Jump to content

qwerty

Member
  • Posts

    87
  • Joined

Posts posted by qwerty

  1. You don't understand, OA v4.0.0.45 could resolve practically anything, it was extremely rare for me to just see an IP address instead of a resolved name. OA v5 can't even resolve google. If my older version of OA could do it but V5 cannot, then something is not working properly.

    I'm also experiencing this on v4.5. Unfortunately, I have never had a previous version installed, to compare with, so I can't be certain that it's precisely the same problem as ITPython is having. Nevertheless, it would be good to implement whatever ITPython's solution turns out to be, and see if that helps.

    Just to be clear, OA hardly resolves any remote addresses, but perhaps more pertinently, it doesn't even recognise the local address of 127.0.0.1 as localhost, which surely proves that it's a bug.

    ITPython - When you get the problem fixed (in case you're getting support via PM or the CC), could you please add the solution to this thread for others to see and use?

    Thank you.

  2. If it is just a different version of the same program, and you acknowledge that to OA, I do not agree it should then forget all the settings you have made for that program, forcing you to start from scratch.

    But only you as the user of the machine know if a program has changed legitimately, OA can't know that. It could be malware masquerading as your original program, or it could have been malware that modified it.

    I'm not sure what you mean when you say that you "acknowledge" to OA that it it the same program. Do you mean that you accept a "Trusted program has changed" pop-up? If so, then I think that you should receive no alerts (about keylogging or otherwise) for a trusted program (you trust it to do whatever it needs), but I'll leave it to someone more qualified to confirm that.

  3. If a program is run, and whatever is needed for OA to decide it is a keylogger happens, and the user clicks ok and remember, and then that program's checksum is changed (program recompiled), does OA forget it was a keylogger?

    No, it doesn't forget anything. OA realises that it's a different program. If it didn't, it would be pretty useless.

    OK, that's strange (I assume you tried this on your system) because I don't. I deleted entries for the program in OA's "Programs". I then recompiled the program in Directory A, ran it and ok'ed OA's prompts.

    I then copied the file to Directory B, and ran it from there - I received a "trusted program has changed" message (???) but nothing else.

    Checking OA's "Programs" shows one entry, for Directory A - and that info remains even if Directory A is removed (???).

    Yes, it does seems to have some "issues" in this regard. I sometimes receive "A trusted program has changed" alerts for programs that aren't trusted, and haven't changed.

  4. I was wondering if anyone at Emsisoft actually plans to look into this problem? It should be easily duplicated.

    Don't hold your breath. You could try starting a ticket at cc.emsisoft.com.

    Just out of curiosity (and based on the observable problems), can anyone tell me how I would go about checking to see if the TLEM Network Service/Driver is installed/functioning correctly?

    Thank you.

  5. Which version of both Windows and OA are you using?

    A very good point. I was in a bit of a hurry when I posted, so I forgot to add that information.

    Windows XP SP3, OA 4.5.1.431 Free and IE8.

    catprincess - unfortunately, there is no OASIS entry for the item, so that is no help.

  6. Softpedia Review

    The Bad

    We noticed that OASIS, the program database maintained by the developer, does not include popular program like WinRAR, avast!, AIDA64, Thunderbird or Dropbox.

    Our experience with Google Chrome while running Online Armor Premium took a sluggish turn. The browser would move noticeably slower and some websites we visit regularly failed to load at first launch. With Internet Explorer 9 and Firefox 4 everything ran fine, though.

    http://www.softpedia.com/reviews/windows/Online-Armor-Premium-Review-199849.shtml

    Seconded.

    You can add AOL, Avira, ATI graphics drivers (that's what, 1/4 of all computers in the world?), Quicktime, Realplayer and Spybot S&D to the list, too.

  7. Under the section for "IE Add-Ons", I have a number of entries that I don't recognise. Most of them are trusted and allowed, but one is Unknown.

    Can anyone help me to work out what they are and if I need them?

    Having searched the web, most of what I find suggests that they are simply core components of Windows or Internet Explorer and not add-ons at all. It would be interesting to know if anyone else has the same entries.

    The first is browseui.dll, which is apparently a "Toolbar" and has a name of "&Address" and then some version numbers. Then there is Shdocvw.dll with the name Real.com. SHELL32.dll, another toolbar with the name "&Links". xpnetdiag.exe, name "xpsp3res.dll,-20001" and then some version numbers (these are all trusted). Finally, there is something seemingly made of random characters with the name "&Search" which is Unknown.

    Does anyone have any information or experience of these items?

    Thank you.

