Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 707105"><p>You're taking it out of context though.</p><p></p><p>NoVirusThanks OSArmor prevents execution of processes, it cannot and will not intercept anything else other than process execution. That is it, process execution interception which is handled system-wide via a kernel-mode device driver. Nothing more, nothing less. And it does it brilliantly, whilst demonstrating how effective filtering of process execution can really be when you put your mind to it. The configuration decides if specific processes can be executed or not entirely/with specific command line arguments, that is how the product works.</p><p></p><p>It does not intercept the file-system activity carried out by processes, the same way it doesn't protect the Master Boot Record. It simply is not designed to behave in this way, it blocks suspicious processes/process execution based on the configuration and it all evolves around blocking process X due to a rule (e.g. prevent execution from folder X) or the command line arguments for a process like bcdedit.exe.</p><p></p><p>Normal standalone anti-ransomware utilities tend to do things such as monitor how a program is accessing the file-system. For example, has a program just started enumerating through user documents and is now trying to write to such documents? Has the buffer of a document been read into memory, modified, and now the modified buffer is being written back to the file? Is the Master Boot Record being attacked?</p><p></p><p>If you want to compare this product to a product like RansomOff Anti-Ransomware, CheckMAL's AppCheck Anti-Ransomware, Kaspersky Anti-Ransomware then be my guest but it's completely pointless and makes no sense because it is not remotely close to any of them in terms of how it works. It's like trying to compare pasta to pizza... You might prefer one over the other but at the end of the day it is preference - one might be "better" in terms of "health" but to you as a person the other might be better for "taste" and a year later new research could suggest that the previously-deemed worse one is actually better.</p><p></p><p>NoVirusThanks OSArmor doesn't prevent a specific type of malware. The configuration provides the ability to block many different types of malware however it depends on forever changing factors such as the configuration being used and the attack in question (how the attack works) and the current circumstances on the environment. If you set the configuration to prevent usage of bcdedit.exe and then a ransomware sample were to mess with bcdedit.exe (highly unlikely but as an example) then this part of the payload would be stopped and this could happen before the encryption procedure - now the sample might not continue further, or it could continue it's payload anyway. Another example would be the location a Trojan Dropper has dropped to - execution of the dropped binary may be prevented due to the configuration regardless of whether it is even malicious or not, but it could have been malicious and could have been anything from a launcher for a rootkit to ransomware or adware.</p><p></p><p>A configuration with NVT OSArmor may lead to malicious software which went undetected to other products, and vice-versa. There's different factors which simply make it unpredictable. You could say that it is "good" at blocking X but a new day could change all of that because APTs are changing constantly - and the same goes for every other product out there.</p><p></p><p>It's a good concept, it's a good product, and it will keep improving. Whether it will benefit you at keeping your system safe depends on other mitigations being used as well as the setup configuration for the product (not to mention other factors such as your habits which always stands). It's not "better" than standalone utilities designed to prevent specific malware types and it's neither "worse". It's unpredictable. A new day or a new week could turn the tables of the results.</p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 707105"] You're taking it out of context though. NoVirusThanks OSArmor prevents execution of processes, it cannot and will not intercept anything else other than process execution. That is it, process execution interception which is handled system-wide via a kernel-mode device driver. Nothing more, nothing less. And it does it brilliantly, whilst demonstrating how effective filtering of process execution can really be when you put your mind to it. The configuration decides if specific processes can be executed or not entirely/with specific command line arguments, that is how the product works. It does not intercept the file-system activity carried out by processes, the same way it doesn't protect the Master Boot Record. It simply is not designed to behave in this way, it blocks suspicious processes/process execution based on the configuration and it all evolves around blocking process X due to a rule (e.g. prevent execution from folder X) or the command line arguments for a process like bcdedit.exe. Normal standalone anti-ransomware utilities tend to do things such as monitor how a program is accessing the file-system. For example, has a program just started enumerating through user documents and is now trying to write to such documents? Has the buffer of a document been read into memory, modified, and now the modified buffer is being written back to the file? Is the Master Boot Record being attacked? If you want to compare this product to a product like RansomOff Anti-Ransomware, CheckMAL's AppCheck Anti-Ransomware, Kaspersky Anti-Ransomware then be my guest but it's completely pointless and makes no sense because it is not remotely close to any of them in terms of how it works. It's like trying to compare pasta to pizza... You might prefer one over the other but at the end of the day it is preference - one might be "better" in terms of "health" but to you as a person the other might be better for "taste" and a year later new research could suggest that the previously-deemed worse one is actually better. NoVirusThanks OSArmor doesn't prevent a specific type of malware. The configuration provides the ability to block many different types of malware however it depends on forever changing factors such as the configuration being used and the attack in question (how the attack works) and the current circumstances on the environment. If you set the configuration to prevent usage of bcdedit.exe and then a ransomware sample were to mess with bcdedit.exe (highly unlikely but as an example) then this part of the payload would be stopped and this could happen before the encryption procedure - now the sample might not continue further, or it could continue it's payload anyway. Another example would be the location a Trojan Dropper has dropped to - execution of the dropped binary may be prevented due to the configuration regardless of whether it is even malicious or not, but it could have been malicious and could have been anything from a launcher for a rootkit to ransomware or adware. A configuration with NVT OSArmor may lead to malicious software which went undetected to other products, and vice-versa. There's different factors which simply make it unpredictable. You could say that it is "good" at blocking X but a new day could change all of that because APTs are changing constantly - and the same goes for every other product out there. It's a good concept, it's a good product, and it will keep improving. Whether it will benefit you at keeping your system safe depends on other mitigations being used as well as the setup configuration for the product (not to mention other factors such as your habits which always stands). It's not "better" than standalone utilities designed to prevent specific malware types and it's neither "worse". It's unpredictable. A new day or a new week could turn the tables of the results. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
