VoodooShield/Cyberlock

I agree, and I think "Default Deny" fits better than "Anti exe"
Computer Lock is the bees knees though lol

 

Hmmm, you don't think at least some people still blur the lines between VoodooShield's capabilities and those of other software like anti-exploit? Maybe it's all the testing and the context of the recent you-know-what global incident. Unreal expectations, I said this before. "Anti-executable" says it like it is. Default-deny just describes the primary function of VS. No? I speak for myself--"Computer lock" has a negative connotation, suggesting I must finagle things on my machine before I can use it--maybe. Maybe others feel way differently, seeing as they have more experience with this type of software. "Lock" does suggest a lot of safety and security, though.

 

I moved away from VS about two months ago and decided to plug back in. The annoying issue I had back in the beginning is still here. For me to switch between users and have VS showing in each account I needed to disable VS prior to switching. There was talk a couple of months ago about fixing this. Can someone bring me up to speed?

 

Yeah, it is difficult to figure out the best description for our anti-exploit feature, but I am open to changing the description when someone suggests something that fits it better.

One thing we might want to keep in mind... if you consider the terms "Anti-Virus" or "Anti-Malware", these are basically mechanisms that block viruses and malware in some way. For example, an anti-malware solution that is primarily a behavior blocker lets the malware run, and watches it to make sure that it does not do anything sneaky. But just because it allows the malware to run, and blocks it when it does something sneaky, does not mean that it is not an anti-malware product. The same logic can be applied to Anti-Exploit mechanisms. If our Anti-Exploit mechanism effectively blocks the exploit from doing its job, then it can clearly be labeled an "Anti-Exploit" mechanism.

The funny thing is that if blocking the malicious payload of exploits is effective in blocking attacks that specialty Anti-Exploit products cannot block, then it is definitely appropriate to refer to our feature as "Anti-Exploit".

Yeah, I hear you about the computer lock point... a lot of people give me a very curious look when I explain that VS is a computer lock. They typically either think that having a computer lock on the system will make it extremely difficult to use, OR they think that their current AV software locks the computer so that becoming infected is impossible... like when I used to hear "I have antivirus software, how did I get a virus" 2-3 times a day .

So I just explain it to them like this... VS is a user-friendly computer lock, that locks your computer when it is at risk.

 

Yeah, sorry about that, I will have this fixed soon... hopefully within a week, maybe sooner. Thank you!

 

Is it still a computer lock when used in AutoPilot mode though?

 

Thank you

 

No, it's not, although AutoPilot is extremely secure. I try to explain this to the user after they install VS, but I should probably try to find a way to make this even more clear to the end user.

http://www.voodooshield.com/artwork/mode.PNG

Thank you for mentioning that!

 

I've been using VS for a while now and tried all the modes and for the last few months have settled on Autopilot.

One thing I can't quite get my head around though, is when the shield switches to OFF, after 10 minutes of System Idle. I can't work out what difference it makes when that happens. In Smart/always On modes it means it is unlocked but in Auto mode.....?

 

Yeah, good point... and we can go either way on this. And actually, Always ON does the same thing (from what I remember ). I am sure you guys already know the purpose of this feature, but just in case... basically VS toggles to OFF after the user has not used the computer for 10 minutes. This is to allow background processes like Windows Updates, backups, etc., to run without interference from VS. But we can go either way on this... it is super easy to change in the code.

 

BTW...Would you please post when the issue becomes resolved.
TIA

 

Understood Dan but I still think that OFF can be misleading for a lot of users. We had a long discussion about this some time ago but nothing came of it. A novice might believe that they were unprotected. I can't see why, especially in Auto mode, the shield has to change at all.

 

So they DO have "Patented exploit prevention for endpoints" after all?

If this is the case, it should be quite easy to copy and paste the mechanism into other versions of their software, right?

The problem is, apparently (from what I understand) SRP is incompatible with protecting vital system processes like lsass.exe, so one can safely assume that it will not work in the enterprise version either.

I offered their agent, guest, my testing services for free, since Jeff was unable to get the test up and running. No word from them yet, so I am assuming they declined.

 

Sure, I will be sure to include a change log with the next release. Normally I would be able to release a fix like this even quicker, but I am in the middle of the finishing up our web management console integration, so there are a lot of things going on right now.

