dallas7

Domains in v7

Recommended Posts

Thanks for the continued development of Online Armor.  The resident update run from v6 went smoothly.  And running A-OK.

I see now where Domains is populated with 100's of entries along with the dozen or so I built myself over time.

The Options tab is gone, and as such no longer ignorable, so can one assume all those entries were previously referred to as the "Online Armor domains list"?  

If some of these are deleted (Trust youtube?  I think not.) will they return upon a Signatures and Rules update?

Thank you!

Share this post


Link to post
Share on other sites

And I have a lot of banking sites from all over the world that I have never visited, and have no reason to do so, listed in the domains as "trusted".

This is along with other "trusted" sites that I have no idea what they are, or where they have come from.

Share this post


Link to post
Share on other sites

Hello,

 

all pre-trusted domains are now listed by default.

 

See our changeblog on http://changeblog.emsisoft.com/2013/10/15/emsisoft-online-armor-7-0-0-1866-released/ .

 

 

Improved banking mode. Now all domains that are trusted are visible to the user to avoid confusion about implicitly trusted pages as well as white-listed pages.

Share this post


Link to post
Share on other sites

There's a serious problem here.

 

I imported my Domains.sav of 12 portected domains I've built over time.  Immediately, OA begins to add and trust domains from my RSS reader (QuiteRSS), i.e. sott.net.  There are about 70 subscriptions in that reader but only a handful are added.

 

And upon doing a Check for Updates > Signatures and Rules Only, URLs from a folder of .URL files on my D: partition, i.e. grimmy.com (a comic strip), are added and trusted.  There are 1460 .URL files in that folder but only a few hundered are added.

 

I'm opening a ticket with addtional details and supporting data.

Share this post


Link to post
Share on other sites

This is also an addendum to Ticket ID #MIU-607-43517

 

I have since come to realize this has nothing to do DIRECTLY with from the folder of .URL files or the subscriptions in my RSS reader.

 

I can delete all the entries in the Domains pane and after just a couple of minutes of surfing, it'll just begin populating itself.

 

Emsisoft and Malwarebytes updates will add update.emsisoft.com and data-cdn.mbamupdates.com.  Later on safebrowsing-cache.google.com, nimbus.bitdefender.net (TrafficLight Extension) and eventually there'll be 100's.

 

In the interest of simplicity, an early post-clearing screenshot:

Share this post


Link to post
Share on other sites

Please note that Online Armor does automatically add aliases for domains that are already trusted, so that could account for some of the domains that are appearing in the list on their own.

Share this post


Link to post
Share on other sites

Please note that Online Armor does automatically add aliases for domains that are already trusted, so that could account for some of the domains that are appearing in the list on their own.

 

Good to know.  But earlier I reported a comic strip (grimmy.com) and presently I have forum.palemoon.org, voicetoamerica.com and guns.com among others listed.

 

Needless to say, I'm not wild about OA's improved banking mode, the inability to ignore specifically. :blush:

 

While in this discussion, Christian or GT500 0r other Emsisoft support:

1) Does Domains do anything when NOT in Banking Mode?

2) Disabling Web Shield doesn't stop the behavior.  What does, if any?

3) Can I get a default Domains.sav from one of you folks?

 

In the meantime, Arthur forwarded my ticket to Andrey.

 

Thank you.

Share this post


Link to post
Share on other sites

Dallas7 asked "If some of these are deleted (Trust youtube?  I think not.) will they return upon a Signatures and Rules update?"

Will they?

Well, I'm not sure if my original question is still relevant as I thought You Tube was Emsisoft's.  Now I know otherwise as there were several hundred domains in there right after I did the v6 to v7 update..  I don't even know what a default Domains would look like,

 

Do you have anything in your Domains that doesn't look like it would anything to do with banking?  It would be fairly obvious.

 

Thanks.

Share this post


Link to post
Share on other sites

I went ahead and did the uninstall double reboot and purged the system of any OA files and registry entries.

I installed v7 and to my surprise, the Domains pane was completely empty.

However, the addition of URLs persists.

My German is bit rusty but with the assistance of Google Translate, it seems this user has the same concern, here about bing.com:

http://support.emsisoft.com/topic/12638-online-armor-7-beta-default-domains/
 

 

EDITED:  Are the (beabsichigt) Emsi created there or is this a bug? I can not quite understand why...as paypalobjects.com or any.edge.bing.com particularly trust.

 

Not that it's any comfort, but I'm glad I'm not alone.

Here's another screenshot taken after clearing all the URLs and spending about 10 minutes opening some Web sites:



Unlike for zerox, bing.com hasn't shown up yet but I'm equally concerned about the likes of doubleclick and godaddy.  And Breibart?!  I tend to agree that paypalobjects.com doesn't need to be trusted for anything.  Ditto for google.

I know it's a weekend and I'm hoping to hear from Andrey as next week opens.

But I'd appreciate a response to this ASAP:

Paraphrased:  2) How can Domains be disabled?

 

Thank you.

Share this post


Link to post
Share on other sites

I'm confused. I checked the forums every day last week, and I don't remember seeing any replies to this topic after I posted my last message...

Dallas7 asked

"If some of these are deleted (Trust youtube?  I think not.) will they return upon a Signatures and Rules update?"

Will they?

They are not updated with signatures, so that shouldn't happen (this was confirmed by Andrey, our main Online Armor developer).

For the rest of these questions, since the Domains List seems to have changed quite a bit since version 6, I'll need to get Andrey's input.

Share this post


Link to post
Share on other sites

To my simple and aged mind, it seems a bit silly to add domains as trusted, apparently just for the sake of it.

 

If I wanted a load of American banking sites, I would have added them myself.

I don't understand the reasoning behind it.

Share this post


Link to post
Share on other sites

To my simple and aged mind, it seems a bit silly to add domains as trusted, apparently just for the sake of it.

 

If I wanted a load of American banking sites, I would have added them myself.

I don't understand the reasoning behind it.

I think the default list of safe websites was to help with building a list of trusted sites for Banking Mode, however Andrey is probably the only one who knows the real reason behind it.

Share this post


Link to post
Share on other sites

If I wanted a load of American banking sites, I would have added them myself.

I don't understand the reasoning behind it.

