Video Review OSArmor by NoVirusThanks- An Overview

Discussion in 'Video Reviews' started by cruelsister, Jan 12, 2018.

  1. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    Video Uploaded by:
    cruelsister
    This was a greater pain to do than others due to the complexity of OSA.

    I really hope all is clear.

     
  2. Peter2150

    Peter2150 Level 6

    Oct 24, 2015
    281
    816
    Washington DC
    Windows 7
    Emsisoft
    Excellent video and the music was also great For an unfinished product, not bad at all
     
    shmu26, d0ts, Solarlynx and 8 others like this.
  3. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,145
    4,519
    Qihoo 360
    @cruelsister. Hello and great video again thanks. Did you have the wannacry patch on W7 for the XDATA test? After I saw your test, I looked around and realized it uses Eternal Blue (I think it does anyway). I don't know if the patch would have helped anyway with the malware, maybe just kept it from spreading across a network idk...
     
  4. bribon77

    bribon77 Level 11

    Jul 6, 2017
    511
    3,503
    spain
    Windows 7
    Emsisoft
    excellent video, as always very didactic and easy to understand.:)
     
  5. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,170
    29,702
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Isn't WinDef on win7 being at best an anti-spyware?
     
  6. Chimaira

    Chimaira Level 1

    Jan 5, 2018
    41
    152
    a place with snow and mountains
    Linux
    Yeah Defender on Win7 vs Win10 are similar only in name. That isn't to say Defender on Win10 would have done much better but they are different in the security they provide.
     
    AtlBo, Evjl's Rain, bribon77 and 2 others like this.
  7. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    Hi Guys! Thanks for the feedback as I really was unsure on this one. OSA is a really complex application and the amount (and excellence) of the work the Developers have done (and will do) just gives me a headache and makes me thankful that I'm only a critic.

    But the main themes in the video are twofold:

    1). I was troubled by the multitude of posts (primarily on Wilders) that WD and WF on Win 7 are enough. This is hardly the case as I've seen an increasing number of malware that seek to shut off WD (stopping WF has been done for years), and a former double secret bypass now seems to be in the realm of the Script-Kiddies (although also possible on Win10, it is harder to do and for a shorter duration). As OSA will prevent this Win8.1 and below (which about 70% of Windows users have installed) WD bypass I though it would be good to make this known.

    2). (especially for AtlBo)- The developers make it quite clear that OSA is not a primary defense. I could have used a number of different malware samples in place of Xdata. I only use X because it is fast and I think it is cool.

    Also, the Dreaded M ransomware exists only in a warped Mind (not mentioning any names).

    M
     
  8. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,130
    4,875
    business
    Poland
    Windows 10
    Microsoft
    Thanks for the very interesting video and reviewing OSArmor.:)
    The video was in fact about OSArmor on Windows 7 without an antivirus protection. That is a proper way of testing OSarmor, but mentioning Defender in the video may be confusing for the average users, who are watching the video on YouTube. Actually, Windows Defender is normally understood as a full antivirus on Windows 8+.
     
  9. Hanmin147

    Hanmin147 Level 28

    Jul 28, 2014
    1,786
    7,607
    Windows 10
    Avast
    I would have thought that WD and WF would have had a significantly stronger self protection than that, but wow UAC didn't even trigger and yet it was able to shut down windows defender almost instantly. Certainly shows you why you should password protect your AV settings if possible to prevent software or manually shutting down your AV.
     
    AtlBo, upnorth and Der.Reisende like this.
  10. Slyguy

    Slyguy Level 22

    Jan 27, 2017
    1,121
    4,472
    Fortinet Engineer
    USA
    Other OS
    [​IMG]
     
    upnorth likes this.
  11. Stas

    Stas Level 6

    Feb 21, 2015
    281
    888
    IT Technician
    I think cruelsister tested with UAC turn off, you can see it when clicking on "Open Configurator" there was no UAC alert.
     
    AtlBo, upnorth, Sunshine-boy and 2 others like this.
  12. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    Correct, I almost never use UAC on my videos for 2 reasons:

    1). Unless the developer specifically states that the product MUST be used with UAC, the results would not be pure. A single product test should be just that- a test of that product alone. This is standard policy.

    2). In the past I've done enough reviews on UAC alone pointing out the inadequacy of protection. As I'm quite familiar with the malware used in this video, I assure you that the only alert (even at UAC max) would have been "Duhhhh, doya really wanna run this file? Doya, Doya, Huh?"

    I may have gotten that UAC prompt text not quite right...
     
  13. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,130
    4,875
    business
    Poland
    Windows 10
    Microsoft
    I recently tested over 20 popular UAC bypasses on Windows 10 (default admin account, UAX max) - all failed. Some of them are still successful on Windows 7. There is no real problem for the attacker to bypass UAC on Windows 7, when on default admin account. SUA on Windows 7 is much better, but as @cruelsister showed in one of her videos, it can be bypassed too.
     
  14. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,297
    13,693
    Utopia
    Do you mean that they failed against Win10 native protections, or they failed against OSA?
     
    silversurfer, Sunshine-boy and AtlBo like this.
  15. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,130
    4,875
    business
    Poland
    Windows 10
    Microsoft
    Only native protection. There are probably some rare UAC bypasses (not among tested) that are still successful on Windows 10 (even after FCU update) when on default admin account. See the example from:
    User Account like a Castle
     
Loading...
Similar Threads Forum Date
NoVirusThanks OSArmor NoVirusThanks Dec 17, 2017
Hello from NoVirusThanks New Member Introductions Dec 17, 2017
NoVirusThanks YaGuard Other Security for Windows Apr 18, 2017