I've been watching the thread. It has digressed and taken a thousand different routes.
Windows suxx ! Especially the security part. There's a whole industry built upon that fact. And that ain't no digression...
Last edited by a moderator:
NoVirusThanks OSArmor
- Thread starter Evjl's Rain
- Start date
I've been watching the thread. It has digressed and taken a thousand different routes.
Windows suxx ! Especially the security part. There's a whole industry built upon that fact. And that ain't no digression...
It sure feeds the $$$ of a huge industry trying to secure a virtually unsecurable OS.
Anyway, I really like OSArmor so far, In fact, can I buy the rights to it so I can mold it into something I really need and make it look/feel how I want?
Anyway, I really like OSArmor so far, In fact, can I buy the rights to it so I can mold it into something I really need and make it look/feel how I want?
- Jul 3, 2015
- 8,153
I like it, too.It sure feeds the $$$ of a huge industry trying to secure a virtually unsecurable OS.
Anyway, I really like OSArmor so far, In fact, can I buy the rights to it so I can mold it into something I really need and make it look/feel how I want?
@Andy Ful said that OSA does not yet stand up to his malware testing, although ERP does, which is interesting and also puzzling. But I assume it will be fixed...
You can't make local backups of documents using a USB flash drive ?
They haven't fixed that issue yet ?
I will tell you that the way that all these cloud storage services are implemented, whether it is Google, Microsoft, or others are not perfect. Some are just downright silly. The one that has worked best for me has been DropBox. If I were using Chromebook, I would make a habit of backing stuff up locally on a USB flashdrive - if I did a lot of document work - but I would think Average Joe is not a big document creator.
Last edited by a moderator:
Seems to monitor process creation and I assume that is it, and it uses this one thing for a variety of things. If you look at all the log reports so far, all of them share similarities because its related to process creation log reports being created when the start-up is blocked. The command line details are comprehended by the product and this is used to determine block/allow from the configuration. Since it uses kernel-mode for process monitoring, it'll be using PsSetCreateProcessNotifyRoutineEx 99% certain of that; VoodooShield uses this too but they won't conflict because you can use multiple callbacks among products at the same time, it was designed with compatibility in mind by Microsoft
It can be quite effective depending on situation, doesn't appear to be intrusive but very easily worked UI which is nice. But I don't see it as a behaviour blocker like from actual vendors like Emsisoft, I don't even know why people are comparing such. Because this product doesn't work like the others, it isn't a full blown BB. BBs like Emsisoft will inject and monitor and use a wide variety of callbacks from kernelmode, this app relies on process monitoring for now it would seem to block actions.
so this is more of a HIPS, it doesnt know real bad to good. It just monitors for X and blocks, which is what HIPS does. except other HIPS will have so much more, but this is for monitoring built in OS stuff like bcdedit.exe, wscript.exe, etc.
The app is really good
maybe the dev will explain exactly how it works for you guys but i dont think it should be compared to Emsisoft BB, Dr.Web Katana, or anything alike. because this app has a different purpose. it doesnt care for code injection attacks but it cares for what wscript.exe does and bcdedit.exe command line on spawn, etc
Only thing is that multiple products using kernel-mode callbacks, one has to intercept fast. so there's a queue system (e.g. based on altitude). so when using VoodooShield and this app, one of them will get notifications first than the other... but both will still get them to function, just one will be able to do it before another one. After the callback ends for PsSetCreateProcessNotifyRoutineEx, if the CreationStatus entry in a pointer structure passed to the routine is STATUS_SUCCESS, then the operation continues further down the queue and it only gets blocked if the status code is changed (e.g. STATUS_ACCESS_DENIED,, etc.).
Assuming this app uses this technique from its driver but I don't see why it wouldn't be because thats the standard documented way for x64 support as well, and this app uses a driver. soooo
compatibility issues with products with behavioural detection only tends to show up when both products are doing things like code injection & API hooking, emulation of system service dispatch routines (e.g. KiSystemCallXx with virtualisation) and alike. not for kernel-mode callbacks only if its handled properly... for example F-Secure DeepGuard uses hooks and so does Emsisoft so both Emsisoft BB and F-Secure DeepGuard is likely to conflict. but only if they target the same functions, or if one flags injection attacks from the other AV
Assuming this app uses this technique from its driver but I don't see why it wouldn't be because thats the standard documented way for x64 support as well, and this app uses a driver. soooo
compatibility issues with products with behavioural detection only tends to show up when both products are doing things like code injection & API hooking, emulation of system service dispatch routines (e.g. KiSystemCallXx with virtualisation) and alike. not for kernel-mode callbacks only if its handled properly... for example F-Secure DeepGuard uses hooks and so does Emsisoft so both Emsisoft BB and F-Secure DeepGuard is likely to conflict. but only if they target the same functions, or if one flags injection attacks from the other AV
- Jul 3, 2015
- 8,153
Thanks for the explanations, and I agree with you that it is not a true BB. It is a different animal.
