of people, like myself, are in the process of looking to replace Process Guard (not trying to hijack this thread for my own ends, BTW); the logical choices 'seem' to be either ProSecurity or SSM and that is why it is greate to hear about another potential contender, namely OA.

As I understand it when v2 is available there will be 2 versions; one with and one without an AV component but both with a firewall component. Many of us probabaly have an AV they are happy with (not an issue as we can go for the non AV version of OA) but a lot of us probably also have a firewall we are happy with and are just looking for a HIPS replacement. From my personal standpoint OA now looks very good (and would appear to be getting even better with the features promised in v2) but can I disable the inbuilt firewall so that I can use it as a simple PG replacement? Does that make sense?

As mentioned by a previous poster the potential cost does not matter (to me) if the functionality is right, etc., even if to get it you do not use the product to its full potential. What I do not want to do is to continually change product.

 

Hi Baldrick

You can disable it *and* remove the two firewall drivers in case of incompatibility

Cheers

Mike

 

Hi Mike

Thanks for the prompt response. That is good news. I will definitively try v2 when it comes out as I am hoping that it contains more HIPS-related functionality than the current version. Is there anywhere that one can detail on what will be new in v2?

 

I'll work something up tomorrow. Short version - OA + FW + PG

 

Hi Mike

That is most kind of you. I look forward to reading it. What I am looking for is detailed process protection (principally) which is what PG provides, with the option of Registry protection...but preferrably without the need for the use of deep technical knowledge.

Regards


Baldrick

 

Baldrick,
I people want to broaden the scope of this thread to encompass SSM, I have no problem with that. As you astutely point out, the current most capable replacements for PG seem to be SSM and PS with OA soon to the contest with its kernel mode product.

 

We'll let the last post above concerning beta testers, who's a beta tester and what not be the "last" post here that talks about any other member's, (and/or vendor for that matter). As has been said on more than one occasion....focus on the product and the technical discussion....not the people posting about it and their relationship with vendors. A number of posts removed....So, let's move on now.

 

Hi

Firstly, I put my hands up to being a beta tester for OA + Firewall but I'll try and keep objective with this post.

I tried OA some time back in it's infancy and didn't really like it at the time.

The reason I agreed to beta test this version was that Mike Nash encouraged 'novicey users' to try because as I see it the goal of OA is to try and be as 'beginner friendly' as possible whilst still providing strong protection. I put myself in this class compared with the majority of Wilders members.

Personally, I think this is a really hard nut to crack. Having just seem my sisters PC infected with a worm, trojans and spyware, I had to ask myself whether, even though short and not steep, she would be able to understand or be bothered with the OA set up wizard. Maybe, maybe not but OA is trying to prduce a product that my sister would use. She just expects Norton to save her every time. This is what all vendors are up against. She expects Norton to find and delete absolutely anything without ANY user intervention or questions requiring an action from the user.

What I do know is that SSM ( which I have persevered with) is far too complicated for me and would therefore be completely out of the question for a complete novice.

I admit to not having tried ProSecurity and therefore cannot comment directly on either it's protection or user friendlyness. If, however, it remotely resembles SSM then the comparison, the basis of this post, I think we are talking chalk and cheese between PS and OA in the market place.

As a replacement for PG which I have used happily for 18 months then I guess PS or SSM is the logical step for experienced users but it's a step too far for me.

I am using Prevx1 and have tried Cyberhawk which was uncannily quiet but again will prompt for an action if required.

Simply put I don't think there is any point in trying to compare 'classic HIPS' with programs like Online Armor.

 

well you could wait till version two online armor is out and put that on your sister's pc.
it lowers the rights for internet explorer msn messenger etc so its less likey to become infected.
you only need to do the start up wizard for her once right?
lodore

 

Quite right Lodore and that's what I will suggest.

I have to qualify my earlier post. Norton had in fact 'fixed' the infections. My mistake but I was still called out as she wasn't sure that that was the case or not and it found 5 spyware instances that couldn't be deleted as they were installed with her toolbar helpers.

However, my point is this. People like my sister trust Norton to be the be all and end all when it comes to PC security. Her eyes go glazed when you try and tell her there are as good or better alternatives or that 'layered security ' even at the most basic level is important.

This is IMHO the reality when it comes to everyday computing. We're dealing here with a very intelligent person but computing security is a different issue.

I really do await the results of MrK's 30 day Escalader experiment with interest.

