VoodooShield/Cyberlock

Hehehe, you guys crack me up! Hopefully you will find this funny and applicable to your conversation .

http://www.youtube.com/watch?v=hm30l8sqlQw

Me personally, I call malicious code viruses or malware. I know that is not grammatically correct, and I should just say malware, but I am so used to just saying viruses, and besides, most computer novices understand the term virus a lot better than malware. So to avoid having to explain what malware is 10 times a day, I just use the term virus. Everyone knows what we mean when we say virus, and besides, "It is all malware these days" . BTW, I also know that the term Web App is probably not perfectly correct either, but it works .

But I have to say, traditional antivirus is having an extremely difficult time keeping up with all of the new viruses, I mean malware . It is a tough job... much tougher than just allowing everything on your system and blocking everything else.

http://www.imperva.com/docs/HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf

Then Norton recently said this:

http://www.pcworld.com/article/2150743/antivirus-is-dead-says-maker-of-norton-antivirus.html

Either way, I believe we need to battle malware on all fronts, and keep developing new and existing technologies. Just a thought!

I have several things to do that is non VS related, but I should be able to respond to the other posts that I missed soon! I have 5 days off from my day job, so I hope to get even more done with VS during the break! Thank you guys!

 

Thank you for lettings us know!

 

I have used AppGuard, and VS together quite a lot also. I have had no conflicts.

 

It sounds like your best option is a strong HIPS. It will give you much more control over your system than UAC. I use Online Armor, and it has blocked all known forms of Crypto/Ransome Malware so far. It has rock solid record in general. It's not compatible with Windows 10 though. Are you still using Windows 10 technical preview? I'm not sure what HIPS are compatible with it, if any.

 

Yes, you listed build 2.14 in your post. Someone else just confirmed that the USB toggle bug was added in build 2.14. Dan said he already fixed it in post 5174 though.

 

Ooops, I just realized something, and I will fix it right away. The new Parent Process feature is allowing child processes from web browsers. So for example, if you download something with Firefox, and try to run it, VS will not block it. So this is not good for drive-by's. I knew I was forgetting something! It is an easy fix though, I will post the new version asap.

 

Good because the link you posted earlier for 21.3b beta
2.13b beta detected as Threat by VS 2.12 cloud scan
11/26/2014 2:36:53 PM Blocked install voodooshield.2.13b beta.exe c:\users\bjms\desktop\install voodooshield.2.13b beta.exe
second attempt Quarantine ~ Mal/Generic-S
11/26/2014 3:11:31 PM Blocked install voodooshield.2.13b beta.exe c:\users\bjms\desktop\install voodooshield.2.13b beta.exe
best to remove or fix posted link and check with virustotal ~ Norton liked 2.13b beta ~ vt ~ no

 

Lol, it's attacking itself!

 

Well we are waiting!!

Daniel

 

Yeah, this is going to take a little more time than I thought to fix it safely. That is the thing about this Parent Process feature... it will make VS run extremely smooth, but we have to make sure there are no other security holes like this. I think this is the last hole. For now, I would probably use 2.13 beta, or 2.14 beta (if you can find it ). The latest version 2.13b beta is safe, except for drive by's . I will have it fixed hopefully tonight or by tomorrow.

But this is a good example of what I was talking about earlier. If anyone else finds something that can slip through the Parent Process feature, please let me know! Thank you.

 

Does that also effect 2.13, or just 2.13b? I'm assuming just 2.13b.

 

Voodooshield? the link you posted to PCworld I looked and an all the comments were your typical MS, Norton and McAfee haters while bragging up Malewarbytes. I must admit I have been a Mcafee haters for as long as I can remember , only because it screwed up so many machines I worked on.
But the users that posted comments obviously were never hit with the newest Powerliks strain on Windows 7 machines. I can tell you from experience Malwarbytes did NOT detect it. Norton did but could not deal with it except for blocking the internet connections. Rougekiller detected it and said it deleted it but didn't. Now I see Norton has a standalone program for it and what I was forced to use at work was Eset's removal tool.
Virus/malware is becoming very morphed. I have not looked at other help forums but do see on malwarbytes they are dealing with it.
I guess I should mention I use Nortons newest program and malwarbytes pre.

 

Yep ~ I dragged 2.13b beta to the VS Icon | Block or Quarantine after virustotal scan

 

Me too

 

Yeah, just 2.13b... it is the only unsafe one. I figured out a way around the issue I think, I just have to code it.

 

Guessing again eh?

Daniel

 

Cool, yeah, I did not even look at the comments, I just read through the article briefly... I just wanted to show everyone the Norton comment about how antivirus is dead, so I just googled it and that was the link I came up with. But I agree, malware is getting bad... really, really bad. I just heard about this the other day...

~Off topic comments removed~

 

Yeah, I have to break out my Computer Coding for Dummies book, I think it will help .

 

I have regressed from v2.14 to v2.13b.

Now, when I insert a USB stick I get no warning. I get warnings from several other softwares that I have with my layered approach to security.

P.S. Also, see my posts in October #4801, #4802 etc

 

Fix the link in 5160 when you have the time
This is the best article I've found
Your AV doesn't work!
http://drwitherby.com/allow-listing/
malicious browser extensions

 

I thought you meant that VS was flagging it as a threat when trying to upgrade from 2.13 to 2.13b.

 

It is working now. I would have suggest not allowing anymore downloads of 2.13b though until the the bug is fixed which will make VS unable to block drive-by-downloads. Dan said the bug was introduced in 2.13b.

 

I tried to update from 2.12 to 2.13b beta ~ VS flagged it. I Blocked and dragged to confirm

 

The link in 5160 is the same link ~ just downloaded and tried again. Don't expect tonight...I think
Dan said he forgot to include code related to browser parent file which would be open door for drive by's