- Dec 23, 2014
- 8,158
It is very simple. The more usable/universal/backward compatible system, the less secure it will be.
So, Windows, in fact, cannot be secure. The same is true for the Internet.
The problem is that most people like usable, universal and backward compatible systems. That is why they constantly complain about security.
The Chromebook is very secure but not universal and usable only for the short spectrum of tasks. Ideal for browsing, social media, document editing, watching films, etc. But not for gaming, not for science applications, not for professional applications, not for programming, and not for many other tasks.
So, yes - Chomebook is very good and highly recommended for many average Joes, but not for all average users.
Furthermore, Windows OS has a great advantage to be with many people from the childhood, so they will not like to leave it for another system.
So, Windows, in fact, cannot be secure. The same is true for the Internet.
The problem is that most people like usable, universal and backward compatible systems. That is why they constantly complain about security.
The Chromebook is very secure but not universal and usable only for the short spectrum of tasks. Ideal for browsing, social media, document editing, watching films, etc. But not for gaming, not for science applications, not for professional applications, not for programming, and not for many other tasks.
So, yes - Chomebook is very good and highly recommended for many average Joes, but not for all average users.
Furthermore, Windows OS has a great advantage to be with many people from the childhood, so they will not like to leave it for another system.
I agree with Andy, you have to decide usability over security or the opposite. More usability = less security. Windows has a ton of stuff by default most people don't even need which just opens up many more attack vectors, too.
- Jul 3, 2015
- 8,153
That is the correct equation. Everyone has to find their sweet spot.
There was some saying Win10 should have been the one that dropped backwards compatibility and enforce a new way of doing things. But alas, it won't happen largely because of the problems involved in implementing this for corporate environments. Can you imagine the cost of say migrating a firm with 1,500 PC's per location to an entirely new environment not backwards compatible? Ouch!
Some say Windows should have established two distinct paths. One for 'average Joe', more secured and completely NOT backwards compatibility. A unique development path for a secured OS, and a second one continuing down the path they are on with Windows 7/8/10. I probably would have made the switch to the new development path one personally and left the old stuff behind.
- Mar 13, 2016
- 1,298
Even with the high number of phising and ransomware emails, I only had calls of two false positives of BD-free from relatives. So call me stupid,but those dark projections are way to pessimistic. Windows is not that bad, otherwise people would complain all the time about it. Yesterday evening I celibrated "a very hippy Christmas" with at least 60 people in a my favorite pub. No one mentioned PC-problems. I heard about relation problems, problems with business, jobs, kids, parents et cetera, but not Windows. So the stupidity of average Joe/Jane and the threat of malware must be overrated.
Happy days
Happy days
- Dec 23, 2014
- 8,158
There is a very simple way to be pretty secure. One has to buy Chromebook (banking + simple daily tasks), the second computer for gaming, and the last for other tasks (usually disconnected from the Internet).
Last edited:
What, is an average user not worthy to use and appreciate this software? You're joking, right? So far, this Average Joe thinks OSArmor is the right stuff for a system running Windows Defender. I don't trust Defender to made adequate distinctions between various Windows processes and their goodness/badness. It's better to have a second set of eyes on the outside, looking in. This is what my primitive little desktop monitoring software tells me, at any rate.
- Dec 23, 2014
- 8,158
Windows cannot be secure, similarly like people cannot be secure from the heart attack. Most MalwareTips members try to find out an ideal medicine to avoid this. And most of us probably will die from the stress of thinking about this.
- Dec 23, 2014
- 8,158
Thanks. Your post has remembered me what is the purpose of this thread.
Please do not be irritated, there are no average Joes here on MalwareTips. Any user that is interested in security problems, is not average from the definition.
Furthermore, the problem is not with being not worthy, but rather with not interested.
Andreas is a developer of Exe Radar Pro, which many of us like very much, but anyway most of our discussion is also true for Exe Radar Pro. Such applications are for the average users like the contemporary art for the average people.
Last edited:
- Jul 3, 2015
- 8,153
Or maybe we could say that the effort we put into security is healthy exercise...And most of us probably will die from the stress of thinking about this.
- Dec 23, 2014
- 8,158
Maybe
But, I am sure it is not so healthy for the OS itself.
I meant that some of us are killing the system more efficiently than the malware.
Last edited:
- Jan 17, 2014
- 487
Does this program monitor and then block (if found souspicious) executable files? or does it just block if activated through a exploit or parent process?
"Windows is not that bad"
LOL
Probably more than half of IT Pros disagree with you. The remainder are catatonic from the horror Windows has put them through.
Average Joe is not stupid, he\she is just uninformed and uneducated on the convoluted mess that is Windows. Not his\her fault. It's Microsoft's fault if you ask me.
Check out support requests and you will get an idea of where Average Joe is at - he\she is figuratively somewhere between Pluto and the Oort Cloud in terms of being able to decipher and cope with Windows and its security.
Security and malware are not even a priority for Average Joe.
Last edited by a moderator:
Similar threads
