VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    +3 ;)

    That's great advice digmor crusher, thank you, I appreciate that and totally agree that the focus should be on development!
     
  2. NWOAbschaum

    NWOAbschaum Registered Member

    Joined:
    Feb 9, 2014
    Posts:
    222
    Location:
    Germany
    Hey Dan,
    is there any chance that in the near future Vivaldi get added to the Browser list? It is growing relativly fast and i think it is worth to add it soon.
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey NWOAbschaum, probably in 2-3 months I will ask everyone to see what new web apps we should add. It is best to add them in groups of 7, so we will add 1 or 2 groups of 7 in the next few months. Thank you!
     
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,751
    I follow what goes with the many suggestions, but I don't put my 2 cents worth in. I leave it up to you, Dan. ;)
     
  5. darktwillight

    darktwillight Registered Member

    Joined:
    Jan 4, 2017
    Posts:
    4
    Location:
    Germany
  6. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Crusher is right, which is right out of the gate why I suggested that
    there are other software that may suit his needs better.
    Some of you have been here for a very long time and can see issues
    from posters like that coming from a mile away. I have learned over the years
    to kill them with kindness, and not wasting my time or resources on them.
    While focusing on those that seriously and honestly are trying to make a
    difference. The more years you spend on forums, the better your radar gets ;)
     
  7. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    This does look kind of interesting, looking into it more tomorrow morning ;)
     
  8. Deckard

    Deckard Registered Member

    Joined:
    Dec 13, 2016
    Posts:
    46
    Location:
    France
    I may have added oil to the fire maybe.
    If someone don't like all or part of a software she/he is free to go and see elsewhere, yes, definitely!
    There are questions, interrogations, and there are the rest.
    Yes, can't please everyone.

    About browsers list.
    Do you intend for the futur something different, open, to add applications? A sort of list.
    Maybe something which can import rules inside VS Web Apps?
    So far, I'll use 4 places in the Web Apps. Website-Watcher (2). Claws Mail (1), and PicoTorrent (1).
    Adding custom web appl makes us lose the 'Automatically allow by parent process'.
    With severals 'exotic app', "Always On" is more suitable?
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ok, now that is NOT a very good idea ;).
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    WOW, thank you very much for finding this... this is truly unbelievable. I am truly speechless.

    After seeing what happened in the following link, I was going to ease up a little, but not now.

    Please take a look at SSmith207's post... he works for Cyberforce Security, which is a Cylance distributor. This is where I found out about testmyav.com... no wonder he recommended the site. Security software vendors and developers should never determine what samples are used in tests, let alone control where test samples come from.

    https://community.spiceworks.com/topic/833551-does-anyone-actually-use-cylance?page=17

    The funniest post is by Parker (Trend Micro) where he posts "This will be fun to watch.", and showed George Costanza eating popcorn on the couch ;).

    Although, the post by Andrey (Kaspersky) where he posts "You mean videos like this one are not credibleo_O" is really cool too ;).

    BTW, I received a suspicious email last night, asking for the samples that were used in the test, so I sent them right away... I will send them to anyone who requests them.

    The reason I am concerned about all of this is simple... the Bulletin of the Atomic Scientist recently set their clock to two and a half minutes to midnight, citing cyber security as one of their top concerns. While the next gen companies are going to great lengths to make as much money as possible, and could care less about anything else that is going on.

    https://thebulletin.org/sites/default/files/Final 2017 Clock Statement.pdf

    I am certainly not trying to be a fear monger, but this is one of the many reasons why we need to get serious about cyber security.
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very true, thank you!
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, you might want to check my post above before you look into it... it might change your perspective (thanks to darktwillight) ;).
     
  13. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    751
    Location:
    Oklahoma City
    Seems we all have our idiosyncrasies and thoughts on what is important. Guess that's what makes life interesting. Just hang in there, Dan. Appreciate your efforts and work.
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    It's all good Deckard! Yeah, we will add more web apps soon, and I will post on here a few weeks before we do so that we can figure out which ones to add.

    I am not sure what you mean by "Maybe something which can import rules inside VS Web Apps?"... can you please explain more?

