VoodooShield/Cyberlock

Stay busy reporting! Your making VS a better product Its best to discover as many bugs as possible now before VS is marketed to Small Businesses, and even as high as the Corporate Market if it can be Tailored to their needs.

 

Also, I forgot to mention Governments. I'm sure they would be interested in using VS technology in the near future. A version of VS could be tailored to their needs as well.

 

I have just downloaded VS and cannot get it to work correctly. Perhaps I am misunderstanding the way it works.

I am using Win 8/64 Pro and have UAC disabled.

After restarting the computer I didn't wait for the 10 mins training but turned the icon to ON. Then tried a couple of programs (email, Opera) and they started. Then cleared the log and whitelist, set the icon to ON and tried some more programs among them Gibsons leaktest. All were allowed through.

So please - what am I missing here? Does the UAC have to be on for it to work?

 

I have downloaded your latest version, which I assume is 1.09.4, although there is no way to tell the version number of your program. I can open a website shortcut on the desktop with my default browser Chrome, latest stable version with no problems. I am running Win8, 64 bit. The "Edit Whitelist" does nothing. I am running Sandboxie 4.03 with Chrome. Even if I turn Sandboxie off, the "Edit Whitelist" button does nothing.

Any other suggestions?

 

It looks like we still need to think through this a little more. I will look at it even closer later today. Than you for the input!

 

I see... The current version of VS does not work that well in Standard User Accounts. It should work well once we run the engine as a service. VS was designed to protect computers who run as admin (and typically with UAC disabled). That is why we put the following notice in BOLD in the EULA:

VoodooShield™ was designed to be a better alternative to the Microsoft Windows User Account Control (UAC). While VoodooShield™ is compatible with UAC, VoodooShield™ works best with UAC disabled, and on computers whos user accounts run as administrator. During installation, VoodooShield™ will disable UAC so it can run in an optimal state.

You can kill VS with KillSwitch, only if VS allows KillSwitch first, correct? If this is not true, please let us know! Please reset your whitelist and run killswitch from the user space, like maybe the desktop. If you can get KS to kill VS, please post the procedure!!!

Thank you for explaining your situation in detail, it really helps!

 

We decided to not have a shelf life, so you can activate whenever you would like!

 

Yes, we should get a list and hard wire that in. For now you can go to Settings / Custom - "Custom Programs that Activate VoodooShield in Smart Mode".

Do you also mean kind of transfer the whitelist to the virtual environment as well? That would be a great idea, but very hard to implement!

I think I am understanding you correctly, if not, please let me know!

 

Me too!

 

Exactly, we appreciate all of the help!

 

Yes, we have been in contact with... well, I cannot say. But yes, I think government agencies will find VS to be very useful. We have to run the engine as a service first, since a lot of the business and government computers run standard user accounts.

 

Having VS turned off for a longer time is a great security risk!
Training mode should be used only for a short time after VS installation and during installing/updating software.
You have to either make it to reactivate VS from OFF mode after x seconds or remove that option and stick with notification to remind the user about reactivation.

 

Hi, it sounds like you are overthinking VS! VS is very, very simple.

VS will automatically allow everything in the Program Files and certain Windows folders by default, since they are protected folders and it makes VS a lot easier to train. Try to download something from download.com or something and put it somewhere in the user space, like maybe your desktop. If VS is ON, it will block it.

Keep in mind, in Smart Mode VS will toggle between ON and OFF, depending on whether a web browser or email client is running or not. Some people prefer this mode all of the time, while a lot of people prefer Always ON after they run in Smart Mode for a few days, so that VS is well trained on what not to block.

Also, I am not familiar with the Gibsons leaktest, but from the sound of it.. it sounds like it might be a firewall test. VS is not a firewall, and firewall tests are not the appropriate tests for VS. But think of it this way... assuming that Gibsons leaktest has not already been whitelisted, or is not in the Program Files or Windows allowed folders... VS will kill Gibsons leaktest before it can run any tests.

You are not the first person to be initially confused by VS! We have had the hardest time explaining how VS works since it is so different from most of the other security products. But once users understand VS, they basically say "I cannot believe how simple that is".

BTW, if anyone can explain VS better than we are, we would love to hear your thoughts. Or if you have a really great analogy we can use, that would be great too!