 

i use to belive that norton would protect my pc from everything with my old pc and wondered why it always crashed and the scandisk never finished.
but when i got this pc i was recommended spysweeper which was version 3.0 at the time i ran it on the old pc and it found 200 infections.
oddly with the new pc i got f-secure and some how become a safe surfer and then got in to this forum.
that was 2 years ago i got this pc and when it was new the 2005 version of f-secure at the time didnt slow it down because the pc was brand new.
my next door negibour has the bloated mcafee 2005 security suite which doesnt slow down his core duo 1.8.
this proves that with new pc's you can have most bloat software and not notice it for a while till the pc becomes older.
lodore

 

Online Armor and Nod are a great match.

 

Mike,

Looked at you product. Currently I am running a sandbox (stop at treathgate level), processmonitor (do not allow unknown programs/triggers to start), HW-firewall (SWfor outbound) and datawall (SensiveGuard).

My dream security product would be CoreForce when it is out of beta with a smarter processmonitor or On-line Armour with data wall functionality of SensiveGuard (and the recognition of user initiated actions).

I managed to setup a pop-up free setup for my wife's PC, see you value that to. Looking at the specs of your product I think yours will beat my current setup in terms of CPU load (below 2%) and memory usage (including AV it totals to 27 MB) and it will certainly beat Coreforce.

Wishlist for OA:
- datawall
- recognise user initiated actions for rule setting
- besides the current silent pop-up option to stop only known bad-ones, also include
an SSM like disconnect user interface pop-up silence

Thumbs up

 

Hi Kees1958,

Thanks for the kind words. If you post your wishlist in the OA beta forums (apologies if you already have, haven't been there yet today) then it will get added to the list.

However, at the moment there is a feature freeze on Online Armor - until we get a release out the door I won't be adding any non-essential features. (Of course, once we get a release, that will change).

In order to ensure we pass leaktests we flicked into Kernel mode and added 50 folk to the beta team. Now we're working thru all of the BSODs (we've gone from "most get them" to "most don't") and cosmetics and other wierdness.

For those interested in the current status of OA2 (including which leaktests are currently passed) you can see here:

http://support.online-armor.com/forums/viewtopic.php?t=537

One other thing that caught our attention (and will be in the next beta build) is improved self protection and verification. There have been a series of vulnerabilities in personal firewalls reported recently - of course, OA has to be checked against all of these to make sure we're not vulnerable too.


Mike

 

Right Devil's advocate,

This could have a positive and negative site.

Positive scenario:
The developer and TechWG test the program to such an extend that they deliver good quality. Compared to SSM-paid (I am a SSM-free user), they have released less hasty versions (last quarter SSM occupied this forum, because they had problems): 1 - 0 ProSecurity vs Competition

Negative Scenario
They both forget to test a user bound "test swim lane" (the user does something what the maker/tester did not think off). Example: when ProSecurity occupied this forum with every release they brought out (thanks moderators for limiting it to one tread), they forget that ProSecurity has to be used in learning modes a minimum times with log-off/log-in. Consequences was that one poster was locked out of his computer/others got problems with user switching: 1 - 1 ProSecurity versus Competition.

Regards

 

Mike,

I will post them at your forum, however marking datawall protection and behavior intelligence (user initiated, any program or program with internet connection) as non-essential is a bit patronalizing.

Datawall protection is a elementary protection within the the Forrester research security model (the five layer model of entry, treath gate, trigger, data and exit, represent the moment of intervention or how a malware attack sequences through your defense).

DriveSentry, CoreForce, SensiveGuard, VIGuard all offer datawall protection as a bonus. The great advantage on CPU load of combining process/firewall/datawall monitoring is that the logic behind this protection is the same. Comodo for instance recognises a changed process and intervents when its tries to initiate ourbound traffic, stupid thing is that it does not (for instace Zapass) to block the change itself. So the strategic direction you are heading shows vision. I understand that you can not jump from the cellar to the attick so a thourough release planning is good practise.

This same model mentions hardening, blacklisting, behavior and whitelisting as increasingly tougher protection modes, with a decreasing user friendliness (more pop-ups), so behavior analysis on process/traffic level is quite a feat in regard to user friendliness.

Despite this critical reply, I prefer your tone of voice over the competition. The way Ilya (of DefenseWall) and Brian (of GeSWall) join the discussions and CyberHawk support reacts are an example to others some way related to a product.

I hope you succeed in getting the major release out and well tested within the timelines you planned. Good move to invite 50 beta-testers.

Regards Kees