Those domains were part of the old default domain list. You remember that Online Armor previous to version 7.0 had an option to ignore the build in list. That build in list was removed from Online Armor 7.0, but if you never enabled that option in the past and performed an update or an upgrade install, the list was still part of your allowed domain list. Since we no longer hide any domains in that list as we did before, the only difference now is, that you can see them for the first time. They have always been there though.

In general, Banking Mode in Online Armor 7.0 hasn't changed at all. The only difference is, that we dropped the hiding of rules that are either part of the default rule set or are learned by watching traffic to or from your trusted sites. The reason we did so is because a lot of users were confused about why certain sites were accessible in Banking Mode although they don't show up in the domains list. It was also impossible for users to correct sites that were added by accident. When you initially learn your banking site, all other accesses to webpages will be learned as well. Your RSS reader is running in the background during learning and does a sync? All those addresses are trusted now as well. Your browser pre-cached all the sites that can be found in your bookmarks or favorites? Those are now allowed to. You can now remove those sites manually if you want to.

All this however doesn't change the fact that Banking Mode as a whole doesn't play well with modern websites. The idea of cloud computing and the wide use of CDNs will still mess with Banking Mode a lot, as the fundamental idea behind it is that you can determine which server you will talk to not only now but also in the future when doing your banking business, which simply isn't true nowadays.

Share this post


Link to post
Share on other sites

Fabian, I've said it before and will say it again...thank you for both the information and always providing an honest and thoughtful response.  (If only such were the norm throughout the industry.)

Share this post


Link to post
Share on other sites

Thanks for all the response.

 

When you initially learn your banking site, all other accesses to webpages will be learned as well. Your RSS reader is running in the background during learning and does a sync? All those addresses are trusted now as well. Your browser pre-cached all the sites that can be found in your bookmarks or favorites? Those are now allowed to. You can now remove those sites manually if you want to.

 

The Domains I presented in #11 populated without ever having done anything in Banking Mode or its Learn process and everything discussed prior to that without ever having done anything in Banking Mode or its Learn process.  Every last one of them showed up all by themselves.  And if a site is removed, it will show up again.
 

In the meantime this is what I have discoverd this:

Do a complete uninstall/purge/re-install of OA, the very first time you see the System Status screen, immediately switch from Standard to Advanced mode.  This will greatly inhibit the addition of new items.  Switch back to Standard and things will start getting added again and returning to Advanced will not stop it.

I did this on Monday and as of this morning and after about 6-8 hours of accruded surfing this is what is in my Domains:

 


 

Needless to say I'll never evoke Standard mode again.  Which might be easier said than done.
 

All this however doesn't change the fact that Banking Mode as a whole doesn't play well with modern websites. The idea of cloud computing and the wide use of CDNs will still mess with Banking Mode a lot, as the fundamental idea behind it is that you can determine which server you will talk to not only now but also in the future when doing your banking business, which simply isn't true nowadays.

 

I remember having a back-and-forth with you about this a while ago.  I agree with you 100% which is why I was surprised to see Banking Mode still present in v7.  Banking Mode never figured into this discussion but only with what was going on in Domains.  And that has always been the most confusing aspect in OA Premium:  Domains in Banking Mode and Domains in not-Banking Mode.  Now it's frustrating as well.
 

Share this post


Link to post
Share on other sites

Dallas, can we get some Debug Logs from Online Armor showing you removing these rogue entries and them reappearing?

You may already know how to enable Debug Mode, but here's the instructions just in case; Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

Note that RapidShare and BayFiles have been having issues lately, and we may not be able to download the files from them. If you have DropBox, Google Cloud Storage, or Microsoft SkyDrive then those services would be more reliable. Also, you can attach files to private messages on these forums, and I would believe the limit is up to 128MB, so if the file is smaller than 128MB then you can just attach it to a private message to me on these forums.

Share this post


Link to post
Share on other sites

Not sure If it could be helpful, but I can confirm that once the user has cleared the list, OA automatically keeps adding entries to the Domains list - you just need to wait and surf the Internet.
 

Share this post


Link to post
Share on other sites

Not sure If it could be helpful, but I can confirm that once the user has cleared the list, OA automatically keeps adding entries to the Domains list - you just need to wait and surf the Internet.

The only time it should do that is when you are learning safe websites for Banking Mode.

Share this post


Link to post
Share on other sites

Let me confirm Nick's statement. OA automatically adds entries to the domains list during surfing the internet (e.g. google (with all the sub-domains), and domains that I definitely would not rate as trusted, e.g. doubleclick, youtube...).

 

So, there is an issue which needs to be solved, soon.

Share this post


Link to post
Share on other sites

So, there is an issue which needs to be solved, soon.

It is not a bug but a behavior that is working as intended and the way it has always worked in the past, you were just never able to see it. Here is the deal of why these domains are added:

The way Online Armor Banking Mode works is that it explicitly trusts servers, not domains. This distinction is important, as otherwise all financial malware using IPs instead of domains would be able to connect to its C&C server just fine for example. The problem nowadays is, that one server hosts thousands of websites, often unrelated. I give you an example:

Online Armor, even in Banking Mode, trusts emsisoft.com because it needs to be able to contact that domain for certain aspects of the software to work. Part of our domain is dl.emsisoft.com, which the alias name of the CDN we use. However, we don't have our own CDN. Instead we use the services of a specialized CDN provider. Other companies use the same CDN provider. Two of these companies are Malwarebytes and SuperAntiSpyware. That means that both cdn.superantispyware.com as well as data-cdn.mbamupdates.com will refer to the same CDN provider we use, which means that more then likely when you contact either of these 3 completely different domains, you end up at the same server with the same IP.

So how is that relevant? Remember that I said Online Armor trusts servers, not domains? Well, Online Armor knows that the server behind dl.emsisoft.com is trustworthy, so since cdn.superantispyware.com and data-cdn.mbamupdates.com point to the same server they must be trustworthy as well. To avoid unnecessary checks all the time, Online Armor will remember that fact and adds both domains as trust worthy as well and from now on pays special attention to both of them.

What does this special attention look like? Well, Online Armor will start to pay attention which servers are behind those domains. Since you trust that domain, you trust those servers and since IP addresses change all the time, it means Online Armor has to look out for new servers behind those trusted domains. The result is a seemingly endless cycle between Online Armor learning new servers/server IPs and Online Armor learning new domains served by those servers.

I am convinced to any outsider this behavior will sound completely insane and to be honest with you, in todays web world it kind of is. But the feature was designed at a time, where all this made sense and it to some degree still does, because banks used and still use randomized domains to make it harder to intercept traffic or write reliable web injects for example. The initial idea however, that one server (or better: the infrastructure behind a single IP) is owned and used by a single company, is no longer valid, causing these issues to appear.

Unfortunately there is no way for us to just fix it, as there is no way to make it compatible to the modern IT infrastructures used by the majority of all companies and still keep the basic functionality. We could just remove it and that has been an idea we toyed around with, especially given that not only the web landscape but also the threat landscape has changed dramatically over the years, but we decided to instead try to make the behavior more transparent. That being said, you won't see a dedicated Banking Mode in the upcoming integrated Internet Security Suite product, for exactly those reasons. We just didn't want to strip away that feature from Online Armor just yet.

  • Upvote 1

Share this post


Link to post
Share on other sites

FYI & reiterate: Up to and including my #17 post on 10/23 I never engaged Domanins' Learn function. 

 

Quoting meself: "Do a complete uninstall/purge/re-install of OA, the very first time you see the System Status screen, immediately switch from Standard to Advanced mode.  This will greatly inhibit the addition of new items.  Switch back to Standard and things will start getting added again and returning to Advanced will not stop it."

Just to make sure, I repeated this on 10/25 and observed the same behavior.

As of that point in time with hopefully the last re-install, I've been working with OAP in Advanced and Banking modes only.

(FYI: prior to v7, I had always had 12 Protected domains only in the Domains pane with Ignore enabled under the Options tab for a very long time.  Nothing ever showed up by itself.)

I performed a Learn for four financial sites I've been using for several years and pretty much re-created the Protected domains I had in v6.  I removed everything else and have conducted business on three of the sites twice and the other once.

In the screen shot, one can see that as of today a mutlitude of domains have shown up while in Banking and Advanced Modes without any interaction from me except for moneypak which I added manually.  Some have no relation to the financial sites (i.e. avast, mbam).  Every one of the domains I've blocked showed up after using Banking Mode.  Except for v2cdn.net (Edgecast) having arrived today, working in the financial sites has not been affected by the blocks.

So, in V7 I now have to:
1) Make sure I never accidentally hit Standard Mode when switching out of Banking Mode.
2) Without a History for Domains, painstakingly monitor for any new stuff showing up and determine its status for block or trust.

As for 2, I had to do this just a little while ago for v2cn.  There is no reason I can justify why Edgecast needs a hit while I'm banking.  Same for ebay or liveperson or chat.anywhere or... well, you know.

Fabian, let me ditto blues' sentiment in #16 above.

Arthur, I'd rather you folks work on blowing away Banking Mode/Domains in v7.next than with Debug Logs.  Spending time on the latter is futile anyhow considering Fabian's detail.

You can close out Ticket ID #MIU-607-43517, too.

In closing, since the Tall Emu era I haven't found anything which rises to the level of Online Armor Premium - well, OA++ actually.  Not having researched anything in this arena for over a year, I now ponder instead of renewing licenses on 10/21 for two systems I should have looked for something else - an undertaking I do not relish.  Having an app issue a Trust, regardless of its perceived or acclaimed innocence, without my intervention is something I relish even less, let alone paying for it.  Save for the granularity of bending Firewall rules to my will, why then shouldn't I run Free in full time Standard Mode?  Oh yeah, it trusts Google, You Tube and just about everything esle on the Web.

Thanks again and Best Regards to all!

 

Share this post


Link to post
Share on other sites

FYI & reiterate: Up to and including my #17 post on 10/23 I never engaged Domanins' Learn function. 

 

Quoting meself: "Do a complete uninstall/purge/re-install of OA, the very first time you see the System Status screen, immediately switch from Standard to Advanced mode.  This will greatly inhibit the addition of new items.  Switch back to Standard and things will start getting added again and returning to Advanced will not stop it."

I would believe Fabian explained this when he said the following:

Online Armor, even in Banking Mode, trusts emsisoft.com because it needs to be able to contact that domain for certain aspects of the software to work. Part of our domain is dl.emsisoft.com, which the alias name of the CDN we use. However, we don't have our own CDN. Instead we use the services of a specialized CDN provider. Other companies use the same CDN provider. Two of these companies are Malwarebytes and SuperAntiSpyware. That means that both cdn.superantispyware.com as well as data-cdn.mbamupdates.com will refer to the same CDN provider we use, which means that more then likely when you contact either of these 3 completely different domains, you end up at the same server with the same IP.

So how is that relevant? Remember that I said Online Armor trusts servers, not domains? Well, Online Armor knows that the server behind dl.emsisoft.com is trustworthy, so since cdn.superantispyware.com and data-cdn.mbamupdates.com point to the same server they must be trustworthy as well. To avoid unnecessary checks all the time, Online Armor will remember that fact and adds both domains as trust worthy as well and from now on pays special attention to both of them.

Basically, what Fabian was trying to explain was this; Online Armor has a built-in list of trusted domains. One of those of course being emsisoft.com, and since some of the aliases (represented as subdomains of emsisoft.com) may resolve to a server (or more than one server) that other domain names resolve to, those domain names will automatically be trusted by Online Armor since they also resolve to a trusted server. Obviously there are more than two other vendors who use the same CDN we do, and obviously there would be more than two domains that automatically get added like this.

Online Armor worked this way before the v7 update, it's just that you couldn't see these domains being added and you couldn't remove them. The update added transparency, so you can now see the process happen.

Share this post


Link to post
Share on other sites

The changes to the "Domains List" in Banking Mode now in version 7 are ridiculous. If I want my system to trust a server or a domain, I'll tell it which ones to trust! This new development in version 7 where normal surfing adds entries such as, c.atdmt.com, or view.atdmt.com is totally unacceptable in my opinion. Why green light one of the worst tracking cookies in the history of the internet? I mean I cannot imagine why the developers thought this was a good idea to implement. If Banking Mode poses that much of a problem in today's landscape, or even the threat-scape, then I would prefer you just do away with the module. Granular controls are not for everyone. If your goal is to make this product mainstream, that too is a mistake. If I wanted software that did things for me I'd buy Trend Micro or Norton for half the cost. With these new changes to version 7, this software may as well be one of the placebos I just mentioned. My license expires in 31 days. You got 31 days or I'm out!

