qwerty

What functionality is lost by upgrading to version 5?

Recommended Posts

I'm used to programs retaining all functionality of previous versions when upgraded, whilst possibly introducing more, however, I understand from the RC announcement thread, that some functions are removed from version 5 of Online Armor.

Exactly what abilities will be lost when upgrading from version 4.5 to version 5 of Online Armor?

Thank you.

Share this post


Link to post
Share on other sites

IE-Addons are handled by Autoruns now so although the IE-Addons section is no longer present, the same protection applies.

Web Shield content filtering is the only thing that has really been removed. ActiveX and Java applets are no longer blocked in the browser.

Share this post


Link to post
Share on other sites

Web Shield content filtering is the only thing that has really been removed. ActiveX and Java applets are no longer blocked in the browser.

So for a non-techie, what does that mean in terms of security?

Share this post


Link to post
Share on other sites

queenslander,

From the Online Armor 5.0 RC release notes;

Content filtering in Web Shield removed

The content filtering aspects of the Web Shield were removed. They were introduced at a time when essentially all browsers lacked control over active content or your private information. Times have changed though and most modern browsers actually do a far superior job now than the Web Shield ever did. Therefore we decided to remove the content filtering from the Web Shield which will result in better compatibility and network performance.

Share this post


Link to post
Share on other sites

Content filtering in Web Shield removed

The content filtering aspects of the Web Shield were removed. They were introduced at a time when essentially all browsers lacked control over active content or your private information. Times have changed though and most modern browsers actually do a far superior job now than the Web Shield ever did. Therefore we decided to remove the content filtering from the Web Shield which will result in better compatibility and network performance.

So, how do we go about implementing the functionality of the Web Shield, including "control over active content" and "private information", in an equal or superior way, in Internet Explorer?

Thank you.

Share this post


Link to post
Share on other sites

So, how do we go about implementing the functionality of the Web Shield, including "control over active content" and "private information", in an equal or superior way, in Internet Explorer?

Thank you.

Relevant to privacy is

InPrivate browsing

Cookie management

Relevant to security

Security settings

How do I know which security settings are not at recommended levels?

IE's SmartScreen filter offers protection against bad websites and malicious downloads.

Share this post


Link to post
Share on other sites

Also, in many cases, remember malware delivered via the browser actually has to run to do damage. If it does it while still in the low privileged ("protected") IE browsing session, it really can't do much more than trick you into running a program with normal privileges, and this can be caught by OA by making sure that the iexplore.exe process (and maybe others: ielowutil.exe, ieframe.dll, ieshims.dll as well? I don't know) always ask before running external programs. See attached screenshot, where that option hasn't been chosen yet.

Some experimentation is always necessary, since these OA options really can get in the way of ordinary work.

Oh, I just noticed another loss of functionality in OA 5.0: the Advanced Options for each program on the Programs list used to have options to not let other programs terminate the program, not fiddle around with the program's memory space, etc. Those are gone now, but quite honestly I doubt more than 1% of users ever tried them.

The new File and Registry protection in Advanced Mode allows denying access to user-chosen file and registry locations to all but trusted programs. This is a great addition, and I hope OA's internal architecture allows them to add creating such rules for individual programs, e.g. your trusted browser should only be able to create/write files in its cache, application data, and downloads directories, any other location should cause a permission dialog to pop up...

Share this post


Link to post
Share on other sites

Oh, I just noticed another loss of functionality in OA 5.0: the Advanced Options for each program on the Programs list used to have options to not let other programs terminate the program, not fiddle around with the program's memory space, etc. Those are gone now, but quite honestly I doubt more than 1% of users ever tried them.

Still there. Doubleclick on a program in Programs list or rightclick -> Advanced options, and the Advanced options window should popup.

Share this post


Link to post
Share on other sites

Still there. Doubleclick on a program in Programs list or rightclick -> Advanced options, and the Advanced options window should popup.

I should have been clearer: the "Protection" and the "Performance" groups in "Advanced Options" have gone, see:

progadvopt.png

versus my OA 5.0 version:

What's strange is that the new OA 5.0 help still shows those missing advanced options:

progadvopt.png

So is this a bug in my OA 5.0 installation? Everything seems to be working so far--I made a fresh installation, not an upgrade, on Windows 7 x64, and I work in a regular limited user account, these extra advanced options always showed with OA 3.x-4.x

Share this post


Link to post
Share on other sites

So is this a bug in my OA 5.0 installation? Everything seems to be working so far--I made a fresh installation, not an upgrade, on Windows 7 x64, and I work in a regular limited user account, these extra advanced options always showed with OA 3.x-4.x

I think these options are not available on x64. They may have been visually present during the public RC's but probably didn't actually do anything (on x64 I mean).

