VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. guest

    guest Guest

    I agree with this too. I don't consider it a big deal because I trust VS/Dan, but you're right, it would be nice to have a more detailed explanation regarding what is being logged.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    That is just standard legalese... four of the original VS investors are attorneys, and they just want to make sure we have all of our bases covered. Besides, it would be careless to not include that in the EULA. Keep in mind, the fact that VS Pro accounts are based on user's email addresses, and not a product key, this alone requires us to include this language.

    If you can find an EULA that does not have similar verbiage, please post it and I will run it by the attorneys to see if we can make changes. Then again, users have had questions about our EULA a time or two in the past, and our attorneys reviewed and revised the documentation to make sure it was not over reaching and appropriate.

    That being said... I have no interest in anyone's personal information, my objective is to protect computers and user information.

    I have also recently made it my objective to no longer allow companies and major corporations to settle for 50-95% malware detection efficacy. These companies hold your personal information with little regard for your privacy by not adequately locking down their endpoints and networks, it is simply a cost of doing business to them. They are all in search of a silver bullet that simply does not exist, and they fail to do what they should have been doing all along... locking down their endpoints and networks.

    If you are truly interested in protecting your personal information, then I invite you to join me in this. Thank you!
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you guys for all of the great comments and encouragement, I hope to catch up soon!
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Nicely put, Dan! :thumb:
     
  6. oZone

    oZone Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    33
    Location:
    Earth
    Hi
    I used to use VS 2, but because of some problem with compatibility with driver and UAC, I had to remove it,
    but now after reading some reviews I would like to give VS another try.
    I have few questions:
    Does VS still recommend to disable UAC,
    I am testing windows 10 preview, so how is VS compatible with it,
    I am multibooting, do I need to buy licences for each OS or only 1 computer
    Is it possible to buy lifetime licence, or is there some discount

    thx for answers
     
  7. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    917
    @VoodooShield

    I truly appreciate you taking the time to address my concern. I understand that you have to cover your bases legally and I am sure that you yourself have no interest in my personal information. I wasn't implying that you or your company had any improper intentions with the data you receive. You seem to have a great reputation here at Wilders from many who are much more "in the know" than I ever will be. I don't think I've ever seen anything but good things about the product itself.

    My biggest concern with personal data leaving my system has been that once it does, I lose all control of it. While I do my best to secure the data on my systems with what little knowledge and resources I have, others who receive that data may not do so. I have already had my personal information compromised in two separate cases where it wasn't under my control; once when a healthcare system was hacked and once when a government entity lost a laptop containing the personal data of many persons. (At least the laptop was supposed to be encrypted.)

    It's like you said, "These companies hold your personal information with little regard for your privacy ~". Even those companies that do make an attempt to properly secure data are not immune to being hacked, losing data, or suffering a malicious act by an employee. An entity holding the data of many persons is a lot bigger target/payoff to someone than my system alone. I doubt that most companies will ever take all the extra steps required to secure users data as well as possible until there are financial repercussions for them that outweigh the expenses of securing the data in the first place.

    Today I looked back at my AV's EULA and it does contain the same type language that personally identifiable information may be collected. I have used this AV for many years and haven't looked at its EULA since I first installed it. (That's my own failure.) Maybe it contained the language then and I just wasn't as concerned about the issue at that time and forgot about it later.

    Anyway, even though every company seems to collect this information now it doesn't make me any more comfortable. I hope it's at least encrypted on the way to these companies and anonymized where possible. I was glad to hear the explanation for why the language is included in your EULA. Thank you for your response and for the concern for your users.
     
  8. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Interesting read about "Antivirus companies want all the data they can get." http://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/
    All of the products aside from Ahnlab, Emsisoft, and Vipre tranmit these URLs to the company. Be nice to see VS listed in a newer article.
     
    Last edited: Jan 24, 2017
  9. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    418
    What if we use the "install mode" while installing/updating apps/drivers.
    Will this tune the Ai?
    Or is it better to have VS enabled and go thru all the popup (if any)?
    Or in short, how do we best "help" tune the Ai?

    /E
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Sounds a bit like overkill to me, but why not check it out? I have a feeling they will run just fine together.

    This is one of the reasons I stopped using AV's besides them being bloated. About VS, does it need to connect the web? If it's not strictly necessary I would just block it.
     
  11. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    I'm using eM Client for my emails and everytime I open it I get a new and slighty different command line for this program. I have read about putting wildcards for things like this in the command line but have no idea how or where to put the edit.

    This is what I see... "c:\program files\em client\mailclient.exe" (then loads of other stuff after the exe)

    How can I edit this line to prevent all these almost duplicated entries.
     
  12. NWOAbschaum

    NWOAbschaum Registered Member

    Joined:
    Feb 9, 2014
    Posts:
    222
    Location:
    Germany
    It is needed.
     
  13. When you are running a program from user space while VS is on you are basically asking to collect over 40 characteristics of the executable and run it through an machine learning artificial intelligence engine on a server somewhere in the cloud.

    How is the machine suppose to learn when it is not allowed to remember?
     
