VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Not sure to be honest... I just need to find a way to reliably reproduce the issue. But I think the issue started in 3.09, and since that was the first version with the wildcards, I figured if 3.08 did not freeze, then we might be on to something ;). Either way, we are getting close, because there are not too many things else it can be ;).
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    As you guys know, usually I respond to or acknowledge each and every post, but this time I skipped the ones that were informing me of the freeze or usb issue, and did not require for me to respond. But if I did miss anything, please let me know! I hope to have these issues fixed very, very soon! Thanks again!
     
  3. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    v324 soon?...maybe last before final version?
     
  4. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,020
    Location:
    Canada
    For me V3.23 has been working fine since installed. Dan, you really impress me, amazing the time you spent answering each and everyone.:thumb: There is no
    other developer around that is doing that, and for that reason I will always support you and your software.:) I wonder sometimes if you sleep at all.:D
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Absolutely!!! And I cannot wait to see the results! Keep in mind, I have tested VS and VoodooAi EXTENSIVELY, so unless I somehow messed up the tests, VS / VoodooAi will do very, very well. I am getting ready to do a video that demonstrates an efficacy test on 10 or so of the top AV products... all based on blocking the malware pre-execution, so behavior blockers and the like will not do as well in the test... but what I can tell you, it is truly eye opening.

    The way I see it, if a single line of malicious code is ever allowed to run, then all bets are off. Behavior blockers are great, but you are miles ahead if you can stop the malware pre-execution.

    On a side note, while retraining the machines, VS blocked all 850,000+ malware files, one after another in rapid succession.

    I just ran a very, very quick test... when I have time, I will do it right, but here are the results so far.

    Norton:63.9%
    Cylance: 94.5%
    VoodooShield - AutoPilot: 100%
    VoodooAi Stand Alone: 97.8% (VoodooAi all by itself ;))
    VoodooShield - Smart ON: 100%

    BTW, in the VoodooShield - AutoPilot test, the blacklist scan blocked 22 of the 1000 files that VoodooAi would have missed. Like I as saying, the blacklist scan and VoodooAi is a phenomenal combo ;).

    Also, keep in mind... this is using the old VoodooAi machine learning models. I have a couple hours to go before the new models are ready... I cannot wait to test them. Although, I have to say, I think they will get a little bit better, but honestly, the current models are already highly, highly accurate... especially when compared to cuckoo or the blacklist scan... and especially when one of them is wrong, VoodooAi is usually right (like for zero days, etc).

    So yeah, hopefully soon we will see how well VS / VoodooAi does in professional tests!!!

    If I missed anything, please let me know, thank you!

    Here are some quick pics of my quick tests so far... keep in mind, these are running in virtualbox, so that is why you see VS on the Norton and Cylance tests, and 2 VS on the VS test ;).

    www.voodooshield.com/artwork/et/Norton.png

    www.voodooshield.com/artwork/et/Cylance.png

    www.voodooshield.com/artwork/et/VS.png

    I forgot to mention... the Efficacy Test basically simply runs the 1000 malware files, one after another, and there is always a delay between malware executions, depending on the product being tested... it will make more sense when you see the videos. Thank you!

    I had a small typo in the results above, but they are correct now.
     
    Last edited: Jun 7, 2016
  6. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    916
    Location:
    The Netherlands
    Does that mean that AutoPilot offers better protection than Smart?
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Well, the next release will probably have the wildcard code disabled so we can determine if it is something in that code that is causing the issue. After that, I will add the 2 new features to disable the blacklist and VoodooAi, and some small refinements... but we really should wait until we have the freeze issue fixed before we do anything else. Once we hear back from the users running 3.08, we will know what to do. Thank you!
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, I appreciate that!
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Actually, I am totally shocked that nothing slipped through AutoPilot mode... I figured at least 1-5 of the 1,000 would slip through. I will test with more samples and see how it goes!

    But no, AutoPilot is never as safe as Smart or Always ON... simply because these are locks and AutoPilot is not, technically.

    I will test some more and see... if it continues to do that well, then I might start using AutoPilot as well ;). Thank you!
     
  10. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    916
    Location:
    The Netherlands
    Ok thank you :thumb:, still on 3.08 (Smart mode) since sunday and no freezing to report (yet). Let you know if anything happens...
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, I appreciate that!

