VoodooShield/Cyberlock

I agree that novice users should become better informed before giving them access to... well, basically a weapon. The alternative that you prefer and are recommending is to lock the computer all of the time, without providing any file insight.

Pete, I think you are completely missing the point of VS and VoodooAi .

This is what I mean when I say the computer should be locked when it is at risk. Pretty much ALL malware comes from web apps... phishing, exploits, drive-by's, malicious links, etc.. (sure, they come from USB drives too, but VS protects against that as well). So, I am suggesting that users keep their current fulltime protection, but ALSO lock the computer when it is at risk. Time and time again, fulltime application whitelisting has been proven to be far too burdensome for the average user, so very few people use fulltime application whitelisting... but that is not an excuse to not lock the computer when it is at risk!!! I really wish there was a better way to explain this... so if anyone can explain this better, please let everyone know.

Ultimately, VoodooAi does not attempt to determine if a file is malicious or not... its job is similar to SmartScreen. Basically, SmartScreen does not indicate whether it believes a file is malicious or not... it is essentially saying that it cannot prove that the particular file is safe to execute, so they recommend not executing the file. This is EXACTLY what VoodooAi does, except it does not have the benefit of a massive global whitelist. Keep in mind, when SmartScreen blocks one of these files, no one considers it a false positive. Just because VS / VoodooAi provides file insight, it is not cool to start calling these blocks false positives. This is why VoodooAi does not label questionable files Malicious... it labels them Unsafe, simply because the file is unable to demonstrate that it is Safe to execute. The alternative is low detection rates and infections.

Can you please post a list of high quality software that are VoodooAi "False Positives"? If VoodooAi does have a false positive issue, we can easily fix this by adding a global whitelist. Keep in mind, all traditional AV and ML/Ai engines have false positives, and they correct them by adding them to the global whitelist, often times through user and developer submissions. VoodooAi does remarkably well on its own, even without implementing a global whitelist. I have posted several spreadsheets on here that prove this, and I can post another one if anyone is interested. VoodooAi is not perfect, but in this day and age, it is much better to be safe than sorry. And when we do add a large global whitelist to VoodooAi (which I am working on), the result will be amazing.

Having said all that... in the real world, this is what happens. When someone downloads a file from download.com, say a youtube downloader app, and if VoodooAi does have a high score, they are at least fully aware that something is not quite right with this file. Whereas when VS blocks a payload from a phishing, exploit, drive-by's, malicious link, etc., most likely the VoodooAi score is going to be high, and since the user is cognizant of the fact that they are not trying to install new software, the little hairs on the back of their neck stand up and they will most likely click block (or simply not even click on the initial mini prompt in the first place, so the file is blocked). I can tell you, on no uncertain terms, that usually when the VoodooAi score for a file is above 0.7500, something is wrong with that file, and it should not EVER be executed, until further investigation of the file is performed.

This is why the computer needs to be locked when it is at risk. If you can convince most users to install a fulltime application whitelisting app, then great, but no one else has been able to convince them to do so. Besides, what is the harm in providing file insight to the end user? You are suggesting that users simply lock the computer, and do not allow anything. With VS / VoodooAi, at least it will allow the user to run obviously safe files... right?

You mentioned "I've been able to teach those who want to learn". That is great and all, but how do you teach them to handle a block without any file insight? They either allow the file blindly and risk infection, or block the file blindly. How is that better than what I am suggesting? Thank you Pete!

 

There isn't a better way to explain, it's crystal clear to me. The key is: "burdensome." If you have a deep, abiding relationship with everything coming and going on your machine, that's one thing. But most of us, myself included, want something that automatically kicks in when we make a mistake. We make mistakes. VoodooAi can teach us something that we maybe didn't know. That is what software like VoodooShield is for. The less you futz with it, the better!

 

+1

 

+1


Prexactly.

 

Can VS do all this (VS blocks a payload from a phishing, exploit, drive-by's, malicious link, etc.) when browser is sandboxed?
Sorry to change subject, thanks.

 

Which sandbox? If Comodo, you need to disable "automatically allow by parent process" (in advanced tab of VS)

 

That's is my thinking too.

 

you have changed the argument.

If it's an unknown file is an unknown file, period.
If it's an unknown file rated by suspicious by any AV it's a completely different story

 

Sandboxie.

 

Thank you, I appreciate that! I make mistakes too... I was recently working on a clients computer, and they kept talking to me, so I could not focus, and I typed in the wrong URL into the web browser, and BOOM!!! So stuff does happen .

 

Yeah, a lot of people misunderstand me when I say the word locked, especially the people who do not understand that traditional AV is not a lock . Thankfully, I have not heard the phrase "I have antivirus software, how did I get a virus?" in a very, very long time. I used to hear it 2-3 times a day.

What I mean by VS's lock is anything that is not on its tiny, customized whitelist, is blocked, while the computer is at risk.

 

BTW, I am retraining the VoodooAi 2.0 models, and included most of the random sample data from the last 5 or so months in the training data sets, so I am excited to see the real world results. This will be the first time I have retrained the models based on the random samples from users running VS (and VoodooAi analyzing the files), so hopefully it will be pretty cool.

It will be ready in an hour or so... so take it for a spin a little later if you want to. You do not need to upgrade VS... it all happens on the web service. Thank you!

 

I am confused... if a file is brand new and has not be analyzed by any engine (traditional AV or ML/Ai), it is unknown.

When is the file no longer considered unknown? If patient zero's AV analyzes the file, is it no longer unknown, whether the verdict is correct or not?

To me, I would think that a file is no longer considered to be unknown a few days (or weeks) after the VirusTotal analysis, or until around half of the blacklist engines have analyzed the file.

 

+100

 

lol
I have found that to be true pertaining to Malware infection too over the years, very common.
I wonder if we could petition the Malware authors to start delivering with some innovative diversity
because they have become so predictable rofl

 

also CFW10 with CS's proactive settings stopped Wcry. There's a video at MT. (perhaps not Ai)

 

How funny, and true!

The new VoodooAi models are up and running, I will check the results a little later... so far there are 180 analysis, and it seems to be doing pretty well. I do not think there will be a massive improvement, but who knows. Then again, there is a chance it will do worse, and I will have to revert to the previous models .

 

Cool, yeah, I saw that. CFW10 is a phenomenal product... if I was not running VS, that is probably what I would be running, with CS's settings of course .

Out of curiosity, how did it do with all default settings?

 

Haven't seen that one yet, and a very good point seeing a very small amount of users know who CS is. There are a large amount of average users who don't know to apply what she does.
I had this very question in the back of my mind as I watched the vid, wondering the same thing.

 

She showed her settings in another video. Just can't remember which one.

 

It is. But after playing with both VS and CFW for the last three months (one day this, another day that), yours is the easier to install and run IMHO. I watch Meghan's videos and think wow, and it's back on. Then something happens so I return to VS. VS isn't the perfect soft but once you get the basics it's straightforward. You could do with a Meghan posting videos on MT showing how VS deals with scary malware.

 

She has posted in the past I think. https://www.youtube.com/watch?v=e-tk8HeV4Bw

 

I was thinking of more like one a month to keep the cognitive dissonance in check.

 

It looks like I need to go through the posts since I missed some, sorry about that.

Does anyone know if false negatives ever get by SmartScreen, or have any stats on this? Thank you guest and shmu26 for bringing this up!