Video OSArmor by NoVirusThanks- An Overview

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,390
Antivirus
Qihoo 360
#3
@cruelsister. Hello and great video again thanks. Did you have the wannacry patch on W7 for the XDATA test? After I saw your test, I looked around and realized it uses Eternal Blue (I think it does anyway). I don't know if the patch would have helped anyway with the malware, maybe just kept it from spreading across a network idk...
 

cruelsister

Level 34
Trusted
Joined
Apr 13, 2013
Messages
2,371
#7
Hi Guys! Thanks for the feedback as I really was unsure on this one. OSA is a really complex application and the amount (and excellence) of the work the Developers have done (and will do) just gives me a headache and makes me thankful that I'm only a critic.

But the main themes in the video are twofold:

1). I was troubled by the multitude of posts (primarily on Wilders) that WD and WF on Win 7 are enough. This is hardly the case as I've seen an increasing number of malware that seek to shut off WD (stopping WF has been done for years), and a former double secret bypass now seems to be in the realm of the Script-Kiddies (although also possible on Win10, it is harder to do and for a shorter duration). As OSA will prevent this Win8.1 and below (which about 70% of Windows users have installed) WD bypass I though it would be good to make this known.

2). (especially for AtlBo)- The developers make it quite clear that OSA is not a primary defense. I could have used a number of different malware samples in place of Xdata. I only use X because it is fast and I think it is cool.

Also, the Dreaded M ransomware exists only in a warped Mind (not mentioning any names).

M
 
Joined
Dec 23, 2014
Messages
1,576
OS
Windows 10
Antivirus
Microsoft
#8
Thanks for the very interesting video and reviewing OSArmor.:)
The video was in fact about OSArmor on Windows 7 without an antivirus protection. That is a proper way of testing OSarmor, but mentioning Defender in the video may be confusing for the average users, who are watching the video on YouTube. Actually, Windows Defender is normally understood as a full antivirus on Windows 8+.
 
Joined
Jul 28, 2014
Messages
1,852
OS
Windows 10
Antivirus
Kaspersky
#9
I would have thought that WD and WF would have had a significantly stronger self protection than that, but wow UAC didn't even trigger and yet it was able to shut down windows defender almost instantly. Certainly shows you why you should password protect your AV settings if possible to prevent software or manually shutting down your AV.
 

Slyguy

Level 32
Joined
Jan 27, 2017
Messages
2,146
OS
Other OS
#10
Hi Guys! Thanks for the feedback as I really was unsure on this one. OSA is a really complex application and the amount (and excellence) of the work the Developers have done (and will do) just gives me a headache and makes me thankful that I'm only a critic.

But the main themes in the video are twofold:

1). I was troubled by the multitude of posts (primarily on Wilders) that WD and WF on Win 7 are enough.
 
Likes: upnorth

Stas

Level 7
Joined
Feb 21, 2015
Messages
306
#11
I would have thought that WD and WF would have had a significantly stronger self protection than that, but wow UAC didn't even trigger and yet it was able to shut down windows defender almost instantly. Certainly shows you why you should password protect your AV settings if possible to prevent software or manually shutting down your AV.
I think cruelsister tested with UAC turn off, you can see it when clicking on "Open Configurator" there was no UAC alert.
 

cruelsister

Level 34
Trusted
Joined
Apr 13, 2013
Messages
2,371
#12
Correct, I almost never use UAC on my videos for 2 reasons:

1). Unless the developer specifically states that the product MUST be used with UAC, the results would not be pure. A single product test should be just that- a test of that product alone. This is standard policy.

2). In the past I've done enough reviews on UAC alone pointing out the inadequacy of protection. As I'm quite familiar with the malware used in this video, I assure you that the only alert (even at UAC max) would have been "Duhhhh, doya really wanna run this file? Doya, Doya, Huh?"

I may have gotten that UAC prompt text not quite right...
 
Joined
Dec 23, 2014
Messages
1,576
OS
Windows 10
Antivirus
Microsoft
#13
I recently tested over 20 popular UAC bypasses on Windows 10 (default admin account, UAX max) - all failed. Some of them are still successful on Windows 7. There is no real problem for the attacker to bypass UAC on Windows 7, when on default admin account. SUA on Windows 7 is much better, but as @cruelsister showed in one of her videos, it can be bypassed too.
 
Joined
Dec 23, 2014
Messages
1,576
OS
Windows 10
Antivirus
Microsoft
#15
Do you mean that they failed against Win10 native protections, or they failed against OSA?
Only native protection. There are probably some rare UAC bypasses (not among tested) that are still successful on Windows 10 (even after FCU update) when on default admin account. See the example from:
User Account like a Castle
 

Similar Threads

Similar Threads