Online Armor's Official Blog

Online Armor sold to Emsisoft

2010-06-29T22:35:00.015+10:00

Mike's final (OA) blog post - a personal note

By the time you read this, the news will be public that Austrian-based Emsisoft, headed up by Christian Mairoll has aquired Online Armor from Tall Emu. There's a been a bit of speculation over the last day or so that "something" was happening. During the past few weeks, we started to prepare to transfer operational control of Online Armor over to Emsisoft and a few things went live 48h or so before they were supposed to. Oops.

The deal is done, there's no going back and no regrets. Indeed, Emsisoft aquiring Online Armor is the best possible thing that could happen to it. Emsisoft has 20 staff focused on security software. Tall Emu had two (OA developers) - and they just went to work for Emsisoft. I can't wait to see what happens over the next 12 months with Online Armor and Emsisoft Anti-malware.

A lot of people probably have a lot of questions, and I've been asked a few times, so I'll try to answer them here.

Why did you do it ?

There's been many things that have been said about Tall Emu over the last few years; There've been assumptions that we're a massive corporate with unlimited funds, people who think that it's "all just that Mike bloke". As usual, the truth is somewhere in between, although I wish it were closer to the first one, particularly the unlimited funds part.

We're a small company, almost a family company in fact. Our main line of business has always been custom software development. That means, generally speaking, that when the guy that runs a winery needs software, he'd come see us and we'd write it for him. We all have consulting backgrounds - going into businesses, figuring out what makes them tick - and then helping them automate their businesses.

This is the main part of what Tall Emu does - and as part of it, and I hope Christian forgives me the plug - we developed a rather flexible CRM system which is just starting to take off.

Managing multiple customer projects, the development of a CRM system - and then, my consulting work (all of which pays the bills) it was clear that I'd taken too much on personally, and something had to give. There are only so many hours in the day, and I was working most of them.

That's when I called (well, skyped) Christian. I told him the situation -and basically made him a simple proposition - if you want it, it's yours.

Aren't you going to miss it? How can you leave?

Absolutely I am. I've met an awesome load of people over the last years, and I'm very sad to be leaving Online Armor behind. Having said that, selling OA lets me focus on fewer things - and to do them better, rather than trying to do too many things and doing them badly.

And that's what it came down to. If you imagine a normal workday, how many different tasks can you really give your attention and focus to in any detail? And that was the dilemma - what to do to ease that situation. For a while, I neglected Online Armor a little - but long terms that would simply have caused the product to slowly die. It wasn't the outcome that was going to work for anyone. Better to preserve it, and regain some semblance of a normal life outside of work than to allow it to die.

Why Emsisoft?

I've worked with Christian over the last year or so I've gotten to know him and there is nobody else that I'd be happy to sell OA to. In fact, we didn't even "shop it around" - we just spoke with Christian. That probably cost us a lot of money, but Christian and I enjoy a special relationship.

There's a lot of trust there, and after spending time with him when he visited Australia earlier this year, I know he'll do the right thing by the product, the customers, the developers who are going to work with him.

What's next ?

The future for OA looks good, and it's going to be an interesting ride - just one, unfortunately that I am a little too tired to go along on. While things might change over time, this forum will stay as it is - there will be no immediate and dramatic changes, but of course change will come.

I'll let Christian speak more to the future, though as I now move to the past, but Christian and I both hope that you'll stay around and be part of the future too.

What I can tell you on Christian's behalf is this:

Product editions will stay untouched. Freeware edition will not end of course.
Website remains on www.online-armor.com, but we'll have to move everything away from tallemu.* domains soon.
Forum remains, but moved to support.online-armor.com

Which kind of benefits does Emsisoft expect from the deal then?

As part of a much larger development team (8 at Emsisoft so far), OA development can progress faster. Sharing knowledge internally is a very important factor for speed and quality of the produced software.
With the existing marketing and sales force at Emsisoft, we want to spread the name about OA much more. It's a great product, winning tests, but we need to tell everybody about it to make it grow.
On the long run, we have plans to create some kind of a suite product. It's gonna be a completely new product most likely. But things are not finally decided yet.

Final thoughts

From me, the final words are simple: Thank you. It's been great. I've appreciated all the help you've ever given, the fun parts and just knowing this bunch of people from around the world. There've been numerous beta testers, admins, volunteers, helpers and just enthusiasts. It would be impossible to name everyone who's helped us, and I'm writing this blog late at night here in Sydney in anticipation of the events to unfold.

However, I'd like to give particular thanks to our admin team, translation team, beta test team, private test team, Catprincess, our forum angel who collectively have helped us, and lots of Online Armor users around the world. I'd also like to offer a word of thanks to the hardworking team at Wilders Security - this is where Online Armor got it's first break, and has been our unofficial "second home" now since then.

Oh, and if you need a CRM system... ;)

Online Armor x64

2010-03-10T21:24:00.001+11:00

I'm not in the mood to ramble today. Things have been real busy around TEHQ these past months. Updating Online Armor, working with our awesome Private and beta test team to make sure that OA stays as good as it can possibly be - as well as all of the other business that Tall Emu does.

The good news - I just decided to punch out a Beta version of OA64. You need to be in our Beta team to see it, and it's not functionally complete - but there comes a time when you gotta show people what you got, rather than keep talking about it.

Mike

Paypal Phish and banking mode

2010-02-17T18:59:00.002+11:00

Paypal Phishing Email

Last year, we received an email which was allegedly from PayPal. I've been meaning to write this up for a while, and now seems like a good time :)

Knowing that it wasn't completely beyond the realms of possibility that I'd treated myself to a new toy without telling anyone, the mail was forwarded to me by Darryl.

The email itself looks reasonably legitimate - but the fun part starts just a little further down the page - as you can see, the criminals have added a nice little "If you didn't authorise this charge, click here to dispute transaction". Cute. The first thing many folks would think when getting a mail like this is "What the hell? I never bought no mobile phone..." so the convenience of having that dispute link there is going to encourage people to click before they think.

Of course - clicking on the dispute transaction button takes you to a fake site (which is now offline). The site itself was a very close clone of PayPal's official site. It even drew in some images directly from PayPal.com - it really looked the business.

While the site was live, I decided to log in and take a look around. Of course, I didn't use my PayPal credentials - because it wasn't the real PayPal site - but I wanted to take a look around inside there, and see what was what. I would not recommend that you do this.

I also thought that this would make a good test run of Online Armor's banking mode as it's designed for situations precisely like this.

What Happened?

Logging in, we're presented with a realistic looking PayPal fake site, complete with all of the menus - but telling you that "Your account access is limited. Remove this limitation".

Under here was a form to collect info - and boy, did these guys go for gold. Full name, date of birth, Mother's maiden name, country, address, SSN, home phone number... credit card number, issuing bank, expiration date, CVV number, Pin Number (with a helpful looking "Why is card signature/pin required" and an equally helpful "Help finding your Card Verification Number.

Just think for a moment; Assuming that you'd been fooled by this, you have just logged in (in other words, given them your PayPal account details) - and then you've provided them with enough information for them to commit identity theft - or even just wholesale theft, depending on how greedy and cunning they are, they could:

Empty your account
Change your address and other details with the bank (and take control of your accounts)
Disconnect or divert your home phone
Disconnect your home internet

In other words - if you fall for this scam, you possibly hand the keys to your life to the criminals. Consider - how did you identify yourself the last time you called your bank (or ISP, or phone company)?

How does Online Armor help me?

Online Armor has a safe online banking feature called Banking Mode. It's designed precisely to counter situations where you may somehow be directed to a fake site.

