NoVirusThanks OSArmor

Discussion in 'NoVirusThanks' started by Evjl's Rain, Dec 17, 2017.

  1. NoVirusThanks

    NoVirusThanks From NoVirusThanks
    Developer

    Aug 23, 2012
    55
    738
    Italy
    Windows 10
    Av Gurus, AtlBo, simmerskool and 8 others like this.
  2. l0rdraiden

    l0rdraiden Level 1

    Jul 28, 2017
    48
    68
    World
    I see, so the popups are not the standard hips popups like ERP, allow/block/(Sandbox), the detections are blocked by default.
    The problem I see with this, for example, you are installing a complex software lets say Autocad and during the installation something legit is blocked automatically you will need to add it to the white-list manually and reinstall the software, this is an inconvenience for many.
    Do you plan to release standard popups with allow, block options, and information about what is suspicious (file, location, process, script code,...) and why (rule/s triggered)
    Something like this:
    https://malwaretips.com/attachments/spyshelter-firewall-anti-exe-png.71658/
    http://www.tystechtalk.com/wp-content/uploads/2015/10/WarningScreen.png

    BTW I have read here Whitelist Applications, Allow & Block Processes with EXE Radar Pro | NoVirusThanks that you are about to release ERP v4, what new features it will have? will OSArmor be merged with ERP?
     
    Sunshine-boy and Andy Ful like this.
  3. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    1. Disable
    2. Install genuine software
    3. Re-enable

    Lower the config to your liking to reduce FPs as well.
     
  4. l0rdraiden

    l0rdraiden Level 1

    Jul 28, 2017
    48
    68
    World
    So I have to remember and do a manual operation every time I want to install a new software? yes, very operative.
     
    Sunshine-boy and Andy Ful like this.
  5. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    It's a lock-down sort of utility. It hardens your security configuration by blocking specific activity on the OS environment and you can lower/harden the configuration to your own needs. As long as there is a button to temporarily disable then there isn't an issue IMO just one click & one click after.

    Wasn't this added recently? I am not sure as I don't have it installed right now but if not it probably will be.

    Traditional AV might be easier to use in terms of expectations for FPs but this utility covers a lot a traditional AV doesn't either so it goes both ways
     
  6. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,108
    4,743
    business
    Poland
    Windows 10
    Microsoft
    I think that both @Opcode and @l0rdraiden views can be easily adopted by an option in OSArmor configuration. The default option will be "Block" (for inexperienced users). One can choose the "Prompt" configuration option to have a prompt-type alert.:)
     
  7. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    I think a prompt-type alert would be better as well, as long as there's a protection temporary disable button as well. Both of those and then it's balanced imo :)
     
  8. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    You won't get a block with most software. If you are installing security software, then yes, temporarily disable it. Remember, only geeks install security software a lot.
     
  9. Peter2150

    Peter2150 Level 6

    Oct 24, 2015
    281
    814
    Washington DC
    Windows 7
    Emsisoft
    The whole object here is for inexperienced users to have a set and forget setup. More options only defeat that purpose
     
  10. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    Good point.

    Me and other users sure hope they will add a GUI for making exceptions. This is a different point, I am just mentioning it here for no good reason.
     
  11. l0rdraiden

    l0rdraiden Level 1

    Jul 28, 2017
    48
    68
    World
    The object of the product is set by the product owner.
    Inexperienced users that can not properly handle FP's...

    that is a contradiction, "set a forget", "inexperience users", and a BB that may produce easily FP's without a proper work around or an easy way to whitelist.
     
    Andy Ful likes this.
  12. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,108
    4,743
    business
    Poland
    Windows 10
    Microsoft
    OSArmor can be set and forget setup in default settings. But it can be also used to restrict the system more tightly when using prompt-type alerts (user settings). Inexperienced users will not use the prompt-type option.
     
  13. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,179
    5,210
    IRAN
    Windows 10
    ESET
    +1 for This feature.NoVirusThanks, not everyone can handle the text file -_- pls create a GUI for making exceptions.Many thanks:p
     
  14. Windows_Security

    Windows_Security Level 13
    Content Creator Trusted

    Mar 13, 2016
    615
    2,885
    Holland
    Windows 7
    Default-Deny
    #334 Windows_Security, Jan 3, 2018
    Last edited: Jan 3, 2018
    People should not intend to use this program as a HIPS with block-ask-allow functionality. There is a lot of knowledge put into the block rules. Remember one configuration option could well be sixty block rules. This makes the action-response nontransparent for all people not knowing what the internal rules are. Without cause-effect knowledge every response to a pop-up is an educated guess.

