VoodooShield/Cyberlock

I don't know, I have seen some pretty ferocious PUP's... There were not quite as malicious as the modern ransomware, but some of them really messed up the OS.

Let me ask you this... if you had a choice, would you prefer that Norton blocked PUP's as well? To me, all malware is malware, and should be blocked. There should be a zero tolerance policy for malware.

Sure, there were certainly PUP's in that malpack, but that was not the only thing that was missed .

Also, why isn't Norton interested in PUP's? My best guess is because they are hard to classify as either safe or unsafe, because they are kind of in the middle. But that is why the user should know that the file is suspicious (for example, with VoodooAi).

I can put a 5 minute delay between each sample execution and retest with Norton, but I suspect the end result will be the same.

VS actually did not freeze at all during any of the tests... keep in mind, this is only one out of 20 or so tests that I have done. But this one I wanted to be completely random, document it, and turn it into a video. See, VS does not freeze when it blocks just a standard executable... no matter how many you throw at it. But when it is something like a command line, or as Kees suggested, a protected process, that is when VS freezes. If we could figure out what this special item is that makes VS reliably freeze, I am certain it would take less than 2 minutes to fix. But until we can identify what is causing it to freeze, either through logging or debugging, we will not know what is triggering the freeze. Either way, we have to be getting close. thank you!

 

I just installed 3.08. The signature isn't verified, but that's OK. As soon as it was installed it prompted for 3.10, so I guess I'll have to disable that setting.

 

Sure, thank you! If you guys have a chance, can you download malware packs and see what you can get through VS when it is on AutoPilot?

I seriously thought something would get through when VS was on AutoPilot... but so far I have not been able to find anything.

I think for the next test, I will take the top 3 Avira, Cylance and VS, and throw 50,000 or so samples at them and see how it does. I started to do that with VS the other night, and I think it got up to around 19,000 samples, and still nothing got through... mainly because the blacklist scan and VoodooAi are such a great combo.

BTW, I was really impressed with Avira... it did really well. I knew Cylance would do really well since I have already tested the heck out of it.

 

Sure, but I don't determine which PUAs Norton does or doesn't detect.

Some people actually want the 'features' some PUP / PUAs have, believe it or not. If you agree to download it then because it isn't clearly malware, Norton assumes you want it. Also, as above. "I don't determine which PUAs Norton does or doesn't detect".

 

Cool, thank you for doing that... it will be a HUGE help if we know for certain that 3.08 does not freeze! Sorry about the digital signature .

 

I see what you are saying... I guess I am just really, really, really tired of malware... and advertising on the web. I know what you mean though... some people just have to have their cute screensaver that is loaded with spyware. It really is sad. Computers were not supposed to be like this, and it seems to get worse every day.

 

But my point is that the end user should at least be aware that what they are about to install on their computer may not be that great for it, or for their privacy.

 

Dan, in the brief time I've been testing 3.08 VS has not froze on the machine that has had the most trouble lately so you might be on to something, but as you know it may take a few more days to see if it does freeze or not.

3.08 didn't have Ai incorporated yet did it?

 

That's good to know, thank you! Exactly... there is a good chance that it is something in VoodooAi that is causing the issue . I know for sure 3.09 froze on me, and I believe it is the first time I ever noticed it, because I had emailed Vlad about it. But once we know for sure that 3.08 does not freeze, then all we have to do is look at the changes from 3.08 to 3.09, and it should be super simple to isolate. Thanks again, that really helps a lot!

 

Dan,

You may remember a while ago when I posted that on opening Netgear Genie, VS prompted 5 times for the Command Line, "Ver". Well, 3.08 is still doing that but VS IS NOT FREEZING!!

Something changed from 3.08 to 3.09, my friend.

 

Cool, sounds good, thank you. The videos are currently sped up by 8x, so I could speed them up even more, I think that would help.

 

Ok, cool, so we are really starting to narrow down what it could be. I know for sure that 3.09 was when I started to experience the freeze issue, and 3.09 was when the wildcard feature was implemented. VoodooAi was not implemented until 3.10, so hopefully that is what is not causing the issue. I will look at all of the differences in the code between 3.08 and 3.09 and see if I can find anything. If you do not mind, can you please run 3.08 for a couple of more days, just to make sure? Thank you!

 

Yep, I'll run 3.08 for a few more days, but from memory, 3.08 was the first to allow editing Command Lines, but 3.09 was the first to allow editing of loooong Command Lines.

Oops! Nope, I cannot edit Command Lines with 3.08. Sorry.

 

Still no freezes with 3.08 after being prompted many times for a variety of programs and Command Lines.

 

Sounds great, thank you! I will start comparing the code between 3.08 and 3.09 and hopefully find the bug!

 

@FleischmannTV

https://malwaretips.com/threads/malwarebytes-anti-exploit-should-i-use-it.60718/page-2#post-516881

Either you have been living under a rock for two + years, or you know full well that VS does not require UAC to be disabled.

If you keep it up, people might think that you are less than honest.

 

3.28 has been running fine here for a few days and I can't recall any freezing from the previous version.

I used to have regular freeze ups and nothing major has change on this m/c. I think maybe there is no single cause for these and you have been gradually locking down the other reasons.

 

Thank you.

I was referring to this post of yours:

https://www.wilderssecurity.com/threads/voodooshield.313706/page-427#post-2595843

But it seems your voodoo technology managed to freeze the system with UAC disabled as well. Therefore my statement is of course incorrect. The truth is worse than I had originally imagined. The only remark in regards to your voodoo that I actually regret was that momentary lapse when I said to you that it was good enough to protect a system.

 

Cool, thank you for letting me know... I think the freeze bug is serious narrowed down. I will post a new version soon that has additional logging for the sections of code that might be causing the issue, then we can fix this last bug.

 

Any software that adds as many user-friendly features as we add is going to have bugs... there is no way around it. If you think you can develop something better, then by all means, please do.

I work hard to provide software that has been proven to be highly effective, that anyone (even complete novices) can use, and that people "love"... for free.

You provide inaccurate commentary because you did not like our original marketing.

You keep doing what you are doing, and I will keep doing what I am doing... let's just make sure that it has some resemblance to the truth.

 

I also reinstalled 3.08 yesterday and can report that it behaving solidly with no issues. Mind you I am missing seeing the Ai score!

 

Very cool, thank you for doing that for me! I think Krusty13 brought up a great point... the freeze issue might be caused by VoodooAi, if so, I will add some logging to the VoodooAi code and it will be a quick fix. See, the only 2 things that were added around that time were the long command lines with the wildcards, and VoodooAi. We have already disabled the long command lines with the wildcards, and the bug was still present... so it must be VoodooAi! I will add tons of logging to that section and we will get this last bug fixed! I will have the new version for you guys sometime today.

 

Good luck with the logging Dan. I look forward to trying the new version when it's ready.

 

Personally, I think it would better if a similar test was done using only actual malware. From just briefly skipping through the video, I can see that there are a lot of unwanted programs amongst the samples, which seems to be quite often the case with malware packs. Almost always, unwanted progams are not malicious or (intentionally) harmful. I use the word "intentially" considering just about every program with a registry cleaner has issues with false positives, which could cause problems. But this is just to bad programming, rather than any intent to cause problems.

I think it would be more useful to know how security sofware is performing against actual malware.