How it works is very simple: It keeps a list of safe banking sites. Before you do any banking, you should always activate banking mode. Online Armor then will only connect to a site that is on your list, meaning that you cannot, even in a moment of weakness, fall for these scams provided you follow the discipline of engaging banking mode before you bank.

Going back to Paypal...

2009-11-30T22:20:00.004+11:00

Why we're dumping RegNow and going back to Paypal.

I was originally going to call this article "Paypal may suck, but at least it works" but on reflection this would be grossly unfair to the guys at Paypal.

While we had a number of comments from our users saying "Paypal sucks" that wasn't our experience.

However, we do listen to our customers, and so we made the switch to RegNow after a timely email from one of their sales guys offering to do big things for us with their wonderful affiliate progam.

Since ClixGalore was as useful as <insert your favourite phrase here> this seemed like a great situation.

The customer is not always right

At least when it comes to selecting payment gateways :)

A few things happened that put me off RegNow right away.

When we got things up and running, we found out that a RegNow offer for about $12 or so was inserted as an option in the cart on each of our checkouts. I can't remember if this was the software backup service (irrelevent to OA, as we always want to have our users on the latest version) or the licence key service. In either case, we didn't want this, but we were right out of luck. Fineprint.

Immediately that we went with RegNow, our sales dropped, and they dropped fast.

After a chat with RegNow we managed to get the thing removed (seems people hated it, because sales did increase again) but we had a different offer added instead which sucked almost as much.

To this day, you still get the backup CD option which at least is useful for those that don't want to download the program, but we should be in control of what's in our cart and our customer experience.

Online Armor users know that they can always get their key from us, automatically, and free, sent to the email address they signed up with. A key backup "service" isn't really required for a product like Online Armor and sends a conflicting message.

Still, some of our customers wanted us away from paypal - and so we stayed away.

Straws, Camels backs, etc

One might expect that RegNow, a company that specialises in the provision of Online Sales would be , ahem, how can I say this delicately... good at it. Unfortunately, in our experience we found that our own shopping cart looks better, performs better, is more user-friendly, reliable - and it works!

Some months ago, I tried to apply a $20 discount to our products. The maximum allowable was $10. We've seen times when the Regnow cart was simply offline - not with any error message, just "The document contains no data". The much promoted affiliate program caused at least one of our affiliates to complain over lost sales and inability to track.

Data from sales wasn't going into our system in an automated fashion, making support more complex than it needed to be and making it harder for users to use our members area. We couldn't do half of the things that we wanted to do, in the way we wanted to do it. There were problems with reporting. It was a mess.

The straw that broke the camels back was the problems handling what should be a simple transaction for a company that specialises in e-commerce.

We had an offer for $30 off any Online Armor, and I've had plenty of complaints from people because it was delivering a 30% discount instead. Contacting Regnow support and we're told it will be fixed at some point in the future, and for now, we have to make a promo code for all of our products. Right. We're quite capable of looking like idiots from time to time without help.

So, we decided to divorce ourselves from Regnow. We've implemented paypal express checkout in our own shopping cart. Non-paypal users can check out with paypal and use their credit card.

We've taken back control of the customer experience and I think we've made the right decision, even if not everyone agrees with it.

Online Armor 4, Windows 7 and 2010 is fast upon us

2009-11-03T21:18:00.007+11:00

Online Armor v4 is released with Windows 7 Support

Just a few weeks ago Microsoft released Windows 7. Unlike their Vista launch, Windows 7 looks like it's going to be huge. I'll be installing it myself when I get a spare moment.

Unlike when Vista Launched, we're only a couple of weeks behind with our Version 4 with Windows 7 support, which I am really, really happy to release today in Free, Premium and OA++ versions. The release process has already started - should be done in a few hours.

This really is an incremental update to Online Armor; We've added Win7 support of course (32-bit only for now), but we've also fixed bugs, made performance enhancements and improved history logging to help you help yourself if something goes wrong.

We've also put a lot of effort these last few weeks into OASIS, trying to get as many files processed as possible to reduce popups.

If you're an existing Online Armor user, we think you'll enjoy this upgrade; If you haven't yet tried Online Armor we think we'll make a great first impression.

...and some pricing changes

Since we released Online Armor ++ we've been closely monitoring feedback from our users, sales rates, complaints, compliments - general observations from our customers.

One or two things become rather clear: firstly, many people think that Online Armor premium is $39.95 per year. And many people think that Online Armor Premium is too expensive.

To solve this, we've changed the pricing on Online Armor Premium. As of today, Online Armor Premium is $19.95. The price of subscription has also been changed to $19.95. This means that we don't have to keep explaining that the first year is $39.95 and subsequent years are cheaper.

As ever, you do not need a subscription to continue to use most Online Armor functions, but updates and server-side capabilities such as OASIS will not work without one.

As a result of this change, we've also dropped the pricing on our Family (3 User) and Family Plus (5 User) packs of Online Armor in line with the reduced pricing on Online Armor single user edition.

The pricing of OA+ remains unchanged, save for a slight increase in annual subscription costs. All in all, the pricing of our products is now fairer and more transparent.

We're going to try these prices until the end of 2009 and see how they go.

...thanks to our (extended) team, there is more to come

We're not a monster like Symantec; our development team is small; our support team is small and a large part of what we do is through the help of volunteers. What sets us apart is the dedication of our team; Our development team work all kinds of crazy hours - they hate anything that can get past OA; our beta test team and our forum admins keep our support efforts on track. We've built a community of nice and friendly people over the last few years and we are very very proud of it.

Now our development team is working on Windows 7 x64 - exciting times are ahead.

Mike

Online Armor: Best Practices - 1

2009-06-16T21:32:00.003+10:00

How to get the most out of Online Armor (without losing your hair)

In order to get the most out of Online Armor, you really need to understand what it's for and how it's intended to be used. If you understand these basic concepts, you'll understand what we're trying to do, how we're trying to do it - and hopefully how to make Online Armor slip into the background.

What's Online Armor for ?
When we first started developing Online Armor, it was called "BankSafe" and was designed to stop thieves emptying your bank account. It had a very, very simple purpose, though none of the banks in Australia seemed to be too concerned about this at the time.

As we developed it, we had other ideas. The scope of protection was extended to cover anticipated (and then-current) threats.

However, the basic principles remain the same:

If a dangerous program is not allowed to run, it will not be able to do bad things
If you do allow a program to run, and it starts to do things that are suspicious - tell the user about it.
If a trusted program runs, and does something that looks suspicious, don't alert- because it's trusted.

It would be fair to say that Online Armor is for helping you keep bad things from happening to your computer, and to stop those bad things sending your data to the "bad guys". Designed to help you protect yourself against internet malice.

Any program that you trust, mark as trusted.
On my laptop everything I run is marked as trusted. If I did not trust it, it would not be on my laptop.

If you trust it, allow it to run as trusted. You'll get NO popups if you trust all your safe programs, and have less chance of any problems.

If you don't trust the program, uninstall it.

I know some users try to control what programs can do, to try and limit them, to try and give them "what they need". That's not what it was designed for. Stopping programs from doing things they need to do may cause unforseen issues. If you understand this and want to fiddle with it - great. If not - please don't.

Autoconfigure Trusted Programs for Internet
One feature of OA I was very proud of was the idea that we could auto-configure trusted programs to access the internet. I came up with this idea after hearing the CEO of one of our clients swearing that his personal firewall asked him "all sorts of ******* stupid questions and broke his computer".

Here's the logic:

You install Yahoo Instant Messenger
This is a safe, Trusted program.
You want this to access the internet so that it can do what it does
You do not know (or care) about listening, ports, UDP, TCP, "act as server" and all that nonsense - you just want it to work!

Dodgy Analagy time: Imagine a mechanic repairing your car. You ask him to do an oil change. He asks you do you want him to use this wrench or that wrench to undo the bolt. He asks you about the type of oil. He asks you how much oil to put in the car. He asks you which oil filter to fit.

How many times do you go back to that mechanic? Autoconfigure trusted programs is the equivalent of saying to the mechanic "Look buddy, do what needs to be done, I trust you, so get on with it already!"

Make use of the "Run Safer" feature

I've written about run safer before. In simple terms, what it does is to limit the rights of programs to limit damage they might cause.

Once you have trusted all of your programs - and uninstalled the ones you don't trust :) Then it's time to apply some run-safer settings to selected programs:

Internet Explorer,Firefox,Opera,Any other web browser
Yahoo, Skype, MSN, and any other chat program you use
Outlook Express, Outlook, Incredimail, The Bat! and any email program that you use.

Now, you may think "But I trust these programs, and now you're telling me to limit what they can do?" - and the answer is YES!

Chances are, right now, you're logged in as a user with administrative rights. If you don't know what that means - then you definitely are - AND what that means is that programs that run get these rights too. They can do anything to your computer.

The problem arises when Great-Aunt Mabel gets infected - the virus sends you an email , you open it in Outlook Express and click the attachment. Boom. That program can now do anything on your computer it wants. Or, you're surfing a site and some strange file downloads and you accidentally run it. BOOM! That program too can do whatever it wants. The same applies to files you download through Skype (or your messenger of preference).

If you had used run-safer, then the running, malicious attachment or the downloaded file, or the file you got from Skype would be heavily restricted in what it could do.

Ok, you keep talking about Safe, trusted programs - what are they?
A safe trusted program is not dangerous. I know it sounds a little silly, but:

Programs you download from Microsoft are safe, even if you think Microsoft is the Devil.
Programs you buy on a CD in a store are safe.
Programs you get from trusted sources are usually safe.

If in doubt, you can use Google (or Bing) to do a bit of research before you install.

Generally speaking - big companies like Amazon, Yahoo, Electronic Arts, Quicken and so on - let's call em the brand names - are not going to release malicious software.

I know Sony did something stupid a few years back, but this was stupid, not malicious. Online Armor is not designed to protect you from stupid.

Some programs that are not going to be safe:

Something that tries to download automatically when you go to a web page is never going to be good.
Something you receive in email is unlikely to be good.
A web page that keeps popping up until you accept a program to install - this is almost always going to be bad, and it would be better to "end task" or power-off your computer.

If you followed my advice...
... then you should have trusted programs running on your computer. Your browsers and email clients should be set to Run Safer, which will help to protect you against dodgy drive-by downloads and email/messaging malware. You will have your trusted programs automatically configured for internet.

Using Online Armor like this should result in very few (if any) popups asking you hard questions that make you want to tear your hair out. Your programs will work. Runsafer will prevent (or at least limit damage) if you accidentally run something from a website you shouldn't have.

Watch out for the muppets :)

2009-05-28T13:58:00.001+10:00

Muppets. They're everywhere.

I don't mean Jim Henson's friendly bunch, but the English term for someone lacking a bit of skill or intelligence. Though it's an insulting term, it's rather mild and quite cute - and the topic for today's blog post.

Why are muppets relevent to security?

The internet has democratised communications. Anyone with a keyboard and a thought can combine the two and reach people all over the world. Sometimes this is a good thing. Other times - not so good.

Anyone on twitter can shout out a thought - and have it reproduced. Businesses or indidivuals can communicate - and say things that are true, not true, right or wrong - and people will read it and disseminate it. How many internet hoaxes have you read about recently?

The problem arises when people say things with an air of authority that they know nothing about. For example, a muppet tweeted out a security alert yesterday saying that Online Armor contained advertising software. Obviously, it doesn't.

Rather than get upset, I did the right thing - tracked him down and told him about his mistake.

His reply was basically "McAfee alerted". I advised this was a false positive.

His response was "Hmmm, can't find that term in any McAfee help or support groups. Good luck with that!".

Be careful who you listen to

Typing the words "false positive" into google (without the quotes) finds multiple definitions, and quickly. So, we have some Jason Remington issuing public security alerts about our product - yet he has never heard of a false positive and couldn't find it on the internet. I think we have our first "Muppet of the Day".

When you read something, give consideration to the source.

The text of the tweet was "QZVX WARNS OF ONLINE THREAT:(Online Armor) Firewall FREE download contains ADWARE and other nuisance software that may harm your PC ."

I looked up the site in question - it's here. Hardly credible.

Get advice from the right place

There are a multitude of sources of good advice on the internet - techsupport alert,spyware hammer, wilders security forums, calendar of updates, smokey security forums, vendor forums - and many more.

Where do you go for security advice? Have you any entries for the "Muppet of the day"? Let me know.

Mike

Ask Toolbar in Online Armor Free? Nearly...

2009-05-18T11:03:00.000+10:00

There's been a lot of discussion about the Ask toolbar recently over at Wilders Security and the Calendar of Updates forums. We have a variety of vendors that are now bundling this bar with their products - something that I thought we'd never, ever do.

Then I read a thread over at Wilders where someone pointed out that for every time Ask bar was installed, the vendor got a dollar. I mulled over our OA Free download numbers and thought that this figure was highly likely to be inflated - but at a dollar per download - wow, that's some serious money.

Bundle Ask Toolbar and have an early retirement?

I then read a comment from BillP of Winpatrol fame saying that Ask had approached him - and - had he proceeded with them, he could have made enough money to retire in a few months. Bill basically told the guys to get stuffed - but there are a lot of other vendors that bundle the bar who didn't.

Having had two independent sources confirm just how much money could be made, I did what any self-respecting business owner would do - I contacted Ask to find out what the deal was. After all - if I could add tens of thousands of dollars to our bottom line every month, I'd be mad not to consider it, right ?

The Scoop

At the same time as I contacted Ask, Ask contacted me asking about business relationship opportunities. The chap on the phone I spoke with explained to me that the numbers quoted at Wilders were not quite reality - but for the purposes of basic math, we'll stick with the $1 per install

In other words, for a company like us - a small business out of Sydney - the Ask toolbar sounds like a dream come true. Call it free money. Call it monetizing our free product - we did both. Based on our download numbers we'd stand to make tens of thousands of dollars per month - all for including a harmless toolbar in our program.

Sometimes, I hate the internet...

Here's the problem. Imagine that you could get paid a dollar for each unique user. Imagine that you were moderately skilled at writing malcious code and had no morals. You could make a lot of money real fast by surrupticously installing something like this. And that's what people did. Ask were tarred with this brush.

As we proceeded along the path with Ask, we took note of the questions that they asked us and the hoops we had to jump through to sign up as a partner. They were really, really concerned to prevent malicious folks from bundling their bar.

It was unfortunate that they had been abused by malware writers and scammers - I'd hate for that to happen to us if we paid bounties for installation of Online Armor - but they shouldn't be nailed for this forever. Not only do they try to run a clean ship , but they were also a victim, right ?

This thinking gave us a bit of confidence going forward - as did the fact that a lot of our competitors, from the rats and mice upwards had done this.

...but most of the time it rocks

We decided that we'd proceed with the Ask toolbar. The money looked great. The company was clean. Our competitors were doing it. There were shouts at some of the guys that did it - from a highly vocal crowd - but we figured that provided we did it the right way (no default opt-in, no tricky wording or saying that the bar was required for security purposes) we'd be ok.

I took this to our private test team. They hated it. I took it to our forum admins. They hated it too. I took it to our Beta team after someone came out and said "You would never bundle a toolbar would you ?" - and I said, "um, actually yes, we would". They hated it too.

A rock and a hard place

On one hand, we have a way to boost our business by the tunes of tens of thousands of dollars per month. In this economy, that sort of money is not to be sneezed at - hell, in any economy the chance to quickly add a quarter-million USD per year to the bottom line with minimal effort is not to be sneezed at.

Unfortunately, adding that bar would mean that our users would hate us. Vocally. Is it rational hatred? Who cares. Hate is hate, and Vocal is Vocal. We'd already noted one of the smaller players get slammed for their search bar antics.

In all of our discussions and observations, some key points kept getting repeated:

Users do not expect a security tool to install unneeded items, even if that security tool is free.
Default opt-in is the only way people will install due to inattention, accident or trickery of wording.
Default opt-in is wrong.
Users place a lot of trust in security vendors. They are trusted to do the right thing. Do not abuse that trust.
Is it ethical to ask your users to install a product you would not install and use yourself?

Out of all of them, the last one got to me the most. I installed the bar and had a look. If this was on my computer, I would remove it.

In fact - the ICQ bar is even worse - the uninstaller didnt work correctly and now I find myself trying to do a google search and sometimes getting ICQ. It's really, really annoying. Do I want to really, really annoy our users?

The upshot.

When we started our Online Armor project, we somehow stumbled onto a simple formula. Listen to our users, and give them what they want. Provided they don't want free ponies and chocolate, it's a model that works rather well. Everyone wins.

Our users - the ones privvy to the pre-launch information told us pretty clearly "We don't want this, and we don't think it's right". When your friends are telling you it's not a good idea - imagine what people who don't have that relationship will say or do.

So - we've decided not to proceed with Ask, though they'd probably pay us nearly enough to buy a nice car.

When the numbers look good from a financial perspective, and "everyone else is doing it" - it's easy to fall into complacently thinking that all will be fine. It's not fine for security companies to bundle someone elses toolbar. We lost sight of that for a moment and nearly did everyone a disservice.

Why did we decide not to proceed? Well, the money sure would be nice but at what cost? Bundling this bar would lead to a loss of trust... and that's something you generally only get to lose once.

I'll get the car another day.

Phishing Scammer tries it on with CEO of an Anti-phishing software product “Online Armor”

2009-03-23T10:36:00.000+11:00

So, I'm sitting there today working on something for a client when I received an unsolicted Skype Message with an "Important Business Proposal".

I normally mess with these guys a little, just to waste their time , but as I was on the phone to a client I just decided to get rid of him quickly.

As you can see - he was suprisingly honest about his ultimate intentions.

This is how the scam works

Mr Dutu, or Mrs Dutu is usually writing to you from a yahoo or other free email address. It usually doesn't address you by name. It always offers some opportunity - usually, the chance to get a share of millions of dollars in exchange for some assistance.

A common theme is the widow of a Nigerian official (or just a corrupt Nigerian official) wants to move $250M (usually spelled as TWO HUNDRED AND FIFTY MILLION DOLLARS) out of the country. He or she just needs a partner overseas.

They offer a split of the money. Often there is the chance of further profits (we'd like to invest in real-estate in your country, and we will give you 10% of the profits). Quite often, they thank God for His mercy in finding someone as kind as yourself to help them.

So, you're probably asking yourself - how does this scam work? They want to send you $250M - it's going to your bank account - what's the catch? This scam has been going on for years, and it's called Advanced Fee Fraud.

Had I accepted this guy's offer, here's what likely would have happened:

He'd ask me for some ID - passport and bank account details for the money
He's send me some official looking documentation - fake of course - which would allow me to claim the money from some third party. The third party would probably also have a free email address too (like Yahoo or Hotmail).
The third party (Notary, Bank Manager) would contact me about claiming my money - and here's the catch - there's a $20 fee for stamping the document. Or a $200 fee.
Mr Dutu would claim not to have this money, but of course, since I will soon get 10% of $250M, $200 is not much to pay.
I'd send the money - and the documents would be "stamped".
Once they'd got me for $200 - there would be some other issue... and the costs would keep rising and rising until they couldn't get any more money out of me.

It's a sad fact that in tough economic times, people get desparate and take risks or chances that they wouldn't normally take in the hope of the "one big win" that would solve all their problems. You can imagine being in dire straights, and having invested $2,000 or so , thinking another $500 can't hurt.

Don't get caught out.

I've told the guy to go and find an idiot. Don't let it be you - seriously - if it looks too good to be true, it probably is. The chance that some corrupt official is going to send you $250M dollars and let you keep 10% of it is pretty remote to say the least.

Don't be the Idiot: Mr Dutu Returns

It was a Friday afternoon, and about an hour since my chat with "Mr Dutu" - too early to go for a beer, too late to do much work. I could see he was still online.

So I thought I'd ask him a few questions...

[3:56:08 PM] Mike Nash says: Any luck yet ?
[3:56:48 PM] Mr. Robert Dutu says: just 1
[3:56:54 PM] Mr. Robert Dutu says: for over three hours
[3:57:07 PM] Mike Nash says: :( Business getting slow for you?
[3:57:13 PM] Mike Nash says: May I ask, how much you make doing this ?
[3:57:47 PM] Mr. Robert Dutu says: be my victim and you will get to know how much i can make from you
[3:58:05 PM] Mike Nash says: (rofl) Very good :)
[3:58:10 PM] Mike Nash says: You're a funny guy
[3:58:20 PM] Mr. Robert Dutu says: thanks (handshake)

I ended up chatting with him for about an hour - and I have to say, he was a funny guy. A criminal, sure - but he claimed he was from Ghana, and had been doing this for only three months. He even tried to get some money out of me - but despite how amusing the guy was, he's still a criminal, and relies on trickery and social engineering to get what he wants - which is cash.

[3:58:51 PM] Mike Nash says: Seriously, do you really find many people that fall for this scam still? Though, I read in the newspaper than something like $100M leave the country each year
[3:59:23 PM] Mr. Robert Dutu says: what scam?
[3:59:31 PM] Mr. Robert Dutu says: this is real
[3:59:34 PM] Mike Nash says: The advance fee fraud

[3:59:42 PM] Mr. Robert Dutu says: i will send you details on it
[4:00:11 PM] Mike Nash says: Over Skype?

[4:00:23 PM] Mr. Robert Dutu says: This message has been removed

***Note - he pasted here the generic phishing email - which described how we'd share $16M. It was really, really well written in comparison to those that I'd normally get. ***

[4:01:11 PM] Mike Nash says: Nice. That's actually quite well written. And instead of $250M , you're saying $16M...

[4:01:29 PM] Mike Nash says: So, what's the next step?
[4:02:20 PM] Mike Nash says: Actually, I work for a security ecompany - this is why I am so interested

[4:02:22 PM] Mr. Robert Dutu says: wait, i have a client
[4:02:25 PM] Mr. Robert Dutu says: he is discussing positive
[4:02:26 PM] Mike Nash says: ok

It was interesting the way he refered to his victims as clients. He offered me the chance to see the chat history with his "client" - but then it went a little bad...