  8. I don't understand why a new port would need to open up. I am currently deleting these new ports that are opening up and everything runs fine with the default ports that were created during the SWC. But it's a bit frustrating to keep track of these extra ports and having to delete them.

    I'm not sure what you mean by new ports "opening up". Do you mean that, on the rules tab of the firewall, your browser is set to allow connections out to a few "default" ports (probably 80, 8080, 443 and possibly 53 and a couple of others), but that when you use it, new *rules* are created, allowing access through new ports?

    If so, then you're quite right, a browser should work perfectly well for most people on only a few standard ports. In fact, other firewalls configure browsers (and some other software) with access only through the standard ports, and block all others. Otherwise, with OA automatically allowing all ports/protocols requested, it's almost like allowing the browser to bypass the firewall (albeit, with connections logged).

    If, rather than keeping track and deleting the extra ports, you wanted to stop them from "opening up" in the first place, then you might like to create a rule blocking both protocols in both directions, on all ports. This should stop any new ports from "opening up" (because they're already blocked), while still allowing access through the default ports (which are already allowed). However, as sded said, lots of software talks to itself via the loopback interface, so you may find that blocking all ports causes your browser to malfunction, in which case, you should create a rule allowing UDP Out through All ports, but only to the specific endpoint of 127.0.0.1.

    PS: Everything I said was referring to IE, as this machine doesn't have Firefox installed, so the loopback rule might be different (e.g. TCP In to 0.0.0.0)

  9. Thank you for the suggestion, Wilbur, but again I have to agree with limande. I have used other browsers, but for various reasons, this machine will continue using IE.

    I was happy with the functionality provided by the Web Shield (automatic deletion of cookies and inline blocking of ActiveX and Java, with a simple click to enable), and so I'd like to find something to replace it.

    Finally, if you don't like the Web Shield, it's simple to disable.

  10. Catprincess was relating the explanation we were given, and telling her it's a blatant lie is just plain rude.

    I don't see how it is rude. I'd actually played along by replying to her previous, irrelevant, posts. I was simply making clear that we were going around in circles, and should stop. If she wasn't aware that the statement was untrue, then I was enlightening her. If she was aware, then I could argue that it was rude to insult my intelligence by trying to fool me into thinking otherwise. Actually, I don't think that is what she was trying to do, and honestly, I think I'd be verging on over-sensitivity ;). However, I think it is rude to talk about someone as if they aren't here, or are unable to speak for themselves, so, unless Catpriness has anything to say, I'll leave it at that.

    Secondly, you certainly are free to find other software if you wish, but that isn't a discussion appropriate for a support forum. There are other forums you can visit to make that inquiry.

    Pete

    Well, it is actually OA functionality that I was discussing, (but I suspect that you mean that it is no longer supported?) and as it's such a small, but relatively important, security feature, I thought someone may know of a small piece of software or plugin, that did the same.

    Would I be better off starting a thread in the "Offtopic" forum about this?

    Thank you.

  11. Yes it can be done by adjusting security zones as explained here http://support.microsoft.com/kb/174360

    That isn't the same - see limande's post, above.

    The cookie settings in recent versions of IE (explained here http://windows.microsoft.com/en-AU/windows7/Block-enable-or-allow-cookies) make the feature obsolete because IE allows you to block third party and even first party cookies directly if you wish and only allow session cookies to start with.

    This isn't the same either. It does not provide the functionality to automatically delete cookies after use (which is all that the cookie cutter did).

    If you want to uninstall an Add-on (doesn't require IE to do it) the usual method would be via "Add/Remove Programs if there is an entry for it. For others you can right-click them in C:\WINDOWS\Downloaded Program Files and select Remove.

    Unfortunately, none of the add-ons that I might like to remove have an entry in Add/Remove Programs, and there is nothing in the "Downloaded Program Files" directory apart from Windows Update.

    There is no sense in arguing any longer, it doesn't achieve anything. The fact is, that

    most modern browsers actually do a far superior job now than the Web Shield ever did
    is a blatant lie and limande, I and I'm sure many others need to find another piece of software if we want to replace the functionality that has been removed from OA.

    So, does anyone have any suggestions for software that can provide these functions? (Automatic deletion of cookies after use, the ability to detect and remove IE add-ons and (most importantly, from a security standpoint) automatic, inline blocking of all ActiveX and Java, with the ability to run any individual object at the press of a button.)

    Thank you for any ideas.

  12. Content filtering in Web Shield has been removed. This included, blocking of ActiveX, Java applets and more rarely, javascript for sites that weren't trusted.

