VoodooShield/Cyberlock

Cool Kees, let's talk soon, thank you!

 

Thank you for letting us know! I hope to have the freeze issue fixed soon, sorry it is taking so long!

 

Hey guest, I am not sure what you mean? Would what happen? Please let me know, thank you!

 

I think he's asking if similar results would occur if VoodooAI was tested instead of Cylance since the post he's linking to is the Sophos/Cylance test.

 

Yeah, exactly... real world tests. I just figured that since everyone is performing their own tests, why not just perform one test together, that we can all agree on, with a truly random sample set. Win or lose, at least we all know the end result. Besides, it would be kinda fun .

Either way, I still think the computer should be locked when it is at risk... especially when we are in the 94-99% detection range, which was one of the major points of my recent test and video. Now, if we were approaching a consistent 100% detection rate, like maybe 99.999+%, then I would say that a lock is probably not needed. But until that happens (which it never will), the computer should be locked. I would not even suggest running VS on AutoPilot on a mission critical computer, or a computer that contained sensitive data... it should be locked when it is at risk.

Yeah, I think Cylance has a great realtime Ai scanner, but they really do need some kind of a gui... I emailed Dan and Joel at MalwareManaged about this awhile back. But then later, I remembered that their tagline for MalwareManaged is "We manage malware so you don't have to"... it was then that I realized that it is not their intention to have a gui (probably ever). Basically, they install CylancePROTECT on your machine, and they manage the malware for you. That is certainly a unique concept... we will see how it does, it might end up doing very well.

 

I see... thank you! I would expect VS / VoodooAi to perform EXACTLY how it did in our test using 1,000 random samples... so it should do quite well. I was not surprised at all to see Cylance score 96% on the executable malware portion of the test... I usually find a consistent 94-96% with Cylance (it scored 94.5% in our test). I have to say, I am a little surprised on the 97% for Sophos... don't get me wrong, it is a great product, and it scored 89.4% in our test... which is a little too much deviation in my opinion. Then again, I guess there are a lot of factors at play, for example, how the samples were prepared.

The thing is, I wanted to keep our test as fair and as random as possible, that way when other people ran similar tests, they would find similar results... so I went to great lengths to make sure the test was as fair and random as possible.

Keep in mind, for example, VS does not do any web filtering, but we should block the exploit and / or payload... similar situation with the Office docs. Then again, a lot of security purist would argue that web filtering is basically cheating because it completely skips the most important part of the test... whether the core security software can block the file or not. Especially since I am certain that most of the web filtering technologies have a variety of sources for their malicious links database.

Now, I am sure that I missed a file type or two, and something is going to bypass VS, and it will be a quick fix. And eventually we will find a file that will bypass VS / VoodooAi on AutoPilot, but so far I have not been able to find one that will. Come on Fabian or CruelSister1, I know you can do it!!!

 

And how would that be a real world test?

 

Hehehe, if that is the case, then VS should not be on AutoPilot... it should be on Always ON .

I am simply suggesting that the closer you can actually compare apples to apples, the more accurate the results. If product A uses url filtering and product B uses application whitelisting, which do you think will win? But if you disable both of these features and wish to test the core security mechanisms, then it levels the playing field... especially when the url filter is most likely from several different sources. We can even disable VS's blacklist and rely only on VoodooAi... or just watch the prompts and make sure that the end with "VoodooAi!"... I imagine the samples they use in these tests are the kinds of samples that Roger would prefer... like basically all pretty bad stuff, which VoodooAi would do really, really, really, really well against.

Speaking of Roger... he will find this funny. I spent 1 hour and 24 minutes removing PUP's from a computer today for a user who refuses to even try VS... it was quite frustrating. And honestly, I thought about Roger the entire 1 hour and 24 minutes .

 

But Dan, that is not real world testing. You can't disable components of a security program and call it a real world test. That is exactly why Norton stopped being tested by AV-Comparatives. To put it another way, what world do you live in? Comparing an anti-virus to VoodooShield is not comparing apples with apples any more than comparing Sophos to Cylance is.

http://securitywatch.pcmag.com/secu...declares-on-demand-antivirus-tests-misleading

https://community.norton.com/en/comment/3887213#comment-3887213

 

BTW, I really wish malware researchers would start using more than 100 samples while testing security products... 100 is not even close to being a representative sample.

Are there any statisticians out there? If so, how many files should our sample sets contain in order to ensure they are true representative samples?

 

I see your point, and I believe it is highly valid... but think of it this way. What if I add openDNS to VS so that all web traffic is filtered through it first, but other security product do not have this advantage? Of course products with openDNS are going to perform better in the test. That is why they ban performance enhancing drugs in sports.

AV tests should assume that the malware finds its way onto the computer, THEN test to see if the core components of the security software are effective enough to stop it.

Here is an example (maybe I can think of a better one later)... In cars, there are many technologies such as anti-lock breaks and anti-skid / stability control systems (among other technologies) that reduce the frequency of car crashes significantly. But when test engineers perform automobile crash tests, these safety features are not even considered. Because in the end, what is most important is that the core safety mechanisms (safety glass, air bags, solid engineering) that protect you in an actual crash, are effective.

This is the same with security software... you want to know that the core components of your security software are effective at detecting and stopping the malware, right? If they are not effective, then you might as well just run a url filter.

So yeah, I doubt we ever have a true, valid real world test, it is almost impossible... and there are many ways to view this. But either way, I think the officer who is closest to the safe at Fort Knox should have more than a BB gun.

 

Well, perhaps we should agree to disagree.

Since you mention sport, lets take triathlon as an example. We'll both compete, but I'll break your arms so you can't swim, and I'll take the wheels off my bike. Does that sound fair?

 

I would consider arms and wheels core components, but sorry, you have to leave your jet pack at home.

By the way, it is 2016, where are our jet packs?

 

Hey Dan...
I'm a new member here,although I have enjoyed reading posts on Wilders for some time..
I have been using Voodooshield (Free Version) for a fair few months now,and I am extremely impressed with it.
I already consider it to be the best Security Software that I have ever used,and I know that it will get even better still.
I am not sure what impresses me the most....The excellence of Voodooshield, or the incredible level of interaction that you have with it's users.
I really feel for you regarding the freeze issue,but am certain that you will conquer it.
Personally,I have never experienced the freezing...
I have used 2.86,most of the Beta's from 3.00 upwards,and am currently using 3.28.
I am on Windows 10 x64 Pro....and have used the following with Voodooshield without problems;
Chrome / UAC (max setting) / Avast (free) / Sandboxie (free) / Spyshelter Anti Keylogger (free) / & MAE (free).

 

Real World Test - Products should be tested with default settings i.e modules & settings enabled by default.
Attack vector should be web, USB, etc...
Web testing will give you results for all modules.
USB testing will give results for core protection
Same malware used for web & USB tests/local test will show if the malware protected by Web modules comes through attack vector USB will be protected by core protection or not.

 

Dan, one last point.

To test Norton as a file only test you would need to disable IPS, SafeWeb, Phishing Protection, Download Insight, SONAR, File Insight, PEP, the new Sandbox feature (which I'm still waiting to hear about), Auto-Protect, Early launch Anti-Malware Protection, Heuristic Protection, Email Anti-virus Scan and possibly others I've missed just to make Norton only scan for signatures. ... And you wonder why Norton wouldn't do so well? If you want to do that it cannot be called a Real World Test.

Yeah, I'm still waiting for my flying car like the Jetsons had.

 

Now there is an idea... do the web test first and collect the executables for a later USB test... that way you can see all of the results. Thank you yesnoo!

 

You mean Norton has all of those protections and still missed 373 / 1000? Maybe we should just start locking our computers when they are at risk .

I do agree that the only thing that really matters is that the device is not ultimately infected, and different security products have very different ways of trying to achieve this. And Actually, it is a great thing that we have so many choices.

BTW, I also assume you would agree that its core protections should not be ineffective.

 

I'm not a pen tester and I don't know how you tested so I can't comment on that.

Yep all part of a layered defence. Personally, I believe the days when a single product could protect a Windows machine are long gone.

As good as VS is, it only takes the user to allow the wrong thing and the machine is infected, not to mention if the machine is already infected before VS is installed.

Yep, horses for courses. No one product satisfies all.

I do agree, but as you said, it is 2016 now, the basic AV is dead because as you know, viruses are only a tiny portion of today's malware.

 

Well that's how much I care about AV testing organizations anyways, they're still stuck in the old ages of testing products and they all need to do a complete overhaul on there Methodology of testing AV software for today's new ways AV's and other products like VS and many others protect users now, so I take any tests with a grain of salt until they wake up and work it the early 21st century! LOL A decade and a half into the 21st Century!

Daniel

 

Hi Gordon,

It looks like it is over for XP, from what I saw in Dan's reply to you. Too bad, but I didn't think XP could be supported when it went to version 3.xx......

 

Yeah, I am all for a layered approach, and I do agree that the days of a single product protecting a machine is long gone.

You know, now that I think about it, VS could add url filtering... the thing is, we do not want to compete with other AV solutions, we just want to complement them.

So yeah, in that Sophos test, for example, VS would fail at the phishing test since malware is not involved.

 

I agree TH!

 

Yeah, I like VS as t is now too. It is a great complement to AVs and we don't want VS becoming bloated, do we?

 

Here's some further reading for anyone interested.

https://community.norton.com/node/7213

Dan, you should find this part interesting.

https://www.symantec.com/theme/star