 

That is great to hear, thank you!

 

I think guest is the one that told me the SRP is unable to protect against an exploit installing a kernel level payload like DP, because protecting lsass would bork the system.

There might be a way to fix this though, who knows? I remember when I was implementing VS's Anti-Exploit feature, MANY people (I won't say who ) told me that it was not possible to block "all" malicious payloads that are spawned from exploits. It took a little while to figure out, but I got it to work, and it has been working great for close to 2 years now... no one even notices that it is there.

I had to put the "all" in quotes because nothing is perfect.

Either way, I would be happy to test if asked.

 

Dan, i'm not sure how VS handles Command Lines. I had some problems allowing Anki Flash Card App (very popular app) because VS kept blocking cmd.exe. VS gave me a prompt saying it blocks cmd.exe by design, but I didn't see any option to allow Command Lines from cmd.exe. I captured the command line for you using Process Hacker so you could see it since VS blocks cmd.exe without showing the command line. I fond that putting VS in learning Mode whitelisted the command line for me. Please take a look at the command line from Process Hacker screen shot, and let me know if VS is operating as expected.

 

Hi Dan - I've deliberately held back while The Great Debate was on, but now I must join with Rainwalker.

I'm currently using 3.57 in AutoPilot, gadget disabled and Tray icon visible only in Admin and my User account. I've disabled Custom Folders while I use AutoPilot, they intuitively seem to be non-compatible...

Self-protection I can take or leave... meh. And Delayed Start for the Service component, may make things settle down a bit faster.

User-Switching is working well, but it is essential we have per-user settings, so I can let the less geeky members of this tribe work peacefully, while I have the ability to train the product up. Per-user settings would be restricted to:
(a) which mode VS runs in: I would use VS as Smart or Training, and in Admin probably mostly Always On. Everyone else would be AutoPilot, which would include the Guest Account when I liven that up;
(b) activation states: Red, or Blue.

Logging the current foreground user, as distinct from logging logged-in users to their individual .log and .dat entries.

I have to say that none of my programs have problems with per-user settings. Some of them, like K-Meleon or Pale Moon use profiles stored in %users%, others use .ini files, and Registry entries (Lotus SmartSuite). Many of my programs are legacy.

I've noticed that VS pings Surun quite frequently. I am not convinced I've set Surun properly, it's not a toy for beginners, it's extremely powerful. If you need them, I can email my Surun settings, they may need tweaking.

I can email you all my VS .dat and .log files if you need/want them.

 

@VoodooShield Why don't you translate your software into other languages? Do you think there are still some changes to make before translating? (maybe some bug to fix, some functionality to add). Are tou advertising VodooShield through ads?

 

Cool, thank you CET for letting me know! Are you disabling the "Automatically allow all software from the Program Files folders" option? If so, that would explain the issue.

See, it would be impossible for me to go through every single settings adjustment and test VS in every scenario. Even if we are considering only 10 settings adjustments, that would mean there are 3628800 scenarios (10 x 9 x 8 x 7 x 6 x 5 x 4 x 3 x 2 = 3628800).

Basically, what happens is that these features conflict with each other. I can fix them in one scenario, but then it creates issues in others.

This all works fine, as long as you don't install VS, then immediately change the settings to lock everything down. You might want to leave VS on AutoPilot (and in default settings) for a day or so (or just put it on AutoPilot and launch all of your common programs), then lock everything down... it will work much, much better, and there will not be conflicts like this.

You could also try to take an advanced snapshot (right click / Take Snapshot)... since this feature reads the registry and other existing locations for recently executed applications, it works retroactively, assuming the OS is not brand new.

Really, what I need to do is to remove some options, but I do not think you guys will let me do that .

 

Cool, thank you, I appreciate your advice. Yeah, I see what you are saying, per-user-settings would be quite handy. I still have tons of other stuff to finish up, but if I do not get to this in the next month or so, please remind me.

 

We will offer different languages at some point. It should be pretty easy to implement, and I have kept a list of VS users who are willing to help with the translations.

VS does not advertise at all... I have enough to do with coding, customer service, business duties and meetings, arguing with guest and Pete , etc. to try to gain more customers. One thing is for sure, I need help .