 

Sincerely,

 

KRW

 

P.S. The image attached shows new entries added just from navigating to this site. Not very smart gentlemen and a definite deal breaker as you will learn rather quickly!

Share this post


Link to post
Share on other sites

This new development in version 7 where normal surfing adds entries such as, c.atdmt.com, or view.atdmt.com is totally unacceptable in my opinion.

Again, this is not a new development. This is the way banking mode has been working since its inception in one of the very first Online Armor versions and is done for the aforementioned reasons.

Share this post


Link to post
Share on other sites

Fabian,

 

I disagree! When online, all webservers are added and trusted to the domain list no matter what. Online Armor isn't even in "Banking Mode" when these domains or servers are added! The program won't block connections to Google-Analytics, or any other data miner I once kept at bay with Online Armor. So I beg to differ, this is a new development and a horrible one...  In addition, banking mode in version 5, and version 6 for a little while, didn't allow any traffic not on the allowed list. If you forgot to turn off Banking Mode back then, you could not get online. So I have no clue what you're talking about when you say this has always been this way and the only difference now is you can see the domains... NOT! This product was once head and shoulders above the rest. Those days are gone!

Share this post


Link to post
Share on other sites

Fabian,

 

I disagree! When online, all webservers are added and trusted to the domain list no matter what. Online Armor isn't even in "Banking Mode" when these domains or servers are added!

 

Hello krw,

 

it looks like your Online Armor is or was in Learning Mode while surfing the net. Be sure the Learning mode is only enabled if you need this feature.

Share this post


Link to post
Share on other sites

So to my aging and non technical mind, it would seem that as OA trusts servers not domains, any "nasty" web site could use that server with impunity whether in BM or not?

Share this post


Link to post
Share on other sites

So to my aging and non technical mind, it would seem that as OA trusts servers not domains, any "nasty" web site could use that server with impunity whether in BM or not?

The idea is that a trustworthy domain would not be on the same server as an untrustworthy domain, however it has been known to happen. Certain server hosting companies do not enforce their server hosting policies.

Share this post


Link to post
Share on other sites

No Online Armor was not, and is not, in Learning mode. And in today's threat scape, why would you assume and untrustworthy source would not infiltrate a trustworthy one? Isn't that happening as we go back and forth here with Warez? That was posted in the Emsisoft Newsletter for November. The servers Online Armor is trusting return after deleting them. Furthermore, they are predominantly ad servers, and data miners and you're still saying this is normal behavior? Please guys, don't insult me. I didn't insult you. I am just a concerned paying customer who is pissed off because I can't get a straight answer! Perhaps you should provide links to the last stable 6 version for those of us who disagree. At this moment, I am glad that I never include security software in my system images. People who develop security software have a tendency to make mistakes and then defend them just like you're doing now. It makes it easy to evaluate and switch products. Something more customers should get in the habit of doing I believe. As with my previous post regarding this subject, the image attached shows servers that have added themselves to the domain list during navigating to this website without asking. Once here, I blocked everyone of them and I was still able to post this replay. Still think Online Armor isn't broken?

 

 

Krw

Share this post


Link to post
Share on other sites

And in today's threat scape, why would you assume and untrustworthy source would not infiltrate a trustworthy one?

If someone hacks your online banking server, it is game over anyways. So that isn't part of the threat model.

The servers Online Armor is trusting return after deleting them.

Which is normal and has been the case since the very first versions that introduced banking mode.

Furthermore, they are predominantly ad servers, and data miners and you're still saying this is normal behavior?

Yes, it is. The system doesn't discriminate. It has no concept of ad servers or data miners. It just cares about the infrastructure used. If Microsoft uses Akamai and the ad servers use Akamai as well, then those ad servers will be added and always have been added in the past as well.

I am just a concerned paying customer who is pissed off because I can't get a straight answer!

You got a straight answer a year ago and you got a straight answer now. We explained in great detail how the feature has worked in the past and continues to work now. We also gave the reasons why it was designed that way.

Perhaps you should provide links to the last stable 6 version for those of us who disagree.

We don't support any previous versions of Online Armor. Therefore we don't provide old setups. There are several download sites out there that do however. For example:

http://www.filehorse.com/download-online-armor-free/

Always make sure you check the digital signature before you install a setup from a third party site. All our setups are digitally signed. If the setup you downloaded isn't, it means it is not the original setup or has been manipulated by a third party. However, installing Online Armor 6.0 or even one of the 4.x or 5.x releases will make no difference to how banking mode behaves at all. Online Armor will still trust those servers you complain about autonomously. You just won't see them in the list.

Once here, I blocked everyone of them and I was still able to post this replay. Still think Online Armor isn't broken?

None of those servers are used by the forum. So why shouldn't you be able to reply? However, unless you excluded EAM from OA, you may find that EAM has trouble updating sometimes as you blocked some parts of the CDN we use to distribute updates.

Share this post


Link to post
Share on other sites

Here is proof that blocking the servers on the list did not stop EAM from updating! Anyway, good luck because now even if you did fix the Banking Mode module I would still leave your products behind.

 

Krw

Share this post


Link to post
Share on other sites

Here is proof that blocking the servers on the list did not stop EAM from updating!

I never claimed that it is going to stop working. I said it may cause troubles. Primarily because you blocked the server that the CDN chose for you as being the best for your type of connection and location, meaning you will use a server that isn't optimal, resulting in slower download speeds for example.

Share this post


Link to post
Share on other sites

Now that I have moved past my anger I would like to leave you with some truth to consider. There are two kinds of security packages on the market today for end users. Totally automated products, and granular control products. The difference in the two types is simple as you know... Automated products are less effective detecting infections and rarely break any websites. Granular control products are effective in proactively detecting infections but almost always break a website or two. So it is safe to say that users who chose granular control products are ok with not seeing a flashing ad on a webpage, or having to tweak a setting to log-into something, and gladly trade that for a higher security standard.

