We have been down for nearly a week as a result of a DDoS. We needed to switch providers. We apologize for any inconvenience this may have caused.

There may be some bugs which occur as a result of the move. Please let us know if you find any.

Thank you --Robin 21:14, 15 July 2008 (UTC)

From CastleCopsWiki

Product: Online Armor

Company: Tall Emu Pty Ltd

Website: http://www.tallemu.com/Online-Armor.php

Support forum: http://support.tallemu.com/forums/

First released:

Feature list: Main features include execution control, browser protection, web shield , anti-phishing, anti-keylogging, anti-phrarming (dns spoofing), rollback. Full Feature list compared to other products

Various reviews and tests: http://www.av-comparatives.org/seiten/ergebnisse/HIPS-BB-SB.pdf, Nicm's test against selected "unhookers" malware

[edit] Quick review

Online Armor by Tall Emu Pty Ltd arose from a basic product meant to protect users from bank fraud primarily phishing. The focus unlike many HIPS is towards supporting less experienced users, and the feature set of Online Armor reflects that.

2.0 builds on the strength of the original and now provides a full fledged firewall. More importantly Online Armor 2 is now implemented in Kernel mode and provides the standard protection against termination/modification of processes as well as advanced anti-keylogging protection that is pretty much expected today of HIPS products.

The interface has being improved. With many new features added, there is a need to allow greater configuration for advanced users without confusing the beginner, and as a whole version 2.0 has done a good job of accommodating both groups. (1.0 unfortunately was not very good to use for those who wanted and liked to look under the hood).

[edit] Strengths

• Blacklist warns you of identified bad processes
• Whitelist of known safe programs Online Armor™ maintains a list of "Known-to-be-Safe" applications with key-logging potential, e.g. Yahoo Instant Messenger, which is actually on this list. This means that for programs we already know about, you are not inconvenienced.

• Web shield blocks activeX as well as checking for other misleading objects on websites. E.g misleading web links, Use of international symbols (e.g. cyrillic letters) in web links etc. Files downloaded are also checked, image files are checked to ensure they don't contain executable header. Suspicious are also files with several extensions. 2.0 allows you to set this to "silent" mode without the intrusive prompts.

• Sites can be classified as trusted, not trusted, blocked, unknown and protected. Protected sites (typically banks), are protected in three ways.

Firstly DNS spoofing attempts are blocked using the independent DNS check. Secondly "when you visit a protected site, Online Armor will not allow content to be displayed from third-party sites (except subdomains); this will be filtered out. This means that when you visit a protected site, you will not see a text in a site frame or a picture that is physically located at another ("third-party") site. When you visit any site, content linked in from a protected site will not be displayed." All this helps to protect you from XSS attcks. Lastly domains added as protected sites will be used for the Mail Shield checks.

• Mail Shield does pretty much the same for email through POP and IMAP accounts against phishing and typical spammer tricks using a transparent proxy for POP3 and IMAP.

• Browser settings monitor as well as host files monitor. Handles cookies and BHOs as well.

• DNS checking with independent DNS server helps protect against spoofing.

• Tracking of objects (files and registy entries) done by unknown processes, allowing limited rollback.

• Also allows the running of programs with restricted right - "run safer" (turned on by default for recognised apps like browsers)

• Allows choice of basic, advanced and banking modes - the later restricts internet access to only "protected sites" (usually banks) and the Online Armor site itself. This prevents any snooping.

[edit] Summary

Good for newbies. Protects you against main vectors of infection, mail and browsers which is important for less experienced users who are less capable of protecting themselves. Specific monitoring of browser settings, cookies etc also help.

I particularly like the training mode at the start, where it scans everything on the system at startup and presents you with a list of entries it does not recognise. This is a boon for quick setups, as opposed to the traditional "learning mode" where you frantically click on every exe for the HIPS to learn.

Additionally a combination of white lists and blacklists gives guidance to newbies. The DNS checker is a unique feature offered and when and if DNS posioning becomes more popular it can be important.

Moreover 2.0 is a lot more solid now that it runs in kernel mode, and offers process termination protection not only for Online armor but for other processes (though this is off by default).

Besides implementing kernel mode, the firewall is the main thing added in Version 2.0. In "Standard mode" , things are pretty basic. The default behavior in standard mode is to automatically allow trusted programs from Online Armor's whitelist internet access. If the program is unknown, it will just result in a simple prompt without any mention of ports or protocol. In advanced mode, more information is displayed and you have more options as well for configuration but it is still not as configurable as say Kerio 2.

Overall OA's firewall is pretty good it scored "Very good" Matousek's test despite it's simplicity.