VoodooShield/Cyberlock

Ok, I think I have responded to everyone I needed to, if not, please let me know! I am going to try to fix these last couple of bugs so we can move on to the new features! I will post the list as soon as I find the second one and combine them! Thank you!

 

Thank you, I appreciate that! Money is great and everything, but if I wanted to make a bunch of money, I would not be in the computer security software business . Especially when most people believe that security software should be free .

 

I like my belts and braces

 

Hehehe, I totally agree! But my point is, SOMETHING is going to block the process first. Sometimes VS blocks it first, sometimes another security app blocks it first. It really just depends on the process creation method that the software utilizes (and they can always be changed for another). The important thing is that the process is never created in the first place .

 

VoodooShield to do list

I think this is everything, although I might have one more list. If I am leaving anything out, please let me know!

Known Bugs

1. Service not starting correctly on some systems

2. Conhost error – Check with Hitman Pro

3. Fix all of the logging. It works, but I need to double check everything to make sure it is all working correctly.

4. MachineID error / Multiple computers in web interface

5. Check lame mp3 error


New Features

1. NUMBER 1 and MOST IMPORTANTLY, finish making the desktop shield gadget even more like a lock, like it was intended to be . Make it flash longer and when the user clicks on it when it is flashing, upload the file / hash for analysis.

2. KMD

3. 2-3 different sizes of the desktop shield gadget / user adjustable size for the shield

4. Convert User Database to Mongo

5. Further integration with cloud based blacklist scanning service, eg, report false positives

6. DLL / Memory protection (not that I think we need it)

7. Self Protection (not that I think we need it)

8. Further develop the sandbox / consider different method

9. Block browser extensions

10. Change balloons to miniforms / user adjustable time

11. Installer will install the version of VS complied with the .net runtime that is native to the system

12. Corporate feature – Limited VS user can click a button to email their admit to request that an item is added to the whitelist

13. Corporate feature – finish the upload settings to cloud feature / copy settings to other computers

14. Blacklist Scanning of blocked rundll32 commandlines (the executables in the command line)

15. Build out Web Apps a little more

16. Determine overall computer speed and adjust the timers as necessary. This will help with slower computers, like tablets with atom processors.

17. Captcha on exit

18. Remaining time on Pro Subscription

19. Right click allow process in User Log

20. Parent processes – Manual or Automatic

21. Initial Snapshot feature – that way a user can revert to their initial snapshot in case something goes wrong

22. Right click context menu for blacklist scan

23. Prompt on custom paths if c:\

24. Block startup items (not that I think we need it)

25. Integration with Crystal Security

26. GUI colors

27. Do not toggle with sandboxed web apps

28. Command line scrolling

29. Native .net version

I better get to work, hehehe, see you guys soon .

 

You described the problem exactly as it occurred in XP Pro.

 

Cool, thank you! It will be fixed soon... we just have to test a little more!

 

I drive a manual gearshift...I never did like automatics.

 

@Dan
UAC warning still in SysTray ~ No Biggy. Over install 2.20a and uninstall reinstall 2.20a
Each time opting for turn off UAC
I looked for the profile folder to delete and reinstall VS ~ need path
Or, I'll check reg to confirm key ~ need path
On a high note. VS shortcut works and UI is great
<<It also works flawlessly with Sandboxie!>> That line strongly suggests VS does it's thing flawlessly with Sandboxie. I can post here that VS works flawlessly with Firefox!
That statement strongly suggests VS does it's thing flawlessly with Firefox.
Maintaining "It also works flawlessly with Sandboxie!" on your home page is at best misleadling and at worst a lie.

 

Always follow advice from Bo. My box ain't forced.

 

Okay i thought i covered it but it might have been by direct msg with bjm.

I did disable winpatrol and nothing including VS blocked the exploit test.
Only WP did so

 

Vista should have a way to disable that notification... I forgot, what does Vista have for the Action Center?

C:\ProgramData\VoodooShield

Ok, so once VS no longer toggles with sandboxed web apps, it will then work flawlessly with SB, correct? VS 1.30 is still available for download and it blocks downloads and driveby's from sandboxed web apps if you would prefer to use it instead. Here is the link: http://voodooshield.com/download/versions/Install VoodooShield.1.30.exe

Edit: And besides, I have to be perfectly honest... I have a lot on my plate, and to even consider worrying about petty things like the SB quote from 3 years ago is just kinda silly .

 

What exploit test are you talking about? The one that I posted? Either way, I promise you, there is a perfect explanation. Like for example, did the exploit run something in Program Files, or something like notepad or calc.exe? If so, then yes, VS will not block these if an exploit tries to run these executables, which is perfectly safe.