 

I have yet to see a security product combine both of those principles successfully. It is either functionality, (Automated), or security (Protected). In fact, if you achieved the merging of the two package types, Microsoft would buy you out immediately and you could write your own ticket. However, there is something you must consider before embarking on such a quest. Where do your customers go while you experiment? For instance, MSN is my homepage because I had no need to change it from being the default. Prior to version 7, arriving at my home page I saw a blank spot in the top right section that just said, "advertisement". However, the ad did not display! Now with the so called moot changes to version 7, or transparency of the process as you refer to it, that ad is lifelike and takes up 1/4 of the page. In fact today, it is an "Overstock" clearance ad that I assume is from "Overstock.com". So you understand why I disagree vehemently when I say that this product has not always worked like this, adding CDN's to the domain list in the dark on it's own. And if it was intended to work like that, then it has been broken for a long time which now we know turned out to a be a positive thing. 

 

Another thing you need to consider is how you service your customer base in the mainstream product arena if that is the chosen direction for Emsisoft. Mainstream manufactures stock shelves in stores here in the US like Staples, or the Microcenter. They also provide telephone tech support, not just forum tech support. And lastly, those products are half the cost retail here in the US. I can buy this week for example, a three pack of ESS for $29.95 US despite the manufacture's website selling the product for $59.99. You must remember that the majority of your customer's are better versed in technology than 99% of average users. I believe that is why we bought your software in the first place! So the fact that you decided to abandon your customer base with your decision to add CDN's automatically is disappointing to say the least, but directly responsible for my own personal exodus and most likely, countless others, in time as well. Functionality or security, I chose security and this is no longer that...

 

Good luck,

 

Krw

Share this post


Link to post
Share on other sites

Here is an image of the CDN's (Content Delivery Network) servers used by Windows update on a 64-bit Windows 7 system if that makes a difference which I doubt. Once these CDN's added them selves to OA"s domain list, they were then blocked. A check for updates was executed with the Windows Update CDN's blocked in OA, and the check for updates still complete successfully. I just thought I would share that one last thought...

 

Thank you

 

Krw  

Share this post


Link to post
Share on other sites

Now with the so called moot changes to version 7, or transparency of the process as you refer to it, that ad is lifelike and takes up 1/4 of the page. In fact today, it is an "Overstock" clearance ad that I assume is from "Overstock.com".

Did you actually block the domain that serves the ad? If not, your entire observation is moot. Also keep in mind that if the ad is delivered via HTTPS, it is not blocked at all. The blocked domain feature is incapable of blocking access through HTTPS. Always has been.

 

Another thing you need to consider is how you service your customer base in the mainstream product arena if that is the chosen direction for Emsisoft. Mainstream manufactures stock shelves in stores here in the US like Staples, or the Microcenter.

You can actually buy EAM in various US retail and online stores.

 

They also provide telephone tech support, not just forum tech support.

We don't provide forum tech support only either. You can find all support options here:

http://www.emsisoft.com/en/support/contact/

The vast majority of our customers prefer support through our helpdesk system or email.

 

And lastly, those products are half the cost retail here in the US. I can buy this week for example, a three pack of ESS for $29.95 US despite the manufacture's website selling the product for $59.99.

Oh, you mean like this one?

 

You must remember that the majority of your customer's are better versed in technology than 99% of average users.

Sorry, but our customer data and surveys disagree with you. The vast majority of our users (more than half to be a bit more precise) is male, older than 60, and has pretty much no clue about computers what so ever. Online Armor specifically has always been advertised as a firewall for moms and dads, even back in the Tall Emu days.

 

I believe that is why we bought your software in the first place!

This may be why you bought the software, but you are in no way representative of our average user base.

 

A check for updates was executed with the Windows Update CDN's blocked in OA, and the check for updates still complete successfully.

Windows update communicates via HTTPS only. HTTPS connections are not filtered by the domain blocker. So no matter what you block there, it will have no influence on your ability to perform Windows updates.

Share this post


Link to post
Share on other sites

There is a big difference between a retail store and an online retailer and EAM has never been on the shelf of any retail store in my area, ever!

 

You don't have telephone tech support!

 

And I find it funny that my renewal had a price of $67.46. But promotional costs you give to new users? Way to go... That's great customer loyalty!

 

I find your customer research surprising. Perhaps that explains why I am the only person here calling you out!

 

And lastly we finally agree on something, "The Domain Blocker Doesn't Work!

Share this post


Link to post
Share on other sites

There is a big difference between a retail store and an online retailer and EAM has never been on the shelf of any retail store in my area, ever!

It depends on the area you live in I guess. I am not a sales person, so I can't give you names of US retailers that sell our products, but there are a few. However, if you are interested I can ask the sales guys for a list of US stores selling our products.

 

You don't have telephone tech support!

I never claimed we have. However, you said we provide just forum support, which isn't true.

 

And I find it funny that my renewal had a price of $67.46. But promotional costs you give to new users? Way to go... That's great customer loyalty!

That isn't our promotion. It's the promotion of one of our resellers. The way these deals work is that the reseller buys a large amount of licenses in bulk, which obviously gets him some leverage when it comes negotiating the price with the company that he can use to get some huge discounts. He then just resells the licenses with a small profit for himself, essentially handing the discount he got from the vendor down to the customer. That is how every large retail market like Walmart for example works.

 

And lastly we finally agree on something, "The Domain Blocker Doesn't Work!

I never said that domain blocking doesn't work. I said that the domain blocker can't block web pages that are using HTTPS. That is a deliberate design decision. We need to be able to look into the HTTP request to figure out whether or not to allow it. HTTPS however encrypts the request, so there is no way for us to look into it. There are ways to look into HTTPS traffic, but those essentially mimic man in the middle attacks and subvert some of the core security features of HTTPS (like the fact that HTTPS lets you verify the server you are connecting to is the server you expect to connect to for example), which is why we don't do it.

Share this post


Link to post
Share on other sites

Fabian said

"Sorry, but our customer data and surveys disagree with you. The vast majority of our users (more than half to be a bit more precise) is male, older than 60, and has pretty much no clue about computers what so ever. Online Armor specifically has always been advertised as a firewall for moms and dads, even back in the Tall Emu days"

 

As a 74 year old male retiree, I originally bought from Tall Emu OA because it was advertised for moms and dads. And I have to say that I have the feeling that it has become more complicated than it used to be, possibly because of all the previous discussions about Banking Mode and also this topic.

