VoodooShield/Cyberlock

That was what I was saying. I would just disable it since it contains the build of VS with the bug.

 

Hope he remembers cause it's active last time I checked
Good Holiday to all ~ Cheers

 

It's been a few years since I last used any HIPS software, so I am sure that it has evolved a lot since then. I have heard only good things about OA and would love to try, but yes I am thoroughly testing Windows 10 Tech Preview builds the past few months. Luckily EMET and VS still work fantastic with these builds.

Lately I have pushed more and more of the heavy lifting of my security needs to my set of chained routers. That way my systems perform better, blocks everything before entering my network, and also makes it quicker to reinstall Windows without as much nitty gritty config stuff to do for security. With OpenWrt I already have Snort (IDS) and PeerGuardian configured on one router. Also have more options to consider and configure at a later time such as Privoxy within OpenWrt router plus a few others. It's really opened up my mind lately. Endless possibilities. Double-NATed as well. I just pick these odd routers up at thrift stores and flashing OpenWrt on them turns them into gold for me.

Cheers!

 

I have a Netgear Prosecure UTM 25, but i'm not using it right now. http://www.netguardstore.com/ProSecure-UTM25.asp

 

Hi all,
I'm using ver 2.14 beta (the mythical one)
I'm <guessing> it doesn't include the new parent/child process feature; therefore not vulnerable to browser drive-bys.
Am I correct in this assumption?

Best regards,

l3l312

 

Yes I agree, the only point I wanted to make was that the products we call "antivirus" is not only detecting viruses or "typical viruses" but as good as every threat category that exists, meaning malware. Even though quite many are weak against PUAs. I once said that all vendors should agree on one day when they all either rename their product totally, or switch out the word virus to malware, so they are called antimalware instead of antivirus. Then some people wouldn't need to ask if they need to buy Emsisoft Antimalware or Malwarebytes antimalware because they bought Avira Antivirus so they think it will only detect viruses because of the name. It can be confusing for consumers sometimes.

Well, in my world there are nearly no "traditional antivirus" products out there anymore, except those that only rely on signatures. All serious vendors has more layers + a cloud back-end as well. ESET, Symantec, Trend, Avira.....they all have some type of cloud lookup/assistance they use that does not rely on "traditional" signature detection. Also behavior based detections. Some also have HIPS, sandbox etc etc inbuilt as well. Basically they are much more than the antivirus as we knew it a few years back. (and some even have tuneup, defrag, optimization....but I don't like that chapter in the story so I leave it out )

Yes I know about that Norton article, it was nothing more than Norton's way of saying good bye to their old product lineup, because they released new products shortly after they made that statement.

 

Hi,
You guess correct.
Dan's quote --

 

I opened OpenOffice for the first time since installing 2.12 and 2.13beta. I'm a newbie. I had updated OpenOffice at some point and never opened to check settings. Took me a few to realize I had opened a new program and VS did not prompt nor did UAC.
Checked VS Log and Snapshot to find OO Allowed and whitelisted. How can this be because OO also checked for updates. I was clearly in a web facing app. Solution, VS default "Automatically allow all software from the program files folder". I had previously removed the default check but, apparently forgot to Save. MyBad.

Conclusion, as VS is a replacement for UAC. VS should act like UAC by default with current user options for VS Settings. I have removed check by Automatically allow and added check to Do not whitelist temp files. This time I remembered to Save. As VS is a replacement for UAC. VS should act like UAC at least initially with settings to change. At this point as a VS newbie, habitually, used to the UAC prompt and ping. I may turn UAC back on unless someone advises UAC will degrade VS.

P.S. Note to Dan. Still have UAC warning prompt issue. VS install / over install not turning UAC Off. I have to turn Off. Then I get UAC tray warning. If you point me to the reg switch. I can check status. Or, advise UAC does not degrade VS.

 

Norton is 25 years old. 25 years ago Norton had the option to be an Default Allow Blacklist program or a Default Deny Whitelist program. Norton chose the former. No one at the time could imagine the current threat matrix. 25 years ago the former was easier to implement. So, here we are 25 years later and Norton is still a Default Allow Blacklist program. Granted, with added bells and whistles. Heuristics, generic signature, HIPS, behavior rule sets, Cloud, whitelist trust scan etc.
Under the hood the engine that does the heavy lifting is still Default Allow Blacklist.

I'm a Security and Malware Removal Forum addict. Clearly, for me. Some users are just a little PO'd at their Security product. "I paid for protection and product X did not protect me"..."what am I paying product X for" ..."get off your arse and fix my infection"..."I thought product X would protect me, that's what the box says".
Recently, had a user question me that Norton is supposed to protect their Privacy and Identity. Obviously, confusing Norton Identity Safe that pro-ports to protect user online privacy / identity. I had to explain Norton is not fraud protection nor an Identity Theft solution. "The box states yada yada". And so it goes. The free Malware Removal Forums are swamped and the fee based services more often than not cannot step-up to the challenge. You're lucky if they don't remote access your box into a door stop.
"How did I get infected" "Why didn't X protect me". Well, clearly you were in the wrong place at the wrong time and your mouse was in the wrong place at the wrong time. Opportunistic threats, as you know, are all over the map. Current Security products with all their bells and whistles do not step-up to the challenge. The endless variables along with the ever increasing number of new daily threats. And the proliferation of Malware Toolkits. And the unimaginable profit malware yields. It's not "will" I be attacked...it's "when". I hope Dan can stem the tide...the water is rising. Lets be careful out there.

