Lack of documentation
Online Armor 5.0 now looks more like Mamutu. However, other than the change in skin, there is very little documentation that explains how to use the new features such as the File and Registry Shield, or the option to retain the Web Content filtering feature from previous versions. In addition, I would be grateful if anyone could explain why trusted programs have "Allow All" for remote code/data modification. My concern correlates with popular Instant Messaging programs for home and small business users.
An update on the FAQs section for OA 5.0 before the official release that includes examples on the functionality of the new features and any that have been removed.
File and Registry Shield
Firstly, would adding the entry "\Device\Usb#Vid*" to the File Shield list monitor and enumerate access to my webcam?
Secondly, What about sites that have access to my system's peripheral devices? That is, would this inform the end-user even if an LSO/Flash cookie stored on the user's computer gave all sites access to his or her webcam/audio device. In the latter case, I would add the entry "\RPC Control\AudioSrv". I selected the radio button option "Ask" under Rule Scope. So far, on sites that host webinar sessions and whiteboard, there have been no alerts, so I have temporarily (hopefully) locked them down with ACLs.
Thirdly, would this cause any incompatilibity issues with Mamutu? I'd like to know if adding "C:\Program Files (x86)\Mamutu" to the OA exclusion list would remedy any problems I might encounter when restricting access to common and less common autorun entry points in the registry.
The improved speed in accessing the security options is - interesting, but there are some "small improvements" I'd like to see, so please take this part as a comment for feedback.
When attempting to add entries to the whitelist/blacklist in the firewall rule editor I noticed that I could not select all the checkboxes at once. Also, in the firewall rule editor, the buttons are "OK" and "Cancel" left-to-right. Why is it that under the Select countries tab it is "Cancel" and "OK" right-to-left? I only ask this because there are certain IP addresses that are not included in the OA country list and are reported as "N/A" with a flag of Afghanistan (the old version of the flag), so when I attempt to check all of the checkboxes and leave a few countries unchecked, I accidently click Reset List or even worse, cancel. This is quickly followed by an exasperated sigh followed by CBS sitcoms. *sigh*
After that, I noticed something extraordinary, I was uploading at 9.46 MB/s and 4.0GB to a total of 28.0 GB. At this point, I am flabbergasted. The OA Firewall Status was reporting with unusual units that should not occur on a home PC unless its connected to the Grid.
I will provide the necessary screenshots to any one who is interested.
Another issue is that when in Advanced Mode, the Run Safety Check Wizard in the Options side-panel causes the application to be unresponsive unless I open the GUI from the notification area. Closing the GUI and restarting the application brings it back to a normal state.
I don't want to spend too much time on Banking Mode so I'll just say it also has interesting features. Would it be possible to access the OA domains list? I'm not sure if I should discuss hooks or APIs on this forum, so instead, despite all these upsetting new features, I am still a happy subscriber of Emsisoft's Online Armor++, Emsisoft's Anti-Malware and Emsisoft's Mamutu.
On a final note, the issues above were encountered while MBAM processes including services were disabled, EMET entries removed, a clean installation of Online Armor on another computer and with Mamutu Behaviour Blocker on and off, during testing phase of the File and Registry Shield. Also, my comments are in no relation the opinion of Emsisoft, TallEmu or any other constituents. It is in no way meant to be offensive, and should be taken as honest feedback from a subscribed customer.
And this is not an April Fools prank, so please take a look at these issues.