    Adding a custom web app shouldn't make you lose the 'Automatically allow by parent process'. All that option is saying is that if you have a web app that is not listed in Custom Web Apps, then you should add it to the Custom Web Apps. If for some reason you cannot add the app to the Custom Web Apps, then you should disable the 'Automatically allow by parent process' option... but this should never happen... all you need to do is add the app to the Custom Web Apps. I hope that makes sense, if not, please let me know!

    Yeah, from what I have seen, most people do not have that many web apps, they typically run one or two web browsers and maybe an email client, and that really is about all that should be included on the Web Apps screen (but it does not hurt to keep the other default web apps checked). But I imagine some users run 5-10 web apps all of the time... and if that is the case, then Always ON or AutoPilot is probably the preferred mode. Thank you!
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you John, that is very true ;).
     
  16. Gillor

    Gillor Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    83
    Location:
    UK
    Hi Dan,

    Is this a bug; by design or I am doing something wrong?.

    In Basic Settings I check these options:
    • “Display simple right click menu”
    • Enable balloon notifications and user prompts”
    • “Disable left clicking of the shield to prevent users from allowing new items”
    If I try to run malicious software I am presented with the usual options, and selecting >“Quarantine”< does what it says and removes the malware and quarantines it accordingly - so far so good.

    However, if I check the box >“Deny Default – Uncheck to show prompt instead of balloon< and run the malicious file, a prompt appears saying that it is going to automatically quarantine the malicious file, the file appears in the VS quarantine list but isn’t removed.
     
  17. plat1098

    plat1098 Guest

    A question: I have a funky router I've been fighting with, and even though the bang goes away over the network icon, I notice that VS still isn't always blocking things like it should. I use the cmd as a test. How vulnerable is VS to somewhat less-than-perfect internet connections? It is understood the hard way that there are degrees of connected-ness--apparently you may not be fully 100% connected despite Windows' assurance. When "connected" I still get periodic packet loss, but how can you monitor these little slips? I need VS to be fully there all the time..

    Edit: VS isn't blocking CommandPrompt or PowerShell.
     
    Last edited by a moderator: Jan 27, 2017
  18. Gillor

    Gillor Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    83
    Location:
    UK
  19. Deckard

    Deckard Registered Member

    Joined:
    Dec 13, 2016
    Posts:
    46
    Location:
    France
    I suppose each web applications available are hard-coded, in the .exe (or dll) and each application are delimited by attributes, rights, process names, dependencies, paths monitored or not, etc. which I named "rules.”
    If it's possible - don't know how work VS inside - to have these "rules" not in the code but as a variable ?
    This will allow writing our own rules, to create them, to download them, or to remove those that we are sure we will never use (for me: Lotus Note, SeaMonkey, AOL, ...).
    I remember in the DefenseWall forum, Ilya Rabinovich was so often solicited to add compatibility with new software; it was endless for him.

    I missed that.I thought it was for any applications outside of those listed by default. Thank you Dan !
     
  20. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Gillor

    I have mentioned this to clone that this only works if you are in the UK. however I think this might be the same only in YouTube version?

    https://www.youtube.com/results?search_query=Zero+Day:+nuclear+sabotage
     

    Attached Files:

    Last edited: Jan 27, 2017
  21. marciano222

    marciano222 Registered Member

    Joined:
    Nov 10, 2016
    Posts:
    26
    Location:
    Poland
    For me, working all sensational
    thank you for this wonderful program
    VoodooShield
    Regards
     
  22. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK

    Sage advice:thumb:
     
  23. plat1098

    plat1098 Guest

    OK, I fixed it, apparently I didn't "register" the router properly with internet provider. Now VS blocks everything consistently. Routers, gotta love em. :)
     
  24. Gillor

    Gillor Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    83
    Location:
    UK
    That's the one.
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I will catch up soon, but I just realized something.

    What is the average time to detect a threat / breach, isn’t it like 240 days or something?

    Sure, you can have a global whitelist, but I would imagine that this is probably ineffective considering that most software is constantly updated.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.