    And this can't be done in IE?

    There was also a cookie cutter, that converted permanent cookies to session cookies

    And this can't be done in IE, either?

    The links I gave earlier, show you how to adjust cookies settings in IE to only allow session cookies or to only allow cookies from certain sites.

    Yes, thank you. I do use these settings to block or allow certain cookies, but this wasn't functionality that OA provided.

    The InPrivate browsing link I gave you describes how this feature can just completely remove all cookies after a session if you prefer that option.

    This doesn't just remove cookies, it also wipes history, temporary internet files and other things. Also, it would have to be enabled every time you opened IE, a new window, or new tab.

    IE Addons which no longer exist in OA can be managed directly from IE as described here http://windows.microsoft.com/en-AU/windows7/How-do-browser-add-ons-affect-my-computer. If an unknown addon tried to install, OA would alert you to it as an Autorun anyway and you could block it from there. You can also completely disable Java from IE's Addons section if you wish.

    Unfortunately, neither of the links you provided worked; they both said "not found". I got this first one to work by sustituting the final "." with a "/", and using the "Manage Add-ons" from within IE, I can't see a way to uninstall an add-on. Plus, there are several add-ons missing that appear in OA.

  13. I agree with Jose and Alycat regarding the strange behaviour of the whitelist and it seeming to be completely absent, a lot of the time. Obviously, the whitelist (any whitelist) must have limitations, especially with obscure programs and files, or even new versions of well known software - we should expect these to be unknown.

    Sometimes, however, OA will spring into action over an "Unknown" program that "has not been classified by us yet", even though it is an incredibly popular piece of software, used by hundreds of thousands, or maybe even millions, of people worldwide, and which was released months, or sometimes even years ago. In that case, I wonder "When will you classify it, then?" - the obvious conclusion to draw is, never. I've even seen OA trust and allow one file from a program, but then say that another file is unknown and that I should consider it's validity. How can that happen?

    Honestly, I think there are far greater concerns with OA than the whitelist. I probably wouldn't care if the whitelist never changed, I'm simply sharing my (very similar) thoughts and experiences on the subject.

    Thank you.

  14. I have also had lots of problems with the Firewall Status window, from missing programs to under-reported Down/Up speeds and under-reported total Downloaded/Uploaded, all suggesting that some data is bypassing the firewall.

    I even have blocked programs appearing in green and uploading data, which if true, would be a complete security failure of the firewall, although, I hope this is just incorrect reporting by the Firewall Status window.

    Unfortunately, when Emsisoft weren't ignoring me, the best advice I got was to "wait and see" with version 5.

    Hopefully, now that they have finished developing, and have released, version 5, and have time to work on fixing errors/bugs and they can see that the problem still exists in the latest version and there are several different people/machines with the problem, they will now take a look at fixing it.

    ::Edit::

    Tyler - Are you sure that the information is now displaying correctly? Has Firefox really only uploaded and downloaded a combined total of under 20KB? That would be what, a very small webpage with only 1 or 2 small images? Also, although your download manager is reporting a download speed of over 400KB/s, OA only shows 92KB/s. Finally, assuming that you can get correct information at some point, can you work out what happens to make it start reporting incorrectly? (It never reports correctly on this machine)

    Thank you.

  15. Relevant to privacy is

    InPrivate browsing

    Cookie management

    Relevant to security

    Security settings

    How do I know which security settings are not at recommended levels?

    IE's SmartScreen filter offers protection against bad websites and malicious downloads.

    Thank you, I have read about the new abilities of IE (SmartScreen, InPrivate, etc.) and I do know how to change security settings, although, if I'm honest, most of them mean very little to me.

    What I was hoping for, was a list of each function that is removed from OA, with the corresponding setting in IE, so that I can check to see if either a) IE was already providing equal or better security than OA, and so (as has been suggested), the loss of function from OA is irrelevant, or b) that OA was, in fact, providing a function that will be lost when upgrading and that I will need to replace either by changing IE settings or downloading another program.

    Thank you.

  16. Content filtering in Web Shield removed

    The content filtering aspects of the Web Shield were removed. They were introduced at a time when essentially all browsers lacked control over active content or your private information. Times have changed though and most modern browsers actually do a far superior job now than the Web Shield ever did. Therefore we decided to remove the content filtering from the Web Shield which will result in better compatibility and network performance.

    So, how do we go about implementing the functionality of the Web Shield, including "control over active content" and "private information", in an equal or superior way, in Internet Explorer?

    Thank you.

