VoodooShield/Cyberlock

The thing is like this: VS gives the average user a high degree of confidence. He has probably clicked on lots of files, and observed how VS blocks or examines. So it probably will not occur to him that this time, VS will let it go by unchallenged.

 

So your basically asking Dan if he (by design) set that up to facilitate software theft ?
Surely you are smart enough to know the answer to that
Dan should not even dignify that with an answer

 

Well, the question I am raising is a little deeper: should security software be designed to protect the average user even when his action is probably violating copyright laws?
The off-the-cuff answer is: he got what was coming to him.
On the other hand, the user will claim there is a hole in VS protection, and perhaps he is right.

 

Hey Dan,

What about the bug I emailed you about some time ago? Do you remember the "myharmony.exe" issue?

 

However, that video concerns the product under discussion but, as has been said, parts of the dialog may be too technical for some to understand. It is for this reason why the concerned parties should take it to PM to discuss the more technical aspects of the program. Either that or create a new thread for such topics and leave this one for more general product support as suggested in #16487.

 

An ancient proverb: "Against stupidity the gods themselves contend in vain." (Friedrich von Schiller)

OTOH, the way things are going, more and more people with little or no tech. ed. using ever more powerful IT equipment, then pwned boxes will eventually be considered as self-inflicted damage, and users held liable. (I've--4 decades ago--seen exactly that applied to one moron by an ISP.) It's not a great step to statutary requirement for G-Ai IT protection, in exact alignment with (for example) Western Australia's requirement that all automobiles have a functional theft-prevention device fitted prior to sale (read: on-road registration), back in--IIRC--2001. As I see it, this would "naturally" be integral to the OS, and the only debateable point would be the successful tenderer chosen by the OS manufacturer.

 

Ok, thats better, but the way you worded that, if you go back and read it, it looked like you were asking a very different question.
Thanks for clarifying brother, I was scared there for a moment we had lost you to the dark side

 

Thanks Ghostie. Even my mother can't understand me sometimes...

 

I think I now understand it. Basically, the EternalBlue exploit hijacks lsass.exe which will load the DoublePulse kernel backdoor, but DP needs to load a payload like WannaCry. So in the video you can see that both VS and ERP blocked the payload (rundll32.exe + cmd.exe) from running. This means that both VS and ERP could have blocked the WannaCry ransomware or any other malware from running.

Yes correct, but even HMPA and MBAE wouldn't have been able to block it, because they don't monitor lsass.exe. The newest version of HMPA does now have generic protection against the DB injection method.

 

I don't think it would block in-memory payloads, because they don't spawn new child processes. So let's say hackers create ransomware or banking trojans that are truly in-memory based, all malicious activity would be done from inside the exploited process. So far I've never seen such malware, so it's probably hard to develop and it has another drawback, if you close the exploited process (like the browser), then the infection is gone.

 

Agreed, to those that constantly challenge why not go and design a security software that is impregnable and show how it should be dome!

 

Hey Krusty... yeah, I kind of remember that, but for some reason I thought it was taken care of. My search function in my Outlook is not working, do you mind posting the bug on here and I will take a look at it? Thank you!

 

I think the argument was more about understanding the strengths and weaknesses of the products.
Both VS and Appguard are good products. But they work differently, like it was stated in this post
https://malwaretips.com/threads/ete...on-whitelisting-test.72049/page-5#post-636085

 

Then frankly leave that on malwaretips!...Why spread the contents of one site onto another, that assists no one and just creates FUD and besides this Appguard v Voodoshield is almost A v B that isn't tolerated on this site by its rules.

 

I have not found an example that fits your description, but if you find one, please let me know. I would love to test... VS only this time .

Just keep in mind, you said "all malicious activity would be done from inside the exploited process". We can use the EB/DP example, since we are all extremely familiar with it by now. I see, you are curious about potential malicious activity inside of lsass. I am comforted by the fact that VS blocked lsass when it tried to spawn DP... but who knows what someone might think of next. I am not an expert on exploits, but I am certain that they are at least somewhat limited, and executing a malicious payload of some kind is pretty much a requirement... but I am just speculating.

However, the bigger issue that I see at the present time is that the malicious payload DP is a generic backdoor payload... one would assume you can add pretty much whatever malicious code you want to it. And if a session is created and the hacker has shell, you could also probably safely assume that attack would not be blocked in any way.

It is going to be extremely interesting because the genie is now out of the bottle... and the malware authors are aware of how effective this type of attack can be, since they witnessed firsthand how it spread like wildfire. I think that is why MRG is so concerned about it. And once we fully understand the initial attack vector, things could get pretty scary.

 

It appears the A vs B only apply to antiviruses.

I found this thread that might be perfect if people want to continue discussing it.
https://www.wilderssecurity.com/thr...shield-or-novirusthanks-exe-radar-pro.377372/

 

The simple fact is as security software develops to prevent the current attack methods the authors of malwares etc up the game as well, its a never-ending battle and everything under discussion now will be old school by this time next year if not sooner.

 

I agree with that. But if there's no point of discussing it, then there wouldn't be a point to security forums like Wilders.

Discussion/Opinions/Feedback/Negative or Positive Criticism can help a product grow and mature. Dan, knows very well how his product has grown thanks to feedback made by members in this forum.

 

Agreed, I was referring to some of the hostile comments that were made with no substance to back them up.

 

@VoodooShield /Dan

Any updates of the vulnerability reported via IM?

 

Is VS still compatible with XP?
Downloaded a file from my PC to install on someone who has XP and it did not work.
Then i downloaded one directly from that persons' XP and it still would not install.

 

The new website is finished... Alex just emailed me today to let me know. We will be deploying it asap... it is going to look exactly the same as it did before, but it is built on today's security standards, and not standards from 6 years ago .

BTW, some hacker dude emailed me out of the blue and found a couple of other issues with our website... one that was on even on the new site, but it is fixed now. I think he did a pretty good job of testing the new site, so we should be good to go. It was worth the bug bounty .

 

Unfortunately VS's new driver does not work with XP, sorry about that.

 

My email:

Your reply:

I was trying to allow it because myharmony.exe won't run without internet access.

Thanks,
Dave

 

+1