Run-Safer in Online Armor Free v3.5

Discussion in 'other firewalls' started by arjunned, Jul 1, 2009.

Thread Status:
Not open for further replies.
  1. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    Hi.
    I've been testing OA free for sometime now. I'm loving it so far. My question is very simple. What exactly does 'Run-Safer' of OA do? I have read the FAQ's and help files but was hoping some of you guys here would be able to help explain it to me better.

    Cheers!
    Arjun Ned.
     
  2. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    RunSafer runs a program with reduced rights, which makes most malware ineffective, but allows most legitimate programs to work normally. Though, some programs can feel poor if started with reduced rights, for example the installers need administrative access, also the programs that launch the drivers and the services "on the fly" cannot do it with restricted rights.

    Generally RunSafer prevents:

    1.) ability to launch services and drivers
    2.) ability to write to the important registry keys and important disk areas
    3.) ability to use some APIs (like direct disk access, fo example).

    BTW, if a dropper for something like "confiker" or "seneka" is started safer it cannot infect a system.
     
    Last edited: Jul 1, 2009
  3. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    All applications (non-OS), with the exception of a couple of specific utilities, run safer on my PC (which also has UAC on). OA is also set to Run Safer all unknown programs.
     
  4. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    you need to run safer your web browsers and any program you suspect in.
     
  5. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    I'd add to that most internet facing apps, including things like chat clients should be set to run safer. This way, if you do accidentally click a malware link, open a malicious attachment, get exploited by something or other, the process would start with limited rights - this really reduces the damage that they can do.


    Mike
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Basically it's like running in a limited user account. So as I recall some of the restrictions are:

    * Cannot install drivers
    * Cannot write to system
    * Cannot write to root of drives

    Just these things alone limit damage things can do. If you are familiar with DropMyRights this is pretty much the same thing, only automated. Then, we add in the rest of the OA protection and we start to get some really powerful protection.

    The EMSI/Ikarus engine in our new OA++ also really is performing for us well. I can't wait until it's released. Combining AV+Run Safer+HIPS is very very nice...
     
  7. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    The funny thing is RunSafer renders HIPS to go unemployed :)
     
  8. HJO

    HJO Guest

    May be OT...
    What is the difference between the Run-Safer in Free and Paid?
    Thanks in advance.
     
  9. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    None. Both are the same thing :)
     
  10. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    It seems be a vistual machine.Shall I comprehend it like that?
     
  11. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    No, think of it like handcuffs/straightjacket on programs, to limit their movement :)
     
  12. HJO

    HJO Guest

    Thanks!
    ...for your simple and clear answer!
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Other posts have explained "run safer".

    But the way I see it is users don't need it or the potential errors that can be made by the vendor in working this feature.

    All users need to do is run as a limited user day to day and then when needed switch to administrative mode to do things like install new SW, drivers etc. How hard is that? IMHO, just leave OA's run safer feature unticked.;)
     
  14. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    The same could be said about any feature or program which gets into windows at any level and modifies behaviour in "interesting" ways, which would include most of the programs the members here use.

    You could even extend this logic to disabling services, using nlite, or any sort of patching or in depth system tweaking.

    Runsafer is not and never was designed as a replacement for a limited user account. It was designed so that people who run as admin for reasons of necessity, convenience (or even laziness) can limit the rights of their internet-facing applications.

    For example, I sit there and write code. I need admin access. But I can turn my browser and IM clients and email to runsafer and have protection against exploits this way.
     
  15. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    In Vista, how do Run Safer and UAC compare and contrast?
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    That is terrible advice for the average user. Not including Wilders member types how many average users, know what a limited user account is. How many would know how to switch between them. How many would even know what a driver is?

    Remember not everyone reading here has the background you do.

    Pete
     
  17. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    In Vista when it starts up it defaults to Limited user mode.

    They see it as a safer for the masses. To do things like install sw you have to flip over to admin mode. Some user have the view that it is "inconvenient"

    But security by it's very nature is sometimes incovenient... c'est la gare!:)
     
  18. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Hello Mike:

    Good data, thanks!;)

    Take it easy!
     
  19. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I was under the impression that there was a difference between a true LUA (i.e.: not Admin) and an Admin account with UAC turned on?
     
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Pete:

    Well advice was NOT what I provided it was an opinion. Mike's post was good data for OA users of Run Safer. My view is just different, very sorry you don't agree but that the way things go at times!;)

    Can't answer your various How many questions about average users. Last time we ran a poll in this forum most were using advanced features and tweaking here and their so your fears may be .....

    Attached for users who have forgotten how or want to know now is a windows xp screen from the control panel relating to user accounts.

    It just requires a little reading and a click or 2 to set up a limited account not that hard really. In my view again, the labour and knowledge to set Run Safer up in OA is actually trickier as it assumes users know what executables need to have it set. But again this is just my view.
     

    Attached Files:

  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057

    Poll here probably isn't a good measure. Care to guess what you'd get for answers at say the Computer Haven forum. I'd bet far different.
     
  22. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    No not really, don't like guessing much better to know!

    At other forums, the membership and knowledge level would be different than this other FW forum at Wilder's for sure!

    But anyway Pete we are here not there;)
     
  23. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    527
    Location:
    USA
  24. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    Hi Mike,

    Very nice and technical explanation of what “Run Safe” does.

    How different is it from Sandboxie? I mean, they do exactly the same thing or they have different approaches on handling how the browser interacts with malicious web pages?

    Kind regards,

    Carlos
     
  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Carlos,

    Sandboxie and RunSafer are two different beasts. The way SBIE works is basically that when a program that is sandboxed tries to (for example) write to System32, Sandboxie intercepts this and writes it to a different place. The programs in the Sandbox still see this, because it's redirecting both the reads and the writes.

    With runSafer, the operation is denied. It would be fair to say that SBIE tricks a program into thinking it's doing what it wants to (write to system) whereas runsafer limits what the program can do.

    Both are valid approaches.


    Mike
     
Loading...
Thread Status:
Not open for further replies.