VoodooShield/Cyberlock

I find this discussion amazing, including your input, guest. Image perception works both ways, dontcha know. If you're trying to quash an openness in developing new techniques for a critical function, then you're contradicting yourself and your implied "mission." What is it, by the way? Never mind.

 

unfortunately , it is what people said to me...they uninstalling VS because at the moment it can't self-protect itself... things would be better if Dan cared to implement the easy and fast way as momentary fix, after all people just need VS to be able to protect itself , not locking the system...then once done, Dan has all the time he needs to test his method.

You have a hole in the the roof, you fix it , you don't build a new roof...

Anyway i said my opinion, if Dan don't care , nothing much to say.

 

fix first , create after , too difficult to grasp?

 

I assume you mean one or two people people have told you PRIVATELY that they have uninstalled it..I don't see hoards VS users saying so in this thread!.....I hope Dan does ignore you, given your behaviour here I personally have no respect for your views and opinions on the subject.

 

talk publicly, then privately, too difficult to grasp?

 

No, self protection is NOT about assuming that you are bypassed already. As I said, if the user allows the VoodooShield Uninstaller, then VS is uninstalled.

 

You crack me up. This is what you do not get... implementing the ObRegisterCallbacks routine is not an easy and fast fix. Then once it is implemented, it has to be signed by MS. Since our certificate is expiring soon, why not implement both in parallel? I am actually doing more than you are requesting, but you simply do not realize it.

 

So is it only VS that should not implement a method that locks down the machine during a targeted attack, or should this apply to every security product?

 

I find it funny because you do not know what you are talking about. You can just unload the VSScanner.sys and now nothing will happen.

Better yet, why terminate when you can inject code and have your malicious code executed by the VoodooShield processes... Or even suspend them so they are running but not executing any code?

I've already done it, it's the self-protection bypass. The clock stopped ticking. You can say it is invalid all you like but to me it is perfectly valid. Just because you are the developer does not mean everything you say is 100% true.

Source: https://www.techopedia.com/definition/13484/vulnerability

In my scenario, the lack of protection for the service holding VSScanner.sys is a flaw and this was abused to remove the protection of VoodooShield entirely system-wide. From a user-mode process.

Just because it does not bypass the process monitoring/VoodoAi does not make it "invalid". It's a bypass for the self-protection.

I do not think I can explain it any simpler.

 

so why you wait until now to tell us that...if you just told "ok we will implement this first and at same time i will try that" you would avoid 20 pages of arguement

VS is supposed to be for Home User and be user-friendly, wasn't what VS is all about? you told me that since the first version of VS. It is why after reading @Peter2150 and some others issues , i advise you not to do it this way.
You are trying to implement the lock method which is used mostly by corporate softs like Appguard. I don't say it is not your right to do it, just is is a bit too much.

 

I cannot help it, because you crack me up as well. There are a bunch of fanboys on this thread who seem to think VS is perfect and full-proof, the developer is so ignorant he cannot thank someone for finding a bypass but decides to deny it's validity.

He may as well not bother with S-P with his current logic.. One minute he is talking about allowing something so it doesn't matter. So why he bothers with this in the first place?

It's a complete joke and it is making me laugh so much

 

What you are forgetting is that the initial block, where you click Allow, is part of VS's self-protection.

Don't you find it embarrassing that your supposed bypass requires you to click the allow button?

 

Right

 

I haven't forgotten this at all, it wasn't support to bypass process monitoring or VoodoAi.

Omg this is too much

... I don't think I can re-explain myself enough. I think you should be the one who is embarrassed who cannot understand simple English... It's a self-protection bypass, not a process monitoring or VoodoAi bypass.

This is like someone bypassing another AV vendors self protection, and then the vendor turning round and saying, "Hold on. It's not valid! The user had to run the sample for it to work!"

 

Us?....Multiple personality disorder, you're an egoistical child...My last response to you, and no, I'm not a fanboy but a good observer of fools

 

removed, tos

 

If you read carefully through all of my posts, you will see that I have researched all of the different methods, and I am trying to come up with the best solution. Besides, I do not have time to explain every little detail that I am working on.

The end user will never see the self-protection feature, so this is a non-issue. I will extend an open invitation to you... you can visit KC, and you can go to work with me and see the many, many complete novice users who do not know how to copy and paste a file, create a folder, or change their desktop background...but yet, they know how to effectively use VS.

 

Ahahahah

Ok... Congrats @clubhouse1, you win an award for observing skills!

Better?

 

Find a valid bypass that does not require you to click Allow, and you will have proven your point! It is that simple.

 

Fair enough, that is good to know.

I know, many novice use your soft and are happy with it, i can see in MT. By the way what is KC?

 

How is it a bypass if VS blocks it, and you are required to click Allow?

 

Kansas City... come by sometime, I would love to show you around.

 

Gentlemen please - I'm tired of reading/listening to this argument. Just agree to disagree and let's get on with the job in hand.