    The brilliance of OS Armor is that you het Andreas knowledge to harden your system. When you start to experiment with own rules and enabling optional rules, there are two cooks working on the same meal. One is a chef with Michelin star (Andreas) and the other (most members on this forum including me) are wannabee amateur cooks dreaming of a master chef title. You know what they say about to many cooks (spoiling the broth). So I agree with Peter

     
  15. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,108
    4,743
    business
    Poland
    Windows 10
    Microsoft
    I am afraid that in the present form OSArmor is not only for inexperienced users. We have 24 options unticked by default (there will be more for sure), <Manage Exclusions> and <Custom Block-Rules> buttons. So in fact, OSArmor is rather for Malwaretips members, than for inexperienced users. Maybe after creating the final version of OSArmor, it would be possible to create OSArmor_Lite, as a one-click setup and forget program. Creating the functional BB program for the inexperienced users is much harder than for more experienced ones.:)
     
  16. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    Well an inexperienced user isn't going to be looking for a BB anyway. If they are, they aren't "inexperienced". A true inexperienced user probably won't even know what BB stands for let alone what a Behavior Blocker really is and how it works
     
  17. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,108
    4,743
    business
    Poland
    Windows 10
    Microsoft
    #337 Andy Ful, Jan 3, 2018
    Last edited: Jan 3, 2018
    Yes, we should differentiate between looking/installing a security program and using a 'setup & forget' one.
    OSArmor_Lite could be used by an inexperienced user, probably after finding/installing it by the more experienced one.
    I think that inexperienced user would have the same problem with EAM.
    .
    Edit.
    Anyway, EAM has a big advantage of using a reputation cloud.
     
    simmerskool, NoVirusThanks and Opcode like this.
  18. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,108
    4,743
    business
    Poland
    Windows 10
    Microsoft
    I think, that one feature will be needed to make OSArmor close to the 'setup & forget' model. It should have automatic learning mode (like NVT ERP).
     
  19. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    #339 Opcode, Jan 3, 2018
    Last edited: Jan 3, 2018
    Well it's completely different and I'd say it's actually adapted like a proper BB. I consider NVT OSArmor a BB but a different type because it works differently.

    NVT OSArmor is more like a HIPS using OS abuses to block malware. For example, monitoring behaviors for Temp folders, bcdedit usage, etc. Whereas the Emsisoft BB is more automatic resolving and has checks in place to help it determine good from bad, as well as a monitoring scope for behavior which is more used in genuine malicious software (e.g. attacking of the MBR, file encryption, etc.).

    NVT OSArmor FPs can be lowered with a custom configuration but NVT OSArmor is currently completely unknown in its mind to how accurate the detection is, like a HIPS which just monitors and alerts/blocks based on configuration. Unlike the Emsisoft BB which won't necessarily block, has a cloud network which is damn huge to not monitor known and reputable software, built-in characteristic checks, etc.

    Both of them work completely differently but at the same time both of them are great. I'm a big fan of this application but I really cannot see a true average inexperienced user using it. It just won't work well.

    Emsisoft dropped Mamutu because they had hardly any users, not enough to cover costings. EAM is popular with inexperienced as well because it isn't just a BB, it's a full AM suite which makes it appropriate. People can install and forget and be protected by real-time protection, web protection, and zero-day dynamic protection which is tuned for auto-resolving more and designed to be less intrusive now (thanks to their cloud and other factors). If you take the Emsisoft BB without the cloud network integration, built-in checks to decide on decisions/monitoring and make it standalone, only geeks will use it.

    People can say that inexperienced users rely on anti-executable like VoodooShield, NVT ERP, etc. But it just really is hard for me to believe because I have never even heard any inexperienced user, or any person who is not on this or one other maximum 2 forums even reference to such software. Not those specifically, but those types of software in general.

    This is why AV software isn't dead yet, despite it not being the best always with up to date techniques. It explains why vendors like Panda are still selling and making a mint, or why Avira did fine with sales with mainly signatures for so long. Why Bitdefender still makes a mint from their SDK.... Etc.... Because despite all these free great apps from NVT and other developers, an inexperienced user won't even know of them, let alone what they are or how they work.

    Comodo make most their money from their other services like certificates for SSL and kernel-mode software signing, they even made their auto-sandbox free with the Firewall. Inexperienced average users won't install that and answer alerts or learn how to use the sandbox... They will go straight to Avast Free, probably upgrade after seeing the ads about improved security on the UI (Avast marketing), or purchase Norton/McAfee which came with their PC as a trial. They don't bother making it premium only because they know it won't do that much for income and they already make enough income from other higher priority services

    It's been like this since the start and I doubt it'll change anytime soon because people who need to learn don't find the time to do so or have interest in doing so. And you find these awesome software like OSArmor by learning and wanting to learn, and using software like this really will strengthen your OS and keep you safer, but it isn't everyone's cup of tea. Certainly not an average user who wants to be click happy, but still wants to be protected (which can't happen and it'll be a hit and miss scenario each time they are click happy)

    Look at HitmanPro.Alert. How many average inexperienced users do you think are using it, and are using Wilders to submit logs with details like a call stack? They won't understand any of it. SOPHOS bought out Surf-right and added the tech to their end-point protection, knowing that businesses tend to delay updates or don't even bother until checks are made to prevent breakages - and do have admins to manage it. The rest of the constant user base are mostly forum users who already know a lot or at least think they do and are willing to communicate online about bugs. A true inexperienced home user? Yeah they won't even know they can send the reports on a forum like this.
     
  20. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    But a set and forget in case an average inexperienced user was interested would still be good and probably useful to even experienced users*

    Just the chances of it actually being actively used by inexperienced users is so low. Not because the app is bad, it really isn't, this app is great. But because of how inexperienced users are, not wanting to learn/understand/not having the time to do so even if they wanted,among many other factors
     
Loading...
Similar Threads Forum Date
Video Review OSArmor by NoVirusThanks- An Overview Video Reviews Jan 12, 2018
Hello from NoVirusThanks New Member Introductions Dec 17, 2017
NoVirusThanks YaGuard Other Security for Windows Apr 18, 2017