VoodooShield/Cyberlock

I def. see OS Texo's contention that the video MIGHT assist in calling attention to user-based mistakes, thereby rendering your protection less-than-adequate. I don't think this was the "tester's" intention; the "tester" probably thought he really had something there. Any red flag raised by the video to make sure your settings and configurations are proper in order to prevent such bypasses is incidental. Besides, posting stuff on Youtube gives an added aura of seriousness and plausibility to the beginner user, something a tester is seeking--attention. The fact that there has to be damage control after one of these apparently flawed tests is irksome-- if you're going to do this (test a software), do it right.

 

The real problem is not about VS was bypassed or not (in this case it wasn't) ; the problem is that a setting option in VS allow parent processing by default. which should never happen.
Now, we have Process Hollowing, faked certificate, forged digital signature, they are so common that anything can be wrapped, encrypted in a legit executable and FUDed. Fortunately, VS has his AI and cloud checking; without it, if the file was a serious malware, in the current state of VS, your system would be compromised.

And that is a fact, not a theory.

The youtuber didn't have biased intents, as said above, he thought he found a weakeness, made a video, and failed because he didn't knew that VS allow parent processing. The good thing, is because of that; Dan (VS dev) can easily solve the issue by adapting VS "parent processing" feature for better security.

 

The problem i seen was testing it with two different apps and not understanding how they work. The sample was sandboxed and allowed by VS because of. The problem was not with VS but the fact Comodo placed it into trusted that incorrectly allowed it. If VS was tested alone, this would not have happened. Im kind of tired of watching those that wait for these tests to jump and hollar to those that take advantage of this and ruin another product trying to turn into other products they like. Test VS alone on default setting and show me a bypass, any of you, if you can.

 

Hello,

@plat1098 , you got it, use the video to learn how to improve the usability of your product, it's that simple.

@guest , thank you for the insight on the issue. Do you know if VS installs out of the box with parent processing enabled, and can it be disabled without causing issues upstream?

Frankly I think that a developer that views criticism in perspective should spend five minutes or less responding to a "test" of this sort (assuming that he is confident in the quality of his code). Acknowledge the video, examine the content of the video and inform the userbase that they will evaluate and implement methods to prevent confusion and lack of clarity in a future release while revising current documentation to educate customers on proper usage until the fix is golden.

Seems at this point the "tester" really did end up helping the developer, things could have ended up much worse. Sometimes it takes someone who doesn't know everything about your product to show you what's wrong with it.

 

@LucentWarrior bro you focus too much on the tester, if he didn't failed his test, someone else would do it , and we will have the same conclusion but being unable to find the cause because the tester won't be a MT member; he wont post it on MT and we won't scrutiny the test and find the flaw.

@OSTexo indeed VS installed out of the box with the setting enabled, and it can be disabled for registered users.
the dev did responded, hightlighting why VS was unable to block the file, then he proposed a fix, from that i proposed one that won't complicate VS too much, and of it he proposed another solution. Now we waiting feedbacks from other users here.

Yes to me the tester helped the dev too, he made a valuable mistake

 

Hello,

@guest , I see an option in the manual for enabling child processes in the Advanced tab of the Pro version, but not the other way around. Is this going to be pushed out in a point fix?

I have yet to receive the Pro product keys for my purchase today but this information is very valuable when I start pushing out VS to PCs. Thanks.

 

This is the only setting for it: tick/untick the checkbox. I suggested a way to automatically enable it or not based on the chosen Mode (Smart or Always On), now we need users feedbacks.

My idea: https://www.wilderssecurity.com/threads/voodooshield.313706/page-515#post-2628112
Dan (VS dev) idea: https://www.wilderssecurity.com/threads/voodooshield.313706/page-516#post-2628119

 

Hello,

@guest , both points of view are interesting options to consider. Generally speaking I don't think automatically changing configurations based upon a single mode change is the best idea, but it may be a good interim solution if / when the UX is optimized in the core product. One downside of this sort of behavior is having to depend on the users memory how they are protected, that's not the best place to be in.

From a high level I can see areas of VS that are unnecessarily complex, hopefully this can be addressed in future versions. Thanks.

