VoodooShield/Cyberlock

I wouldn't bee too harsh on NullByte over at MT, if only because CS (Meghan) acknowledged him, https://malwaretips.com/threads/bypassing-security-software.61077/. As a relative noob in security it's nice to hear from people that are good at explaining issues in a simple, pithy manner. I would love to see CS and NullByte test VS.

 

Hey Iangh,

Yeah, I am aware of that post, and I actually thought I was pretty nice to NullBytes, especially considering that VS does not allow by Digital Signature (except temporarily) and VoodooAi would easily detect the obfuscation he mentions in that post, and later confirms in another post “If I execute an encoded sample I get 1.0000 unsafe” (VoodooAi result).

I would be happy to go into details, but I did not want it to appear that I was unloading on NullBytes unnecessarily… but my point is that the exact things that he warns about in his initial post, VS excels in protecting against. Also, it is okay to criticize a product (if you genuinely believe there is an issue), but it is not okay to give other products a pass for the exact same concern.

If people want to post and try to make a name for themselves, while suggesting that they are owed a ransom, then they better be able to back it up.

Or better yet, just make a video. Thank you!

 

Sounds good to me!

Daniel

 

Link there: https://malwaretips.com/threads/challenge-voodooshield-and-win-a-lifetime-license.61197/

 

Before I forget... NullBytes did have a point when he talked about injecting malware into a clean file, which someone already demonstrated on this thread a few weeks ago. Which would not be an issue, except for the fact that VS does allow by Parent Process by default (to automatically whitelist as much clean stuff as possible). So basically, all I need to do is make sure that if a non-whitelisted item is going to be allowed by the previously allowed parent process, that it is checked by the blacklist and VoodooAi first.

 

Very cool, thank you guest!

 

Members are free to express their point of view, as mods we don't interfere unless we saw a enormously obvious false statement, as i didn't use VS since ages, i can't agree or disagree with his post ; however we have several VS-using members so if the statement is false , it will surely be corrected with time.
personally i still think the dev or a representative should directly answer, we mods , will intervene if a trolling/flaming emerge.

fair enough

hahaha it can be seen like that indeed ! i just mentioned the way i saw its evolution, from the first beta i tested years ago to now; i admit i was not so interested by VS , until its Ai thingy implemented

 

Yeah, the mods on MT are much more "relaxed" then they are on Wilders, which is a good thing, that way users can spend more time on whichever forum they feel most comfortable with.

BTW, I want to stay out of the VoodooShield Challenge as much as possible. I think all of the users will be very honest, because they know people are going to be watching very closely .

I have already received a couple of entries in the contest... if you think it is better that they contact MT directly, that might be better, that way I can stay out of it as much as possible. If so, I can forward you the entries the I have received so far.

 

BTW, can you please make sure that the users email me their MT handle when they send me the email so we know who they are? Thank you!

 

I think guest is offline here. And I think your last 2 posts are important to start the VS Challenge process on MT so I have PM your last 2 posts to guest on MT as he is online there.

 

Am I right in thinking that this neat programme has been built by two people, Dan and Vlad (contractor)? From small acorns...When I look at Avast's acquisition of AVG and the numbers involved, I hope the time (5 years since start of thread) pays off for you, Dan.

 

Very cool, thank you, and thank you again .

Edit: Man, I do not know why I keep reading the posts and thinking they are pm's... but thank you yesnoo and Iangh!

 

yes especially in MT we have lot of average/beginner users, so we can't be too harsh on them, they come to learn.

That is the good attitude indeed, less you are involved , better it will be legitimate

I tink it is better you handle the resquest, but send me and Yesnoo (seems to be your MT' voice ) a copy. also , the list should be around 25 members (one by license) plus some substitutes (in case one of the 25 fail/didn't do the test properly.)

I will ask for the MT usename and to show this is a video made for MT , i won't like someone just copy paste a video made by someone else.

 

Sounds great, thank you!

