Results 1 to 11 of 11
  1. #1
    Star Lounger
    Join Date
    Jul 2011
    Posts
    63
    Thanks
    23
    Thanked 2 Times in 2 Posts

    Online Armor Firewall Test Failure

    Having recently started using OA firewall, I was perturbed to discover that it had failed the basic tests carried out by AV-Comparatives last month.

    Download the PDF from here:- http://www.av-comparatives.org/firewall-reviews/

    Should I now be looking elsewhere for a firewall product?



    Mod Edit: Hotlinking is discouraged.
    Last edited by satrow; 2014-04-25 at 02:47. Reason: Pointed to download page.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,190
    Thanks
    129
    Thanked 1,141 Times in 1,052 Posts
    Emsisoft stated that they could not reproduce the test results: http://support.emsisoft.com/topic/14...firewall-test/

    There is also a discussion here: http://www.wilderssecurity.com/threa...3#post-2360067

    I think the test results are a bit disturbing and I wait eagerly for Emsisoft's reply to this issue.

    Regardless of further explanations, one thing that is certain is that OA's default configuration is not the best. For example, the OA developer recognized that RDP would always be allowed, since RDP's port was not part of the restricted ports list. This sounds quite stupid to me, to be honest. A regular user should not need to specify a huge list of ports, OA should just block them by default.

    If you are behind a hardware firewall, these results are less relevant, even if that does not overcome the fact that these results, using OA's default configuration, are bad.
    Rui
    -------
    R4

  4. The Following User Says Thank You to ruirib For This Useful Post:

    Trev (2014-04-25)

  5. #3
    Star Lounger
    Join Date
    Jul 2011
    Posts
    63
    Thanks
    23
    Thanked 2 Times in 2 Posts
    Thanks for the information, disturbing indeed.

    If RDP connections are NOT enabled on my computer, does this eliminate the problem?

  6. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,190
    Thanks
    129
    Thanked 1,141 Times in 1,052 Posts
    The safest way is to add the RDP port to the restricted ports list. This can be done by setting OA in Advanced Mode, then adding port 3389 / TCP protocol.

    CaptureOAtest1.JPG
    Rui
    -------
    R4

  7. The Following User Says Thank You to ruirib For This Useful Post:

    Trev (2014-04-25)

  8. #5
    Star Lounger
    Join Date
    Jul 2011
    Posts
    63
    Thanks
    23
    Thanked 2 Times in 2 Posts
    I've just now done that; does it mean the vulnerabilities found by AV-C are now eliminated?

    The test also mentioned Ping tests, are these a factor?

    I appreciate your help, thank you.

  9. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,190
    Thanks
    129
    Thanked 1,141 Times in 1,052 Posts
    To have OA not respond to ping tests, you need to uncheck the option to allow echo reply in the ICMP tab:

    CaptureOAtest2.JPG

    There is also the issue of file sharing. To avoid that one, you'd need to restrict ports 135-139 on both protocols and port 445, on both protocols. My OA config already included some of those, but not all and not for all protocols, but that can be fixed.

    If you do this, you should be aware that file sharing will only be possible afterwards if:

    1. the network interface is configured as trusted
    2. the network interface is configured as not trusted and you just trust individual machines (which is what I do in my computers).
    Rui
    -------
    R4

  10. The Following User Says Thank You to ruirib For This Useful Post:

    Trev (2014-04-25)

  11. #7
    Star Lounger
    Join Date
    Jul 2011
    Posts
    63
    Thanks
    23
    Thanked 2 Times in 2 Posts
    The Echo reply option was not allowed by default on my set up, so I'm not sure how the testers found a problem...

    File sharing is turned off on my machine, so I assume no port restrictions are necessary?

  12. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,190
    Thanks
    129
    Thanked 1,141 Times in 1,052 Posts
    Quote Originally Posted by Trev View Post
    The Echo reply option was not allowed by default on my set up, so I'm not sure how the testers found a problem...

    File sharing is turned off on my machine, so I assume no port restrictions are necessary?
    Indeed.

    It should be noted that any ports opened by allowed programs in OA will be accessible, regardless of whether the network is set as trusted or the computer is not set as trusted. To avoid that, you need to add the ports manually to the restricted ports list. I find that rather unacceptable, but it seems the solution for that won't be offered by OA, but by a new product (Emsisoft Internet Security- ESI), which I am gathering will include EAM's antimalware features, plus OA's HIPS features, plus a new network firewall - this is me guessing, anyway, since although it seems I was "awarded" the first public view of part of the interface, features cannot be but guessed from the interface elements shown.
    Rui
    -------
    R4

  13. #9
    Star Lounger
    Join Date
    Jul 2011
    Posts
    63
    Thanks
    23
    Thanked 2 Times in 2 Posts
    I have been following your discussions with Mr Wosar on the Emsisoft support forum.

    The technical issues are way above my head, but I got a distinctly poor impression of the current opinion of OA, tellingly by the people who sell it to unsuspecting punters such as myself.

    I emailed them earlier today and asked for a refund, but as yet have not received a reply.

  14. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,190
    Thanks
    129
    Thanked 1,141 Times in 1,052 Posts
    I use OA and will keep using it. My main issue with the firewall part is the lack of automatic addition of used ports to the restricted list. It isn't as simple as I stated, especially in situations where you would actually want to be contacted from computer in an outside network or the internet, but I do think OA's firewall should handle things better.

    There is more to OA, however. The ability to monitor everything running on your computer is very valuable, IMO and it beats most AVs out there, being based on a whitelisting strategy - basically it won't allow unknown programs to run, contrary to what happen with typical AVs.

    I also think it would be interesting to actually know what happened with the AV-comparatives testing. OA has a good rep among IT professionals and that doesn't happen out of the blue.
    Rui
    -------
    R4

  15. #11
    Star Lounger
    Join Date
    Jul 2011
    Posts
    63
    Thanks
    23
    Thanked 2 Times in 2 Posts
    I'm sure you're right, I'm just a bit put out about the situation.

    I've been relying on the Windows firewall whilst being behind my router at home, but as I'm about to be travelling extensively, wanted a stronger firewall.

    You can imagine how I felt when reading the AVC tests a couple of days after buying a license!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •