VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for testing... I optimized the algorithms quite a bit today, so they have changed dramatically. As I mentioned before, they were a little aggressive, but I think we have them right were we want them now. I updated the stand alone VoodooAi software, and I will post a link soon. It has the brand new algorithms and adjustable VoodooAi sensitivity, so it will be pretty cool... you guys will be able to help me figure out what level to set it to by default. Keep in mind, we are now working with completely different models, so it is going to react much different from before. I have not tested the new models thoroughly, but as far as I can tell so far, 100% is pretty close to optimum.

    BTW, some files like dnsjumper are going to test high, no matter what we do.

    I can send you a link to that malware pack if you email or pm me. If you download the new standalone VoodooAi, it will be super easy to test anything you would like.

    One last thing, please keep in mind... the raw data for VoodooAi and VoodooShield are going to be the same (like if you click on Details in VS / test with VoodooAi).... but the composite VoodooAi score for VS is adjusted slightly when there are blacklist hits... and if there are a high number of blacklist hits, then the composite VoodooAi score is adjusted a little more. The whole idea being that the purpose of Ai is to think for the user, so they do not have to... basically, it helps them to make the correct decision whether to allow or block something. So a while back, I figured that the blacklist scan should be one of the "features" of VoodooAi. I know I mentioned this before, but I just wanted to remind everyone ;). Thank you!
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you TheBear and Baldrick, I appreciate that very much!
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, I appreciate that! I think you emailed me... if so, your license is good to go. If not, please email me at support@voodooshield.com and I will set one up for you. Thank you!
     
  4. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,242
    I will PM you my email.

    Where to download standalone VAi?
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Here is the latest version of VoodooAi standalone portable, with the completely updated algorithms... there is a little more info in post #10509.

    When I first built the models, they were a little aggressive, but now I think it is about right. We can still tweak it a little more over the next few days. And then in the next 2-3 months, we will retrain the machines once again for hopefully even better results.

    As a benchmark, the first version of these new algorithms missed 2 in the malpack of 1000 I have been using, but from what I remember, I think one was actually a clean file. This version missed a total of 7, but 2-3 were clean files, so we are still looking at 99.5% or so, and the good news is that there are significantly less false positives... I really think these models are a great balance.

    So here is the latest version, I made a lot of changes, so there might be a small bug or two, but it will be an easy fix. Thank you!

    www.voodooshield.com/Download/InstallVoodooAiPortable90.exe
     
  6. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,242
    As you mentioned Standalone VAi results are sometimes different compared to VS VAi.

    I was thinking of testing VS VAi @ 100, 90 & Reckless levels. I dont have a spare system so cannot test with VS. And as VS VAi & Standalone VAi results are sometimes different, I will not get a clear idea with the results i.e Standalone VAi results not completely applies to VS VAi results, right?

    And when you upload files to Standalone VAi & at that time if net gets disconnected/net down/manually disconnect net, you get unhandled exception error & Standalone VAi crashes.
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    The raw data on the 3 algorithms are going to be the same (only the composite score from VoodooShield is adjusted by the blacklist), unless there is a file that was already analyzed by the old algorithms. I think what I need to do is just clear out the database so there are no old results, and all of the results will be from the new models. Either way, it will be easy to do, I just need to figure out a game plan.

    Yeah, it might be a little difficult to do what you are wanting to do with 1,000 files. Play around with it and I think you will see why, it is kind of hard to explain.

    Ok, cool, thank you, I will fix that bug, it will be easy.
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey TH, I see... there is a bug in there somewhere, or maybe I disabled something, I cannot remember for sure ;). I will fix it in the next day or two, thank you!
     
  9. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,615
    Location:
    South Wales, UK
    Thanks, Dan

    This set m thinking as to what is happening re. the change in policy by VT and whether you have come to any conclusion as to how you will handle that in relation to the use of VT by VS?

    Would providing them with a version of the VoodooShieldAI engine be the answer?

    Regards, Baldrick
     
  10. guest

    guest Guest

    what about this? @VoodooShield
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    Great news Dan!

    After having Chrome open for a few minutes VS prompted for Software Reporter Tool, which I allowed. So far there have not been any freezing. Yay!
     
  12. Good, so no freezes :thumb:
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    Err, scratch that. On one machine there was no freeze but on my other machine VS has frozen again. :(
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey Baldrick,

    I am not real sure.

    Yeah, that is one reason I am refining VoodooAi, I really think it would make a great addition to the 57 scan engines, assuming it is as accurate as I think it is and it does not have a crazy amount of false positives. I still need to test and refine it a little more, but I think we are close. I just think it would be really cool for everyone who uses VT, especially for zero days and unknown malware. Like I was saying, if the file is relatively new, say a month old, if VoodooAi was high or super high, it would let everyone who uses VT that there is a very good chance that something is not right with that file. It would be kind of like an early warning detection system. Thank you!
     
  15. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,615
    Location:
    South Wales, UK
    Way cool, Dan...way, way cool. :thumb: Go for it! :)

    Respect, Baldrick
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey guest,

    VS has something kind of similar to this, but we might be able to tweak it a little more to make it even more user-friendly. Basically, when VS blocks a non-whitelisted item, it checks if the file is an installer or not. If it is not an installer, then VS stays ON and shows the "Allow" button and allows the single process. If the blocked file is an installer, then VS shows the "Install" button, which if the user clicks, VS will toggle to OFF, so that the installation can complete uninterrupted. Then when the user returns to a web browser, VS automatically reactivates. It would be cool to figure out a way to determine when the installer is finished, then turn VS back on... but I am not quite sure how we would determine when the installer is finished. But yeah, I am sure we can tweak this a little to make it even more user-friendly... we basically just need to figure out how to detect when the installer is finished. Thank you!
     
  17. Crystal_Lake_Camper

    Crystal_Lake_Camper Registered Member

    Joined:
    Mar 20, 2016
    Posts:
    120
    dan I am happy to report that there are NO issues to report between : Comodo Firewall - 360 Ts - vs 3.26 beta :) what I am most exicited about is the fact that I am not experiencing any crashes / freezes with the install with rollback rx ( the last time I had vs and rb rx running my system whent haywire as you might remember ) so kuddos for your hard work!!
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for letting me know! I received your logs and they look great... no errors at all. There is actually no logging at all in the section of the code where VS froze for me, so I think we need to add some logging in that section, and we will be good to go. I should have added the logging when I changed the 10 threads to 50 just in case it still froze, but I really thought that would fix it, so I will do that sometime today. Thank you!
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, just to make sure... you are running 3.26 on that system, right? ;).
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you for letting me know! Yeah, VS has not froze on me at all either... then again, sometimes it takes 3-4 days ;).
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    Yes.
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yep, it froze on me too... and nothing was included in the additional logging. I have already emailed Vlad, hopefully we will hear from him soon and hope that he has some good ideas on how to track this issue down. I guess if worse comes to worse, I can log every single sub in the entire project, but that would take forever to add all of that logging. Either way, we will figure it out ;). Thank you!
     
  23. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,100
    Location:
    Ontario, Canada
    C++ Buddy!
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    I wondered whether C++ was involved too.
     
  25. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,100
    Location:
    Ontario, Canada
    dot.Net
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.