[4:04:29 PM] Mr. Robert Dutu says: and put it on the internet right?
[4:04:36 PM] Mr. Robert Dutu says: no
[4:04:44 PM] Mr. Robert Dutu says: you will spoil my job
[4:04:54 PM] Mike Nash says: Not a chance!
[4:05:01 PM] Mike Nash says: There's already lots of articles about it
[4:05:14 PM] Mike Nash says: and I bet, you do not use this account for more than some days at a time, right ?
[4:05:22 PM] Mike Nash says: Next time it will be some other name
[4:06:08 PM] Mr. Robert Dutu says: why all this question
[4:06:16 PM] Mr. Robert Dutu says: do you want to join?
[4:06:25 PM] Mike Nash says: No, I don't :)

[4:06:34 PM] Mr. Robert Dutu says: good
[4:06:48 PM] Mr. Robert Dutu says: what is your job?
[4:06:51 PM] Mike Nash says: I think I could improve the text of your letter a bit - but it is better than 99% of the ones I receive normally
[4:07:05 PM] Mike Nash says: I work in security industry, we write a personal firewall product
[4:07:20 PM] Mike Nash says: it also detects things like keyloggers
[4:07:37 PM] Mr. Robert Dutu says: very good
[4:07:45 PM] Mr. Robert Dutu says: what is your pay?

I made up a number, and told him, and then added:

[4:09:12 PM] Mike Nash says: what's yours?

He was very very evasive about how much he earned, until he told me that he'd only ever made EUR50 from a woman in the Philipines. Of course, he could be sitting there in a $5000 chair in his private compound saying that for all I know.

[4:09:56 PM] Mr. Robert Dutu says: sorry for my late reply
[4:10:00 PM] Mr. Robert Dutu says: was busy with a client
[4:10:07 PM] Mr. Robert Dutu says: you earn alot of money

[4:10:09 PM] Mike Nash says: I like the way you call them clients
[4:10:21 PM] Mike Nash says: It implies a certain professionalism
[4:10:26 PM] Mr. Robert Dutu says: thanks

[4:10:35 PM] Mike Nash says: Cost of living here is higher.
[4:10:47 PM] Mr. Robert Dutu says: if i ask you to send me some money will you?

[4:11:20 PM] Mike Nash says: What would I recieve in exchange for a payment?
[4:13:17 PM] Mr. Robert Dutu says: am back
[4:13:24 PM] Mr. Robert Dutu says: that is the point
[4:13:34 PM] Mr. Robert Dutu says: nobody wants to give anything out for free
[4:14:21 PM] Mr. Robert Dutu says: but if i promise you $16million usd i will end up getting more than your pay from you
[4:14:40 PM] Mr. Robert Dutu says: you might even go to the extent of taking loan for me
[4:14:54 PM] Mr. Robert Dutu says: which is very improper

This is actually quite sad. I've read stories in the paper of this - but never seen the scammers side of it before. He drifted off into trying to get a bit of sympathy from me, and then started to ask me for money...

[4:34:37 PM] Mr. Robert Dutu says: can you be of any assistance?
[4:34:39 PM] Mike Nash says: It's a Friday - everyone thinks of the weekend, and the pub
[4:34:41 PM] Mike Nash says: wrong time of day

[4:34:46 PM] Mike Nash says: No, I can't really help you
[4:34:52 PM] Mike Nash says: you're committing a crime
[4:35:03 PM] Mr. Robert Dutu says: i know
[4:35:11 PM] Mr. Robert Dutu says: and i accept the fact that i am GUILTY
[4:35:32 PM] Mike Nash says: But you still won't tell me how much you make :) I'll bet your computer is more powerful than mine
[4:35:41 PM] Mr. Robert Dutu says: and will not hesitate to be prosecuted when the law catch up with me
[4:36:17 PM] Mr. Robert Dutu says: there is no specific amount
[4:36:33 PM] Mr. Robert Dutu says: i take whatever you can give me
[4:36:58 PM] Mr. Robert Dutu says: even if is 100 or 50 $
[4:37:04 PM] Mr. Robert Dutu says: i will seriously appreciate it
[4:38:06 PM] Mr. Robert Dutu says: and i know my God will forgive because i pray to him to replenish the pockets of my clients with double of whatever they loss

At this point, he went all religion on me and talked about washing his sins and so on. Then back to business:

[4:44:16 PM] Mr. Robert Dutu says: i take whatever you can give me
[4:44:23 PM] Mr. Robert Dutu says: even if is 100 or 50 $
[4:44:33 PM] Mr. Robert Dutu says: or more
[4:44:35 PM] Mr. Robert Dutu says: i will seriously appreciate it
[4:45:27 PM] Mike Nash says: I'll bet you will
[4:45:38 PM] Mike Nash says: I have this image in my head, of you in the bar after with all your friends
[4:45:52 PM] Mike Nash says: "This guy thought he was clever, but I still got him to send me $100. Who wants a cigar?"

[4:46:52 PM] Mr. Robert Dutu says: (rofl)
[4:46:56 PM] Mr. Robert Dutu says: very funny
[4:47:01 PM] Mr. Robert Dutu says: i don't smoke
[4:47:10 PM] Mr. Robert Dutu says: i only drink ocassionally

More talking about money, and then:

[4:49:31 PM] Mr. Robert Dutu says: i know at the end of this conversation you will publish our chat
[4:49:40 PM] Mr. Robert Dutu says: but that is not a problem
[4:49:46 PM] Mr. Robert Dutu says: i am still very sincere
[4:49:55 PM] Mike Nash says: Actually, I published already just the funny part

[4:51:53 PM] Mr. Robert Dutu says: why?
[4:52:15 PM] Mike Nash says: because usually, if I say something like that, they do not reply and move to next victim. It was different
[4:52:33 PM] Mike Nash says: It is like a policeman warning a car thief to drive carefully
[4:52:46 PM] Mr. Robert Dutu says: ahahahhahaha

It was getting late, and I was ready to go home... this is where he came up with his classic:

[4:54:17 PM] Mr. Robert Dutu says: how do i get you to send me some money?
[4:54:40 PM] Mike Nash says: Unfortunately, you will not get me to send you money.

[4:54:58 PM] Mr. Robert Dutu says: don't be stinge my friend
[4:55:20 PM] Mr. Robert Dutu says: it will not cost you anything to send some money to a stranger who is in need

[4:55:41 PM] Mike Nash says: You probably make more money than me. Will you send me some?
[4:56:18 PM] Mr. Robert Dutu says: yes $16million usd but we will have to finance the transfer together
[4:56:27 PM] Mike Nash says: HAHAHAHAHAHAHAHAHA!
[4:56:39 PM] Mr. Robert Dutu says: yes
[4:56:44 PM] Mike Nash says: Touche!
[4:56:51 PM] Mr. Robert Dutu says: and we share it at the end 50% each
[4:57:12 PM] Mr. Robert Dutu says: $8million usd for you
[4:57:31 PM] Mr. Robert Dutu says: this is a life time opportunity

[4:57:33 PM] Mike Nash says: You know, if you ever give up the scam business, you'd have a great career in comedy
[4:57:53 PM] Mr. Robert Dutu says: if i were you i will grab opportunities like this with both hands
[4:58:02 PM] Mr. Robert Dutu says: and become rich overnight
[4:58:28 PM] Mike Nash says: but we already know it is a scam, and you hate to do it
[4:58:30 PM] Mr. Robert Dutu says: look my friend am not a scammer
[4:58:32 PM] Mike Nash says: I havent been drinking
[4:58:42 PM] Mike Nash says: so I am not likely to change my mind
[4:58:55 PM] Mr. Robert Dutu says: ;(

Unfortunately, after this gem he pretty much went back to trying to phish me with the $16 million. A shame. I really enjoyed the chat with him (some parts have been edited out for length) - and at some point when he was telling me about life over there (wherever there actually was) I felt sorry for him - he was very, very good at his job and had a good sense of humour about him.

