VoodooShield/Cyberlock

Well, external media sources such as flash drives, and external hard drives are a major source of infection so it is definitely needed. Anyone running in smart mode will have no protection against threats from these sources.

I'm going to test to see VS blocks the execution of a few executables in always on mode from these sources, and report back.

 

I just tested in Always On Mode to see if VS would block executables from a flash drive, and an external hard drive. It blocked them all from the flash drive, and external hard drive. I only used .exe files though. I will test VS against other executables later. I just wanted to do a quick test.

I decided to test VS in Smart Mode to make sure it was not a bug where the icon was remaining red, but the protection was actually enabled. That was not the case. VS allow all the executables i ran from both sources.

Please add support for Smart Mode for External Media Sources! I cannot communicate strongly enough how much this is needed!

 

Well, most viruses from USB sticks are .ini, from what I know, I thing that it depends on the region if USB viruses exists or not. I got few in the past from a printing store. If this doesn't slow down VS should be implemented.

 

I see. Are you running as Admin or Standard User?

 

Yes, VS will block them if it is ON, we just need to make VS activate when a flash drive is inserted. I will see if I can figure it out tonight. Then implement some of the other features and hopefully have a new version this week sometime. Thank you!

 

That makes sense that they would originate as an .ini, with autoplay and everything. VS will block it once something executes. It won't slow down VS at all, so I will include that feature asap.

We just didn't want someone that had a flash drive inserted to download VS to try it, and wonder why VS would not toggle in Smart Mode. But if we make it an option, it will be cool.

 

Ok, I see I didn't think about that. You did make me think of a few new ideals though. There are a few different options here I can think of.

1. The user could be prompted upon plugging in a flash drive or other external storage that VS will enable it's protection for their device. This will also enable protection for the userspace on the OS partition. On the same prompt they can be informed they can click on the tray icon to disable VS's protection at any time (The safest for novice users).

2. The user could be prompted upon plugging in a flash drive or other external device asking if they want to enable VS's protection for their storage device. In this option they can either choose to leave VS's protection disabled, or choose to enable it. If they choose to leave it disabled then hopefully they know the flash drive is not infected. This will also enable protection for the userspace on the OS partition.

3. The user receives a prompt asking whether they want to enable VS's protection for their flash drive or other external storage device only. This option only enables protection for the external storage device, and does not enable protection for the user space the OS resides on. This option would be more like sandboxing. I'm not sure if this would be anymore useful than the first 2 choices. I'm also not sure if this would be hard to implement. There are several products on the market that already do this. I wouldn't think it would be, but i'm not a coder. I'm also not sure exactly how much of this technology can be copyrighted. I think it's hard to determine sometime. I prefer the way VS already does this in Always On Mode.

Myself, I like the 1st option the best. It keeps novice user's from having to answer a prompt. Just go ahead, and enable protection. Then give them a bubble prompt informing them that VS's protection has been enabled because of an external media device being plugged. In the same bubble inform them they can disable VS's protection at any time by right clicking on VS's tray icon. If they do decide to disable VS's protection after plugging in an external media device then keep VS in off mode until they perform an action that would risk them becoming infected. This is how Smart Mode already works. You could also make this an option under settings that can be ticked to enable protection in Smart Mode for external Media devices.

 

Thank you, I think I like the first option the best too.

 

I have noticed that when running in Smart mode that the icon does not switch to ON when collecting my email. Should it do so?

Email program is The Bat, and running Win 7/64.

 

You can manually enter a program to toggle VS in Smart Mode. If you go to Settings / Custom - Custom programs that Activate VoodooShield in Smart Mode.

We can always hard wire new email clients and web browsers if a lot of people start using them, but the above option does exactly what you are looking for!

 

Yes, that's a very useful option. If I used Smart Mode I would definitely use activate VS in smart mode by program.

 

Thank you. I wish we could just hard wire every email client and browser, but there are just too many of them! So that is why we included that option.

 

Finally, someone besides me posted a youtube video of VS killing viruses! Although it is a little confusing, because he allowed a couple, and I am not sure why. But very cool anyway!

https://www.youtube.com/watch?v=KoCsSk3fPTE

 

Below are a few applications that should trigger VS to enable it's protection while in Smart Mode. If not these applications should be added manually to trigger VS's protection in Smart Mode. Even IM Clients allow file sharing. Some of these should probably be hard coded into VS.