 

Many moons ago I posted a topic about being able to access a variety of web sites while still in BM, as it was promoted as only allowing access to that specific site. With the above discussion, it would appear that this is no longer so because of the server trusts as opposed to the site trust. Or is my impression wrong, and I am prepared to accept that it is. I haven't tested it recently.

 

The sudden appearance of the previously hidden domains caused me some confusion also, and I personally don't see the need for them to be seen now as it makes finding the ones I want to find more time consuming - aging eyes and all that :)

 

My overall emotional feeling is that I no longer underststand OAP, with less of a feeling of internet security that I originally had.

I'm not saying that it is a poor program, just that the old glowing feeling of safety has dimmed somewhat.

 

Just my feed back about how I feel and not trying to hi-jack the thread.

Share this post


Link to post
Share on other sites

As a 74 year old male retiree, I originally bought from Tall Emu OA because it was advertised for moms and dads. And I have to say that I have the feeling that it has become more complicated than it used to be, possibly because of all the previous discussions about Banking Mode and also this topic.

I agree that most moms and dads will have a rather hard time using Online Armor since version 3.0 or so when the HIPS was first introduced and when the original Online Armor developers decided it would be a good idea to try to block everything that could potentially be misused by malware instead of limiting themselves to techniques malware actually uses. The former will look good in leak tests like the ones performed by Matousec and other sites, but it leads to very poor usability as in the end the person sitting in front of the PC has to deal with all those popups. We hope to rectify that in the upcoming security suite product.

 

Many moons ago I posted a topic about being able to access a variety of web sites while still in BM, as it was promoted as only allowing access to that specific site. With the above discussion, it would appear that this is no longer so because of the server trusts as opposed to the site trust. Or is my impression wrong, and I am prepared to accept that it is. I haven't tested it recently.

The reason why you were able to access sites in banking mode although you never allowed them is usually because of two reasons:
  • Browser these days are a lot more clever then they used to be. Since everyone is looking for the fastest browser experience possible these days and traffic is less of an issue then it used to be, they will do anything they can do to speed up your experience. Most browsers have this neat little page when you open a new tab that shows you the sites you visited most often. This isn't solely for your convenience though. What happens in the background is, that your browser will start pre-loading those pages, as in your browser's mind you are likely to visit them next. The same is true for all sites in your browser bookmarks or favorites, which trigger similar pre-loading behaviors when you start your browser. Usually this isn't a big deal, however if this pre-loading happens while you are learning a new banking site, Online Armor will see those pre-loading requests and assume that those requests are necessary for the banking site to work properly. What made matters worse is the fact that these implicit rules created during the learning phase were hidden from the rules list, so you had no idea they were there and you had no chance of removing them manually once they were added without resetting your entire configuration.
  • The second issue is introduced by the arrival of cloud computing in recent years that resulted in a lot of sites sharing a common infrastructure. Since banking mode is all about trusting infrastructures, trusting the infrastructure of one site can result in trusting potentially thousands of sites. Services like CloudFlare for example allow you to use their infrastructure to speed up your sites' loading time considerably and protect it from DDoS attacks for very affordable prices. Private users can even use it for free. The catch though is, that requests to your site are now partially handled by the CloudFlare infrastructure and if you trust a site that uses CloudFlare, you will pull in that infrastructure as well.
The first issue can be easily fixed by just no longer hide any implicit rules created by Online Armor during the learning process. The second issue however, can't be fixed. At least not without completely redesigning the banking mode experience. When you look at what other vendors do in their banking specific modes you will see that the way it works there is that they usually provide a dedicated, hardened browser application you can use. The problem is, that this protected and hardened browser is the default option for Online Armor already, as the HIPS will block applications from messing with other processes very effectively. No special browser needed. That is why we decided to make the banking mode and its rules more transparent

 

The sudden appearance of the previously hidden domains caused me some confusion also, and I personally don't see the need for them to be seen now as it makes finding the ones I want to find more time consuming - aging eyes and all that :)

I agree that the current GUI does a poor job at explaining to the user what is going on. A few filters to just hide entries created automatically or a new column that states why the domain was added may come in handy. We will keep it in mind for the next version.

Share this post


Link to post
Share on other sites
"The same is true for all sites in your browser bookmarks or favorites, which trigger similar pre-loading behaviors when you start your browser. Usually this isn't a big deal, however if this pre-loading happens while you are learning a new banking site, Online Armor will see those pre-loading requests and assume that those requests are necessary for the banking site to work properly."   So why does OA not ignore the pre-loading requests if they are not needed, and so reduce the purpose of Banking Mode's security. It would apear that the assumtion is wrong.

The following is taken from the Emsisoft site, and in light of what you say about pre-loading, appears (to my simple mind) to be untrue, in particular the bit I have highligted in red.

Additional bonus: Online Banking Mode

While it is extremely convenient to use your computer for banking and other online transactions, it does have the potential to be very dangerous. Online Armor addresses these worrying risks with its unique and extremely secure Online Banking Mode. In this mode the computer can only connect to self-authorized online banking sites, while no other sites, including phishing sites, can be accessed. To enable this feature you need only supply the correct web-address of your own bank/financial institution. Using the integrated Online Armor Browser, online banking can then be carried out absolutely risk free.

 

You say  "I agree that most moms and dads will have a rather hard time using Online Armor since version 3.0" yet also say that it has always been promoted for just those people!

 

I am now totally confused about all of this. :(

Share this post


Link to post
Share on other sites

So why does OA not ignore the pre-loading requests if they are not needed, and so reduce the purpose of Banking Mode's security.

Because there is no way of telling whether a request was made by the browser as part of some pre-loading mechanism inside the browser or by the user. The requests made are indistinguishable from each other.

The following is taken from the Emsisoft site, and in light of what you say about pre-loading, appears (to my simple mind) to be untrue, in particular the bit I have highligted in red.