Mike

Eating our own dogfood: Shopping cart updated

2009-03-22T20:22:00.000+11:00

We've replaced our shopping cart

As part of rolling out Tall Emu CRM internally, we've deployed the shopping cart component to the Online Armor website. It's been live for about a week and a bit now, and is proving a lot more reliable than the original one (which we knocked off in a couple of days before Online Armor launched).

For a start, our family pack systems before were pretty incomprehensible and we found a lot of people would go through the shopping cart just to figure out what it costs. Now, we can list our products easily - in different variations, and different licence durations so people can compare.

We're also able to deliver other products inside the cart as well - where previously, it was only Online Armor. So we can do things like the admuncher and a-Squared bundles with ease.

Lastly - and most excitingly - when we finish rolling out CRM internally (we have a few customer jobs to complete first) - the cart and the CRM will be linked and synched in real time. It means we'll have "one view" of our customers, and the interactions with them.

We're excited.

Don't be that idiot...

2009-03-20T14:56:00.000+11:00

He'd ask me for some ID - passport and bank account details for the money
He's send me some official looking documentation - fake of course - which would allow me to claim the money from some third party. The third party would probably also have a free email address too (like Yahoo or Hotmail).
The third party (Notary, Bank Manager) would contact me about claiming my money - and here's the catch - there's a $20 fee for stamping the document. Or a $200 fee.
Mr Dutu would claim not to have this money, but of course, since I will soon get 10% of $250M, $200 is not much to pay.
I'd send the money - and the documents would be "stamped".
Once they'd got me for $200 - there would be some other issue... and the costs would keep rising and rising until they couldn't get any more money out of me.

A Host of Problems

2009-03-17T23:01:00.000+11:00

Let's talk about the HOSTS file. It's a topic that causes all kind of confusion for Online Armor users, especially when they're running other software such as Spybot which writes entries into the hosts file because it's such a technical topic.

Let's take a step back in history...

Once upon a time in the early days of the internet - before it was the internet, there was no such thing as DNS. It was called ARPANET - and the way you'd map from a human readable name like "computer2" to an IP address like "192.168.0.51" was to write an entry in the HOSTS file on each computer, like this:

192.168.0.51 computer2

You'd write that entry on all 6 computers that made up the internet, and life was good, you could find things easily. Just type "Computer2" and the computer would look in the hosts file, and think "Aha, this pathetic human cannot remember 6 IP addresses - it wants to connect to 192.168.0.51"

Of course, there are a lot more than 6 computers on the internet now - so a new system was born - the DNS - which did the same sort of thing, but without having to copy and paste 400 million entries into the hosts files on 400 million computers. A lot more convenient.

Programmers, Network admins and the hosts file

Although the hosts file was mostly made extinct by the DNS system, certain folks still used it - mostly for practical jokes, or testing websites. For example, if I were working on a new version of the site "www.tallemu.com" then I could write an entry in the hosts file on my computer, and tell it to send requests for www.tallemu.com to my test server , not to the live server.

This meant that it would be easy to test new versions working as they should, without inconveniencing everyone on the internet. It also meant that you could play tricks on your colleagues by messing with their hosts file - redirecting them to fake sites you'd made running on the company webserver, so when they went to their favorite timewasting site, it would redirect it to a site under your control which would tell them to get back to work.

Bad things start to happen

There's a special address called the loopback address - 127.0.0.1 - what it means on any computer is basically "Me!!" - so, if I was running a webserver on my laptop to test sites I was developing, I could again write an entry in my HOSTS file and say that tallemu.com should go to 127.0.0.1 - which would mean my laptop. Again, I can use this to test.

Of course - most people don't run a webserver on their laptop. It would be crazy. In that situation, what happens to traffic that you redirect to 127.0.0.1 ? It just times out, and goes nowhere.

Malware writers know this - and if they write the domain names of your antivirus company into the hosts file, they can either redirect you to a server that they control - or - redirect it to your local, webserverless computer - in effect blocking the site. Naughty.

The good guys got onto this trick too. Of course, being good guys, they started to write lists of dangerous sites and point them to 127.0.0.1 - making them inaccessible if you accidentally went to that site, or went to a website that had references to those sites. In other words:

www.NeverGoHere.com 127.0.0.1

in your hosts file would usually mean you would never get to visit www.nevergohere.com - so it's a quick and dirty way of blocking a site.

Confusion Reigns!

This is where it gets confusing. When we released Online Armor, we were very worried about malware re-directing our users to fake banking sites using the hosts files, or by writing entries in the hosts file that were designed to deny people access to the sites that they wanted to visit, such as Antivirus companies.

To stop these attacks, we designed a nice system that controlled which entries are allowed to exist in the HOSTS file. The idea was simple - we'd pop up a warning that said words to the effect of "Hey! Something is trying to mess with your hosts file!" - if you let it make the modification it would be allowed and if you didn't, it would be blocked and automatically prevented from happening again. The idea - if a bad guy wanted to write www.yourbank.com into the hosts file to trick you, you could say "Block" and it could never appear in the hosts file.

Makes perfect sense, right ?

Unfortunately, what messes this up for everyone is that the good guys and the bad guys are using the same trick. So,

1) Your Anti-Spyware program writes www.nastysite.com into the HOSTS file with 127.0.0.1 - this would prevent your computer connecting to it.

2) Online Armor sees this and says "Hey, this is trying to update the hostsfile man, you sure you wanna do that ?" - and of course, you trust your Anti-Spyware program so you allow it.

This then leads to the bizarre status of you having an entry in Online Armor for a bad site (pointing to 127.0.0.1) which is allowed. And that status being perfectly correct and safe.

What it actually means is that the entry is allowed to exist in the hosts file. The hosts file entry then does what it does.

I'm almost confused myself. We'll be trying to find a way to make this more understandable in future releases of Online Armor.

The Good, The Bad, and the Unknown

2009-03-02T23:18:00.000+11:00

A lot of people ask me questions about the whitelist that is used in Online Armor. Why do we have one? What is it for? So, the main purpose of this post is really to talk about whitelists - and how we're using them in Online Armor.

A quick recap on classifying files

Online Armor in its out of the box setup will prompt you when programs it doesn't recognize try to run. The reason for this is straightforward - if a program doesn't run, it can't do your computer any harm. So, a key defensive strategy in Online Armor is to prevent dangerous programs from even starting.

Unforunately, it's extremely difficult to maintain a list of all of the dangerous programs in the world. The authors try hard to make them get past Antivirus vendors, and they certainly don't announce the release of them so that they can be included in a backlist.

Instead, they sneak them into circulation and try to get the spread to happen before the Antivirus vendors notice. To combat this, the AV Vendors added heuristic detection - which is basically checking "If it looks like a duck, quacks like a duck, call it a duck".

It's an interesting problem - Antivirus basically classifies files into a couple of groups:

Group 1: A solid detection - The Donald Ducks of the Antivirus world. A known virus.
Group 2: Heuristic Detection - it's quacking, and it has a beak... it's certainly ducklike.
Group 3: No ducklike behaviour reported.

The first two groups are are detected and either flagged, blocked, quarantined as bad, or dangerous files (or, in some cases, there's a "possibly unwanted" category). The third group is just allowed to run.