    Keeping in mind that VS is technically still an application whitelisted, because of all of the mitigations it utilizes to limit unnecessary false positives, I would say either way our false positives are low ;). After all, it is a computer lock ;).

    I know what you mean, I get annoyed easily as well... especially with computers ;). Thank you!
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you! If you were running 3.23, do you think it would have froze by now?

    I have to run... a clients router went out, talk to you soon!

    BTW, the initial VoodooAi models look really good, but it is way too early to tell. I am going to have to wait and see when I get back ;).
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,071
    Location:
    Ontario, Canada
    Awesome work Dan!

    Daniel :)
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, and thank you guys for all of the help!

    BTW, one of the new VoodoAi results just finished... yeah, it is going to be good ;).

    voodooshield.com/artwork/et/newcurve.png

    Thanks, talk to you sooN!
     
  15. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    916
    Location:
    The Netherlands
    No way to be 100% sure... Installed some software to test different reactions of VoodooShield. I will keep version 3.08 installed and keep you informed.
     
  16. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,232
    Good options.

    You have mentioned previously you will think on detection level option for blacklist scan, any info? Would be good to see the option too.

    And any info on vulnerable processes options?
     
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, I know what you mean... it is an intermittent little thing, huh? Thank you, please keep me posted!
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, yeah, whenever I can free up some time I will be adding new features. But for now, I really want to get the last freeze bug fixed, so my focus is on that. Thank you!
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ok, here is kind of a weird version. For the people not experiencing the freeze issue, there really is no reason to upgrade, however, this version does include the new Ai algorithms, so you might want to consider it. But, please read the next part before you do.

    Vlad wrote some really cool code for the command line wildcards, but I think that there is a small bug in it that is causing the last freeze issue, and he ran out of time before he could work on the freeze issue. So this version, I disabled most of the code that he wrote for the command lines, and reinstated the old command line code. So there is actually a chance that VS could act really goofy it it encounters some weird command line.

    But anyway, this is just a test to help narrow down where the last bug is. If it turns out to be in the new command line code, I really hope Vlad can find the time to help isolate the bug, because I am not at all familiar with that code, since that was basically Vlad's creation.

    So, if you are having freeze issues, please try this version, and let me know in a few days (assuming it does not freeze before then ;)).

    http://www.voodooshield.com/artwork/InstallVoodooShield324.exe

    Also, the new algorithms are included in this version... I have not tested it that much, so far so good ;). I retested the same random malpack, and this time it only missed 2 out of the 1000!!!

    www.voodooshield.com/artwork/newalgorithm.PNG

    I will say, it responds quit a bit differently then the old agorithms... I mean, the results are roughly the same, but it seems significantly more "decisive" than the old algorithms. For example, if a file was say .2500 in the old algorithms, then the new algorithms would be probably a 0.0500 or something... and same thing if it is an unsafe file, instead of say .8500, it might be .9700. The whole Ai thing is still a learning process for me, but I think it is a very good thing that it seems to be much more decisive then before. Also, I tested some drivers and they seem to be doing a lot better. However, there will be some drivers that will always test high, no matter what we do ;).

    Thank you!
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, one of the new algorithm misses might not have been a miss... it is hard to say because both cuckoo and the blacklist scan do not determine that the file is safe or unsafe. Sometimes you just simply can never determine if the file is safe or unsafe, with any high degree of certainty... then again, that is why the computer should be locked ;).

    Here is that file: http://voodooshield.asuscomm.com:8080/analysis/108/

    However, VoodooAi CLEARLY missed this file... http://voodooshield.asuscomm.com:8080/analysis/107/

    That's cool though... if we could somehow possibly maintain 99.8 or 99.9% accuracy, then I am ok with that ;).
     
  21. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,385
    Hopefully that new version helps those that are having freezing issues. As for me, version 3.23 has been running fine so I'll probably skip that new version.
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you!
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Oops, I just realized that for files already scanned by VoodooAi and stored in the database... those will return the old algorithm results.

    So if you want to test the new algorithms, please make sure you find brand new files that have not yet been analyzed by VoodooAi, and make sure the user prompt says "Calculating VoodooAi", otherwise, you will be seeing the old values.

    It is an easy fix, I just did not think about it until just now ;).
     
  24. Can't check the links out.
     
  25. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    229
    Dan, I installed v3.08 last Sunday, have had NO freezes with it. I'll install 3.24 now and see what happens...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.