No it won't, but I know what you mean.
VoodooShield is an anti-executable, it won't stop file-less exploit attacks which you could expect during a targeted attack from a well-funded and resourced actor - it might stop the payload if the payload is crap but this depends on the payload and the VoodooShield configuration, and that isn't preventing the actual exploitation phase. There has also been a rise in exploit kit deployment lately by actors who are spreading ransomware and banking malware - and not surprisingly abusing vulnerabilities in Microsoft Office, Adobe products and others in the exploit kits -, which is affecting average, novice Home users.
Spectre being exploited from the web-browser via JavaScript (yes, this is possible). VoodooShield won't prevent that for example, and thus unless you're using a feature like Site Isolation on Google Chrome (or equivalent on another web-browser), sensitive data stored in-memory which is unrelated to the web-page content responsible for introducing the malicious script which is performing the Spectre exploitation can become exposed to the attacker. Another example would be exploitation of the V8 engine in a Chromium-based browser, something that was also recently done.
Don't get me started on vulnerabilities in Microsoft Edge, Google are constantly disclosing Microsoft Edge vulnerabilities through their Project Zero team. There's been a phenomenal amount of Microsoft Edge vulnerability disclosures over the past few months, and as far as I know, most of which are patched after the time-frame between privately reporting to Microsoft and public disclosure (which is at-least a 90-day window for a malicious actor to find the vulnerability themselves and exploit it, and some time after public disclosure in case they weren't already aware, which can be anything from 1 to 5+ months).
Microsoft Office is constantly a target to the point that I do not even recommend people use it unless they really need to. Adobe Flash has always been a vulnerable little bugger, it's also constantly attacked. Java is also a big target, but the exploitation attacks have lowered down over time compared to Microsoft Office and Adobe Flash as far as I know.
Therefore, using an anti-executable solution alongside a reputable, well-made security solution which are both compatible with each other makes perfect sense to me. One solution will cover some areas and the other solution will cover other areas, it can work well depending on what type of user you are and your habits.
Moving on to mention network security, that part is mandatory really unless you want to be vulnerable to data ex-filtration. Even if you become compromised, you still have a game at preventing damage caused by the payloads present on the environment... The last thing you want is for your sensitive and personal data to be ex-filtrated back to an attacker's server. Network security will be the key to mitigating the damage of data ex-filtration attempts, so even if you use exploit mitigation and traditional Anti-Virus techniques with an anti-executable, network security is still important.
At the end of the day, there's nothing you can do to make yourself invincible. You can have all the money and technology in the world but you'll always be vulnerable one way or another. You can only put a determined hacker "off-guard" and swing them in the wrong direction (or try and identify who they are and take action prior to them being successful with their attack/s). There is NO silver bullet, that is just how it is... and it will be for the foreseeable future.
Use whatever meets your requirements/you are comfortable with and like using.
Last edited by a moderator:
