VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. mWave

    mWave Guest

    Yes that is perfect. However in this case VoodooShield dev is basically saying:

    Car>OS
    Driver>VS
    Passenger>Exploit

    And then VS is successful because his solution is to not have a car in the first place? Wtf? :argh::argh::argh::argh:

    I am not even talking about whatever 24 anti-exploit methods you are talking about. I don't know what you've taken, just go to a damn hospital and get an analysis.
     
  2. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK


    Grow up!
     
  3. mWave

    mWave Guest

    I am basically saying that he may as well be in a relationship with @VoodooShield.

    I wouldn't have been rude if he stopped dicking around with ******** responses.
     
  4. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    195
    Geesch....keep it simple....there is more than one way to skin a cat....
     
  5. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    Let's Stop the Personal Attacks, Otherwise We'll Close This Thread For Awhile!
     
  6. mWave

    mWave Guest

    "Hi guys I am the VoodooShield dev let me make a video showing other products failing but hold on, my product blocked a process so my product is the absolute best right? am I right guys?"

    Rest of Wilders Security community who fan boy this product: "YEAH LETS IGNORE THAT LSASS.EXE WAS ATTACKED VS IS THE BEST ... VS is an anti exploit now"

    .... Doesn't work like that. But hold on, video or it didn't happen. I've explained myself so much it really isn't rocket science.

    @JRViejo Sorry that was my fault, I'll stop the rude language

    Edit: said anti-exe instead of anti-exploit by accident.
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    If mWave can demonstrate a proper bypass, I will send him the average bug bounty fee. I think it is around $50... but we can make it $100. Fair enough?

    Besides, I test, he speculates... those are two very different things.
     
  8. guest

    guest Guest

    @VoodooShield @mWave

    ok the driver (vs64.sys) itself shutdown VS but to do it it has to be loaded from "something" that VS doesn't monitor, right?
    and what may be the "something" ?

    not exactly , it should be like this:
    Car = OS
    Driver = VS
    hitman = executable
    hammer = exploit
    Gun = the payload

    mwave definition of VS : Hitman is coming to the car, but driver recognize him as a threat and goes out then knock the hitman.
    If the driver cant recognize the hitman , he is doomed.

    So, to VS to really block Exploit it should be like this:
    hitman is coming to the car , draw the hammer , but driver is going out and disarm the hitman of his hammer.
     
    Last edited by a moderator: May 29, 2017
  9. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    Again, Either Everyone Steps Back and Breathe, Or We'll Close This Thread!
     
  10. mWave

    mWave Guest

    You don't get it do you. I have not bypassed your product, I am not after your money. Just go and read my damn replies.

    Look at your own video, the product failed. Lsass.exe was attacked with remote code injection, protection failed
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Was the DoublePulsar backdoor installed? Yes or no.
     
  12. mWave

    mWave Guest

    What parts of VoodooShield are you actually responsible for actual development on? (programming)
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Pretty much all of it at this point... except I do not do any work on the driver (it is finished and stable at this point).

    However, I did write 100% of the code that blocked DoublePulsar.
     
  14. mWave

    mWave Guest

    Interesting.
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I answered your question, now please answer mine.

    Did VS block the installation of the DoublePulsar kernel level backdoor?

    Yes or no.
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    It's definitely much different than most exploits I have looked at in the past. I wasn't sure how it spread to so many machines so fast. If it can be spread by email, then the same is possible by website with some extra code.

    I warned Eset how dangerour SMB protocol is 2 years ago, and I think most people listened with a grain of salt. The good thing is that Eset did very well blocking the exploit. I was really surprised they did not block WanaCry though.

    Layered Security is the only way to go! Where one solution may fail the other may succeed, and vise versus. I try to be very tactical in my layered security so that they cover each other's possible weaknesses. There will always be overlapping security in most cases, but the objective is to have a layered security that covers all possible attack vectors. Nothing is 100% effective, but you can get pretty close.
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay. It's time for everyone to take a time out on this testing stuff
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Please don't close the thread. There is only a few people behaving badly. Just temporarily disable their account if they keep it up if that is possible. This is like the main thread for VS support.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Then everyone including Dan needs to give it a rest.
     
  20. guest

    guest Guest

    Possible indeed.
    yes surprising, but as i keep saying, never use default settings.
    Exact.
     
  21. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    Agree! Otherwise, We'll Give Them The Pause to Cool Off.
     
  22. mWave

    mWave Guest

    Yes and no. You already know why it is a yes and no.

    Y because you blocked the process which was malicious, however in a normal situation you wouldn't know what the program is necessarily going to do and allowing it means VS has nothing to block further. It isn't going to block any malicious activity from an already running process.

    N because lsass.exe still executed code which was remotely injected and the injected code could be the code used from the process you blocked from spawning and you already know this, you are just trying to make your product look super good and bash others.

    Your product is an anti-exe, not an anti-exploit. Stop lying. The evidence is already in the video you posted yourself.. lsass.exe executed code to try to spawn the malicious process (which was done by the injected code), but because VS is an antiexe it stopped the process spawn. Big deal. Doesn't mean its now an anti-exploit

    Lol this would be like a vendor blocking a ransomware sample from its SHA-256 hash and then promoting the product as the "best anti-ransomware on the market" with some videos showing other vendors missing the sample

    Smh.
     
    Last edited by a moderator: May 29, 2017
  23. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    guest Had a good suggestion awhile back:

    "It is why i proposed to let VS automatically disable the "parent process" thingy when the user decide to go "Always On" and re-enable it when back on Smart Mode.

    The best example i can see it , is when the user download/test an unknown executable ; moving on Always On will disable "parent processing" making the system safer, then once done with the executable, the user will move back to Smart Mode (and the Parent Processing will be automatically re-enabled). Easy to implement and use, non-intrusive/confusing, transparent, and safe."

    Is this in the works?
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Great point... but please keep in mind that the Parent Process option was enabled during the test... and VS still blocked the child process of lsass (DP).

    Basically, that option only applies to certain things, and only applies to items when it is safe to do so.

    There is a lot more going on under VS's hood than anyone realizes.

    Molly and I are going to the park, everyone have a great weekend!
     
  25. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    I wasn't referring to the test, just a general suggestion.
    Have a great time at the park!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.