Replacement for Online Armor Banking Mode

Discussion in 'other firewalls' started by avboy, Jun 8, 2015.

  1. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Hello,

    Now that OA is integrated with EIS, banking mode is not available. I am looking at the specific feature where I could prevent my PC from connecting to web sites other than those mentioned in domains -> trusted or protected. I could do this in OA based on the websites' domain names without having to know their IP ranges for example add amazon.com* in trusted domains list and its done. This is very important as I use this feature across many sites as required, be it banking, broking, e-commerce, bill payment etc. So it is not possible for me to know their IP range.

    So my queries are:

    1. Is there any other firewall that provides this feature? If not why? Isn't it used a lot by all OA banking mode users?

    2. Is there any other way of doing it? It is just the reverse of what host file can achieve. That is allow particular white listed sites, while blocking connections to others.

    Thanks
     
  2. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I'd like to see a banking mode as well with simple instructions for the rest of us. Avast has a banking mode, but alas it didn't work for me. One of the reasons why I moved to Emsisoft. :)
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Eset Smart Security and I also believe NOD32 have web access protection. Within that feature is an option for URL address management. It has an option to only allow connections to specified URLs. Note that I have had issues with it when I used the full SSL address format i.e. https://www.bankname.com for example in conjunction with SSL protocol scanning exclusions, etc. If you leave SSL protocol scanning disabled which is the default setting and what I recommend, URL address management should work fine for what you want to do. Also if you just use the base domain name.

    Note that Eset performs most of its validations at the network level. Hence this feature is not part of it's firewall processing per se.

    Running this way will only allow you to connect to your bank domains with Eset and your browser. Is this what you want to do?

    Eset will be offering a "banking mode" protected browser in the upcoming release of Smart Security 9 which is in beta testing now.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    I must say that OA's banking mode sounds interesting, but I wonder how it would fare against advanced banking trojans.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Doesn't matter. I am not sure it was in the free version, and you can no longer activate a license
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    I meant from a technical point of view, I know that OA is pretty dead. But I wonder why they didn't add this feature to EIS.
     
  7. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Yes that is what I am looking for. Thanks for your input. Even OA did not take full (SSL or otherwise) format address. But it accepted base 2nd level domains too. I will try the ESET beta first to check out the new banking mode.
     
  8. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Yes even I can't figure out. You really don't dump your USP one day. EIS has the feature of allowing individual programs to connect to specific IP addresses. But that's not the same as banking mode.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    According to a member, it probably didn't work too well. But it's kind of disappointing that EIS has never implemented specialized features against banking trojans similar to Webroot for example.
     
  10. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    761
    Location:
    SW USA
    I distinctly recall Fabian in their forum a few years ago discussing the EOL of Banking Mode. It had almost everything to do with the way banking sites do their thing than it did with BM.

    Dismissing the age-old behavior blocker vs HIPS and and (especially) user intervention arguments , those running EAM and OAP back then dealt with the well discussed overlap of BB and HIPS. Emsisoft never had an Internet Security suite and for years they were pressured to produce one. So, it was a no-brainer that when moving forward they went with their BB (once marketed separately as Mamutu) in EIS.

    I was always a big fan of Online Armor, going back to the Tall Emu days. I lament its demise but recognize it no longer fits Emsisoft's business model or met its stated protection stratagems.

    For "banking protection" I run Zemama's AntiLogger Pro for its SSL intrusion protection, Key Scrambler and really, really long passwords. And then on how my browser and the bank exchange data... :gack:
     
    Last edited: Jun 14, 2015
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Since it appears you only use your browser for banking/financial transactions, still trying to get a grip on that, you might check with your bank if it offers Trusteer Rapport for its customers. It has everything you need plus a secure tunnel between your PC and the Trusteer software installed on the bank's server, armored browser, MITM and MITB protection, you name it.

    I never recommend it since it slows most browser to a crawl which isn't acceptable for everyday surfing. That appears not to matter in your case. Plus Trusteer is free for home use.

    Note: If your bank is not Trusteer capable, the protection is not as extensive.

    https://www.trusteer.com/ProtectYourMoney
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    That's probably good enough. Another option is to use Sandboxie. You could use a dedicated sandbox for banking and shopping. Apps (and malware) that are running outside this sandbox, can not communicate with the browser that is running inside the sandbox. I'm not sure if Zemana AL can also protect sandboxed browsers.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    It's easy to control what's on your computer. The real problem is if the bank site is temporarily hijacked.
     
  14. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    no one needs a "banking mode". get firefox (maybe portable or create a clean profile), install extension like this, then allow your bank site from matrix.
    https://addons.mozilla.org/de/firefox/addon/white-list-ninja/


    since ssl in antivirus products became pain in the ass there is even no need for silly ssl check. grace to vulnerable diffie hellmann lower than 1024 bits in TLS...
    https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html

    disable in firefox (about:config)
    check https://www.ssllabs.com/ssltest/viewMyClient.html

    if you need more security get a live linux for banking.

    my banks only need a cookie and one of them a javascript from verisign.com. no flash, no java, nothing, pure and simple.
     
    Last edited: Jun 14, 2015
  15. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    What about trying out HitmanPro.Alert v3...that has a safe browsing option and if one does not like or want to use any of the other anti-exploit functionality then it can be switched off easily with no annoying prompts to remind one that it has been switched off.

    Baldrick
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe that you should not be looking for a URL filtering solution, since malware could communicate using IP addresses.

    Restrict access to all but one website using a firewall
    . When you have this debugged, you could perhaps transfer these rules to your router (if you have one): DIY: Limiting IP addresses on routers.

    Better yet, to reduce the risk of active malware that could later transmit information when "banking mode" is off, use a live cd/dvd such as Lightweight Portable Security in combination with the router allowed IP rules.
     
    Last edited: Jun 14, 2015
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    Yes, that is also an option, combined with a dedicated anti-logger like Zemana or SpyShelter, it's almost bulletproof. On top of that, you can also run the browser in a dedicated sandbox with Sandboxie, like said before.
     
  18. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    761
    Location:
    SW USA
    I put banking protection in quotes to indicate I was sharply focusing on that. I assure you I'm running much more than ZAL and KS. And it's been almost two years since Flash trash and Java junk were purged from my systems. Thanks for your concern, tho.

    As for Sandboxie, with no disrespect to its fan club, the developer would have to pay me to use it again.

    Well said.

    These also:
    security.ssl3.ecdhe_ecdsa_rc4_128_sha
    security.ssl3.ecdhe_rsa_rc4_128_sha
    security.ssl3.rsa_rc4_128_md5
    security.ssl3.rsa_rc4_128_sha

    As well, those who run Thunderbird should set all six of those to false, too.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    Do you have any technical problems with it?