The Third Group is allowed to run. This is important. If the antivirus doesn't know(or suspect) that the file is bad, it allows it to run. If it *is* bad, well, oops, you just got infected.

Online Armor treats programs differently.

Group 1: A solid detection - This file is bad.
Group 2: A solid detection - This file is Safe.
Group 3: Not on the list - we haven't a clue.

So, group 1 files are either on Online Armor's blacklist, detected by Online Armor AV+'s embedded AV (soon to be the dual engine from Emsisoft/Ikarus). Group 2 files are files we know are safe, and therefore don't get a prompt.

Group 3 files - we don't know. In this case, we ask the user for a decision, which results in popup to ask them what to do.

In fact - inside Online Armor we technically have 4 states of file:

Blocked - just about what you'd expect
Unknown - no decision has yet been made
Allowed - the program is allowed to run, but you will be prompted for other actions
Trusted - the program is allowed to do whatever it wants.

Back on topic..

So - if you read the above, then it's pretty clear that the way Online Armor treats files is more secure - unknown programs are not blindly allowed to run - but this is at the expense of more work for the user. In the event we didn't have a whitelist at all, Online Armor would be constantly popping up for every program on your computer.

So, the whitelist is important to reduce popups. People who don't like the whitelists idea say that there is a key problem: It's impossible to whitelist all programs, there are just too many of them.

Of course, they're right - it *is* impossible to whitelist everything - but we don't have to. Each program that we whitelist is potentially one less popup not just for one user, but for millions of users - so cumulatively, our users get a benefit.

My second argument - suppose that we can reduce popups by 10%. Is it worth doing? What if we can reduce them by 12% or 15% or even 50% ? At what point does a whitelist start to make sense?

From my point of view, if we manage to whitelist the top 10% of programs then our users will get 10% less popups, and I think that's worth having. The bigger this number, the better.

There will always be programs that don't make the whitelist. Common programs, unusual programs. It doesn't matter. The goal is simply to get as many as we can.

When I install Online Armor on my computer, I get just a few entries to check in autoruns (some specialised software we wrote for a customer) and 10 or so entries in programs to check (same sort of thing). This is much better than what I had several months ago, where I had at least 40 or 50 items to check in programs... and even though I still have 10, it makes Online Armor much easier to use.

For our upcoming v3.5 release, we've spent a lot of time in the background reworking our OASIS infrastructure to faster process inbound data and classify files so we can improve our whitelist. We should see the results of this over the coming months.

We've also added a realtime lookup of newly created files - to try and get this data out to the user's computer as quickly as possible. It's going to be very interesting to see, once released, how low we can go with popups.

Do you need both a physical firewall and a software firewall?

2009-02-24T16:25:00.001+11:00

This question is quite often asked over at our forums - "Do I need a physical firewall and a software firewall?" and it's variation - "Since I use Online Armor, do I need to worry about my hardware based firewall?".

A HARDWARE firewall is a separate physical device from your computer.

Your Cable or DSL plugs in one side, and you have a couple of sockets there that you can connect up multiple computers to. If you splashed out an extra couple of dollars, you got an antenna attached as well to enable your wireless network.

If you have one of these beasties, you're already behind a firewall of some kind - and you will also be NAT'd. NAT means "Network Address Translation" - and for our purposes here, it means that your router/firewall has your PUBLIC IP address - and all of the computers behind it have PRIVATE IP Addresses.

What this gives you is quite simple - if I try to connect to your public IP address, it will stop at your router/firewall unless there is some rule allowing it through (and redirecting it to a computer on the inside) or, in case the data is coming back in response to a connection you opened. After all, if you had to open ports on your firewall to get back the web pages you just told your browser to load, the internet would get really hard to use.

Just by being NAT'd and not having ports open, you're getting a measure of security because the bad guys on the outside can't connect to your computer and read your shopping list. I think most people these days (unless they are on dialup) have a hardware firewall of some type. They're cool, and they're useful - they're always on - and they easily allow you to connect up multiple computers together in a home network.

Now - let's take our bad guy - hollywood version. Ruggedly good looking, and up against time he jumps onto the internet - maybe he uses some cool (and completely impractical) 3D user interface involving bricks. Maybe , he's furiously typing 3 letters and watching old BASIC programs scroll past - but he's hacking.... (and probably has a cool scar). It works. He gets into the computer and gets the data/location of hero/missile control codes. Now the good guys have their work cut out for them.

Back to real life. In real life however your home computer is more at risk from things that you do. Certainly, you have your hardware firewall which will defeat inbound automated scans trying to take over your computer - but unfortunately, data gets on to your computer in a number of ways:

You go to a web site
You download a program
You receive email
You use P2P programs or other file sharing tools to download

Hackers are sneaky little devils, and motivated these days by money. Their objective is to get your computer and have it work for them - because computers are expensive, so why buy one if you can hijack millions of them.

They'll use any tricks that they can think of to get their program on to your computer. At one end, the program might install toolbars or advertising programs so they get a few cents per click. It might be a keylogger to record (and transmit your keystrokes - especially those that relate to your bank username and password). Your computer could be used as part of a co-ordinated attack to bring someone's website down - for money.

So, if the hackers get this program on to your computer, at some point it's likely to want to connect out to the big bad world. And what does your hardware firewall do? Nothing.

Enter the Software Firewall.

The software firewall is a program , not a piece of hardware - and it sits on your computer and acts like a traffic cop. Can this program connect? Can that program send data? This program wants to let other computers connect to it.

There are various reasons why computers need to talk to each other - loneliness, romance, sharing printers or files - these are all legit reasons.

With a software firewall, if our hypothetical bad guys get a program on your computer your software firewall should see it - and, it should squeal like an 8 year old girl. (Actually, in an ideal situation, the squealing should only happen in case the program is bad, or unknown - but we'll leave that alone for another day).

So - the software firewall primarily is used to control outbound traffic. Because it runs on the computer itself, it can identify which programs are trying to connect to the outside world, where, and so on. Then you need to use a bit of the old grey matter (or google) to figure out if it should be allowed.

The idea is simple: Software firewall stops bad guys from sneaking data off (and, in as well - though we're assuming your hardware beast already caught it).

There are further complexities that I won't go into now - like programs that try to trick your firewall, or you. Programs that try to bypass it to get the data out - good firewalls will protect against this to some degree.

But - now it comes to the answer to the question....

"Do I need a physical firewall and a software firewall?"

My answer would be a straightforward yes. A physical firewall is cheap, and effective. It will keep a lot of junk out - and it gives you an easy way to share your internet connection.

If you have a physical firewall and a software firewall, you should run them both. After all, if you had two locks on a door would you just choose one of them? People have deadbolts for a reason.

And the last one - do I need a software firewall at all? Well, we wouldn't have spent years writing Online Armor if we thought you didn't :)

Mike

Online Armor's NEW release has a wicked new feature

2008-04-15T18:07:00.000+10:00

Run Safer Goes GREEN!

Lets just talk about one of the new features of Online Armor (free and paid) - the green border around apps that are currently running in "Safer" mode.

Try this for a test:

1) Download a file from a browser you are running "Safer" and launch it from the browser. You will see, because the process was created by the browser (with lowered rights) that this program inherits the green bordering - a nice indication that the program is also running in "Safer" mode.

If you save the file from the browser, and then manually open it with a double click - it will run "Normal".

This may cause some new users to complain that when they download a desired file, it cannot install because of a permissions issue - BUT if this were a drive by, it would not be able to (for example) write to windows, the root of the drive, or program files directory.

This is a really cool feature (runsafer itself did not change, just the visualisation of it) - but the bordering/indication really makes it clear what's happening. I thought about not including the bordering in the free version - but it's just too cool not to make it available for everyone.

