NoVirusThanks OSArmor

[Deleted member 178]

Personally i have just OSA on one machine and i plan to add ERP v4 to it once the issue with multiple accounts will be fixed.

I just added the exclusion of OSA to KIS

That is the mandatory step to do when combo-ing.

 

[shmu26]

I've been testing it with KTS2019beta and with KTS2018e, I already reported a blocking with "Kaspersky Protection" extension for Chrome in previous builds of OSA which was already fixed, and currently seems to work fine so far

Yeah, I saw you reported that block. It inspired me to try OSA with Norton Family, and I expected to see a similar block, from the NF Chrome extension. To my surprise, OSA did not block it.

 

[shmu26]

Personally i have just OSA on one machine and i plan to add ERP v4 to it once the issue with multiple accounts will be fixed.

I was running OSA and ERP 3 in a virtual machine (VMware) for a while. At first, everything was fine, but after some time, I started to have weird problems with logging into my user account (admin). I needed to do a hard shutdown on the virtual machine (in Vmware they call it "Reset"), in order to fix it. Eventually, I had to uninstall ERP, as I was unable to pinpoint the conflict. I think the issues with ERP had to do with VMware and not with OSA, but I am really just guessing.

 

[Deleted member 178]

I do all my testings on a older laptop with real system using Rollback RX as fail-safe. So when i will got my hands on ERP v4 i will check the compatibility between both.

 

[Windows_Security]

I don't want t comparison between them. Basically I am already using Emsisoft Anti-malware. But OSArmor looks promising. So was thing whether it will add any value if I run both of them.

EAM true behavioral blocker vs OS-Armor rules based execution monitor.

EAM has a true behavioral blocker component, meaning that when a rule is trggered the process might not be blocked, but the next rule violation might. OS-Armor is more like a rules based HIPS. When one of its 60+ rules is triggered a process will be blocked, EAM vs OS_Armor = stacked rules versus single rules, so 1-0 for EAM

EAM does look at a lot more atttack vectors than OS_Armor, so 2-0 for EAM

EAM has more than a decade experience in False Positives fine tuning, so 3-0 for EAM

SO I doubt whether OS Armor adds real protection to your setup (with EAM). When you use a free Anti-Virus without BB-component (e.g. like paid EAM) or rules based HIPS (e.g. like paid ESET), OS_Armor is a great free VALUABLE addition to your free setup.

 

[Evjl's Rain]

SO I doubt whether OS Armor adds real protection to your setup (with EAM).

but OSA has a very valuable default-deny feature that can block wscript, java and powershell which EAM fails sometimes
also many more
I think OSA does add something to EAM. OSA is like a light-weight SRP + HIPS-like BB
it's in its initial stage of developer so we can expect some improvements in the future

 

[shmu26]

EAM true behavioral blocker vs OS-Armor rules based execution monitor.

EAM has a true behavioral blocker component, meaning that when a rule is trggered the process might not be blocked, but the next rule violation might. OS-Armor is more like a rules based HIPS. When one of its 60+ rules is triggered a process will be blocked, EAM vs OS_Armor = stacked rules versus single rules, so 1-0 for EAM

EAM does look at a lot more atttack vectors than OS_Armor, so 2-0 for EAM

EAM has more than a decade experience in False Positives fine tuning, so 3-0 for EAM

SO I doubt whether OS Armor adds real protection to your setup (with EAM).

Despite EAM's maturity, and its differing techniques, if you just go down the list of things that OSA blocks, you will find a lot of things that EAM does not block at default settings. And testing of the softwares shows that to be true. Now, I heartily agree there are lots of things that EAM blocks, and OSA doesn't. Nevertheless, it seems clear that OSA will add protections that EAM does not have at default settings.

EDIT: I didn't see @Evjl's Rain's post, I am basically saying the same as him.

 

[Andy Ful]

It will add protection. It will also add false positives.

False positives may be a huge problem, I think. The malware files evolve and try behaving similarly to normal applications. The good BB should block many malicious files, but also will block many normal files, except when it adopts something like file reputation cloud (like EAM) and learning mode (like Exe Radar).
Of course for some people, the above is not necessary, because they are sufficiently educated to find out false positives and apply exclusion rules. But, most people will stop using OSA after first false positive.

 

[Deleted member 178]

And remember how behave Average Joe:

- the firewall prevent me to connect to internet = i ditch the FW
- the AV block me to use this keygen = i turn off the AV
- the AV block this program i like = i ditch the AV.
- etc...etc...etc...