Share this post


Link to post
Share on other sites

I think these options are not available on x64. They may have been visually present during the public RC's but probably didn't actually do anything (on x64 I mean).

No, they were certainly present on my installation of OA++ 4.5 on Windows 7 x64 SP1 before I upgraded to OA++ 5.0 on Monday. I tested them earlier in 2010 on Windows 7 x64 No-SP (at least I recall testing the option to prevent processes from being killed by other processes--that worked).

Can anyone running OA 5.0 Prem. or ++ on Windows 7 x64 SP1 verify that those options continue to work?

Share this post


Link to post
Share on other sites

Rudimentary kill protection might have worked but all more advanced techniques were never blocked. The performance limitations definitively never worked on x64 systems. Therefore the options were removed from the x64 UI.

Share this post


Link to post
Share on other sites

Rudimentary kill protection might have worked but all more advanced techniques were never blocked. The performance limitations definitively never worked on x64 systems. Therefore the options were removed from the x64 UI.

Thank you very much for clearing up the difference between x86 and x64 systems (I suppose the screen capture I linked from the OA 5.0 online help is the x86 version of OA).

Share this post


Link to post
Share on other sites

Relevant to privacy is

InPrivate browsing

Cookie management

Relevant to security

Security settings

How do I know which security settings are not at recommended levels?

IE's SmartScreen filter offers protection against bad websites and malicious downloads.

Thank you, I have read about the new abilities of IE (SmartScreen, InPrivate, etc.) and I do know how to change security settings, although, if I'm honest, most of them mean very little to me.

What I was hoping for, was a list of each function that is removed from OA, with the corresponding setting in IE, so that I can check to see if either a) IE was already providing equal or better security than OA, and so (as has been suggested), the loss of function from OA is irrelevant, or b) that OA was, in fact, providing a function that will be lost when upgrading and that I will need to replace either by changing IE settings or downloading another program.

Thank you.

Share this post


Link to post
Share on other sites

Content filtering in Web Shield has been removed. This included, blocking of ActiveX, Java applets and more rarely, javascript for sites that weren't trusted. There was also a cookie cutter, that converted permanent cookies to session cookies (if the site wasn't trusted). The links I gave earlier, show you how to adjust cookies settings in IE to only allow session cookies or to only allow cookies from certain sites. The InPrivate browsing link I gave you describes how this feature can just completely remove all cookies after a session if you prefer that option.

IE Addons which no longer exist in OA can be managed directly from IE as described here http://windows.microsoft.com/en-AU/windows7/How-do-browser-add-ons-affect-my-computer. If an unknown addon tried to install, OA would alert you to it as an Autorun anyway and you could block it from there. You can also completely disable Java from IE's Addons section if you wish.

This link show you how to work with security zones http://support.microsoft.com/kb/174360I You can for example, only allow ActiveX and scripting of Java applets for trusted sites if you set it this way.

Share this post


Link to post
Share on other sites

At least for me, having removed the blocking of ActiveX and Java applets is not really a good news (and thing). In fact, i have tried for a few days now, it's sometimes a real pain. With ie8 you don't have so mutch choices. You can choose to trust the site and to load all objects, even the ones you don't want. If you choose to untrust, you will have none. And if you set ie to ask, you will have a popup (or 2 if you configure the same thing for scripts) for each object loaded.

OA had the advantage to let you choose what you want to load with a simple link in place of the object. No popup. I don't care about privacy and cookies, but for this it's a big thumb down !

Share this post


Link to post
Share on other sites

Content filtering in Web Shield has been removed. This included, blocking of ActiveX, Java applets and more rarely, javascript for sites that weren't trusted.

And this can't be done in IE?

There was also a cookie cutter, that converted permanent cookies to session cookies

And this can't be done in IE, either?

The links I gave earlier, show you how to adjust cookies settings in IE to only allow session cookies or to only allow cookies from certain sites.

Yes, thank you. I do use these settings to block or allow certain cookies, but this wasn't functionality that OA provided.

The InPrivate browsing link I gave you describes how this feature can just completely remove all cookies after a session if you prefer that option.

