Your opinion of Online Armor Personal Firewall

Discussion in 'other firewalls' started by ratchet, Nov 25, 2007.

Thread Status:
Not open for further replies.
  1. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,249
    Location:
    New England
    I'd have to disagree with this as well. I use an older sandbox application and it also verifies checksums and alerts when a program changes. The reason is simple - as a "trusted program" you have given it certain rights that non-trusted programs don't have. Since there are a lot of malware that either modify or replace known programs, they could overwrite a trusted executable and therefore get all the rights that your HIPS or firewall allows that program. A checksum verification is to prevent and alert that a "now different" program than was originally approved is trying to use those trusted settings.

    I think that there is a different feature that would be more appropriate for getting the functionality you want, rather than weakening the entire "trusted" program capability and possibly allowing malware to slip past, that would be some sort of exclusion capability.

    I think OA has the ability to exclude programs or maybe just directories...

    http://support.online-armor.com/forums/viewtopic.php?p=19842

    If you feel something is so trusted that you don't want the HIPS or firewall to alert you about it, then excluding it might accomplish what you want. I'd rather a vendor provide that kind of capability versus allowing any and all trusted programs to change without any type of alert or notice. Heck, notepad could be replaced with a trojan and since most people automatically assume notepad is okay, the trojan would run fully trusted.
     
  2. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Good point.

    Thats only the paid version.
     
    Last edited by a moderator: Jan 26, 2008
  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I agree with Pete and Low as well.

    In order to optimize the HIPS in OA the user must be in advanced mode:

    In that mode in addition to run safer there are 9 permissions possible and 3 settings within each of those, ask, allow and block.

    As well, the user can use 5 protection settings on or off.

    So if a user fully trusts a program he can allow all 9 and turn on 5 permissions and not use run safer.

    Then save those settings and away you go.

    But if this freedom was allowed to all programs on my system I may as well remove/ disable the HIPS entirely.

    NOT RECOMMENDED.

    My thought would be to have a gamer high risk PC with nothing NB on it.

    Then my other secure PC would be for real life use not games.

    IMHO
     
  4. Jon_T

    Jon_T Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    38
    Hi Escalader,

    Are you referring to the Program Guard Advanced Options?

    If so, you do not need to be in OA's "Advanced Mode" to use these settings. I'm still using OA Free and just go to OA's Programs and right-click on program (row) and click the "Advanced options" from the context menu.


    Unfortunately for me OA's Help "Descriptions" for the "Program Guard Advanced Options" does not provide enough info on how/when to use the Program Guard Advanced Options.

    Also, unless they've made changes to recent beta versions, per Mike Nash:
    "If the program is trusted OA will simply give it whatever permissions it requests - after all - it's trusted. So, advanced mode options don't really apply to a trusted app."
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,081
    Location:
    USA
    One malware attack vector is to replace and then pretend to be a valid executable. If a valid file is replaced by a malware program with the same name don't you want your security software to warn you that the file has changed?
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia

    Working on it :)
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    On the paid version ( not the +AV) I should not have said "need" since when user switches into standard mode he/she can still adjust/tweak/optimize the "advanced" options on programs. A bit confusing advanced within standard.




    On this point again the free options I'm unsure of. In the paid versions the user CAN tick a box and unhide all the programs. One they are visible, the user can adjust the "advanced" settings. I have done it with FF and IE 7.

    There is some guidance on the browser settings in my learning thread here, have a look.
     
  8. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Quick questions:

    1) does it limit Gigabit ethernet throughput (many heavy FW do, even some light ones like Kerio 2.x does)

    2) When under a heavy traffic (incoming outgoing in multiple hundreds) - does it use a lot of cpu time (how much % avg of a single core)

    3) What is the maximum memory usage for a system that is almost always on (no reboots) and is constantly under heavy network load?

    I understand that the "network speed" issue was resolved with the latest beta, but my questions are a bit more specific in their nature.

    Anyone?