2) Set your Outlook/Outlook Express/EmailClientOfChoice to run-safer. Restart it so you see the border (indicating protection). Now, if you have an email with an attachment (PDF, whatever) - double click it from inside the mail client.

What you should see is that (in the pdf example) acrobat cranks up as you'd expect (or foxit ) - with your document - and again, with a nice green border around it.

Do the same with your IM clients - except for when you want to update them - and you have a nice, easy and visible layer of protection that really works across several key infection points. You can also run MS Word, MS Excel as safer as well with ease. (On my system I'm running Outlook, my chat clients and web browsers (FF and IE) in safer mode now)

With the addition of this visualisation - run safer is now firmly my favorite OA feature. You could experiment further with changing some other settings (for example: turn off prompts in webshield, turn off prompt on unknown and auto-allow trusted to connect to the net to off as well) and you'd probably get fairly few popups - with runsafer doing the heavy lifting in terms of protecting you against accidental clickage.

I thought I would take the time to highlight one of it's most overlooked features (and , IMHO one of the coolest)

Mike

Subscribe in a reader

What is the Shields Up Test?

2008-04-10T11:55:00.000+10:00

Many firewall users put a good deal of emphasis on the Shields UP test over at grc.com. The purpose of this test is to check your firewall remotely to see what's open, or visible. Many modern firewalls, including Online Armor pass these tests - if the test is performed properly.

The problem is that nowadays many computers are behind modems, routers or even hardware firewalls making it very difficult, or impossible to test.

How does the test work?

Putting it simply, when you run the test the shields-up server will start to fire data at your computer. So, the data comes out of the ShieldsUP server, whizzes it's way over the internet, undersea cables, fiber, you name it. It gets to your ISP... whizzes through their systems, and out another pipe towards your home. Once it gets to your home, it squirts through your modem or router and into your PC. Once it's on your PC, it's up to the firewall to deal with it. If it sends back ANY response at all - it's a fail.

So why does my software firewall fail?

Before we start talking about software firewalls failing, how do you know the data is even reaching your software firewall? Remember above where we talked about the pathway that the packets take? There's the problem. If you have a router, or a modem - or your ISP does anything tricky - or, if you are plugged into someone's wirless network in a hotel, the packets may not actually reach your computer.

The animation below shows the ShieldsUP test in action. The first one shows a normal test, working the way the SheildsUP guys intended, reacting against a computer connected to the internet, but in all it's stealthy glory.

The second animation shows a firewall that sends something back. That's a straight fail in ShieldsUp talk.... bad firewall, go to the back of the class.

The LAST animation is the interesting one. Here, the data squirts to your PC, hits your modem which cries "I'm alive! I'm here" - this causes ShieldsUp to fail - but the data actually got nowhere near your computer at all. It's also more interesting if you have more than one computer behind your firewall/router - because you wont necessarily know which one, if any, answered it.

So - what to do in this case? You could always turn off your computer - if you still get a failure then it must be the modem. Unfortunately - if you turn off your computer, you can't request the test :(

If GRC changed the test so you could request the test, turn off your computer - then come back and collect the results 5 minutes later, then that would work for those on a fixed IP - or, if you're a tenacious sort then you can probably figure out how to configure your modem differently to not respond to those pings.

Online Armor does (when properly tested) pass these tests as do many other firewalls - but the test cannot be passed (or failed) by your firewall if the data does not reach your software firewall. Now the only remaining question is whether there is any benefit to the ShieldsUP test, other than as a quick "do I have any open ports".

Online Armor Awarded Best Firewall Software of 2008

2008-04-03T10:05:00.001+11:00

Online Armor has been further acclaimed as the "Best Firewall Software of 2008".

Scot Finnie in conjunction with over a 1000 of his readers have been reviewing and testing all the major players in the firewall category. This process started way back in the later part of 2006.

Tall Emu are very proud of this result as it is co-reviewed by end users, takes into account third-party testing and has been ongoing for more than a year. Plus the award is against both a firewalls security credentials and its usability.

Here is the final paragraph of the review taken directly from the formal review by Scot Finnie Newsletter.

“Online Armor 2.1.0.112 (the paid version) is the best firewall I’ve ever tested, offering a blend of usability and hard-wired security that’s near-ideal for maximizing protection and ensuring a good user experience. A great firewall doesn’t have to be, and shouldn’t be, a chore to use. Online Armor isn’t.

A year and a half after launching this quest, naming OA the Best Firewall Software of 2008 came naturally. The very best products have a way of standing out.”

To view the full review you can check out http://blog.scotsnewsletter.com/2008/03/24/the-best-firewall-software-of-2008-online-armor/ .

About Scot Finnie

Scot Finnie has been a journalist and magazine editor for nearly 25 years. He has worked on staff at several computer magazines and online publications, including Computerworld, where he is Editor in Chief.

He has also served on the editorial staffs of ZDNet, PC/Computing, InformationWeek/Techweb, and Windows Magazine. He's written articles in the past for numerous other publications, including CFO, CNET, PC World, PC Magazine, MacWeek, Byte, Popular Science, and Popular Mechanics.

Scot’s Newsletter is Finnie's personal blog and newsletter. It covers operating systems (primarily Windows and Macintosh), security, the Internet, and technology at large.

Welcome to the Online Armor Blog

2008-04-03T10:02:00.000+11:00

Hello Everyone,

Welcome to the Online Armor blog. This first post will be very short - what we plan to do here is use this blog as a place to discuss Online Armor - how to use it, computer security, and other things of interest.

We're still setting things up here - so bear with us while we move in.

Mike

Online Armor & Tall Emu in the Press

2008-04-01T15:12:00.000+11:00

Anti-phishing app looks for users

By Sam Varghese 22nd October 2004

A Sydney firm has developed software which can help in stopping the rash of successes enjoyed by the senders of phishing emails - only this time, the software works at the user's end.

http://www.smh.com.au/articles/2004/10/22/1098316833867.html

http://www.theage.com.au/articles/2004/10/22/1098316833867.html

Kaspersky engine integrates with Tall Emu security solution.(Security News and Products)

Source: Software World, 01-SEP-06

Online Armor Antivirus+ is a data security solution produced by Tall Emu, an Australian security software company. The solution provides users with protection against spam, viruses, Trojans, worms and various blended Internet threats. Integration of the Kaspersky Anti-Virus engine into Online Armor will provide comprehensive protection against today's virus...

http://www.accessmylibrary.com/coms2/summary_0286-19847805_ITM

Firewall Challenge - Online Armor Awarded the No. 1 spot

2008-03-27T14:24:00.001+11:00

Sydney, Australia, 26th March 2008

Tall Emu, a leading personal firewall developer, is pleased to announce that the free version of Online Armor Personal Firewall has come out on top in the most recent Personal Firewall Analysis tests performed by Matousec Transparent Security on March 25^th 2008. Online Armor beat 10 of the top personal firewalls and security suites, becoming the only product to receive the coveted 100% success rating in the leak tests.

What is a firewall leak test?

Leak tests are small, non-destructive programs designed by security experts that deliberately attempt to bypass a firewall's outgoing security measures. The rationale behind them is simple: If these tests can get past your computer's security defences, then so can a hacker. Explicitly designed to help identify a firewall's security flaws, leak tests inform the user whether or not their firewall is providing adequate protection.

This result comes a day after Online Armor was awarded “Best Firewall of 2008” by Scot’s Newsletter. (He is also Editor in Chief at Computerworld)