  17. If you aren't experiencing any problems, then there is no reason to worry about the kernel events :) They are not actually that useful to users. It's more of a debug feature that can help the developers in the event of someone having a particular problem that they have requested the history for.

    Well, I am experiencing some problems, but I presume you mean to ignore kernel events unless instructed otherwise by support staff.

    If it really is simply a debug feature that isn't useful to users, perhaps it should have it's own section of "Kernel event history", that only appears when debug mode is activated.

    I'm curious why I see so much Denying, even of perfectly legitimate, trusted programs.

  18. The majority of kernel events are just the result of OA's self protection (which was enhanced when x64 support was added). They aren't anything to worry about and can be filtered out of the History if desired :)

    You say "the majority", how would we tell which are simple records of usage, and which are actually something to take notice of?

    Thank you.

  19. I have sent more Firewall logs and Debug "dial" to support a week ago and am waiting for some feedback on the data.

    NOTE:I have also inquired if any of the DNS discussion here in posts #23 to #33 have any bearing on the problem discussed in this topic.

    No response as yet. B)

    They say that they are working hard on the new version 5.0 of Online Armor, and I'm inclined to believe them. It would make sense if they wanted to wrap up and release 5.0 before doing any more bug hunting. That way, they can see which problems still exist and concentrate on those, ignoring any that have been inadvertently (or purposely) fixed by version 5. I've no idea if this is their plan, I'm just guessing. Either way, we'll have to see if their support picks up after the release of 5.

    If you seem to be having no luck with e-mail and such, you could always try talking to someone in real-time via the live support chat. The least they'll do is offer to flag up your problem for some attention.

  20. I'm having a number of problems, or at least "issues" with OA myself, and the lack of support in this forum is a little frustrating. However...

    So its not for me - security software should remain silent until something genuinely dangerous is happening.

    ...OA (or any other security software) isn't magic. If something is known to be malicious, obviously there should be a reaction. Increasingly, there is a trend for security software to "trust" files and programs that are "known" to be "safe" (although, I don't know how reliable that is), but even with this functionality, some things must be unknown.

    To put it another way - this was software downloaded from a trusted source, which neither OpenDNS or Chrome has any problems with, scanned with MSE and manually with MBAM - yet Online Armor just repeatedly asked me to confirm that I really REALLY wanted to install it.

    Well, if you have gone through all of those precautions, then why are you having security software monitor the installation? You do know that the first thing an installer says when you run it, is that the developers recommend that you close down all other programs before running the installation, right?

    You're also guaranteed a conflict at some point in the future by installing software whilst other programs are running. (This is not meant as a "flame" or insult either, I'm sure most of us appreciate hearing your views (that's what a forum is for, after all), and I'm not saying that I don't do it either, but we can't be surprised if, when we run an installation, our security software alerts us to what's going on.)

  21. Now I open OA "Programs" tab and found 2 (!) entries for the foobar.bat script.

    Obviously every program gets for every hash code a new rule line.

    I've just done a quick test of that myself (trust batch file, modify, run and trust again) and I didn't get a second entry in the Programs list. The original entry simply got an updated hash. However, if I move the same (already trusted) batch file elsewhere, either by cutting or copying, I do get a new alert window and subsequent "Programs" entry for each different location, even with the same hash. Which is probably fair, because a program that you trust to run in it's own directory, you may not trust to run in the windows directory.

    Even when I click "Only deleted" the duplicate, outdated old version of foobar.bat is NOT listed.

    OA seems to look only for the existence of the prgm but not for the associated hash value.

    So, when is it listed then? Only if "Only Deleted" is not selected? In that case, it must be green and would suggest that it still exists.

    Having said that, (I don't know what the rules are with regard to mentioning competitor's products here, but) "a competitor" has a button to simply "Purge" all non-existant program entries. It might be an idea for OA to have one of these. Finally, I also noticed that I have a deleted program called www.google.com with a file date of 1899...

  22. So you think I'll have to reinstall IE again? That's a pain.

    When you say that I should "properly disable" OA, should I untick all four components, or "Deactivate HIPS features", or enable "Learning Mode", or simply untick "Launch Online Armor at next startup"? Then I should disable other security software as best I can (I don't think I can stop Avira loading at startup without a fight, but I can disable the Guard). Then restart, close all programs and services and install IE. Then once installation has finished, re-enable everything and reboot?

    While I think about it, does anyone know where IE puts it's installation log, so I can see what has succeeded or failed?

    catprincess - I have now found the files in the Programs list and set them to Allowed, but why wouldn't OA recognise them automatically?

    Thanks for the help.

×
×
  • Create New...