 

Sorry, I initially missed your question. VS started with a developer named Dywayne and I, and a few months later, another developer named Karl started working with us as well. They are local developers and we still keep in touch. And actually, Karl is going to take over my consulting business once I am able to go fulltime with VS (hopefully sooner than later). They both worked on VS for a while, then were burned out, so I started developing VS on my own. There were a couple of other developers who helped me along the way as well, but developers have a tendency to become bored or burned out with projects and want to move on to the next. Then about a year ago I met Vlad, and he worked miracles with the KMD and VS 3.0. We knew it was temporary because he had a baby on the way and he was busy with a lot of other things as well. So there have been quite a few developers who have helped me along the way... it has been a crazy 5 years, that is for sure .

 

Dan,

I seem to misunderstand you over and over again, so on auto pilot VS blocks automatically suspicious and unsafe executables and automatically allows safe executables.

Is it correct to assume there is no user interaction required in auto pilot?

 

Automatically allows Safe.
Automatically Blocks Suspicious & Unsafe i.e you get Mini Alerts.

 

Thanks. That is great. This is exactly what I want to prevent shoot in the foot errors.

I will keep UAC on quiet only allowing signed executables to elevate and will disable Windows Defender and Smartscreen and replace them with VS on my wife's laptop.

 

I have been following this thread for a few weeks now since I first looked at it out of interest one day back then and decided to install the free version. I was impressed from the very start how it worked and enjoyed watching this thread from that day onwards, and even installed the beta 329 to see how that would work on my system. I have had no freeze issues and all I use is ESET Smart Security with UAC off and Defender and Smartscreen disabled.

I'm running on AutoPilot and I still have to allow certain things to run such as Regedit so I'm guessing this is correct. The interesting thing for me is whilst I never liked the constant warnings from UAC and is why I turned it off along with Defender and Smartscreen, I don't seem to mind the VS warnings which seem more reassuring to me because of all the Ai development that has gone into this program.

Many thanks and I look forward to the future improvements being developed.

 

Very cool, thank you for confirming! I wonder if MM would be willing to offer some or all of the contest participants a free 3 day trial, so they can test Cylance as well. It will do very, very well... similar to the results from my tests.

 

Hey Kees,

Yeah, exactly what yesnoo said (thank you yesnoo).

This might be a great time to explain something that is quite important. A lot of people compare VS to either traditional antivirus or to other anti-executables, but really, it is kind of difficult to compare VS to either, since it is somewhere in the middle.

See, at its core, VS is still an anti-executable, but the whole idea is to make it user-friendly enough for the masses, so everyone can lock their computer. So in general, VS is an anti-executable, but when VS is on AutoPilot or Smart / OFF mode (no web apps running), anything that is determined to be safe by the blacklist AND VoodooAi, is automatically allowed.

The whole idea being that we mitigate the dangerous affirmative user prompt as much as possible, and auto allow items that are unquestionably safe... but if there is a question whether the file is safe or not, then it needs to be blocked until the user can decide what to do with it (eg. deny by default / ignore it all together, or check out the blacklist and VoodooAi scores and possibly run it).

Neither the blacklist or VoodooAi are absolutely perfect, so if there is a question, then the file is blocked. It is kind of like in physics how sometimes things behave as a particle and sometimes they behave as a wave. VS is the same way... sometimes it behaves more like a traditional AV, and sometimes it behaves more like an anti-executable. It is a very weird animal for sure .

 

Cool, that would be the best of both worlds! As FleischmannTV pointed out on another forum / thread, it probably is a good idea to not totally disable UAC, since on some systems, this can disable the Windows Protected Folder feature. If UAC did not disable this feature, then I would say just disable it altogether. It really is better to be safe than sorry . Thank you Kees!

Edit: I still disable UAC and always will, and it should be perfectly safe to do so... but if you want to be extra careful, there is no reason to disable UAC.

 

Hey zarzenz, nice to meet you and thank you, I appreciate that very much! Wilders users all get free VS Pro licenses, so if you need one, please email me at support at voodooshield.com.

 

Really Interested to see the results of VS testing

 

Yeah, me too... I hope the testers are super creative and come up with all different ways to test the different security products!