cutting_edgetech

Online Armor Webshield

Recommended Posts

Exactly what protection does Online Armor Webshield offer? Does it filter HTTP traffic like a traditional Antivirus would? Does it use a blocklist of malware domains?  How does it work?

The Web Shield has to be configured manually. It's purpose is to allow you to block domains you don't want your computer to contact via HTTP as well as protect critical domains your system uses from certain attacks like DNS poisoning. For further information you can check the documentation:

https://www.emsisoft.com/en/info/oa/Domains.shtml

The relevant statuses associated with the Web Shield are Protected and Blocked. No content scanning is done and we also don't provide a pre-populated blacklist of known bad domains.

Share this post


Link to post
Share on other sites

Fabian, I only have Web Sheild running in real-time, (despite it's not working within Sandboxie and its redundancy with other layers of protection in place), due to its BITS job protection.

 

Is it worth keeping it enabled for just this one particular feature if other web related activity is protected via other security layers?

 

Thanks in advance.  Always appreciated.  

Share this post


Link to post
Share on other sites

Is it worth keeping it enabled for just this one particular feature if other web related activity is protected via other security layers?

Malware using BITS is exceptionally rare. Plus, you always need to allow it to run first for it to be able to create the BITS job in the first place. So I doubt you will see any difference at all when disabling it.

Share this post


Link to post
Share on other sites

Thanks for the info Fabian! After reading the documentation it seems that the webshield still provides phishing protection for banking websites without any configuration on the user's part by checking the DNS against your bank's known good DNS. Will the webshield protect me from phishing attacks against my bank's website without me configuring the webshield? I think Online Armor's HIPS along with Appguard's policy based application isolation technology would prevent BITS attacks from ever occurring.

Share this post


Link to post
Share on other sites

Thanks for the info Fabian! After reading the documentation it seems that the webshield still provides phishing protection for banking websites without any configuration on the user's part by checking the DNS against your bank's known good DNS. Will the webshield protect me from phishing attacks against my bank's website without me configuring the webshield?

The WebShield is not well suited for combating phishing. First of all, you will have to tell it which sites to protect first by adding those domains as protected to the list manually. Second of all, it will only protect from DNS redirection attacks, which are almost extinct nowadays. The most common attack vector today is just manipulating the hosts file, which is blocked by Online Armor by default.

Protected domains are also inherently incompatible with DNS and location based load balancing. The general idea behind the feature is that our server will get the same reply via DNS that your computer does, which is no longer true for a lot of sites these days. Instead our server will get the IP of the server that is closes to its location while you will get the IP that is closest to your location, causing a false positive.

Share this post


Link to post
Share on other sites

From the link above  "

Each row is color coded to indicate whether the domain is set to Trusted or Protected (green), Not Trusted (salmon) or Blocked (red)"

 

For my education.

There is no option to "Not Trust" a domain. How can that be activated - if it can?

Share this post


Link to post
Share on other sites

I could be wrong, but I don't think there is an option to set a domain as not trusted. I think the only option is to Trust, Block, or Protect the domain as you have already stated. Maybe Fabian knows some way of doing this, but I do not think it is possible.  I always thought the only options really needed would be to Trust, Block, or Protect a domain. I'm not sure what the advantage would be to set a domain as not trusted. Do you think that option is needed?

Share this post


Link to post
Share on other sites

If it's not possible, then what is the point of having it listed under the "Legend" at the top of the Domain list, or even mention it in the help file?

 

Mind you, I have no idea what the effect of "Not Trusted" would be anyway lol 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.