 

if fact it would be simple to use:
- users do normal stuff = it select Smart Mode (parent enabled)
- users do risky/unsafe stuff = it select Always ON (parent disabled)

basically "Always On" would become a kind of "paranoid mode" when the user need full control of what he does.

 

Hello,

@guest , Can you think of a situation where it wouldn't be beneficial to have parent disabled in Smart Mode? I don't think I'm sold on the major options being so easily changed in the interface and that may be influencing my thoughts on the matter. It just seems to me that it should be more difficult to lower security, I happen to be of the opinion that doing this should be made somewhat inconvenient.

 

I would like to see a little less defensiveness, and a little more sticking to the facts.

 

not much hindrances, maybe more prompts. Smart Mode was to designed to facilitate user-interactions with less popups/decision making from the users; this mode is simple and safe enough for basic users and will be the most used ( if you don't select Auto-Pilot.).

If you disable parent process , you basically telling that you distrust the process you are executing and need more control of it , so why stay on Smart Mode? Better shift to "Always On".

Anyway the modification or not of the feature is just an hypothesis, nothing is planned yet and it may not even be touched if most of the feedbacks don't want any changes.

 

For me, when I use VS I will use Smart Mode and want as few prompts as possible. If we can do that I'll be happy.

 

Before I saw the test I was thinking of pairing VS free with CFW. I'm a noob, so a beginner's mistake could have compromised my system without me knowing anything about it. As one of the masses I look to programmes to stop me making silly mistakes. I think the tester made a really good mistake as it has enlightened most people about the need to ensure your installed security software integrate - something a lot of us, particularly noobs, take for granted. Out of interest, how many of the advanced users had thought about the parent process issue before Dan highlighted it? Yes, the tester made a mistake, and yes VS would have blocked by itself. But in the real world...

In my mind the tester did a good job, but not in the way intended, and as a result we are all a lot more knowledgeable. Serendipity rules. Let live and let learn.

 

Thanks - I have the same as you yet it is behaving differently.

 

VS is installed on the C drive

 

it's not as simple as that, because the malware process was not sandboxed (that was the big failure of COMODO), therefore the parent/child issue with Voodoo should not apply to it.

but in principle, you are right that this is something that some people -- like myself -- did not think of

 

Indeed, i am focused on the tester, as those testers should not be allowed to post unless vetted there. That is a full audience that is being mislead, as it will end up here also as seen.

I read up a little earlier where a User asked for more clarification of the product, well, there is much information in this thread on the product buried under crap like pages of this. Anyone starting to understand why stopping it at the source would be the best idea? Comodo was at fault in that Video, not VS, had their product not trusted the sample, it would have been contained as it should, VS responded as it should. What happens if Dan implements this setting full time and then VS interferes with sandboxed applications ect, then there will be pages of that to contend with. Right now there is a balance of usability and security with VS and the option is already present for those that wish to spend their day answering pop ups instead of being productive by entering the advanced section and altering the default settings. It is how it should be.

Smartmode can be used indefinite, but most likely after VS has been on a system for awhile and married to it, the user will more then likely switch to Always on, they may not want to have that setting adjusted to that Mode. Not everyone uses and abuses security like you and me. I keep this in mind because daily i work with average users that do good remembering simple tasks.

I see way to many assumptions and theories taking place with no one willing to step forward and demonstrate them with this product as well, all of it hindering the very man trying to get it finished, this bothers me very much, as it should any of you supporting it.

I have to ask now, is it any wonder why the two users that used to run the Testing Hub over at that site are no longer there, it is because we became fed up with stuff such as this. Dan was very generous with that site over there, holding one of the most licenses to a giveaway i have seen, yet i see bashing taking place over there? I see a video that was not done correctly allowed that established this bashing, and it is being allowed? One user in particular being the root of the problem, as it is a long time resentment it seems standing. Is it not against the rules to attack users there? see my point yet?

VS is fine the way it is. If a advanced user wishes to change that setting they can, they can change many, it is on them if they do, as there is no need to.

 

I have to say I agree with everything you've written in this post. Well said @LucentWarrior and well done for sticking up for Dan.

 

But when the gas runs out on VS product information, what are we going to talk about?