I just downloaded WP... what is it blocking first? Not that it matters, I am just curious.

Edit: I just tried the exploit test (it was the one I posted a few days ago). On my Windows 7 system, VS blocked it first, so something is not right (the process must have been whitelisted by VS or something).

Edit again: I bet I know what is going on... Did you put an executable named "Test.exe" on the root of your C drive? If not, please try it and run the test again and let me know what blocks it . VS should block the payload, not the exploit.

 

Just turn it off Right Dan!

Daniel

 

Thank you TH! He is running Vista, this should work though:

http://techboys.typepad.com/techboys/2007/04/how_to_disable_.html

 

Here it is in Vista Ultimate.

 

Very cool, thank you! That should fix it!

 

Dan, I will reply tomorrow regarding automatic/manual parent process from your reply to me and may put together some color suggestions for the GUI if I have time in the morning, I am hoping. I have some ideas.

But first, regarding detection of Web Apps. Based on you having to manually add web app process names, I am assuming the you detect based on process name for the smart mode toggle. If so, that certainly gets tricky when it comes to less popular browser forks and so on. Here's my suggestion... toggle on/off in smart mode using detection based on network communication/activity, for example, when a process tries to make an http request on port 80, or known email ports. Although for all I know, this could be difficult to implement, or maybe trivial. Depends on whatever API that MS provides for this. Anyways, just an idea I wanted to put out there before I go to bed and wake up tomorrow likely forgetting the idea. Since they are web apps, makes sense to detect on network level. Maybe this will at least spark an even better idea for you.

 

Holy crap Dan, you are one dedicated trooper!

The new features list is looking great! Can't wait to get my hand on future versions.

2nd full day on ver 2.20a, no issues to report. Phew!

Checked services, set to automatic.

I run VS with UAC on highest level. I've never had an issue/conflict between the 2.

I initially registered on Wilders to give props to the dev of VS. From reading this whole thread (started nov 11th 2014), I've become a little more paranoid/security inclined than I was before. To all the posters on this thread, I thank you all for your insight, opinions, and advise. I think I'll be sticking around for a long time.

Again great job Dan!

Best regards,

l3l312

 

Hey Dan,

Just informative- in the new version(2.20a beta ) issue is not fixed.

Best Regards,

Plamen!

 

Almost. I'd drop the word with. Doesn't make good sense to me.

 

Hi Dan

Just installed 2.20a. I am fine with the colours. People do seem to make a lot of fuss about colours but so long as it is clear then I am ok, but perhaps to satisfy others you could adopt the current scheme in Windows.

I use The Bat email client but that is not detected when going on line. I know it can be added but feel that it should be flagged by VS.

 

@Dan
Alert box has text overlay http://postimg.org/image/yf4njsyln/ I'm at 120% DPI
Already looked in Program Files and Program Data\VoodooShield ~ no folder "Profile"
SBoxie issue was to understand what VS does. SBoxie issue was to understand why I have to fix SBoxie after VS update.
UAC issue was to understand what VS does.
Concern over EULA text was to understand what VS does.
In future as I get confused. I may ask to understand what VS does. Lets be friends

@Triple Helix ~ Thanks Kudos

 

Just had a few ideas, so I decided to put together a quick mockup for the UI. The current state of the recent VS betas definitely has a nice, new layout that works very well. But it was lacking any kind of branding which is important and as well Dan had suggested that the community come up with the ideas, particularly with regards to color and so on.

This is just a quick mockup and there is several other things that I still need to implement, plus take in any feedback. Also add some sort of gradient or effect to buttons at bottom of UI.

Some other UI ideas might be to have it change color based on Windows default color, like based on modern/metro settings and would change dynamically when you change colors, wallpaper, etc. That way it would blend in well, potentially.

Another fun option would be to allow skinning the interface, fun for the community of course. Although this could open up potential security risks.



Aside from this, I have fixed the issue with the VS icon getting all pixelated in the taskbar and other areas on default Windows 7/8.x/10 desktop with that default large sized taskbar. The VS icon is such high quality and detail that when Windows scales it down, Windows does a terrible job. I can't attach icon files here, but I will talk to Dan about it later. Windows just doesn't scale it well. But I have found a few ways to scale it much more cleanly.

Below is how the icon looks by default, on default Windows install:

 

It was the exploit test on the web page you posted on you site were you had to use IE to get it to run.

WP blocked activex object adding to the startup

I dont see how VS could of blocked it as WP blocked first.
No popup or flash from VS when WP exited.

Edit again: Ok no i didnt so that explains why it wasnt blocked (no file)