VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Will there be any GUI changes in v3.0?
     
  2. hjlbx

    hjlbx Guest

    There's a lot of talk about bypass, but until someone produces a sample or PoC that actually bypasses VS - what can be said ?

    Two years ago FW said he could kill VS and produced a PoC...
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    No, but we might change it at some point. It is difficult to get the desktop shield gadget icon to look right with the graphic design samples that I posted a while back, and they should probably match the rest of the program for consistency.
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yes, he was absolutely correct and produced a PoC that bypassed the VS 1.0 process creation detection mechanism, so then we changed VS 2.0 to the AppCertDll. It really helped that he created a PoC.
     
  5. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Well I love it! No impact great second layer to WSA nothing else is needed!

    Daniel :)
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I really am not sure, that is up to Vlad ;). There are 1-2 more important bugs that need to be fixed, but once they are fixed I believe he is going to post it. I think he will have these fixed within a day at the most, then he will send it to me to test it one last time. He is going on vacation in like 7 days or so, so he wanted to have plenty of time to address any of the initial bugs before he left for vacation.

    I really think that the initial release is going to have very, very few bugs, but I guess we will see. But A LOT has changed under the hood in VS 3.0, so a few bugs are to be expected.

    BTW, the initial beta release will not be compatible with XP... I am hoping Vlad will be able to make it work with XP sometime in the near future.

    After Vlad posts VS 3.0, he will be the one responding to the posts / bug reports. If I disappear from here for a little while and someone needs to talk to me, please email me at support@voodooshield.com. I will be sure to read and respond to the posts while he is on vacation.

    Thank you guys for all of your help, and I will talk to you soon!
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you TH!
     
  8. TNO_sec

    TNO_sec Registered Member

    Joined:
    Sep 26, 2010
    Posts:
    47
    Not correct, actually. We did not "whitelist metasploit". That would not even be technically possible as it was only running on the attacking machine with Kali Linux.

    I completely agree that if I had somehow run a testing tool placed on the victim/hacked PC, then the testing would be flawed. That is exactly why I do not run the various HIPS tests against VoodooShield. Those tests can't run until they have been executed, and they can't do that unless they are whitelisted/allowed, so that would indeed make the test invalid, exactly as you say. But that's not the case with this test. The test happened without execution of any malware or test-file, so there was nothing for VoodooShield to block.

    I'm beginning to wonder if there exists some common misconception that it is impossible to hack a computer without the use of malware. Earnestly, I was under that impression myself until a while ago. Having seen these hacks myself has been a bit of an eye opener for me. This SANS poster might catch some interest:
    https://www.sans.org/security-resources/posters/dfir-find-evil-35
    Quote:
    "Malware does not need to be present on a system for it to be compromised.
    [...]
    Many of these artifacts can result from an adversary using your system but not implanting malware."
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ahhh, I see... you were running Kali, I did not realize that, sorry. Would a simple $50 router block that? I think Rmus talked about this some, I would have to go back and read his post.
     
    Last edited: Sep 30, 2015
  10. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    ABSOLUTOMENTO, Maestro :thumb:
     
  11. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Great minds think alike! :) Salud amigo :thumb:
     
  12. hjlbx

    hjlbx Guest

    Please provide actual sample, PoC or code...
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am not worried about it at all... the exploit did not drop or execute a payload at all and as far as I know, this could only work on the inside of the firewall, so any router should stop this attack. Although, someone who is more familiar with perimeters would be able to verify this, because I am all about the end point ;). And besides, really all that matters is that a payload was not executed.

    Now, he might be able to combine the attack from the other thread with his attack, and then drop a payload. If that is the case, then he will have bypassed VS, by everyone's definition... even if it is on the inside of the firewall. The instructions for the attack on the other thread are quite detailed, so let's see if he can get it to work!!!

    The other reason I am not worried about it is because we are moving to the KMD.

    BTW, you guys will be proud of me... I actually typed up a change log for VS 3.0!!! So when Vlad posts VS 3.0, consider that my contribution to VS 3.0 ;). For those of you who have not been following this thread that long... I am notoriously bad about providing change logs, so that is why this is funny ;). I am still working on the owners manual though ;).

