App Review OSArmor by NoVirusThanks- An Overview

[cruelsister]

This was a greater pain to do than others due to the complexity of OSA.

I really hope all is clear.

 

[Peter2150]

Excellent video and the music was also great For an unfinished product, not bad at all

 

[AtlBo]

@cruelsister. Hello and great video again thanks. Did you have the wannacry patch on W7 for the XDATA test? After I saw your test, I looked around and realized it uses Eternal Blue (I think it does anyway). I don't know if the patch would have helped anyway with the malware, maybe just kept it from spreading across a network idk...

 

[bribon77]

excellent video, as always very didactic and easy to understand.

 

[Deleted member 178]

Isn't WinDef on win7 being at best an anti-spyware?

 

[Chimaira]

Isn't WinDef on win7 being at best an anti-spyware?

Yeah Defender on Win7 vs Win10 are similar only in name. That isn't to say Defender on Win10 would have done much better but they are different in the security they provide.

 

[cruelsister]

Hi Guys! Thanks for the feedback as I really was unsure on this one. OSA is a really complex application and the amount (and excellence) of the work the Developers have done (and will do) just gives me a headache and makes me thankful that I'm only a critic.

But the main themes in the video are twofold:

1). I was troubled by the multitude of posts (primarily on Wilders) that WD and WF on Win 7 are enough. This is hardly the case as I've seen an increasing number of malware that seek to shut off WD (stopping WF has been done for years), and a former double secret bypass now seems to be in the realm of the Script-Kiddies (although also possible on Win10, it is harder to do and for a shorter duration). As OSA will prevent this Win8.1 and below (which about 70% of Windows users have installed) WD bypass I though it would be good to make this known.

2). (especially for AtlBo)- The developers make it quite clear that OSA is not a primary defense. I could have used a number of different malware samples in place of Xdata. I only use X because it is fast and I think it is cool.

Also, the Dreaded M ransomware exists only in a warped Mind (not mentioning any names).

M

 

[Andy Ful]

Thanks for the very interesting video and reviewing OSArmor.
The video was in fact about OSArmor on Windows 7 without an antivirus protection. That is a proper way of testing OSarmor, but mentioning Defender in the video may be confusing for the average users, who are watching the video on YouTube. Actually, Windows Defender is normally understood as a full antivirus on Windows 8+.

 

[Atlas147]

I would have thought that WD and WF would have had a significantly stronger self protection than that, but wow UAC didn't even trigger and yet it was able to shut down windows defender almost instantly. Certainly shows you why you should password protect your AV settings if possible to prevent software or manually shutting down your AV.

 

[ForgottenSeer 58943]

Hi Guys! Thanks for the feedback as I really was unsure on this one. OSA is a really complex application and the amount (and excellence) of the work the Developers have done (and will do) just gives me a headache and makes me thankful that I'm only a critic.

But the main themes in the video are twofold:

1). I was troubled by the multitude of posts (primarily on Wilders) that WD and WF on Win 7 are enough.

 

[Stas]

I would have thought that WD and WF would have had a significantly stronger self protection than that, but wow UAC didn't even trigger and yet it was able to shut down windows defender almost instantly. Certainly shows you why you should password protect your AV settings if possible to prevent software or manually shutting down your AV.

I think cruelsister tested with UAC turn off, you can see it when clicking on "Open Configurator" there was no UAC alert.

 

[cruelsister]

Correct, I almost never use UAC on my videos for 2 reasons:

1). Unless the developer specifically states that the product MUST be used with UAC, the results would not be pure. A single product test should be just that- a test of that product alone. This is standard policy.

2). In the past I've done enough reviews on UAC alone pointing out the inadequacy of protection. As I'm quite familiar with the malware used in this video, I assure you that the only alert (even at UAC max) would have been "Duhhhh, doya really wanna run this file? Doya, Doya, Huh?"

I may have gotten that UAC prompt text not quite right...

 

[Andy Ful]

I recently tested over 20 popular UAC bypasses on Windows 10 (default admin account, UAX max) - all failed. Some of them are still successful on Windows 7. There is no real problem for the attacker to bypass UAC on Windows 7, when on default admin account. SUA on Windows 7 is much better, but as @cruelsister showed in one of her videos, it can be bypassed too.

 

[shmu26]

I recently tested over 20 popular UAC bypasses on Windows 10 (default admin account, UAX max) - all failed.

Do you mean that they failed against Win10 native protections, or they failed against OSA?

 

[Andy Ful]

Do you mean that they failed against Win10 native protections, or they failed against OSA?

Only native protection. There are probably some rare UAC bypasses (not among tested) that are still successful on Windows 10 (even after FCU update) when on default admin account. See the example from:
User Account like a Castle