This doesn't just remove cookies, it also wipes history, temporary internet files and other things. Also, it would have to be enabled every time you opened IE, a new window, or new tab.

IE Addons which no longer exist in OA can be managed directly from IE as described here http://windows.microsoft.com/en-AU/windows7/How-do-browser-add-ons-affect-my-computer. If an unknown addon tried to install, OA would alert you to it as an Autorun anyway and you could block it from there. You can also completely disable Java from IE's Addons section if you wish.

Unfortunately, neither of the links you provided worked; they both said "not found". I got this first one to work by sustituting the final "." with a "/", and using the "Manage Add-ons" from within IE, I can't see a way to uninstall an add-on. Plus, there are several add-ons missing that appear in OA.

Share this post


Link to post
Share on other sites

And this can't be done in IE?

Yes it can be done by adjusting security zones as explained here http://support.microsoft.com/kb/174360

And this can't be done in IE, either?

The cookie settings in recent versions of IE (explained here http://windows.microsoft.com/en-AU/windows7/Block-enable-or-allow-cookies) make the feature obsolete because IE allows you to block third party and even first party cookies directly if you wish and only allow session cookies to start with.

In Tools -> Internet Options, on the Privacy tab, you can move the slider to your preferred setting. If you click Advanced, you can override automatic cookie handling for more customised settings.

I can't see a way to uninstall an add-on. Plus, there are several add-ons missing that appear in OA.

In IE you disable rather than uninstall Add-ons.

If you want to uninstall an Add-on (doesn't require IE to do it) the usual method would be via "Add/Remove Programs if there is an entry for it. For others you can right-click them in C:\WINDOWS\Downloaded Program Files and select Remove. The rest are likely Microsoft ones that are part of the O/S and shouldn't be removed.

Share this post


Link to post
Share on other sites

Yes it can be done by adjusting security zones as explained here http://support.microsoft.com/kb/174360

That isn't the same - see limande's post, above.

The cookie settings in recent versions of IE (explained here http://windows.microsoft.com/en-AU/windows7/Block-enable-or-allow-cookies) make the feature obsolete because IE allows you to block third party and even first party cookies directly if you wish and only allow session cookies to start with.

This isn't the same either. It does not provide the functionality to automatically delete cookies after use (which is all that the cookie cutter did).

If you want to uninstall an Add-on (doesn't require IE to do it) the usual method would be via "Add/Remove Programs if there is an entry for it. For others you can right-click them in C:\WINDOWS\Downloaded Program Files and select Remove.

Unfortunately, none of the add-ons that I might like to remove have an entry in Add/Remove Programs, and there is nothing in the "Downloaded Program Files" directory apart from Windows Update.

There is no sense in arguing any longer, it doesn't achieve anything. The fact is, that

most modern browsers actually do a far superior job now than the Web Shield ever did
is a blatant lie and limande, I and I'm sure many others need to find another piece of software if we want to replace the functionality that has been removed from OA.

So, does anyone have any suggestions for software that can provide these functions? (Automatic deletion of cookies after use, the ability to detect and remove IE add-ons and (most importantly, from a security standpoint) automatic, inline blocking of all ActiveX and Java, with the ability to run any individual object at the press of a button.)

Thank you for any ideas.

Share this post


Link to post
Share on other sites

Personally I don't miss those Web Shield functions as they slowed down my internet experience. Listening to streaming audio through Flash based player was, aaa - I had to wait more than a min before playing started regardless of trusting the site...

The ActiveX part of Internet Explorer was (and is still) a pain in my opinion. I don't use IE - only when I have to beacuse of some sites. The new IE9 is faster and safer, but I still don't like it.

I suggest using Firefox: no ActiveX, cookies can be automatically deleted at closing Firefox, no unnecessary PlugIns... You can add AdBlock and NoScript to it if you want.

Or Comodo Dragon (based on Google Chrome, but better at privacy) is also a good and fast browser, but it is less configurable and you can meet with some compatibility issues with some sites.

Share this post


Link to post
Share on other sites

There is no sense in arguing any longer, it doesn't achieve anything. The fact is, thatis a blatant lie and limande, I and I'm sure many others need to find another piece of software if we want to replace the functionality that has been removed from OA.

So, does anyone have any suggestions for software that can provide these functions? (Automatic deletion of cookies after use, the ability to detect and remove IE add-ons and (most importantly, from a security standpoint) automatic, inline blocking of all ActiveX and Java, with the ability to run any individual object at the press of a button.)

Thank you for any ideas.

