VoodooShield/Cyberlock

Thank you TH, yeah, I am back to normal now!

 

Thank you G111. Yes, we will make it so you can remove multiple entries on the whitelist asap. There are also a lot of default processes that are added automatically that we will remove, just to clean it up a little, since we do not need them anymore. There shouldn't be much of a time lag, if you notice a time lag in the future, please let me know. I will check it out too. Also, if you edit your whitelist online, you will need to exit out of VoodooShield and restart it to receive the edited whitelist. Thanks again!

 

Didn't exit out of and restart VS after editing, that was probably the problem. Thanks Dan.

 

VoodooShield 1.07 ChangeLog

Added Automatically Allow Windows 8 Metro App Installation

Added Do Not Whitelist items in the App Data Directory

Suppressed certain system balloon notifications

Changed "Train Me" to "Off"

Added an option to restore UAC during uninstall




VoodooShield 1.08 ChangeLog

Added VirusTotal integration. Button on user alert window, drag and drop file on the shield (Windows 8 drag and drop not yet supported)

Added new red alert window to Block / Allow / Scan with VirusTotal

Added How it Works - Better Instructions for new users

Added Custom Allowed Paths to always allow certain directories

Added Transparency setting for the Shield

Added a Do Not Blacklist option to turn off blacklisting of Scripts, .msi files, regedit, copy, CMD, and regsrv32

Added an option called Detection Rate so users can slow down the snapshot timer on slower computers

Added First Run subroutine for new installations to show the How it Works Window, and a prompt to tell the user that VS will activate in 10 minutes

Fixed errors in the user log

 

How much memory does VoodooShield take up and how many processes?

 

Looks like one process at around 10MB

 

Does VS have any sort of protection against exploits?

 

No it doesn't but if the exploitable program tries to download malware and execute VoodooShield will stop it dead in it's track.

TH

 

Unless of course the payload were to occupy an allowed system process. So I guess does VS have any process protection to prevent one process from interfering with another? Maybe I'm misunderstanding exploits and/or VS.

 

See https://www.wilderssecurity.com/showpost.php?p=2132039&postcount=789

 

Wow, that is really super light

Thank you for very much for the info, I appreciate it.

 

Thanks for the link.

 

Any updates coming out? Seems like things were moving along and now nothing since april.

 

Have about Lifetime license?
AG and ERP have it for 20$.
You should offer it to gain more users...

 

For AppGuard; https://www.wilderssecurity.com/showpost.php?p=2111713&postcount=1544

 

You can stick with v3 for a long time.
It is working fine...

 

Yeah, and as AppGuard is certified for Windows 8, it'll have the life time for that OS... which is perhaps 10 years or so.

 

Hi, we are working on 1.09, but it just fixes a couple of very minor bugs. We are also working on VS 2.0, which will run the engine as a service so it will start faster on start up and run better under a standard user account. We also hope to not have to disable UAC, even though it would be extremely annoying to have both. There are not too many more new features that we can think to add, but if anyone thinks of some, please let us know!

At some point we will hopefully be able to add a few features to the VirusTotal integration, and make it a little more streamlined.

And yes, the Mac OSX version of VS should be available within a month.

Thank you!

 

Hi, at some point we will have a lifetime license, but in the mean time, if anyone wants a lifetime license, just buy a 2 year license and email me. We will change it to a lifetime license, all major and minor updates are included. The license can also be transferred to a new computer if you uninstall it on your old computer. Thank you!

 

VoodooShield is certified for Windows 8 as well, I can send you the 6 page certification if you email us @ support@voodooshield.com. Thank you!

 

VoodooShield is a great piece of security software!

TH

 

Thanks Voodooshield. I didn't mean to sound harsh. I was just wondering if anything new was coming up. I think that you have a great product. Thanks for the information.

 

Thank you TH .

 

I didn't think you sounded harsh at all, I just thought you were curious when we might have a new release! I would like to find some additional features to implement, but I do not want to add stuff just to add stuff. But if anyone can think of some new features, we would love to hear your ideas!

 

For me the ideal anti-executable would have the following functions.

Design Philosophy
Use paradigms already present (makes it easier to explain functions)

Use familiar interface options (e.g. the coloring scheme /layout of UAC with additional info/options below the standardized design grid)

Lean coding practise/minimal attack surface (use the options of the OS, but improve them in a smart way, like Chrome's sandbox which is based on intergrity levels, job objects and alternative desktop, all standard Windows mechanisms)

Apply fault forward functionality (e.g. executables signed with the Windows OS publisher/product should always run in order to keep my system integrity intact, when functionality is not monkey-proof or poka-yoke, rethink on how it is implemented/designed)

Seek a position with a tweak, to distinguish yourselves from the competition (e.g. Voodoo shield is a process monitor with run-safer sandbox, in nerd's term it is how Microsoft should have designed AppLocker, Software Restriction Policies and User Account Control, in laymen's terms it keeps your PC personal by stopping unknown strangers running on your premises).


Assumption
Since Voodoo shield intercepts every process start/creation it is strategically located to manipulate process flow/execution/rights of that binary


Making it the better AppLocker/SRP
1. Auto allowing running signed programs from safe places (Windows and Program Files)

2. Auto allowing running signed programs from safe places by publisher/product family which is more granular as signed (1) for paranoids

3. Auto allowing programs by publisher+product or hash to update/run from ALL places (for programs updating themselves like AV's etc) and go into INSTALL mode. Ease of use would be that this hash would be auto-updated (so set and forget for that binary).

4. Scan PC for all binaries to whitelist on hash
- a) UNSIGNED binaries (normal operation mode)
- b) ALL binaries so paranoids can set-off auto allow options


Making it the better UAC
5. In stead of denying or running a binary, add the option to run a process in a RUN SAFER SANDBOX

6. Right click context menu option to TRY/TEST to run this binary in RUN SAFER SANDBOX mode (Restricted Token/Admin Rights removed)

7. Right click context menu to ADD this binary to RUN SAFER SANDBOX LIST
- a) Executable's HASH
- b) PATH/executable
- c) Publisher/Product

8. Maintenance option to remove binaries (or update hashes) from RUN SAFER SANDBOX LIST

9. Normal Block/Allow, remember on hash/path+executable/vendor+public with option to go into install mode.

10. Install mode ALLOW
- a) once for this binary and all binaries started by this binary
- b) as A with restrictions that all binaries have to be in the same folder or subfolder
- c) as B with the limitation that binaries are from same vendor
- d) as C with the limitation that binaries have to be signed also
- e) option to check binary first at VT and proceed after confirmation user
- f) option to add binaries created by this installer on hash when created in safe place

Don't disable UAC but offer to auto elevate without prompt

Making EMET available for non-nerds
Additionally you may want to install/update EMET for the user automatically and make sure that all the programs which run in SAFER-SANDBOX also have EMET enabled. Be nimble and implement EMET for the average user -), may be not as strong as dedicated memory protection, but is easy to implement (and without compabitability testing issue/effort) and strengthens your image (product positioning) as the Microsoft companion who makes everything easy to use and safer.


Ask Pete2150 he uses AE plus AG and is a firm beliver of this type of functionality

Regards Kees