How to add self-protection to software lacking of it?

[RoboMan]

Is there a way, a software, whatsoever, to add self-protection to softwares who actually lack of it? Say VoodooShield. I find it a really good piece of software, but so far, has no self-protection, which actually makes it vulnerable to killswitchs. Are there programs that will protect other softwares?

 

[BoraMurdar]

I think it would need something like Veracode Runtime Protection
Veracode Runtime Protection

When a security event in an app occurs, RASP takes control of the app and addresses the problem. In diagnostic mode, RASP will just sound an alarm that something is amiss. In protection mode, it will try to stop it. For example, it could stop the execution of instructions to a database that appear to be a SQL injection attack.

Other actions RASP could take include terminating a user's session, stopping an application's execution, or alerting the user or security personnel.

Developers can implement RASP in a couple of ways. They can access the technology through function calls included in an app's source code, or they can take a completed app and put it in a wrapper that allows the app to be secured with a single button push. The first approach is more precise because developers can make specific decisions about what they want protected in the app, such as logins, database queries, and administrative functions.

Whichever method is used with RASP, the end result is like bundling a web application firewall with the application's runtime context. That close connection to the app means RASP can be more finely tuned to the app's security needs.

Here's some presentation, recorded with a potato probably

 

[danb]

Is there a way, a software, whatsoever, to add self-protection to softwares who actually lack of it? Say VoodooShield. I find it a really good piece of software, but so far, has no self-protection, which actually makes it vulnerable to killswitchs. Are there programs that will protect other softwares?

Great question... I do not believe there is, simply because self-protection is something that needs to be done internally. Basically, even if something like this existed, it would probably not be very effective.

But please do not worry, we will add self protection soon. I have delayed adding self-protection because I wanted to make sure the user could kill VS, just in case something went wrong. But now that VS is stable, I will be adding it soon... it is at the top of my list, along with the new web management console. Thank you!

Edit: I forgot to mention, with the exception of Adam's targeted script, VS is quite adept at protecting itself.

 

[danb]

I think it would need something like Vercode Runtime Protection
Veracode Runtime Protection



Here's some presentation, recorded with a potato probably

Hmm, very interesting, new to me, I will check it out for the heck of it.

 

[RoboMan]

Thanks both for the shares, will definitely take a look into that software. And thanks for the clarification, looking forward to see VS keep going higher

 

[SHvFl]

You can minimise the exposure but no way to have the same effect as a self protection from the developer build in his program. Checked your setup and only thing you can do is dump KeyScrambler and get something to isolate office/browser/pdf/etc(especially first 2). It will limit exposure a fair amount.

 

[Winter Soldier]

Basically it is Windows internals stuff, on 64bit systems Microsoft implemented a set of new API to intercept and eventually filter events and actions on object handles before they are actually executed by the kernel.

 

[floalma]

@danb :
You said :"because I wanted to make sure the user could kill VS". Could you give more details with an example ? I missed something.

 

[ncage]

Is there a way, a software, whatsoever, to add self-protection to softwares who actually lack of it? Say VoodooShield. I find it a really good piece of software, but so far, has no self-protection, which actually makes it vulnerable to killswitchs. Are there programs that will protect other softwares?

Not quite clear "what" your trying to protect it from but sandboxie would be good or emet (its been deprecated but it still works).

 

[RoboMan]

@danb :
You said :"because I wanted to make sure the user could kill VS". Could you give more details with an example ? I missed something.

Basically self-defense avoids anything, including the user, to kill the software's processes. This way, if malware targeted the security software and tried to kill its processes to not be detected, it wouldn't be allowed to do so because it would be self-protected. Dan so far wanted the user to be able to kill the process of VoodooShield if something went wrong because it was in beta stages. Correct me if i'm wrong.

 

[Cohen]

By definition, adding protection that isn't in the software itself isn't self-protection.

When I last checked the VoodooShield thread on Wilders, Dan was working on adding self-protection. I don't know if it's still being worked on or if it's been scrapped, though.

