VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,600
    Location:
    South Wales, UK
    Are you referring to the v2 beta? Because if you are then it is my understanding that the feature is a future/to be developed.
     
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    That explains why it doesn't work :p
     
  3. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Any word on V2? How are things going?
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I think it is close, I just have to do some more testing.

    BTW, there are a few new features in the new version, since I had plenty of time while the C++ guy was working on the silent blocking issue. It turns out that the silent blocking issue could not be fixed in the C++ code, but I think I found a way to fix it in the gui. So far it is working well with Vista and above, I just have to figure out how to fix it in XP.

    One of the new settings is a tab in Settings called Web Apps that automatically detects any app that communicates with the internet, so the user can choose whether to toggle VS in smart mode with each of the web apps. I wanted to keep all of the web apps customizable, so there is a list of the detected web apps on the left, and you just click on one of them to add it to one of the text boxes on the right. Then if you remove one of the web apps on the right, it then appears in the detected web apps list. It is working pretty well, but I just have to figure out when VS should detect new web apps, because we do not want to peg the CPU, but then again, we want all of the web apps to be detected.

    There is also a Custom Blocked Folders option that is just like Custom Allowed folders, except obviously everything is blocked in these folders.

    There is no longer a 14 day trial... VS 2.0 is basically a feature limited non-commercial free edition, so VS is free to home users. We do not want to limit the features too much, so we will see what everyone thinks about the features that are limited in the free version, and we can easy make adjustments.

    Most of the buttons on the Utility tab in settings are working now, and the web server now accepts the hash variable. There is still a little more work to do here, but not too much.

    I am also working on a Sandbox feature, although this feature is not quite ready yet (it is close). The idea is that if VS is OFF, there will be an option to run the non-whitelisted sandboxed, at least initially. There are several ways we can implement this, so I wanted to see what you guys thought. One idea... we can have a setting that basically is "Automatically Sandbox all non-whitelisted items when VS is OFF". Then after VS blocks something, and after the blacklist scan, there will be a checkbox option on the user prompt that says "Automatically Sandbox all non-whitelisted items when VS is OFF". The other idea is to either have buttons for Allowing Sandboxed, or a drop down menu (on the prompt). We can also have a right click option "Sandbox". We can also have a secondary prompt that asks the user if they want to run the new item sandboxed or not (and explain a little about sandboxing to the user on the prompt). I will be interested in everyone's ideas on how we should implement this. I think the key is to make it simple enough for the average user to understand, since most average users or novices have not heard of sandboxing.

    So that is where we are! I will test the silent blocking fix some more today and tonight, and if it is still doing well, I will post the new version soon! Thank you!
     

    Attached Files:

  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, not at all! VS need to run great on XP as well, since there are around 25% of users (depending on what stat you use) who still run XP.

    The problem with XP and the Microsoft method we are using to block processes before they are created is that XP basically obtains very little info on the blocked process when it denies it from being created. It can get the process name and path, but that is about it. And that is all fine until there are 2 processes, such as rundll32.exe that are running at the same time. Basically VS gets confused and cannot figure out which process to analyze, so it kinda has a brain freeze. With Vista and above, a PID is assigned before the process is created, so it is not an issue. Well, it was an issue for VS because this is what was causing the silent blocking bug, but since we know now what was causing the bug, it was easy to fix.

    We could go with a different process creation method, but that would take several months, and I really like this one since only a handful of security software uses it. I believe it will help ensure compatibly with other security software in the future. And even if we tried a different process creation method, I am guessing that there is a chance that we would run into the same issue.
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    I was being flippant. But, I am sure you are following the best path to sorting any bugs or problems. :)
     
  8. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Wow. Love that sandbox feature! Good idea! :thumb:
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    That's a great ideal. That is a huge step forward in providing better protection for user's that use Smart Mode. There is just no way to know what web apps they may be using. There are thousands of them out there. I think you will need to figure out a way to keep VS from detecting other security software as web apps though since they communicate with the internet often. Have you already thought of a way to prevent this from happening?
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Oh, I know you were joking ;). The best joke is me following the best path ;).
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, yeah, I think it will be pretty cool. It is almost ready, I just have to figure out isolated storage and we should be good to go. I am not sure how other Sandbox's work, but basically VS will copy the executable to an isolated folder, like maybe C:\ProgramData\VoodooShield\Sandbox, and it will run it from there with limited rights. I think the most difficult part is going to be making it user friendly enough so everyone can understand it.
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, I appreciate that! Well, yeah, I kinda have ran into that problem already, but I completely forgot about other security software, so thank you for mentioning that. I am basically making a list of processes it should ignore... this is what I have so far "voodooshield", "voodooShieldservice", "applemobiledeviceservice", "ituneshelper", "mdnsresponder", "mstsc" and "svchost". I also did some special filtering based on the local ip address and the connection type, so that really narrowed down the list. Even though I have only ran it on my test systems, the list seems to be quite small, but I am sure we will have to tweak it a little, we will see.
     