P2P Clients are a major source of infection regardless of the legal battle over them. There still are legal uses of P2P technology.
Tixati (torrent Client)
Utorrent
Vuze
BitTorrent
ABC (Torrent Client)
BitComment
qBittorrent
Emule
Other Emule Clients -http://www.emule-mods.de/-
Limewire Knockoffs, and other Gnutella clients.
WinMx
DC++
RetroShare
StealthNet
GigaTribe

Instant Messenger clients listed below.
Skype
Pidgin
Jitsi
Trillian
Digsby
ICQ
AOL
Google Talk
Facebook

Email Clients
Microsoft Outlook
Mozilla Thunderbird
The Bat
Here is a list of email clients until I list more of the popular ones -https://en.wikipedia.org/wiki/Comparison_of_email_clients-



I've only tested with Tixati, Emule, and Jitsi so far. VS did not enable it's protection in Smart Mode for the three I have tested. Does VS enable it's protection for any I have listed?

I manually added these programs to activate VoodooShield in Smart Mode, and it worked as expected.

Many Novice uses would not know to add these applications to activate VS's protection in Smart Mode. Many novice users use these applications so they would go unprotected while conducting high risk activities.

Best Solution would be to hard code the most popular ones into VS.

Also, only 3 applications can be added to trigger VS's protection in Smart Mode. I recommend adding support for adding many more than 3. I recommend a list format. Adding multiple applications to a list with the ability to add, and remove applications as needed.

 

qbittorrent is another one, why are there only 3 spaces to add custom programs?

 

Thank you for the list! We will see which one's we can add. If VS does not activate in Smart Mode after adding one of these, please make sure that you enter the process name only. For example, if you want the windows calculator to activate VS in Smart Mode, just enter: calc

We can add several more boxes, we just need to figure out how many we should add. We probably do not want to have more than 9 or 10.

 

We only included 3 for now, we can add more. We didn't think anyone would use more than 3 or so, but we can add more. How many do you think we need?

 

What you suggested should be fine

 

Instead of adding boxes it would be best to make it a list format. The user could add, and remove from the list as needed.

 

I think a list might be a lot harder to implement the way it is set up, but I can check it out. I might be easier for the user though. Although, with the box they can double click to browse as it is now.

I can also try to add 30-40 to the hard coded list and see if it affects the performance, it really should not.

 

I just added DC++, RetroShare, StealthNet, and GigaTribe to the P2P list. I added them to my original post just for the sake of having all the information in one centralized location for easier access. If anyone can think of anymore P2P clients still being used that are not on the list then let me know, and I will add them.
I also went ahead, and added a category for email clients as well. I went ahead, and added qBittorrent that MRF71 listed. There are many more Torrent Clients though. I would like to see at least the popular ones hard coded to VS. I'm not sure how many can be added without affecting the performance of VS.

 

Thank you

I have obviously misunderstood the way VS works. I was under the impression that it would stop any unknown program accessing the internet. So Smart Mode only works for known programs, anything else is allowed?

 

The ideal behind Smart Mode is that VS thinks for itself. It knows when you are performing risky task that could lead to an infection. If you lunch a web browser, or email client then VS automatically will enable it's protection because surfing the Web, and Checking email are risky task. When the user is performing any other task considered to be safe VS switches to OFF(Training Mode).

 

Yes, Cutting_Edgetech's explanation is pretty much how I would explain it too. Basically Smart Mode toggles from ON to OFF, depending on if a web app is running or not. Since VS is an absolute lock for executable malware (in theory), there has to be a way to turn it OFF at times, otherwise the computer would be locked and unusable. It just so happens that toggling with web apps makes sense, and works really well. At some point, it is not a bad idea to keep VS in Always ON mode, although I prefer Smart Mode.

When we first released VS, it did not learn what programs to allow and block nearly as well as it does now... it took us awhile to get it to where it is today. Now VS trains very quickly, so a lot of people put VS into Always ON mode after a few minutes.

VS is not a firewall, so it does not stop programs from accessing the internet. VS is more of an anti executable, so it blocks the payloads that exploits drop, along with any other executable code. And Smart Mode is a way of toggling between a locked computer and an unlocked computer.

The vast majority of hacking is now done through malware, which VS blocks. I remember 15 years ago using Black Ice, and watching hackers try to hack in to my computer. I am not suggesting that firewalls are no longer needed, but some people find that the combination of their router's firewall, and the built in Windows Firewall, is adequate protection from unknown programs accessing the internet. There are a lot of great firewalls out there, and it never hurts to add an additional layer of security.

Keep in mind... if malware is allowed to run on a computer, it will bypass many firewalls, so that is why VS targets malware. Right now, hacking is all about malware. Why work really hard to hack into one computer, when you can write or buy some malware, and just have it do all the work for you?

I hope that helps, if not, please let me know!

 

Sooner today....

~ Removed Image of a Copyrighted Character ~