    Edit: I take that back... there is probably an exploit from a malicious website that can perform this attack, but the way he did it with Kali on a LAN is what I am talking about. I am not sure if a firewall would stop this or not (but I think it would), I just do not know enough about perimeters and firewalls. It would be cool to see a demo though!
     
    Last edited: Oct 1, 2015
  14. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Nice! :cool:
     
  15. hjlbx

    hjlbx Guest

    If LAN was used was the firewall set to Public or Private. If Private, then was file sharing, syncing, etc enabled ? These details are important and make a difference to security.

    Like I keep saying, lots of talk about bypasses, but no one produces a sample, PoC or code to verify the alleged bypasses... and that's that...
     
  16. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Well it's taken me over an hour to catch up on this and 'the other thread' about bypasses, birds and catching apples etc. (if you read 'the other thread' you will know what I'm referring to).
    I know s*d all about coding, memory exploits and the like, but what I do know is VS is a valuable extra layer of protection and has very little impact on my machine, and I love it too.
    Plus Dan is a gentleman, who has my full support, and I'm looking forward to trying VS 3.0.

    All the best Dan, - and have a good well earned rest.
    Gordon
     
    Last edited: Oct 1, 2015
  17. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    45
    yeah, I'll second that!!! and bring on VS 3.0... the future looks bright.. :thumb:
     
  18. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Regardless of the circumstances from that other thread, VoodooShield moving forward with 3.0 utilizing it's kernel-mode driver is exciting and it's going to make for a very solid product. The past is in the past, and the future is in the future and as @porkpiehat says, the future looks bright. The lower level control combined with the already phenomenal user-friendliness of VS is going to be great to see.
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Exactly, thank you guys! The last 2 bugs are fixed I think... I will start testing now and Vlad should be able to post VS 3.0 very, very soon! Please forgive me if I disappear from wilders for a while ;). You guys will like Vlad a lot, he is a cool guy, and he will be able to fix any remaining bugs much more effectively than I ever could. I did my best ;).
     
  20. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Take a vacation now and enjoy it! :)
     
  21. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi Dan

    You do yourself a massive disservice when you say "...much more effectively than I ever could". There would be no bugs to fix without the idea & vision for VS. ;)

    Anyway, hope that whilst away from us you will be able to have some quality R&R?

    Regards, Baldrick
     
  22. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Unfortunately this recent unrest at Wilders has led to a legitimate VS bypass: http://casual-scrutiny.blogspot.in/2015/10/poc-or-it-didnt-happen-for-appcert.html


    I am still excited and looking forward to VS with kernel-mode driver and will recommend it as well. But I have to be honest, following this recent drama in the forums and the way in which it has been handled has left me with an uneasy feeling and disappointment at the moment.
     
  23. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Hi Dan,

    I am just user of software, and I have been following the recent discussion in that other thread, since closed.

    I will continue to use VS, because I want to, and will not be put off by a few negative comments. I want to try version 3 to see if will be suitable on XP, still. Hopefully, the CPU usage problem caused by rundll32 on my system that I mentioned [previously] has been fixed with this soon to be released beta version.
     
  24. schmidthouse

    schmidthouse Registered Member

    Joined:
    Aug 18, 2015
    Posts:
    26
    Location:
    Sunny Okanagan Valley Canada
    I also am following this topic/conversation and find it refreshing to actually see interaction between developer and user. Good stuff !
    I also have added VS (paid) to my layered security profile and find the software does a good job at what it's designed to do.
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am not going on vacation anytime soon, I am just going to stay away from the computer as much as possible ;). Actually, Vlad is going on vacation starting next Tuesday I believe, so I will be around when he is gone. But when he comes back, he will be replying to most of the posts. I will be around some too, but I posted my first version on March 22, 2013 and have worked pretty much non stop since then, so it is time for a break ;). I worked a lot before that, but for the last 2.5 years, I kind of overdid it ;).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.