Thursday, January 24, 2013

[Review] Online Armor Free (v6)

Pros

- Good Firewall
- Powerful HIPS
- Anti-keylogger
- Web Shield
- Free


Cons

- May slowdown some system
- talkative HIPS
- less features than the paid version
- no automatic updates

There is my review of Online Armor Free:


Homepage

Features Comparison with Online Armor Premium (paid version):





Online Armor (OA) is more than just a firewall, it includes an HIPS making it one the most efficient security product in the market.

Lets go for a tour:

0- Firewall monitor graphic Interface




The firewall shows a tray icon displaying the traffic, a click on it opens a windows that shows the connections, rates, etc. it can even resolves host names.

1- System Status






 it shows all important informations at a glance, you can enable/disable/access the feature from here; and update its signature database manually.

2- Firewall






When using the Online Armor Firewall in Standard mode, you will most likely interact with the Firewall primarily through pop-ups, without the need to change the Firewall settings. In Standard mode you will only see one pop-up for each Unknown program that attempts to access the internet; you will not see further pop-ups regarding how the program accesses the internet.

- Program: Once a program has been Allowed or Blocked from connecting to the internet it will be added to the Programs list. The Programs list shows you basic information about the programs the Firewall has seen and allows you to change whether internet access is Allowed or Blocked for each program.

- Ports: The rules in the Ports list determine how a program is allowed to connect to the internet.

- Interface: The Interfaces list shows you all network adapters installed in your computer that Online Armor is currently firewalling. The Online Armor Firewall has an option in the Firewall Settings, in the Rule tab under the Interfaces sub-tab, to Trust your network interface. When an interface is Trusted, any connections to your computer from your local network will be allowed without restriction.

- Computer: The Computers list shows other computers in your local network that Online Armor can see. This list allows you to control what computers in your network may connect to your computer, usually to access shared files or printers across the network

Some options allow OA to block all traffic during system boot.

3- Program



the famous HIPS, the main and most efficient component, every changes in your system (that is not whitelisted) will be notified to you waiting your decision to trust, allow or block it (not to say you must have at least a good knowledge of your computer).

HIPS stands for "Host-based Intrusion Prevention System“. In contrast to a network-based intrusion prevention system that specializes in detecting attack patterns in the network traffic, a HIPS such as Emsisoft Online Armor runs directly on the PC to be protected.Its basic structure aims at alerting the user of every security-related modification of your system - especially those that are particularly critical. This gives the user full control of all the important processes on their PC, and allows them to decide what program they trust enough to allow further actions.


What is Emsisoft's HIPS

A wizard will be launched after the installation of OA and will check all your system for unrecognized files (recognized ones by you or its whitelist called “Oasis” will not generate a pop-up).

This is the Initial Learning Mode

During the initial reboot after the installation has completed, Online Armor will enter Learning Mode for 2 minutes. Learning Mode is a special mode of operation which helps to automatically configure Online Armor to allow Windows to operate as it should, as well as any programs that are running during this time.

In Learning Mode, Online Armor monitors all programs to see how they behave and automatically creates rules to allow these behaviors. This will help to ensure that you do not encounter any pop-ups until you install new software or encounter potential attacks.

You can also manually enable Learning Mode at any time by right-clicking the Online Armor tray icon and selecting "Learning Mode" from the menu.

Note: Any malware on your system while in Learning Mode will automatically be allowed to run and ignored by Online Armor. Please be sure that your computer is free of infection before enabling Learning Mode.

OAP has an option called Runsafer, it allow you to run an unknown process in limited privilege (as a Limited Account).
in addition, if ticked, it will automatically trust softwares that Emsisoft deems trustworthy or having a valid digital signature.

Runsafer:





Limited user accounts offer strong protection, but are rarely used by the majority of computer users. RunSafer makes using an Administrator account safer by running user-selected programs as a Limited user when you are in an Administrator account.

When a program is running using RunSafer, any other program that is launched by this program will also "inherit" the Limited user account restrictions. This means that when your browser is run using RunSafer and a document viewer or media player is automatically launched to view content from the internet, then that program also inherits the same security restrictions; if the document viewer or media player ends up being used to infect your computer then the malware will be heavily restricted in the ways that it could infect your system.

Some malware cannot infect a computer with the restrictions of a Limited user account at all.

4- Domains:




OA includes protection against fraudulent websites, here you can block, trust, protect your sensitive sites.

Online Armor's Web Shield checks to make sure that when you visit a financial, or other important domain that you are taken to the domain you expect and not a fraudulent one. The Web Shield also allows you to block your computer from making any connections to undesired domains.



5- Autorun




Detects the processes that will start with your system, ask you if you allow/block them, useful to detect malwares.

Windows keeps lists of programs that it should automatically run when Windows first starts. Many programs add entries to these lists so that the program can run in the background, providing easy access to the program, to operate at all times, and/or to perform tasks at scheduled times such as checking for updates.

Malware also needs to automatically run when Windows starts in order to function in the way that the attacker wishes.

If an Unknown program tries to set itself to automatically run when Windows starts, Online Armor will alert you to this behavior, giving you a chance to Allow or Block it.


6- Anti-Keylogger






Any application that records your keystrokes is considered a keylogger by Online Armor (malicious or legit).  When Online Armor display a keylogger detection, check which program is being detected.  If you are using such application, you can allow/trust.

Keyloggers are programs designed to monitor and record everything that you type on your computer. Online Armor detects Keyloggers by how they act, assuring the greatest level of detection and ensuring that they cannot bypass the Online Armor Firewall.

If an Unknown program is Allowed to run and begins to act like a Keylogger then Online Armor will Block the behavior and pop-up to ask you if you want to Allow it to proceed. As many programs use these same techniques for non-malicious reasons, such as "Hot Keys", you may see detections for legitimate software that does not actually record keystrokes. We do not recommend blocking behavior of software known to be legitmate and trustworthy, as doing so may cause unpredictable problems.


7- Hosts File





Changes to the Windows Hosts file is monitored by Online Armor, here OA shows which process want modify it and ask you if you allow it.Some malwares change your HOSTS and redirect you to infected websites.

When you go to www.emsisoft.com, your computer must first look up the actual (numerical) address, called an IP address, to locate the server that the website resides on. Your system does this by asking your internet service provider's DNS server, but first it checks the Hosts file on your computer for any addresses that have been stored there.

Unfortunately it is common for malware to add entries to the Hosts file to prevent your computer from connecting to websites that may help you detect and clean the malware.

Online Armor will monitor the Hosts file for any changes and pop-up when an Unknown program attempts to modify the Hosts file, giving you a chance to Allow or Block it.



8- History





The History allows you to see what events Online Armor has seen and how it handled them. You can access the history by opening the Online Armor Control Panel and selecting History from the Main Menu on the left.

9- Options





The Options section allows you to make changes that affect how Online Armor behaves, without regard to individual programs or protection settings. You can access the Options by opening the Online Armor Control Panel and selecting Options from the Main Menu.

Final Note:

Even the free version of Online Armor is impressive for its prevention and control over the system, the Free version will give all you need to protect yourself without much tweakings. i rated it 4/5.




No comments:

Post a Comment