App Review OSArmor by NoVirusThanks- An Overview

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
@cruelsister. Hello and great video again thanks. Did you have the wannacry patch on W7 for the XDATA test? After I saw your test, I looked around and realized it uses Eternal Blue (I think it does anyway). I don't know if the patch would have helped anyway with the malware, maybe just kept it from spreading across a network idk...
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Hi Guys! Thanks for the feedback as I really was unsure on this one. OSA is a really complex application and the amount (and excellence) of the work the Developers have done (and will do) just gives me a headache and makes me thankful that I'm only a critic.

But the main themes in the video are twofold:

1). I was troubled by the multitude of posts (primarily on Wilders) that WD and WF on Win 7 are enough. This is hardly the case as I've seen an increasing number of malware that seek to shut off WD (stopping WF has been done for years), and a former double secret bypass now seems to be in the realm of the Script-Kiddies (although also possible on Win10, it is harder to do and for a shorter duration). As OSA will prevent this Win8.1 and below (which about 70% of Windows users have installed) WD bypass I though it would be good to make this known.

2). (especially for AtlBo)- The developers make it quite clear that OSA is not a primary defense. I could have used a number of different malware samples in place of Xdata. I only use X because it is fast and I think it is cool.

Also, the Dreaded M ransomware exists only in a warped Mind (not mentioning any names).

M
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Thanks for the very interesting video and reviewing OSArmor.:)
The video was in fact about OSArmor on Windows 7 without an antivirus protection. That is a proper way of testing OSarmor, but mentioning Defender in the video may be confusing for the average users, who are watching the video on YouTube. Actually, Windows Defender is normally understood as a full antivirus on Windows 8+.
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
I would have thought that WD and WF would have had a significantly stronger self protection than that, but wow UAC didn't even trigger and yet it was able to shut down windows defender almost instantly. Certainly shows you why you should password protect your AV settings if possible to prevent software or manually shutting down your AV.
 
F

ForgottenSeer 58943

Hi Guys! Thanks for the feedback as I really was unsure on this one. OSA is a really complex application and the amount (and excellence) of the work the Developers have done (and will do) just gives me a headache and makes me thankful that I'm only a critic.

But the main themes in the video are twofold:

1). I was troubled by the multitude of posts (primarily on Wilders) that WD and WF on Win 7 are enough.

dig.png
 
  • Like
Reactions: upnorth

Stas

Level 10
Verified
Well-known
Feb 21, 2015
456
I would have thought that WD and WF would have had a significantly stronger self protection than that, but wow UAC didn't even trigger and yet it was able to shut down windows defender almost instantly. Certainly shows you why you should password protect your AV settings if possible to prevent software or manually shutting down your AV.
I think cruelsister tested with UAC turn off, you can see it when clicking on "Open Configurator" there was no UAC alert.
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Correct, I almost never use UAC on my videos for 2 reasons:

1). Unless the developer specifically states that the product MUST be used with UAC, the results would not be pure. A single product test should be just that- a test of that product alone. This is standard policy.

2). In the past I've done enough reviews on UAC alone pointing out the inadequacy of protection. As I'm quite familiar with the malware used in this video, I assure you that the only alert (even at UAC max) would have been "Duhhhh, doya really wanna run this file? Doya, Doya, Huh?"

I may have gotten that UAC prompt text not quite right...
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I recently tested over 20 popular UAC bypasses on Windows 10 (default admin account, UAX max) - all failed. Some of them are still successful on Windows 7. There is no real problem for the attacker to bypass UAC on Windows 7, when on default admin account. SUA on Windows 7 is much better, but as @cruelsister showed in one of her videos, it can be bypassed too.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Do you mean that they failed against Win10 native protections, or they failed against OSA?
Only native protection. There are probably some rare UAC bypasses (not among tested) that are still successful on Windows 10 (even after FCU update) when on default admin account. See the example from:
User Account like a Castle
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top