Pre-loading when using banking mode is not an issue. It is an issue during the learning phase. The way banking mode works is that you first add your banking site to the domain list. Then you right click the site and learn it. Online Armor will then open the banking site inside a special browser window and watches you interact with the site. It tries to figure out which servers are contacted and must be allowed in banking mode so you are able to interact with your banking site normally when banking mode is engaged. Internally the Online Armor browser window uses Internet Explorer. Depending on the version of Internet Explorer on your system, that browser window will show the same pre-loading behavior as the normal Internet Explorer. That means once the window pops up, it starts pre-loading your favorites and commonly visited sites whereby each pre-load request looks exactly like a request made by the user. As a result, all those sites will be allowed as well. In the past you couldn't see those sites that were added, but now you can. So if pre-loading causes sites to be added by accident you can remove them.

Share this post


Link to post
Share on other sites

Appologies for my mistake - it should have read  " So why does OA not ignore the pre-loading requests during learning if they are not needed, and so (potentially?) reduce the purpose of Banking Mode's security" :( [Note to self - preview the post before posting it :) ]

 

I'm making a possibly big assumption here - CCleaner can remove what it calls "pre-fetch data", so my assuption is that it is the same as what you refer to as pre-load.

If CCleaner can find it, shouldn't OA find and ignore it during learning mode?

Now that's showing my ignorance about how things work :)

 

"So if pre-loading causes sites to be added by accident you can remove them."

 

Where/how would I find the "accidentally added sites" in order to remove them from the Banking Mode facility, and is the security of BM compromised because of those sites being included?

 

I am trying to learn and understand by asking the questions, as opposed to making criticisms as that is not my intention.

Share this post


Link to post
Share on other sites

I'm making a possibly big assumption here - CCleaner can remove what it calls "pre-fetch data", so my assuption is that it is the same as what you refer to as pre-load.

If CCleaner can find it, shouldn't OA find and ignore it during learning mode?

Now that's showing my ignorance about how things work  :)

The pre-fetch data has nothing to do with web browsing. There is no way to distinguish a pre-load request from a normal request initiated by the user. If there was a way, we would have added it.

 

Where/how would I find the "accidentally added sites" in order to remove them from the Banking Mode facility, and is the security of BM compromised because of those sites being included?

If you notice you are able to access a site that you don't want to access during banking mode, just go to the Domains list and delete the entry. Whether or not it is a security risk is debatable. I would argue that most users trust the sites they have in their bookmarks anyways, as otherwise they would have never bookmarked them in the first place. So being able to access them with banking mode engaged may not be a big deal for them. However, I am sure there are plenty of users who will disagree.

Share this post


Link to post
Share on other sites

The pre-fetch data has nothing to do with web browsing. There is no way to distinguish a pre-load request from a normal request initiated by the user. If there was a way, we would have added it.

 

 

If you notice you are able to access a site that you don't want to access during banking mode, just go to the Domains list and delete the entry. Whether or not it is a security risk is debatable. I would argue that most users trust the sites they have in their bookmarks anyways, as otherwise they would have never bookmarked them in the first place. So being able to access them with banking mode engaged may not be a big deal for them. However, I am sure there are plenty of users who will disagree.

 

There, I said I was showing my ignorance    lol

 

I can access Hotmail, Yahoo.au and some other sites, but oddly enough not this forum :)

Share this post


Link to post
Share on other sites

Fabian,

 

I purchased your software based on results from Virus Bulletin 100 last year. At that time, EAM was at the top of the RAP test. I have attached the recent RAP test results as they appear for February through August 2013. EAM is no longer at the top of the list. Now, you can defend your changes any way you like but the reality is, Emsisoft is quite different than it was this time last year. In addition, one of my systems still had OA version 6 because auto update was disabled. An update was performed and that system too experienced adding every CDN it came in contact with on the web to the domains list. With that, I discovered the update process did not go quite correctly where add remove programs still showed OA as version 6 after updating to 7. A complete uninstall and reinstall corrected the addition of every CDN being added to the domains list. However, it still adds 5 or 6 CDN's which I am dead set against. If I want my system to trust a CDN in Banking Mode, I'll tell it which one's it can trust! And why these CDN's get added when the system isn't even in Banking Mode is beyond me. No matter what you say to me, there is no logical reason for this behavior.

 

krw 

Share this post


Link to post
Share on other sites

I purchased your software based on results from Virus Bulletin 100 last year. At that time, EAM was at the top of the RAP test.

I assume you are referring to this RAP test 2 years ago? If so, you will notice the red color coding of our name. That means that during that time period we were only tested once as we didn't pass the other tests due to false positives. Comparing a single result with averages of multiple results that are part of a test series in general is a bad idea as every statistician will attest. Outliers happen.

 

Now, you can defend your changes any way you like but the reality is, Emsisoft is quite different than it was this time last year.

I fail to see what it has to do with Online Armor or the banking mode, as both have nothing to do with on-demand, purely signature based tests.

 

In addition, one of my systems still had OA version 6 because auto update was disabled. An update was performed and that system too experienced adding every CDN it came in contact with on the web to the domains list. With that, I discovered the update process did not go quite correctly where add remove programs still showed OA as version 6 after updating to 7.

In general the info in the add/remove program screen will always reflect the version that was installed by the setup, as only the setup creates those information in the registry. It is not updated during an online update, as there is no easy way to do so unless you want to just force the user to run a "real" setup again. We are considering removing the version info in the uninstall entry entirely, as quite a few users find it confusing. However, the wrong version number is a purely cosmetic issue and has no influence on OA's or EAM's performance whatsoever.

 

And why these CDN's get added when the system isn't even in Banking Mode is beyond me. No matter what you say to me, there is no logical reason for this behavior.

There are very logical reasons for that. Online Armor needs to keep track of domains that are allowed in banking mode even when banking mode isn't engaged due to the way networking in Windows, in particular the domain name resolution, works. Imagine we have 2 domains, news.com and banking.com. In our example banking.com is your banking site, that you want to be able to access during banking mode. News.com however you just visit regularly, but since it has nothing to do with your online banking, it's not allowed in banking mode and you expect to not be able to access it once banking mode is engaged.

