Intrusion Prevention

Online Armor uses powerful new technology to actively detect threats to your PC. Rather than merely comparing the signature of an intruder to known threats in a database, and missing new and unknown threats, Online Armor intelligently recognizes and identifies malicious behavior and immediately targets the malicious program or intrusion attempt for exclusion from your PC before it ever has an opportunity to become a threat.

Online Armor combines execution protection, along with an HTTP, POP3 and IMAP proxy. The proxies filter content coming into your system before they get to your browser/mail client.  For example, OA will warn if a page contains references to ActiveX objects.

The execution protection is a second line of defence.  If something gets past Online Armor (which is certainly possible) or you allow in error (also possible), then you would receive a warning of an .exe attempting to run.

Assuming you block it, that's it - nailed forever. If you allow it to run, you can also delete files created by it. There are other features in Online Armor, for example, control over browser helper objects.

So, typically in the event of a drive-by infection you could get :

1. A warning that page contains dangerous object, (ActiveX).
2. A warning that the program is trying to run.
3. Auto-start warning.
4. Notification of an attempt to install a Browser extension.

This should be sufficient in the most parts to alert you that something strange is happening (assuming, you press allow each time).