    This FW looks really interesting.
     
  9. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Once the firewall rules have set themselves up, and provide you are not logging the traffice with OA, you should not notice any slowdown.

    Tested with torrents for example by many, and found that with the next release again - hardly any CPU subject to it setting up the rules and not logging the traffic.

    I reboot my machines (well, turn them off) when not in use, so I haven't any real data here... however, I think these tests would be interesting so we might get someone to get some real figures.
     
  10. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Thanks for the comment Mike.

    I will probably test this for my next build later this spring. Very promising piece of sw.
     
  11. greenhorn113

    greenhorn113 Registered Member

    Joined:
    Nov 14, 2006
    Posts:
    149
    Location:
    England
    My 2 cents, I have been using the free version for a while now and todate has worked flawlessly on my XP Pro system with Kav 7.0.1.321 and a-squared anti malware running real time that today I purchased a 2 year licence of the suite, so hopefully I can forget trying different firewalls and I have tried most,I guess its a thumbs up from me
     
  12. danny9

    danny9 Departed Friend

    Joined:
    Feb 18, 2004
    Posts:
    678
    Location:
    Clinton Twp. Mi
    The same here. Tried the free and worked so well that I bought it also.:thumb:
     
  13. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,674
    Well everyting seems to be running smooth as of right now.
    Just recently swiched from Look'n'Stop to Online Armor.
    I like the added HIPS also.I've used SSM,ProSecurity and some others,always to many popups though.
    I bought OA back in version1 but removed it after a while.(don't remember why)
    But OA v2, Avira and GeSWall in realtime is working for me.
    With an occasinal scan with Prevx CSI and SuperAntiSpyware. :D

    So my opinion of Online Armor
    :thumb: :thumb: Two thumbs up. :cool:
     
  14. lassar

    lassar Registered Member

    Joined:
    Feb 14, 2008
    Posts:
    2
    It looks easy to use. But I found it resource heavy as far as dos programs are
    concerned. It made my dos program run at a stand still.
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    You posted that in another topic as well.
    Maybe you can post it a third time but then with facts and figures?
    And what is dos? Or do you mean Disk Operating System?

    Gerard
     
  16. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Yes I think he means DOS from 1995 computers.:eek:
     
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Hi Lassar,

    I answered you over at the OA Forums - I request you to install the latest pre-release beta of OA. It's stable , just not quite release ready - there were some issues in the released build of OA and we're working towards solving them all prior to release.


    Mike
     
  18. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I have just bought Online Armour 2.1.0.85 and it certainly looks very good.

    I'm not sure how many of the features I will actually want to use. On an old machine having everything turned on slows program launches down ( Example Paperport will open in 6.5 sec but with OA it takes 11secs) So Initially I will only want the Firewall. If I want to install on other machines is the free version just as good if I only use the Firewall ? or would I need to buy more copies.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I would test it an see. Also there is a family version. You could PM Mike Nash about upgrading and see what he says.

    Pete
     
  20. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Thanks Peter - I have a number of things to test.

    Just ran a file system scan and 2 files were picked up as untrusted.
    (1) called £59,800 25 years assuming 12% interest rate is a quicken quote saved as a text file in 2002 (2) The other was a word doc that I had type some passwords. 2006 No other program has ever questioned these files

    Is the program picking up on file names or content ?
     
  21. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    This scan is done with the AV+ version I think (since you bought the product I'm guessing you bought the one including AV scanner)?
     
  22. clint7

    clint7 Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    27
    Location:
    Ky. USA
    Best on the block. I have tried several and this is the best. Go to http://Tallemu.com for info. Special promo right now on paid version. $15 off with OAFEB promo code
     
  23. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
  24. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
  25. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    Hm, not just my system. 3 other people faced the same problem:

    http://support.online-armor.com/forums/viewtopic.php?t=3316

    If you read the thread at OA forum they say build 95 should resolve this. It did not.

    Any chance to get the money back so I can buy a decent product?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.