 

[HarborFront]

There are some pointers to note in having self-protection feature in security software

1) It may conflict with other software
2) Self-protection feature may need to be disabled before the security software can be uninstalled
3) Some users might like to fiddle with directories or registry keys so the option to enable/disable the self-protection feature should be there

 

[Sunshine-boy]

@RoboMan
hello
I think there is a section in comodo firewall which can help you for this
https://help.comodo.com/topic-72-1-284-3031-protected-files-and-folders.html
https://help.comodo.com/topic-72-1-451-4765-.html
Am I Wrong?

 

[danb]

@danb :
You said :"because I wanted to make sure the user could kill VS". Could you give more details with an example ? I missed something.

Sure... development for VS was an extremely long and difficult process because we have a lot of usability features and other moving parts that proved difficult to get them to all work together nicely. Basically, we had a lot of bugs to work out because I was trying to add too much stuff .

During that time, I did not want bugs to lock up peoples computer, or cause blue screens of death, so I never added self-protection, so they could easily kill VS if things went wrong. But now that VS is stable, I can add self-protection.

I hope that makes sense, but if not, please let me know!

On a side note...

The funny thing about VS, that a lot of people are not aware of... when we started VS 6 years ago, it was myself and 2 other devs, and a few other people. We all thought it would be a 4-5 month proposition, and it would be smooth sailing from there. Well, I am still friends with all of those guys, but they all gave up very early on. It is ridiculous how much stuff is involved and how many obstacles you have to overcome, just to make your software available... especially in a highly crowded endpoint market where deny-by-default products have never succeeded, and application control is a dirty word.

So I had a choice... I could either give up like they did, or I could keep pushing on. The ONLY thing that kept me going was the positive response and encouragement that I received from the various malware forums. When people say how much the "love" VS, it makes it all worth it, especially when it is extremely uncommon for anyone to use the L word when describing their security product.

And for that, I am eternally grateful to all of you guys.

If anyone watches the show Silicon Valley on HBO... that is not a comedy, it is a documentary . I am telling you... everything that could have gone wrong, went wrong. The struggles and obstacles were seemingly impossible. But now we are in the clear, and I am happy that members of the security community encouraged me to stick with it. So thank you guys!!! And this goes without saying, thank you to the wilders guys and wilderssecurity as well!!!

 

[_CyberGhosT_]

Ahhh, stop it lol
VS has earned it's place and continues to impress and amaze, you truly have a "one of a kind" here
and it is awesome to take this ride with you and your software.
Keep up the awesome work, and I too look forward to the changes and improvements headed to VS in
the not too distant future.

 

[_CyberGhosT_]

By definition, adding protection that isn't in the software itself isn't self-protection.

When I last checked the VoodooShield thread on Wilders, Dan was working on adding self-protection. I don't know if it's still being worked on or if it's been scrapped, though.

It was put on hold while he added and tweaked a few things is all brother

 

[Winter Soldier]

Ahhh, stop it lol
VS has earned it's place and continues to impress and amaze, you truly have a "one of a kind" here
and it is awesome to take this ride with you and your software.
Keep up the awesome work, and I too look forward to the changes and improvements headed to VS in
the not too distant future.

+1 GG Bro And I might add that only those who's programming know how hard it is to develop a software like that.

 

[_CyberGhosT_]

+1 GG Bro And I might add that only those who's programming know how hard it is to develop a software like that.

Exactly WS brother, and as you have seen even after that, there is much for him to still navigate.
He is honing his Jedi skillz lol

 

[danb]

Ahhh, stop it lol
VS has earned it's place and continues to impress and amaze, you truly have a "one of a kind" here
and it is awesome to take this ride with you and your software.
Keep up the awesome work, and I too look forward to the changes and improvements headed to VS in
the not too distant future.

Hehehe, how funny . Yeah, this has been one heck of a journey, and while it certainly had its dark moments, I would not trade this experience for anything.

The funny thing is... it all comes down to one very simple concept. The computer should be locked when it is at risk .

 

[danb]

BTW, I am totally unfamiliar with the whole "like" button thing.

I did not want to start liking posts, in fear of people being upset if I did not have the chance to like their post.

Please do not get me wrong, I LOVE the whole like button concept, but you get what I mean .