Like I said, Youtube gives something like this a superficial, take-me-at-face-value feeling of scientific importance and plausibility. It can influence how someone will perceive a product and ultimately choose how to spend his/her money. You're absolutely right: the video should have been seconded. Somewhat related, the product partisanship is getting cringe-worthily obvious. You're stepping on thin ice with these "studies." Are your intentions honorable? Be watertight with them--only in this case, the tester saved himself with his likely unintentional oversight.

 

No product is ever "finished" from being talked about as it will constantly improve, as all products do. There will always be something to talk about.

Im not completely against youtube testers, as there are some that even though are not professionals, test correctly, by learning the product and knowing how to handle malware, and utilize current more prevalent samples in the wild instead of older archived samples that constitute 2% of the malware in the wild. Not knowing the intentions of the tester "although i can say i know of him and at one point turned him away from testing in the Hub i used to run" i can clearly state my intentions are simple, to set a higher standard to be held, so that users world wide receive more accurate information when they go looking for it, holding those with less then honorable intentions accountable, such as the youtubers that do this for revenue and care less that they are misinforming their crowd.

 

so why Program Files (and Cyberfox) is on G: ?

VS is not on system partition?

 

Do you remember the times when you were a kid, and your parents were telling you that you are doing something that is incorrect, even though you were absolutely convinced at the time that it was correct? Then years later, you look back and realize that you were wrong? Hopefully one day hjlbx and Davidov will look back and realize the same.

Once again, hjlbx tells another half truth... https://malwaretips.com/threads/com...odooshield-autopilot.64977/page-7#post-559957

@hjlbx... correct, LittleBits wrote a fake review on VS several years ago. Here is what transpired... for EVERYONE to see. https://malwaretips.com/threads/free-one-year-subscription-to-voodooshield.16844/

It was a fake review because he pretended that he actually installed and demoed VS, when he actually just watched the videos on how it works. Ironically in the same way you do. When I asked him nicely to actually TRY the software first, THEN write a review, he became extremely defensive, and the whole thing escalated into a huge fight. Since he was buddies with the MT admins, yes, they banned me.

What you failed to mention is that they have asked me to rejoin on more than one occasion, but I refuse to do so until false, uninformed and childish posts are no longer allowed.

@hjlbx... You said that I "violated MT's Terms & Rules"... you need to explain exactly how I did so.

Then again, the episode in question happened in July 2013, and hjlbx did not join MT until January 2015. I think it would be wise for everyone to remember that hjlbx is still a noob in the security space.

@askmark summed everything up quite nicely here: https://malwaretips.com/threads/com...odooshield-autopilot.64977/page-7#post-559950

Here is a summary:

1. The tester must fully understand in explicit detail how the product(s) they're testing work

2. Don't test two products together that perform similar protections or functionality that overlaps

3. Test real and not "theoretical" malware

4. Don't' shout "bypass" unless you are a malware testing expert - maybe PM the developer first and give them a chance to test (Oh no you can't do that because then you won't have chance to gain popularity by posting a video that discredits the developer/product)


If they do not understand this... then there really is no hope for them.

I would also like to add... what the doubters do not seem to realize that if Comodo would have been tested properly (the way CS tested it), then we would not even be discussing this, whether VS was included in the test or not.

Thank you askmark and the other people who brought intelligent insights to the conversation.

We all experienced the results of this amateur test. Very soon, the results from the large scale professional AVLab test will be released, and then we will all know the truth.

If anyone does not feel that I have given hjlbx enough fair warning, please let me know. Otherwise, if he continues his antics, once I finish VoodooAi 2.0 and VS, I am going to unload on him like I have never unloaded on anyone before.

But for now, I really do not have time for this... I would rather spend my time on VS. hjlbx would rather occupy my time on childish discussions... maybe he should spend time working on his product as well. Just a thought.

 

Dan you were banned from there OMG
I just left with my dignity intact around the time they were handing out titles to people like sweeties.
Think free advertising for that site should stop immediately

 

And what exactly did I say that is factually incorrect? Please let us know... we are all waiting.

So it is ok for hjlbx to post complete lies and half truths, and I am supposed to sit back and do nothing about it?