Jump to content

Online Armor Webshield


Recommended Posts

Exactly what protection does Online Armor Webshield offer? Does it filter HTTP traffic like a traditional Antivirus would? Does it use a blocklist of malware domains?  How does it work?

The Web Shield has to be configured manually. It's purpose is to allow you to block domains you don't want your computer to contact via HTTP as well as protect critical domains your system uses from certain attacks like DNS poisoning. For further information you can check the documentation:

https://www.emsisoft.com/en/info/oa/Domains.shtml

The relevant statuses associated with the Web Shield are Protected and Blocked. No content scanning is done and we also don't provide a pre-populated blacklist of known bad domains.

Link to comment
Share on other sites

Fabian, I only have Web Sheild running in real-time, (despite it's not working within Sandboxie and its redundancy with other layers of protection in place), due to its BITS job protection.

 

Is it worth keeping it enabled for just this one particular feature if other web related activity is protected via other security layers?

 

Thanks in advance.  Always appreciated.  

Link to comment
Share on other sites

Is it worth keeping it enabled for just this one particular feature if other web related activity is protected via other security layers?

Malware using BITS is exceptionally rare. Plus, you always need to allow it to run first for it to be able to create the BITS job in the first place. So I doubt you will see any difference at all when disabling it.
Link to comment
Share on other sites

Thanks for the info Fabian! After reading the documentation it seems that the webshield still provides phishing protection for banking websites without any configuration on the user's part by checking the DNS against your bank's known good DNS. Will the webshield protect me from phishing attacks against my bank's website without me configuring the webshield? I think Online Armor's HIPS along with Appguard's policy based application isolation technology would prevent BITS attacks from ever occurring.

Link to comment
Share on other sites

Thanks for the info Fabian! After reading the documentation it seems that the webshield still provides phishing protection for banking websites without any configuration on the user's part by checking the DNS against your bank's known good DNS. Will the webshield protect me from phishing attacks against my bank's website without me configuring the webshield?

The WebShield is not well suited for combating phishing. First of all, you will have to tell it which sites to protect first by adding those domains as protected to the list manually. Second of all, it will only protect from DNS redirection attacks, which are almost extinct nowadays. The most common attack vector today is just manipulating the hosts file, which is blocked by Online Armor by default.

Protected domains are also inherently incompatible with DNS and location based load balancing. The general idea behind the feature is that our server will get the same reply via DNS that your computer does, which is no longer true for a lot of sites these days. Instead our server will get the IP of the server that is closes to its location while you will get the IP that is closest to your location, causing a false positive.

Link to comment
Share on other sites

I could be wrong, but I don't think there is an option to set a domain as not trusted. I think the only option is to Trust, Block, or Protect the domain as you have already stated. Maybe Fabian knows some way of doing this, but I do not think it is possible.  I always thought the only options really needed would be to Trust, Block, or Protect a domain. I'm not sure what the advantage would be to set a domain as not trusted. Do you think that option is needed?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...