VoodooShield/Cyberlock

Wow. Thank you guest.

I have to do some onsite work, hopefully the only pups I encounter have 4 legs. Just kidding Roger .

 

More info about the test here ~ Referral Post Removed Due to Copyright Infringement ~
https://www.mrg-effitas.com/wp-content/uploads/2016/06/Sophos_vs_Cylance_report.pdf

 

"... we are covered either way ..." - I like it. Thank you very much!

Well, if WSA blocks the payload then it just doubles the work of VS. Why to use them together in this case?

 

Hey Dan
Thank you very much.I have just mailed you.
I know how busy you must be so I am happy to wait until you find some spare time.
Many Thanks.

 

Layered Approach only nothing more.

 

Not anytime soon from my source at Cylance!

Daniel

 

Thank you guest!

First, I am surprised that Sophos did not include the appropriate legalese in their video. Second, if I were Cylance and I knew my product was better than theirs, I would insist that their video remain public (assuming there are no unfair inaccuracies)... for undeniable proof when I kicked their butt later. They are both great products, and both have strengths and weaknesses, but according to the video, the thing that cracks me up is that they are still only in the 96-97% pre-execution efficacy range at best... which would be great if the computer was locked... but it is not.

You know, I am really tired of getting shiny new bank / credit cards every few months and having my private information stolen, because we are foolish enough to believe that 96-97% is acceptable without some kind of lock. We need high detection rates (and 96-97% is pretty darn good overall), but we also need to lock our computers.

As far as the MRG study goes... I am a little confused about the false positives section, and HijackThis is a great example. It is a phenomenal application, but in the wrong hands, it can be extremely dangerous. Believe me, I know... the only time in 16 years of working on computers where I personally crashed a server, it was because I made a mistake with HijackThis. There are a lot of other similar tools that are really great as well, and are super powerful, but unless you know what you are doing with them, they can be very dangerous.

If you ask me, I think everyone got it wrong. It is NOT ok to automatically allow such a powerful tool as HijackThis. It is also NOT ok to block or quarantine the file, and not let the user run the file at all. It should not be classified as unsafe either... but instead, the user should be warned with an affirmative user prompt that they are getting ready to run something that has the potential to damage their computer.

Also, why does UAC get a pass on the false positives? EVERYTHING except for malware would be a false positive with UAC, but yet they get a pass.

We seriously need to rethink computer security.

 

Cool, thank you... pretty much for the reasons I suggested in post #10888. They compliment each other very, very nicely. Both are super secure, but neither one is absolutely perfect, and what one lacks the other excels in... it is a great combo . I would LOVE to see something slip past WSA/VS/VoodooAi... I do not think it could happen.

 

Cool, thank you, you are good to go!

 

Wow, that is crazy... did he give you a time frame?

 

Dan,

Any of the new logs give you a clue about the freeze? VS stubbornly refuses to freeze on my machine for now.

 

i have had 2 freezes in 2 days. i have sent dan my logs so hopefully he is able to find something

 

No, I have received a few logs (thank you everyone you sent them in case I did not email you back, it was a busy couple of days), but there are zero clues.

So I think the next step is to disable VoodooAi in the current version and see what happens. I can do that this weekend for sure and we should know in a couple of days if it is VoodooAi or not. If it is, it should be a super easy fix because I am super familiar with that code (unlike the wildcard / long command line code that Vlad is familiar with).

I will figure out the best way to disable VoodooAi, while not messing anything else up, since it is pretty deeply embedded at this point... I will keep you guys posted, thank you!

 

Cool, thank you. I just looked at your last log again, and actually, there is a chance that it trapped the error. Let me play around with it and see. Thank you!

 

no problem

 

Since you have stopped support for windows xp.is there a program very similar to
voodooshield for xp pro? thank you

 

It depends on what you are looking for, but a lot of people like AppGuard and EXE Radar Pro... they are both killer programs. They have a very different feature set then VS does, but they are still great. I really wish we could make VS 3.0 compatible with XP, but some of the built in Windows security mechanisms simply were not implemented until Vista. I know there are work arounds, but that probably should not be our focus right now... there is a lot of crazy stuff going on, and I think it is about to get a little crazier . Upgrade to 7,8 or 10 and install VS . Thank you!

 

Does anyone know for certain if Sophos is one of the engines that Zemana uses?

 

Ahhh, no wonder I could not find that info... thank you for letting me know!

The "Cylance VS Sophos ******* Contest" test / video will have to be completely random then, with the exception of making sure that the samples are truly executable. I was wanting to do a Ransomware edition, but if we do not know for certain that Sophos is not included in the Zemana engines, it is better to be safe and fair. Random is always better anyway.

 

BTW, I am going to test VS with the same samples and put it at the end of the video. I seriously hope that we miss at least a few because I feel like a total idiot claiming 100% efficacy (on AutoPilot), because that is simply not a possibility, assuming that you test enough samples. So I am going to increase the sample size to 3,000 and see what happens .

You know though... the more I test security software, the more I wonder if they do.

 

@VoodooShield
Hi Dan,
What's this Traffic out to a Microsoft IP: 23.99.160.139 (Port 1433)
Is this required
TIA

 

Very true! Keep in mind that currently VS has one of the smallest budgets and number of "employees" (Molly and I ) in the industry.

Either way, it is time to shake things up a little bit and make some noise... until we get a grip on the malware situation so that our private information is not at risk like it is now.

Like I tell everyone... do you realize that right now, your doctor and bank, for example, have a lot of personal information on their systems... and their computers are probably not locked. All it takes is one single click to put you in serious jeopardy. There is something very, very wrong with that.

Speaking of "employees", I recently met a guy named David who is an internet / social media marketing specialists, and I think he is going to work with me to promote VS. There is another guy that is probably going to help as well, but we will discuss that later .

I have downloaded the malware pack that is going to be used for the next test, and have pre-filtered the non-executable files, so I will start testing soon. I suspect the results are going to be quite similar to the first test... but I guess we will see. Thank you!

 

Hi, yeah, that is probably either VS checking with the VoodooAi Azure cloud database to see if a file has already been analyzed, or if it is a new file that is not in the database, it is uploading to the Azure Machine Learning platform for analysis. Thank you!

 

Do you plan to sell VS to a big player or merge with another company? or just plan to grow and hire more developers?

 

@VoodooShield
Thanks for clarity on the traffic situation.