 

*Let us think through this a little more. I will read your comments again and see if we can understand each other perfectly. BTW, OFF (Training) Mode was not added to VS until about a year ago. We thought it might be a good idea to have a Mode where you can completely shut VS down, like if you were going to install a bunch of software or something. VS will prompt you after 10 minutes if you are in OFF (Training) Mode... this is a different option than the other options we have discussed. I think we are close to understanding each other, thank you for working through this with me.

 

No problem, Dan....
VS works great!
You should keep OFF mode. It is very convenient to use, learns the system quickly and requires no user interaction.
Only thing I think that needs to be slightly adjusted is to apply Reactivation to it.
Simple as that....
I also suggested to make it optional cause I know that not all the users will agree with me.

 

Ah that's great. Um how many pcs is the license for? Do you have any plan to introduce VoodooShield into mobile device market like in tablets & smartphones?

 

I've just installed the VS then make it ALWAYS ON. Then I killed startvs.exe and VS shuts down. If I kill Voodooshield.exe then it restores right away.

I've reseted the whitelist. I put KillSwitch.exe to the desktop then run it. VS blocked. I've allowed. Then again I killed the VS.

I've reseted the whitelist. I put the shortcut to KillSwitch to the desktop then run it. VS didn't ask. I could kill the VS.

 

We obviously want to make VS so it makes the most sense to the most amount of people, so I appreciate your input tremendously!

I think we can clear this up if we start with one thing at a time..

In OFF (Training) Mode - Since VS cannot be activated until you change to either Smart Mode or Always ON... are you cool with VS disabling auto activation, auto deactivation, and reactivating when returning to a browser or email.

Basically, sense OFF (Training) Mode means always off no matter what, there is no reason to activate it or deactivate it, right?

Once we understand each other on this, we can talk about the next 2 modes if that is cool with you!

 

A small "bug", I have downloaded something in downloads folder, ran it and allowed it in VS, then I deleted it from whitelist, ran the program again and it allwed it, after restarted VS then it blocked it ( An improvement might be if it is not already, to update the list in real time). This may be the reason why VS allowed the programs that djg05 deleted from the whitelist.

 

The free license is good for 3 PC's. Yes, we are porting VS to most of the other platforms, but it is going to take some time. Since Mac OSX is the second target for hackers (after Windows), we have been working on that version for the last 6 months or so. It is actually almost ready to submit to the App Store!!! We just need to put the finishing touches on it. The lead developer for the OSX version is Nomi, and he has been doing a phenomenal job on it!

After the OSX version, we will port VS to iOS, since they both use the same development tools and language (Objective C), it should be quite easy to port. Mainly it will just be GUI changes.

Then the next platform will be Android. I would guess the Android version should be available in the next 6 months or so.

 

"I put the shortcut to KillSwitch to the desktop" - Yes, but what is the path of the executable .

 

Cool, thank you for helping us test VS!

Yes, if you deleted the one entry from the snapshot, VS is still using the locally stored whitelist, so it would be allowed until VS is restarted and downloads the current whitelist from the server. See, when VS is started, it downloads the most recent whitelist from the server to the local copy. And when you exit VS, it uploads the local copy to the server. We do this to reduce or eliminate the chance of the whitelist from being hacked. It is also convenient to have the whitelist stored remotely in case someone gets a new computer or re installs windows.

But, since you pointed this out... I think it would be wise to have VS download the most recent copy from the server whenever the whitelist is edited. The method we are using is already secure, but it will be even more secure once we do this! We will add this asap! Thank you for the suggestion!

BTW, snapshot and whitelist are the same thing. Sometimes I say snapshot, sometimes I say whitelist!

 

So what is the reasoning behind having the whitelist on VS's site and not locally on ones machine? Not so practical with us users of Light Virtualization software.

 

We sincerely appreciate everyone trying to find holes in VS, it is a huge help to us!

Please make sure you reset the whitelist before you test! And please make sure that you are not running an executable from an allowed folder!

I know whenever I test VS, I get confused whether I allowed something or not. Because once you allow something once, it is going to be allowed.

But keep in mind... if malware is ever allowed one time, then the computer is "done".

I hope that makes sense!

 

It is on both.. please read post 1372.

Out of curiosity, what light virtualization software do you use?