VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    There seems to always be one program or another updating on my machines , some I'm aware of and can disable VS, some I'm not and when I allow the update in VS the installation fails [as mentioned, I also had to allow an update from Windows Update :sick: ] - not something I want or need to deal with I'm afraid. I realise that the more secure you make a machine the less user friendly it becomes and we have to draw a line where we feel comfortable. I am not someone who is happy to manually control their machine at this level, like allowing a Command Prompt alert when trying to eject a USB flash drive. I can't remember ever being infected worse than a tracking cookie years ago so I must be doing something right.

    Each to there own, but VS is not for me, at least at this time.

    Edit: Oh, I did get a PUP once when installing ImgBurn because I didn't read the EULA properly, but MBAM sorted that out quick-smart.
     
    Last edited: Apr 17, 2015
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, I updated that!
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I have no idea what your question is, please let me know!
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you simmersK00L, Baldrick and TH!
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, I will fix that!
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, please let me know if you need a VS Pro license!
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I see ALWAYS ON with Check mark and VS Gadget OFF. I posted the scenario of when I saw ALWAYS ON and Gadget OFF
    Q: Does ALWAYS ON always equate to VS BLUE ? cause VS Gadget shows RED OFF
     
    Last edited: Apr 18, 2015
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds good... the prompt varies depending on what is blocked, I just have to tweak it a little.

    Also, you can always change the "Automatically run file after scan if threat is not detected." in the settings as well. Thank you!
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    The dismhost.exe alerts should be fixed, unless you are running Windows 10, and they will be fixed soon.
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you!
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you!
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    No, not that I can think of.
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    VS probably will always block the WSA updates, since they are going to be different each time. It would probably be better to just let VS block them, just in case malware downloads to the c:\users..\appdata\local\temp folder... so you might want to not have this as a custom allowed folder. Just a thought, thank you!
     
  15. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    C'mon Dan...give us something new to play with. :D
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I get dismhost alerts all the time with VS 2.50 on Windows 7X64. Do you think it would be safe to create a wildcard allowing them all? I have been choosing to block most of them because they originate from the temp folder, and I don't know what executable they are trying to run.
     
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sure. VS is better than UAC because it does not force the user to respond to an affirmative prompt, which is the biggest security hole ever, since most users simply click yes or allow. Also, UAC blocks everything, whether a web app is running or not. Not only that, but I have seen many executables that UAC will block every single time, no matter how many times the user allows the UAC prompt. Keep in mind, Microsoft has a team of security developers working on UAC, while I am on my own when it comes to developing VS. Let's do this... let's create a list of 20 executables (installers and portable executables) and "actions" (common windows tasks), and count how many times UAC and VS blocks the executable or action. You can come up with 10 and I will come up with 10 and we will test.

    VoodooShield is a computer lock, so there will be some items that are blocked while VS is building the whitelist, there is no way around it. People either want their computer to be locked or they do not. If they want their computer to be locked, then yes, VS will block some things from time to time, but I bet it is still far less than UAC. If they do not want their computer to be locked, well, then they cannot complain when they are infected.

    Here are a couple of simple tips that will make VS easier to use:

    1. You might want to keep VS in training mode for an hour or so after you first install it. And spend 2-3 minutes starting all of the software you normally use.
    2. VoodooShield is a computer lock. So if you know you are going to install or update something, simply left click on the desktop shield gadget before you install or update (or right click and choose Training or Disable Protection).
    3. Also, if you keep VS in Smart Mode and close your web apps (along with all other applications) before you install or update something, VS will work much better. Somehow we have gotten away from closing all of our applications and disabling our security software before installing new programs, even though a lot of installers clearly tell the user that they should close everything and disable their security software before installing new software.

    The whole goal of VS is to lock the computer, while safely allowing as much of the good stuff as possible, and not prompting the user, and believe me, it is not an easy thing to do. VS is not absolutely perfect in the regard, but it is close, and is getting closer every day.

    BTW, what was the path to the Setup.exe file? Most likely it is an easy fix. Thank you!
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, all I can say is that I have several hundred, possibly thousands of local clients who run VS, and they NEVER have a problem with it. And a good 30-40% are complete novices. The alternative is them clicking Yes or Allow to UAC, right? ;). And this does not count all of the VS users in general. I will admit, I do have one VS customer that emails me every couple of weeks to ask if they should allow something or not.

    It's totally cool, not everyone wants to lock their computer, I totally understand. There is not a single product anywhere that 100% of the people like, not even pizza.

    Look at it this way: "Once VoodooShield is trained, you never have to worry about annoying antivirus pop ups and scans again."