 

Dan et al
When I installed EMET setup.msi VS did not prompt...yet, snapshot shows 3 exe's with msi
c:\users\bjms\desktop\emet 5.1 setup.msi
c:\program files\emet 5.1\emet_agent.exe
c:\program files\emet 5.1\emet_gui.exe
c:\program files\emet 5.1\emet_service.exe
Comments

 

Hehehe, so you want me to build an alternative to UAC, that is just like UAC? Just joking, but hopefully you get the point . My opinion is that VS should NOT act like UAC at all... unless we do not want it to work . UAC could never work, mainly because of the required affirmative prompt. And a lot of times, it gives the user VERY little info on what is trying to run. I seriously cannot think of one idea from UAC that I would like to borrow and implement into VS.

But, if you have specific suggestions on how to make VS better, please let me know... it sounds like you might have some great ideas.

 

Yeah, most likely the last previously allowed processes was digitally signed by MS, and I am assuming EMET 5 is as well. See, there really is an answer for everything .

 

@ bjm_

You focus too much on Norton in your last post.

Also, I started my last post to Dan with "yes I agree" And I still do agree.

The thing I am trying to reach out to you is that you talk about a few things only in the AV products when there can be several depending on the product features. For example If customers know how to use and take advantage of the HIPS and/or Sandbox that may come with the AV products they can make it better and tighter than the default setup that the vendor chose to make it easy to use for all. Some can work like anti-exe or based on a cloud whitelist that way the user will be asked what to do unless it is known safe, but it may not be as easy to use then and become more chatty. And easy to use is the key here, if the AVs isn't easy to use the huge market of potential customers will shrink very fast, and only a few percent with potential customers will be left. No AV is perfect, no AV fits everyone, and no AV will detect 100%. And it's not that I am talking about.

I have never said it's wrong to complement the AV with Voodooshield, sandboxie etc etc...or what ever one likes to use. Some don't use AVs at all.

But I thought we had already agreed to disagree, if we haven't done that then let's do that now and drop this discussion to focus on VoodooShield.

 

Aha! Now appreciate why VS Off's UAC ~ but, does UAC On degrade VS
From # 5208 ~ <<P.S. Note to Dan. Still have UAC warning prompt issue. VS install / over install not turning UAC Off. I have to turn Off. Then I get UAC tray warning. If you point me to the reg switch. I can check status. Or, advise UAC does not degrade VS.>> Advise how to resolve UAC warning prompt with UAC Off or advise UAC On does not degrade VS.
As to suggestions ~ Remove default check "Automatically allow all software from the Program Files folders" and add default check "Do not Whitelist items in AppData Directories (Temps Files)" IMO that should be VS new user default. Retaining options to Opt in to Automatically allow and Opt in to Do not Whitelist Temps.

 

I meant my comments to the Thread as a focus on the value of whitelisting v blacklisting and inadvertently used your Reply as a starting point. I have removed your Reply from #5209 ~ Our discussion was drop'd when we agreed to disagree. Using your Reply to start my comments to the Thread was an error on my part.

 

Ahhh I understand. No problem

 

Hello

I went to my online whitelist today and it shows I have 3 computers listed , each with a different whitelist. I only have Voodooshield on one computer and don't remember adding any others. I am wondering if this is normal?

Thanks

 

Do the three computers have the same name. I have one computer listed by name and one blank / no name that just has svchost like a place holder. As I have a two computer license. As you only have VS on one. There is no need to Backup to the cloud imo. Just make a local backup ~ whitelist and settings. As a home user when I setup VS on a second device. I'll just Train the second device. Training is so easy. That way I start with a clean slate. $.02 Easy to resolve. Delete all and see that Backup to cloud is checked under Basic on your one device. $.002

 

Computer Name
Manage Whitelist
Edit
Remove Computer
My name-14A7A9719 Manage Whitelist (187) Edit Remove Computer
MynameSPC Manage Whitelist (199) Edit Remove Computer
MynameSPC Manage Whitelist (110) Edit Remove Computer

And PIC of my Basic setup

 

@ # 5220 ~ IDK ~ ~ still wonder what happens if you clean up account and start over.

 

Dan et al
Do I have to Force VS into my Browser Sandbox-ie for VS Protection in my sandbox.
I may migrate to a site ready to deliver a malicious payload. http://rt.com/news/209535-syrian-hack-western-media/
When VS is Forced into Sandboxie does VS also protect system outside my sandbox.
Don't understand if it makes sense to sandboxie VS
I need something in my sandbox'd browser stopping nasties from acting in the sandbox. My passwords for example have no more protection sandboxed than not sandboxed. I can still get a payload delivered to the sandbox through malicious browser extensions that steal passwords. http://www.pcworld.com/article/2049...-serious-threat-and-defenses-are-lacking.html

 

bjm, I have never tried or used VS but I can tell you, you do not want to Force VS to run sandboxed in your browser sandbox. Use VS as if you were not running the browser sandboxed.

If there are any special exclusions that need to be done for both programs to work well along each other, I don't know, but you do not force VS (at all, anywhere).

Bo

 

You always ride in on a white horse wearing a white hat and fix me. COOL Run VS as if there were no sandbox COOL
VS and Sandboxie seem very happy together....but, as you know I'm not the brightest bulb in the box when it comes to Sandboxie

 

You got it, now.

Bo