Average Joe don't want best security, they want silent security while keep doing what they like. They won't waste a minute figuring what option in the software block this or that, they just want it to work, if it can't work the way they want, they ditch it. simple as that.

OSA has a lot of potential, it just need to be polished to avoid FPs.

 

[509322]

And remember how behave Average Joe:

- the firewall prevent me to connect to internet = i ditch the FW
- the AV block me to use this keygen = i turn off the AV
- the AV block this program i like = i ditch the AV.
- etc...etc...etc...

Average Joe don't want best security, they want silent security while keep doing what they like. They won't waste a minute figuring what option in the software block this or that, they just want it to work, if it can't work the way they want, they ditch it. simple as that.

OSA has a lot of potential, it just need to be polished to avoid FPs.

• Average Joe does not know MT and Wilders exists.
• Average Joe is not going to install NVTOSA.

Average Joe is absolutely clueless. Average Joe will scream bloody murder when security soft allows infection. All Average Joe knows is that he paid for security soft, and security soft failed. When security soft does protect system, Average Joe doesn't know what to make of it. All he knows is something is blocked. If it is something Average Joe wants to run, he is going to find a way to allow it. All Average Joe knows is that security soft is an annoyance. In the end, Average Joe might infect himself.

In the United States, security softs are in the top 10 of all products with customer dissatisfaction - with the highest rates of consumer complaints. Do you think that a significant portion of that does not have to do with the consumer not understanding a whole lot about how security softs and their support works ? Unexpected behaviors alone are a leading cause of consumer complaints with security softs. How often do consumers blame Windows problems on installed 3rd-party security softs ? I could list a lot of other things.

Like I keep saying, Average Joe is the problem - because he is ignorant; the security soft is not the problem. Sure, security softs are part of the problem, but in the vast majority of the cases, Average Joe is the problem.

There is no substitute for user knowledge and experience, and until users are somehow brought out of the dark ages it will be a pathetic state of affairs as it has always been.

A lot of people don't want to hear this, but it is the truth.

 

[Andy Ful]

NVT OSA is not a security that average user is going to install and configure. This is also true for all default deny software.
It would be good if OSA could be configured and adjusted by a more experienced user, and would run silently on the computer of an average user.
So, the most important thing is finding the way to avoid false positives and eliminate the possibility to block anything that could crush/destabilize Windows OS or block system/software updates.
That will be hardly possible for the universal BB that has a wide spectrum of tasks. Furthermore, most popular AVs have a kind of BB too, that will overlap and sometimes will conflict with OSA. Also, most 0-day executables propagate thanks to malicious scripts/scriptlets and malicious websites.
The average user would gain much if OSA could focus on safe macros/script/scriptlets/sponsors blocking.
.
Edit
By sponsors, I mean the legitimate programs used in malware attacks like: bitsadmin.exe, csc.exe, wcscript.exe, cscript.exe, mshta.exe, powershell.exe, etc .

 

[ForgottenSeer 58943]

Andy has a good point - a way to make it configurable to run silently on 'average Joe' computer where we can cut and run with it. I used to use Geek Superhero/Desktop Armor in this fashion. I probably purchased 50 copies of that thing and installed it to run silently in the background and it was a significant defense against common annoyance malware at the time. Some folks might remember, browser hijacks, BHO's, Proxy Changes, Host File Hijacks, etc. It would be pretty interesting to have something like OSA to deploy in such a fashion to take care of things AV's generally don't handle well, while not impacting the overall system operation.

With that being said, so far OSA works with FortiClient without any noted incompatibilities. However there is possibly some redundancy since FortiClient Exploit Protection has some crossover with OSA in some categories like Powershell, Windows Script Host, etc. That will probably need to be tested. I hasten to run much with FortiClient these days since FortiClient 5.6.2 added features equivalent to many security suites and implemented anti-exploit. But so far OSA feels light as a feather and doesn't prompt any conflicts with FC.

 

[509322]

Windows is an OS that the average person is ill prepared to use. Microsoft designed it for IT pros. OEMs package the Home version on PCs because that is what Microsoft has given them for the average PC consumer.

I'll keep saying it over-and-over, it is a pathetic state of affairs.

The average person would be better served by using Chromebook.