You are right there isn't much point in arguing. Catprincess was relating the explanation we were given, and telling her it's a blatant lie is just plain rude.

Secondly, you certainly are free to find other software if you wish, but that isn't a discussion appropriate for a support forum. There are other forums you can visit to make that inquiry.

Pete

Share this post


Link to post
Share on other sites

To clarify my point of view, i do believe that the "trusted" scheme should not apply to web sites. My trust list is empty and will remain as it is.

The answer of using another browser is not a valid answer. I switched to iron last year and... credit card fraud. Cool. None of the browsers are perfect, so i choosed to stick to ie, mainly because being historically the most used and attacked browser, is probably the most focused from a security standpoint. Maybe i'm wrong.

I also have firefox, opera, lunascape, and still iron (but only for safe browsing), but don't use them.

And we could go even further this way : browse within a sandbox, use a virtual linux, or directly switch to linux.

Back to OA now, it's unfortunate that some usefull (and relevant, i think) functionnalities have been removed. Still don't understand why. Hope they will be back.

That is i won't remove OA from my computer, nor switch to another browser (at this time), nor linux (except for my work).

One question, does Antimalware has some of those ( missing :) ) functionnalities ?

Anyway good work on OA 5 !

Share this post


Link to post
Share on other sites

Hi limande,

You can see a list of Anti-malware's features here http://www.emsisoft.com/en/software/compare/ :) I'm not familar with the program beyond what is mentioned on the website, however if you have further questions about it, you can post in the Anti-malware section of the forum here http://support.emsisoft.com/forum/7-anti-malware-mamutu/ and someone will help you out.

Share this post


Link to post
Share on other sites

Now I don't have any trusted sites either. I just trusted that online radio site with the streaming audio in order to get it working normally. But trusting it didn't help. There are no such problems with OA 5's Web Shield. :)

None of the browsers are perfect - it is true. ;) IE8 and 9 are better at security, IE7 so-so, but before it was, hmmm... ;) If you use Vista or Win 7, UAC is turned on - so Protected mode is, too, your case is better. But IE8 is quite slow, 9 is faster. But I still don't like that ActiveX, I only use it when especially needed.

The developers of Firefox and Comodo Dragon are also much concerned about security.

No separate sandbox, just run your browser with OA's RunSafer option. :)

The most secure PC is not connected to any network, is placed in an armored room and get power from a UPS. :lol:

Share this post


Link to post
Share on other sites

Catprincess was relating the explanation we were given, and telling her it's a blatant lie is just plain rude.

I don't see how it is rude. I'd actually played along by replying to her previous, irrelevant, posts. I was simply making clear that we were going around in circles, and should stop. If she wasn't aware that the statement was untrue, then I was enlightening her. If she was aware, then I could argue that it was rude to insult my intelligence by trying to fool me into thinking otherwise. Actually, I don't think that is what she was trying to do, and honestly, I think I'd be verging on over-sensitivity ;). However, I think it is rude to talk about someone as if they aren't here, or are unable to speak for themselves, so, unless Catpriness has anything to say, I'll leave it at that.

Secondly, you certainly are free to find other software if you wish, but that isn't a discussion appropriate for a support forum. There are other forums you can visit to make that inquiry.

Pete

Well, it is actually OA functionality that I was discussing, (but I suspect that you mean that it is no longer supported?) and as it's such a small, but relatively important, security feature, I thought someone may know of a small piece of software or plugin, that did the same.

Would I be better off starting a thread in the "Offtopic" forum about this?

Thank you.

Share this post


Link to post
Share on other sites

Thank you for the suggestion, Wilbur, but again I have to agree with limande. I have used other browsers, but for various reasons, this machine will continue using IE.

I was happy with the functionality provided by the Web Shield (automatic deletion of cookies and inline blocking of ActiveX and Java, with a simple click to enable), and so I'd like to find something to replace it.

Finally, if you don't like the Web Shield, it's simple to disable.

Share this post


Link to post
Share on other sites

I've made some search but didn't find anything functionnal as is.

I'm actually trying some content filtering proxies like "Safesquid" and "Foxy: content filtering proxy". Foxy has the advantage of supporting session cookies. Both support object content blocking but if you want to convert them to links for quick activation, you'll need to write your own regular expression (external filter script for foxy) with your own replacing html line. Note about Safesquid : free license seems broken in 3.4.6 (doesn't survive to reboot), it's ok on 3.4.4.

I will play with both when i will have time :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.