So what happens when you type in news.com into your browser? Well, in the simplest case your browser will go to your DNS server and ask him, what IP news.com has. It then connects to the IP and requests the web page. Simple and straight forward. But like every good news site, news.com will have hundreds of pictures on their front page. Asking your DNS server for every picture what news.com's IP address is would be a waste of time, so what browsers do is, they cache that result. That means your DNS server is only queried once what the IP of news.com is and your browser will just remember it for a certain period of time.

That poses a problem. Imagine you visit news.com because you check your news first thing every morning. Then you engage banking mode, because you want to pay some bills next. In that scenario, your browser will still know the IP of news.com and since it won't ask the DNS server again, there is no request we could block to prevent it from accessing it. So essentially at that point, if banking mode was only looking at blocking domain names, it would be game over right there. In addition, a lot malware will not use domain names. They use IPs instead. Clearly such a protection alone won't protect you from financial malware that accesses its command and control server directly via its IP address.

So in addition to that domain aspect of banking mode, there is also an IP based filter at play. Essentially once you engage banking mode, Online Armor will prevent all connections to IPs that aren't considered trustworthy. But how does it know which IPs to trust? Well, it does it by watching the DNS traffic. If you send a DNS request for an allowed domain, Online Armor will look at the result and add the returned IP addresses to the list of trustworthy IPs. So when you look at our example above, you first visit news.com, then engage banking mode, and then try news.com again, you won't be able to visit news.com, because although your browser knows the IP of news.com, Online Armor won't allow your browser to connect to that IP. However, if you visit banking.com with banking mode engaged, Online Armor will see the DNS request for banking.com and allow it, then sees the result of that request and adds the returned IP addresses to the trusted list, essentially allowing your browser to resolve and connect to banking.com.

But there is still a caveat. What if for some reason the DNS request for banking.com doesn't take place during banking mode, but before? Maybe you clicked your online banking bookmark before turning on banking mode for example. If that DNS watching aspect of banking mode was only enabled if banking mode was actually engaged, Online Armor would have missed the DNS request for banking.com, which means its IP addresses were never added to the trusted list, and since your browser won't send a DNS request again, you end up being unable to access banking.com with banking mode enabled.

The fix for that is obvious. The DNS watching aspect of banking mode is enabled all the time. That means, even if banking mode is off, Online Armor will still watch all your DNS requests, constantly looking out for domains that you trust and want to be accessible in banking mode, constantly populating the list of trusted IPs just in case you decide to enable banking mode later.

Now you know, in a nutshell, what banking mode does exactly. But it still doesn't explain why those CDNs are added out of the sudden. Well, at the very beginning when I explained what happens when you type in news.com in your browser I mentioned that that was the simplest case. DNS is a very complex beast at times. For example, instead of returning an IP address, a DNS request may just as well return a different domain name (so called CNAME). To get from a hypothetical level to a more practical level, let's just look at one popular US bank. These are the DNS results from www.bankofamerica.com:

 

> set type=ANY
> set class=IN
> www.bankofamerica.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
www.bankofamerica.com   canonical name = wwwui.ecglb.bac.com
In that case, the DNS server returned that that domain doesn't point towards an IP address, but towards a different domain. So www.bankofamerica.com actually points to wwwui.ecglb.bac.com. What your browser does next is, that it will resolve wwwui.ecglb.bac.com instead. But if only trustworthy domains are allowed to resolve, that resolve would fail, unless Online Armor adds that domain to the list of trusted domains. That list of trusted domains based on DNS results was hidden in the past, but they are now visible. That is exactly why you suddenly see those strange, CDN related domains appear as trusted in the domains list.

Of course you can chain CNAMEs. So a domain can point to a different domain, that in turn points to a third domain. Take dl.emsisoft.com for example, which Online Armor is hard coded to trust:

 

>
> dl.emsisoft.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dl.emsisoft.com canonical name = wpc.AC4D.edgecastcdn.net
> wpc.AC4D.edgecastcdn.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
wpc.AC4D.edgecastcdn.net        canonical name = gs1.wpc.v2cdn.net
> gs1.wpc.v2cdn.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
gs1.wpc.v2cdn.net       internet address = 93.184.221.133
Those domains may look quite familiar to you, as you find it on your list as well. They were added when Online Armor watched itself or EAM update. DNS can also return multiple CNAMEs for the same domain, allowing for a primitive form of load balancing, as the browser picks one at random. DNS may also send aliases back for optimization purposes. So the answer may include a field that says "oh, by the way, I am also known under this other name". All cases, that Online Armor needs to handle for banking mode properly.

So as you hopefully see, there are very logical reasons for Online Armor to behave the way it does. They just aren't obvious unless you know your way around the nitty-gritty network related details of modern websites.

If you are interested, you can use this site to get a quick peek into how DNS entries of a particular domain are set up:

http://centralops.net/co/DomainDossier.aspx?dom_dns=1

It's not complete, but gives a good overview about how CNAMEs are linked, what aliases are set up and so on.

  • Upvote 1

Share this post


Link to post
Share on other sites

"The DNS watching aspect of banking mode is enabled all the time. That means, even if banking mode is off, Online Armor will still watch all your DNS requests, constantly looking out for domains that you trust and want to be accessible in banking mode, constantly populating the list of trusted IPs just in case you decide to enable banking mode later."

 

But I don't want any domain other than my bank to be accessible during banking mode whether I trust them or not!

 

"Banking Mode

Banking Mode is designed to secure your online banking. When you enable Banking Mode, Online Armor will only allow your computer to connect to Trusted or Protected domains"

 

Why not only allow Protected domains?

ad.doubleclick.net is listed as trusted in the domains list. I didn't actively decide to trust it, so whyhow is it there?

 

As I mentioned in an earlier post, I can access Hotmail and Yahoo.au. but not this site, and I would rather trust this site than the other two, and certainly wouldn't want them to access my bank site.

 

"So when you look at our example above, you first visit news.com, then engage banking mode, and then try news.com again, you won't be able to visit news.com, because although your browser knows the IP of news.com, Online Armor won't allow your browser to connect to that IP. However, if you visit banking.com with banking mode engaged, Online Armor will see the DNS request for banking.com and allow it, then sees the result of that request and adds the returned IP addresses to the trusted list, essentially allowing your browser to resolve and connect to banking.com."

 

So how come some sites are allowed in BM, but not others?

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.