    Either we find a way to lock our computers, or we will just have to live with malware.
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    If you get a chance to try VS, please report back to us with your findings. Thank you!
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, the parent process feature helps A LOT. Everyone should make sure it is enabled because if you have been running VS for a while, it probably is not enabled, since we used to not enable it by default.

    We can switch to single threaded, but then the user will be forced to respond to the prompt before anything else on the computer will start. I think it is a lot safer to not require the user to respond to prompts.

    The thing is, in order to install an update (especially java and flash), the computer should be unlocked and all applications (especially web apps) should be closed.

    The java update should not have failed, I will look into that today. Thank you!
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Is there a trial for the pro version

    Thanks,

    Pete
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ok, I guess I should explain something a little better.

    The easiest way to explain this is this... When it comes to blocking non-whitelisted items, VS has 2 choices, it can either handle the blocks with single threading or multi-threading.

    Single Threading:

    1. A new process is attempting to be created, so it is intercepted and suspended by VS before it is created so it can be evaluated
    2. VS then evaluates the processes to see if it should be ran or not
    3. If it is already whitelisted, or meets some other criteria, it is allowed.
    4. If it is not allowed, then VS denies process creation and prompts the user
    5. The thread waits until the user responds to the prompt, and no other new processes can be created or evaluated until the user responds to the prompt. Once the user responds to the prompt, then a new thread or process can be created.


    The thread does not go to completion after the new item is evaluated, because it waits for the user to decide whether to allow the item or not... so the entire system is at a standstill until the user makes a decision. This is how UAC and all other similar apps work. The advantage is that VS would not have to go back and start something that was blocked, since the item is not actually blocked until the user decides whether to run it or not. The disadvantage is that the user is forced to decide right then whether they want to allow or block something.

    Multi-Threading:


    1. A new process is attempting to be created, so it is intercepted and suspended by VS before it is created so it can be evaluated
    2. VS then evaluates the processes to see if it should be ran or not
    3. If it is already whitelisted, or meets some other criteria, it is allowed.
    4. If it is not allowed, VS blocks the item and then displays the balloon or prompts the user on a different thread
    5. Meanwhile, the cpn thread goes to completion so that other processes can be handled (suspended and evaluated), and that way, the user is not required to click a button on the prompt.


    The thread goes to completion after each item is evaluated, whether the user clicks on VS's balloon / prompt or not. If the user clicks Allow or Install, then VS whitelists and starts the blocked item. If the item is an installer, then VS will turn off so the installation can proceed without issues. If the item is not an installer and the user clicks the Allow button, VS will remain ON and whitelist / allow the one new process... so there is a chance that some items will be blocked, although the parent process feature helps tremendously. The advantage to this approach is that the user is not required to decide whether to allow something or not. The disadvantage is that some items might be blocked, unless the user turns VS OFF before trying to run new software. What is happening, in the case of the java update is that a file that VS is blocking is a *.tmp file, which VS cannot start since it is a .tmp file, so the installation fails. It really is not a big deal, just turn VS off and start the installation again.

    VS used to turn OFF for 5 minutes (or whatever the reactivation time setting is set to) whenever something new was allowed (whether it was an installer or not). But a couple of people suggested that they thought that it would be better that VS not shut OFF when allowing something new, so that was when I added the installer button, and made it so the allow button did not turn VS OFF, whereas the installer button does turn VS OFF for 5 minutes. Keep in mind, VS will prompt to reactivate when returning to a web app.

    So basically this does not make sense. We want VS to be a computer lock that stays ON all of the time, AND we want it to allow only the processes that we think should be allowed, even though no security software has a way to read our minds.

    I should be able to refine this some more (eg, figuring out how to start the .tmp processes), but I think the real answer is make the Allow button turn VS OFF for 5 minutes, especially since ALL SOFTWARE (especially security software and web apps) should be closed or OFF when something new is allowed. Besides, VS will prompt to be turned ON again when the user returns to a web app, and is again at risk.

    Just keep in mind, one of the main purposes of the desktop shield gadget is to provide the user a quick way to turn VS OFF. The other 2 main purposes is to let them know the status of the lock, and to make them feel safe.

    Either way, the required affirmative user prompt is simply way too dangerous to ever be a part of VS.
     
    Last edited: Apr 18, 2015
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sorry I skipped a few posts, I am running out of time for today, but I will catch up very soon!

    Pete, there is not a pro trial, just the free version, but email me at support@voodooshield.com and I will set up a pro account for you. Thank you!
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Thanks Dan. Email sent.

    Pete
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    :argh: Then I guess I will live with my malware riddled machines. :'(
     
    Last edited: Apr 18, 2015
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.