VoodooShield/Cyberlock

VS isn't SRP but enhanced anti-exe; because SRP just block everything not whitelisted without prompts.

 

I'm not so sure about that. VS is using policies just like SRP uses. I think VS gives the option to auto-block in the settings, or prompt the user. I still consider it SRP, or a type of hybrid. It could also be considered a sort of HIPS in some ways.

 

you may have some points, maybe Dan can tell (better than anyone) in what category he think VS is. because VS does lot of things , originally it was an anti-exe but with the addition of the sandbox, VT rep scan and lately the Ai, it becomes difficult to categorize it

definition of SRP : https://technet.microsoft.com/en-us/library/cc782792(v=ws.10).aspx

i still don't believe it is SRP, more enhanced Anti-exe.

anti-exe and SRP look very similar but are different in term of mechanism.

 

No, I can make it say anything we want it to say in the script... that is just logging.

What really, really, really, really, really, really, really counts is if a session is created and we can get shell.

When I can get shell on the AG test, but cannot get shell on the VS test, then you know.

 

I recommended several SRP policies to Dan by email when he started adding the Web Apps, and Anti-Exploit Feature. He did a lot of Brain Storming, and took it a lot further. I'm sure he has some very effective SRP going on under the hood.

 

VS is certainly unique . That is a good thing though.

I just think that every web connected device should be locked when it is at risk... that the lock should be made as user-friendly as possible, with as few dangerous affirmative user prompts as possible, and that relevant file insight should be provided to the user in case of a block. That is VS in a nutshell.

 

and you use the shell for what? just look at it ?
uploading a malicious file and make it run is the endgame, the purpose of the whole attack.
you break in a bank to stole the money , not just making a hole in the vault.
And i told you SRP and AG is post-exploit mechanism. you can prevent it earlier, but at the end , the system will not be infected, just breached, this is a big difference.

 

I have no idea what you mean, but yeah, VS's code that determines whether a file should be allowed or not is quite complex... it took a while to get it right . It is well organized I might add .

 

Basically to prove that there is a connection with DP. If you cannot get shell, the attack totally failed.

You guys seriously just need to test the damn thing for yourself. Seriously. .

White Cipher gets upset when people ask to many questions without taking the time to test for themselves .

 

I guess VS has changed a lot since then. This was around 2 years ago. Are you saying SRP only plays a small roll in the Anti-Exploit feature now?

 

Do not forget the fact that if a new DP instance was created, ANYTHING can be created.

 

I am confused when you refer to SRP as it relates to our code. Please give me 2 examples of:

1). AE code / functions
2). SRP code / functions

Do you see what I mean? If not, I might have to respond tomorrow, I am extremely tired. Thank you guys!

 

BRN did already , they won't care because uploaded malicious file still can't run. do you understand what i mean?

but everything uploaded and run will be blocked... doing several hole in a building to put a bomb in, is different than successfully make the bomb explode.
i understand where you come from, you believe that AG should prevent the hole to be made , but it is not , AG is designed to only stop the bomb to explode.
(However AG Business would stop the holes being made, from what i heard)

ok i think people get the idea of the what and how, we can move on. to some more VS related stuff.

 

Then how was DP installed on the machine?

Let's just pretend for a second that only one new malicious process (DP) can be created on a machine... that machine is still a zombie and infecting other endpoints. Either way, there is not an excuse for this issue to not be fixed... it really is a BFD.

That is why MRG made such a big deal out of it... and why after reading the MRG article, I started to worry about it... so I googled it, and found the MT discussion, and no one was testing, so I tested myself. Do not quote me on the exact sequence of events, but it was something like that .

 

I will have to go back, and look at our emails when I have time. There's so.... many to look through. These emails are from like 2 years ago, or maybe even longer.

You mentioned several SRP policies that you was thinking about integrating into VS after I mentioned policies like not allowing Web Facing Apps to spawn child processes, or write to the system space.

I'm not trying to take any credit for VS design. I was just trying to come up with a name, and description of the Anti-Exploit feature that would prevent future arguments. That was my only intention.

Dan, i'm sure you are worn out, and tired of explaining the same thing over, and over. Get some rest man!

 

+1

It's making my head hurt....

 

Dan posted a video not that long ago. Of course people are gonna talk about it.

 

Darn it... I missed the heated remarks .

 

Hopefully CS or MRG can explain to guest what is up.

 

Cool, thank you, but I do not know what you mean by SRP policies... can you please give me an example so that I know what you mean, and so we are on the same page?

VS is quite unique, so it is difficult for me to distinguish what is an AE feature and what is a SRP feature.

You and all of the wilders users have been a heck of a lot of help in making VS what it is, and for that I thank you!

The only thing that I can tell you is that there are a lot of people that are impressed with OUR work. .

 

Honestly Dan, you and I both know it wont make a difference
Get some rest brother.

 

Question about VS default settings, which "automatically allow all files from the Programs files folders".
There are lots of illegal downloads that contain instructions such as the following, and I quote:

1. Install Program & Close it completely
2. Copy patch to program's installation folder
3. Right click on Patch, Click "Run as administrator" & apply it!
4. Enjoy & Share!

This is a typical set of instructions for illegal cracks.

VS at default settings will not protect a user who is stupid enough and criminal enough to follow instructions. Is this by design?

 

Correct, but why wouldn't they scan the crack with VS first... it would probably have tons of blacklist hits, and VoodooAi is typically off the charts for cracks.

If they are stupid enough to ignore the blacklist and VoodooAi, there is no helping them.