  13. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    I think most folks here on Wilders should figure it out. It's the laymen that might have a tough time with it. Maybe adding some figures like sandboxie has to show how things are run separate when downloaded.
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey Overkill, yeah, it now starts super fast at startup, well, as fast as it will ever be, I optimized the heck out of the startup. The quarantine button should be working. Basically, if the blacklist scan detects a threat, you should have a Block and Quarantine button. If you choose Quarantine, it should rename the file's extension to .voo and move it to the Quarantine folder in c:\ProgramData\VoodooShield. If this is not working, please let me know. For a while I was having issues with permissions on that folder, but they should be fixed now, especially in the latest version that I will post asap, hopefully in a day or so. Thank you!
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Oh yeah, I'm certain no one on wilders will have a problem figuring it out. The goal is to get my 90 year old grandmother to understand sandboxing, and in general, the whole idea of what I like to refer to as a computer lock.
     
    Last edited: Jul 9, 2014
  16. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA

    Great, thanks
     
  17. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    I'm not gonna lie, these new features seem very promising, can't wait for this.

    Keep up the great work :thumb:
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you guys. I really am trying my hardest to finish up VS 2.0, it is extremely close. My totally unrealistic goal is to have the silent blocking issue totally fixed, along with finishing up the sandboxing feature by the end of the weekend. If I can do that, I will pretty much be finished with 2.0. I have the silent blocking feature fixed, but for some reason it is not showing the balloon notification after 2-3 hours (what would have been the silent blocking issue). Anyway, I am getting extremely close to figuring it out.

    BTW, I found this to be EXTREMELY funny and quite ironic ;).

    http://www.fireeye.com/blog/technical/malware-research/2012/06/bypassing-process-monitoring.html

    http://www.csoonline.com/article/24...igating-recent-vulnerability-disclosures.html

    VS does not use that method, but my point is that there is no perfect security product, although I think there could be if everyone worked together.

    I just heard on the news that the NSA, CIA, FBI, Homeland Security, etc recently decided to work together to try to figure out what to do about the current cyber security situation.

    Maybe they could start by visiting Wilders, and learn a little more about some of the new technologies ;).
     
  19. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    186
    You hit it on the nose!!
     
  20. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    121
    Location:
    Philippines
    Hurray! It is almost done! A great assistance to AVs!
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you Houley, I appreciate that!
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you! BTW, when I was working on the free version, I referred to the list of features that you thought I should disable in the free version (the list you sent me awhile back), and pretty much agreed with everything you said on it. Like we were talking about, we want the free version to adequately protect home users, but we do think that for-profit businesses can afford $20 (or less in bulk) per computer. But anyway, I just wanted to say thank you for taking the time to make the list, it was a great help! Once you see the free version, please let me know if you think there is any feature that I should enable. Actually, if anyone has any suggestions, please let me know.

    BTW, there is not a separate free version, there is only one version. But it will change from VoodooShield Free to VoodooShield Pro once the user enters their email address and password.
     
  23. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,057
    Location:
    Ontario, Canada
    Great to hear Dano!

    Daniel :D
     
  24. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    121
    Location:
    Philippines
    Thanks too! This will really be a great feature because in our school, despite all our computers have AVs installed, viruses that hides files are sooo rampant, and they always wanted to stick their infected flash drives on my netbook because I have MCShield that unhides them. Truly, unupdated AVs coupled with a lack of knowledge on malware will only render their AVs useless. So any AV + Voodooshield Free + MCShield (even without sufficient knowledge on Malware) will prove to be an essential security setup.

    The Free version will surely be of great help to many ;)

    Thanks!
     
  25. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    I'm ecstatic that VS. isn't blocking system processes now. The only problem I have noticed since trying version 2.11 is that the Browser I am using refuses to work right no matter if I go to training mode and use it then back to smart mode. The browser is Torch Browser. Would you please look into this.

    Untitled.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.