 

[shmu26]

Windows is an OS that the average person is ill prepared to use. Microsoft designed it for IT pros. OEMs package the Home version on PCs because that is what Microsoft has given them for the average PC consumer.

I'll keep saying it over-and-over, it is a pathetic state of affairs.

The average person would be better served by using Chromebook.

If you use Chromebook, then your docs are Google docs. And if they are Google docs, then they are locked inside the Google web environment. All you will have on your PC is a link, not a file. Even if you enable Google Docs Offline, it hides your files and encrypts them so you have no access to your files other than through the Google Docs interface. That makes me feel pretty helpless.

 

[509322]

If you use Chromebook, then your docs are Google docs. And if they are Google docs, then they are locked inside the Google web environment. All you will have on your PC is a link, not a file. Even if you enable Google Docs Offline, it hides your files and encrypts them so you have no access to your files other than through the Google Docs interface. That makes me feel pretty helpless.

You users want everything your way while at the same time want absolute security. You just can't have it that way.

If you want one, then you must sacrifice the other. However, Chromebook offers a pretty good balance. Actually, a lot of the protection is simply because no one is targeting Chromebook. Plus, a lot of stuff shipped with Windows nobody actually needs it. Users think they need it, but in reality they don't need it. It is some kind of user syndrome - there's no name for it. It's one of the many user syndromes.

Chromebook provides better security than Windows for the average user that is woefully ill prepared to deal with Windows' security and usability inadequacies.

Average Joe needs simple and that is the whole point of Chromebook. Windows is nothing but a convoluted mess.

The whole "I won't use Chromebook because of privacy" is a bogus argument because Microsoft\Windows is no better than Google when it comes to privacy.

 

[Mr.X]

Windows is nothing but a convoluted mess.

Oh yes...

 

[509322]

Oh yes...

Instead of it getting better, Microsoft makes the convoluted mess painfully worse with each new major version. Windows 10 and updated programs are torture - not to mention virtually nothing is documented.

Average Joe is better off using Chromebook.

 

[shmu26]

The whole "I won't use Chromebook because of privacy" is a bogus argument because Microsoft\Windows is no better than Google when it comes to privacy.

I don't suffer from the privacy phobia, but I do think I have the right to manage my own personal docs, and not be dependent on Google's pathetically flawed syncing engine. There are plenty of horror stories on the Google forum about people who lost hours or days of work etc when their PC went back on line, because Google misread the time stamp, and permanently deleted the "old" offline version.

 

[ForgottenSeer 58943]

Windows is an OS that the average person is ill prepared to use. Microsoft designed it for IT pros. OEMs package the Home version on PCs because that is what Microsoft has given them for the average PC consumer.

I'll keep saying it over-and-over, it is a pathetic state of affairs.

The average person would be better served by using Chromebook.

Windows is difficult to secure and highly vulnerable for the average user. I will go so far as to say the average joe running Windows is 'reckless' in the modern age. I have NOT in the last 12-18 months touched an 'average joe' PC that wasn't compromised. Period. I'm speaking outside of an enterprise environment of course. But the biggest problem we are seeing is BYOD.. We can secure an 'average job' behind our network security protocols, AD, Radius A, UTM and toss an enterprise AV on and they are fairly safe. But what we see now more than ever is they take that device home, plug it into their Netgear router and start surfing and downloading stuff and they bring it back to the enterprise environment after a weekend of that and it is infected/hijacked/compromised. We've seen this THOUSANDS of times in the last 12-18 months.

It's really the worst possible choice for average folks who would be better served by a different OS. Linux isn't much better because it often requires command line operations, has some major hardware incompatibilities and can present other challenges. That pretty much leaves ChromeOS (with it's other issues, like privacy which really are no different than Microsoft) for your average Joe. The state of affairs is pathetic right now. BIG TIME. We need more players in the OS marketplace. We need more fire and forget solutions for the average Joe.

Microsoft is and continues to be epic fail in providing anything remotely resembling a secure OS. It's their fault. Their lust for incessant telemetry, over the top logging, and the large bureaucracy of their development all contribute to it. But if I was a conspiracy nut I would say it all almost appears too convenient, like they are serving up a compromised OS at the behest of US Intelligence to simply get the world to run compromised OS. Suppressing any hope of a viable, secure alternative for the most part. Personally - I think their code is such a mess they are lost in space with it. Their development system is so flawed they don't even know how to fix it. The right hand doesn't know what the left is doing.

 

[shmu26]

But we digress...