VoodooShield/Cyberlock

Thank you for mentioning that… I have not had time to go back through the posts that I missed.

We can see what everyone thinks, but here is my take.

Basically, the whole idea of VS is that the computer should be protected with the blacklist and Ai scan fulltime, and it should be locked when it is at risk. So the ON and OFF refers to the status of the lock, and whether it is ON or OFF.

I am certain that this is confusing to a lot of users, especially users who are new to VS… mainly because VS blocks items sometimes when the lock is OFF .

We can certainly figure out a way to tweak this a little, but obviously, we need to keep it as simple as possible.

But currently, the ON and OFF just tells you whether the lock is ON or OFF, and it assumes that the blacklist scan and Ai is on full-time. Please let me know what you guys think, thank you!

 

I imagine you must have been laughing, I consider it a Christmas present.

It is tempting to define a new program and call it VoodooShield_Zero (zero for protection against zero days and zero being a light version of VoodooShield_pro) with a freemium model (first year free and fully functional next yeat the price of Big Mac $ 3.50 annual).

EDIT: after reading your second post (Silent mode), I skipped this idea, see post #13482

 

Thanks for the quick reply Dan. Part of the confusion arises about the OFF that shows in the GUI when in Training mode. In that case OFF does not attempt to indicate that the lock is ON or OFF but that VS itself is OFF. Hence possible confusion.

One of my posts two months ago suggested that to avoid this confusion, we could leave the Training mode OFF as is but change the Smart and Always On OFFs to read LOCKED or UNLOCKED (or LOCK ON/LOCK OFF). I really believe that this would go a long way to helping users understand what is actually happening without complicating anything.

There was also some discussion as to whether the GUI should be changed from red when the lock is off because the computer is still protected. Yellow or orange come to mind but this is a minor point.

 

I don't know if you have seen this replay, so i bumping it

 

When it comes to talk about security features, changes to or additions to a program I am just a layman, and cannot comprehend what it may be like compared to someone who may be an expert, such as @Windows_Security. Such postulations are beyond my orb of understanding, so to speak. I read and observe, that is far as I go, and therefore I don't make the contribution to a discussion that may be offered, like some that have a better understanding.

My approach to such matters, when it comes to security may be more like this when it comes to my limited knowledge about computer security: "Abbott & Costello Who's On First" - ~ Off Topic Video Removed ~

 

Please--not the ON/OFF thing again. Just kind of slip whatever changes with that unobtrusively into the new build, I'll deal. Looks like some big changes are being discussed, some of which are out of my range of comprehension. Please keep this software friendly for users of *all* abilities!

By the way, VS regards its own installer as less "safe" than HMPA's. What is up with that? lol!

 

Excellent Tarnak! Good to have a bit of light relief - that is a classic!

 

The classics are still the best! May VS become a classic, too.

 

Maybe you just need an easy place to see that information in the configuration UI.
I.e a list of all the security features (AI, blacklist, lock etc) and whether they are on or off. Then when you change the modes you get to see what security features are affected in detail?

 

Thank you @VoodooShield . Dan!

The update went smoothly..running without issues....3.49 Beta. Appreciate all your hard work through the years and for being so attentive....

Happy Holidays and Happy New Year 2017 to all of you!

 

Okay, this youtube might be irrelevant to this topic, but I guess (English is not my first language) the tongue in cheek message to me is that it pictures Dan and me talking about incomprehensible VoodooShield features on this forum

 

Great as posted earlier better to clean up code before adding new. Also despite having suggested a new program, it makes more sense to keep everything in one program to prevent code divergence and replication. So let's use Silent as central idea, I would use the ALLOW mode as Silent mode, so Silent mode could be used as Zero day add on to any Anti-Virus solution.

SILENT (COMPANION) MODE:

1. Silently auto allows all executions in user space from critical Windows processes (with Microsoft Windows signature and/or build in whitelist based on hashes updated through cloud), this is an existing False Positive reduction mechanism
   
   
2. Silently auto allow all user space executions started by already whitelisted executables (existing False Positive reduction mechanism).
   
   
3. Silently auto-allow unknown programs executing from user space with a valid signature of already installed program (this list of signatures is build during VS system snapshot). User has already trusted this vendor, so it is a valid reason to allow this new program from same vendor. This PC specific signature white-list is IMO safer than the current "allow any unknown child execution started by trusted parent". The PC-specific signature white-list will probably be more effective as a false positive reduction mechanism than the existing ""allow any unknown child execution started by trusted parent" mechanism.
   
   
4. Silently auto-allow unknown programs executing from user space with an AI-rating lower than 0.3 (just an example).
   
   
5. Silently block all remaining programs AI score of 0.3 and higher with a small notification from gadget or icon tray.
   
   
6. User has the option to right-click install "trusted". VS will temporary allow all user installs triggerd by this program or spawned programs with same signature.
   
   
7. Like Applocker VS can set allow exceptions of valid signature. This is a feature of future central management functionality of VS for system administrators (when central management is enabled, the user is not allowed to install with right click as explained at 6).

 

I also experienced this after upgrading to 3.49.
A lot of blocks on signed Panda Antivirus files.

/E

 

It can help to minimize prompts if digitally signed files are allowed, as long as they have a low Ai-Score and are not on the blacklist.
For example if Chrome gets updated (googleupdatesetup.exe, or similar update-files), the user always get a prompt because the update-file is "unknown" and relatively new. But it is digitally signed.
Edit: small fix

 

Here they are. That is MBAM 2.2.

 

Oops, sorry, this was my reply to your post… for some reason I accidentally replied to one of my posts… very odd .

https://www.wilderssecurity.com/threads/voodooshield.313706/page-539#post-2641163


To expand on this a little...

I have read how some members of the security community take exception to security software asking the user if they want to allow an item or not, when the security software is unsure of the maliciousness of a file. I could write pages on this, but I will keep it as brief as possible.

First, let’s first assume that the alternative is more optimal than VS’s method… that is, the malware engine renders a decisive verdict each and every time, so that the decision is automatically made for the user (every time). Well, that would be great, except for we are forgetting that simply because a verdict is automatically rendered, this does not mean that it is the correct verdict, or that the malware engine did not have the EXACT SAME difficulties in correctly determining the maliciousness of the file. The only thing that is different in this scenario from VS’s method is that the user is kept in the dark, with ZERO chance of stopping the incorrectly identified malicious files, that were decided upon automatically. That is what I would call a coin toss .

Now, if someone could create a malware engine that approached 100% efficacy, we would not have this issue… but it is mathematically impossible.

My point is that highly accurate and meaningful file insight is absolutely vital… the more information you can provide the end user in making the correct decision, the better. So even if the file is blocked, the VoodooAi score is highly valuable to the end user. The user can then decide whether it is worth it to take the chance on allowing the file, based on the file insight.

I hope that makes sense… if not, let me know, I could seriously write a book on this topic. It does not mean that I am correct though, which is why I am more than happy to discuss this with anyone .

BTW… I was not aware that Cloud AV was invented in the 1999’s . I always thought that Webroot / Prevx pioneered this technology in 2010… 11 years later. What a great idea they had, especially since the computer is not going to become infected if it does not have an internet connection . We actually could move VS’s Ai to the local hard drive, but it would not be nearly as accurate as using the super computers we are currently using.

https://www.webroot.com/in/en/company/press-room/releases/technology-acquisition-cloud-security

Hopefully I can catch up on the other posts I missed… sorry about that, talk to you guys soon!

 

One could also allow signed software of already installed software (is allow no 3 in post #13482 above)

 

Makes perfect sense to me Dan. VS has AutoPilot for those who wish to have minimal input and other modes for those of us who like to keep a closer eye on what is going on. I think that VS just about strikes the perfect balance and it is as user-friendly to novices as it is to experienced PC users. There aren't many anti-execs that you can say that about!

 

I think you understood...or did get it, so to speak. But, to whoever censored my post, they apparently didn't. Tsk tsk! ...To them, I dips me lid, not. - http://www.slang-dictionary.org/Australian-Slang/Dip_one's_lid

 

Also never had an issue here (on second machine).

 

I have a lot of softs so do a lot of update installs, so also have to keep changing Protection Level of AG to 'Allow Installs' and often forget to revert to 'Protected' or 'Locked Down'.
But in these cases I kinda have the same issue with VS, when changing from 'Smart' mode to 'Disable / Install Mode' to avoid the blocks / prompts.
My fault, of course. Laziness or stupity, or both.

 

Just looked and 'Notify after n (5) minutes if VoodooShield is off' is unticked (I must have done that if it is not the default).
But 'Automatically reactivate after n (300) seconds' is checked.
So all is OK after all, I am happy with that.
Thanks for pointing that out.
Edit: I realise now AG also has the same 'after 20 minute' reactivation, but I tend to uncheck that if I have quite a few updates. So it stays in 'Allow Installs' mode.
Looks like I need more protection from myself