    Last edited by a moderator: Jan 24, 2017
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I didn't know that VD-AI was based on the cloud? I really hate all of this cloud stuff, I don't like it when security tools need to connect out in order to function correctly, I'm not going to lie.
     
  15. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    :thumb: Same here.
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thanks kees! One small correction, he meant to type 400. It is actually currently around 300 features.
     
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, I have a deal for you Rasheed... if you build a home computer that is as powerful as IBM Watson or the Azure Machine Learning cloud, I will build a special version of VS / VoodooAi for you that does not require the use of the cloud ;).
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hi! When you click the details button on the prompt twice, the command link should be listed in the top box of the prompt. Can you please post at least 2 of those command lines and someone on here will be able to figure it out. Thank you!
     
  19. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "I didn't know that VD-AI was based on the cloud? I really hate all of this cloud stuff, I don't like it when security tools need to connect out in order to function correctly, I'm not going to lie."

    As you already know one of VS features is to connect to Virus Total to see how many bad hits there are. This is besides the Ai function. I don't see a problem with connection to VT to check A file, do you?
     
  20. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    172
    Location:
    London UK
    I don't have that problem. Have you added it to web apps? I'm using the IE version (v6) and not the Chromium version (v7) of eM Client so there might be a difference. Try putting * or "*" after "c:\program files\em client\mailclient.exe"
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    You said "I doubt that most companies will ever take all the extra steps required to secure users data as well as possible until there are financial repercussions for them that outweigh the expenses of securing the data in the first place." I think that used to be true, but times are changing... I read about it all of the time. Here is one example.

    Have you heard the European General Data Protection Regulation?

    I found out about it here: http://www.xconomy.com/boston/2016/...dictions-for-2017-ransomware-skills-gap-more/

    And point number 6 links to here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf

    The time is coming that companies are going to be held accountable for not properly security their customers data... and all it is going to take is one lawsuit. Malware will no longer be considered a cost of doing business.

    Also, I have heard horror stories how IT pros will pretty much lock down a doctors office or hospital, then the doctors will come along and ask that the protections be removed because they interfere with their work flow. So if you are going to create a lock, it has to be user-friendly.

    My hope is that 3-4 years we will look back and ask, "can you believe they actually used to allow new, non-whitelisted executable code run when the computer was at risk?"
     
  22. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    How can a "cloud" be secure, what protection (security) does it have?
    If banks and gov can't protect, what can make me believe in "cloud"?
     
  23. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    Here are 2 of the lines...

    "c:\program files\em client\mailclient.exe" --type=renderer --no-sandbox --disable-direct-write --disable-databases --lang=en-us --lang=en-us --log-file="c:\users\frank\appdata\roaming\em client\logs\cef.log" --log-severity=error --uncaught-exception-stack-size=8 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1792.2.1926381

    "c:\program files\em client\mailclient.exe" --type=renderer --no-sandbox --disable-direct-write --disable-databases --lang=en-us --lang=en-us --log-file="c:\users\frank\appdata\roaming\em client\logs\cef.log" --log-severity=error --uncaught-exception-stack-size=8 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="1792.3.2006939

    It seems that just the last set of numbers are different, but this will happen on each new email I open which generates lots of almost identical entries.
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Wow, I never really thought about this... but yeah, URL filters would have to send some very personal data. If this is the case, VS will never have a url filter ;).
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am not sure what all protections most cloud services have, but I think the key is to not send any personal information to the cloud. If you have absolutely no choice but to send personal information to the cloud, then it needs to be encrypted.

    So I just make sure we do not send any personal information to the cloud... for example, here is the exact data that is sent to the VoodooAi cloud when a sample is analyzed (this is the signature regedit.exe btw).

    "Values":[["0","427008","0","-1","-1","0","-1","0","0","0","0","-1","-1","0","-1","0","0","144","3","0","4","0","65535","0","184","0","0","0","64","0","0","0","0","0","232","AMD AMD64","6","1247527628","0","0","240","34","0","-1","0","0","0","-1","0","0","0","0","0","0","0","1247527628","2","36","123040","120480","118980","4096","119296","118980","1610612768","6.21","22460","126976","22528","22460","1073741888","5.15","268992","151552","265216","268992","3221225536","0.01","3984","421888","4096","3984","1073741888","5.11","13448","425984","13824","13448","1073741888","4.29","300","442368","512","300","1107296320","3.57","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","427008","0","0","0","0","134768","340","425984","13448","421888","3984","0","0","442368","300","122980","56","0","0","0","0","0","0","0","0","736","340","126976","2824","134656","64","0","0","0","0","523","9","0","310272","0","4112","0","4294967296","6","1","6","1","446464","1536","471480","2","33088","524288","16384","16","0","0","340","134768","13448","425984","3984","421888","0","0","300","442368","56","122980","0","0","0","0","340","736","2824","126976","64","134656","0","0","0","0","326","507","0","0","highestAvailable","332","4","0","0","0","0","0","0","0","1","134720","414120","151552","134736","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","English (United States)","7"]]}}

    Most of the 1's and 0's are True / False.

    As far as the blacklist is concerned, I believe only the SHA-256 hash and the API key is sent.

    But anyway, the key is to not send anything personally identifiable in the first place.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.