Video Intermission - VoodooShield Free 6.62 Test vs Fresh Malware Samples [League of Antivirus]

Status
Not open for further replies.
Source
https://www.youtube.com/watch?v=dWT9wyGLs30
Video created by
League of Antivirus

Shadowra

Level 17
Verified
Malware Tester
Sep 2, 2021
843
Hello :)

I watched the video yesterday when it came out.
Besides the music that I did not like (tastes and colors :D ), I did not understand why League Of has a moment deactivate Voodooshield to reactivate it after...
Maybe he wanted to see if Voodoo could block malwares after infection, but in case of patching process, not sure if he can catch up...

It is recommended to install Voodooshield on a CLEAN system, I admit I didn't understand his 2nd step of his test....
 

oldschool

Level 66
Verified
Top poster
Well-known
Mar 29, 2018
5,585
Mesmerizing Black And White GIF by xponentialdesign
Mesmerizing Homer Simpson GIF
Mesmerizing Acid Trip GIF by xponentialdesign
 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,633
Does VoodooShield have a Tamper Protection setting and if so, was it enabled for this video? I know OSArmor does, for one. Edit: I scanned thru the vid and was unable to tell--very briefly showed some general settings and that was it?
 

JoeN

Level 4
Verified
May 10, 2011
194
Sorry for any inconvenience, without FF this test will take forever (50p allows you to slow down the video) and music is royalty free. In this video first part is on Autopilot, and second half was on Smart mode. Please feel free to ask any question here or in the comment section.
 

Shadowra

Level 17
Verified
Malware Tester
Sep 2, 2021
843
Sorry for any inconvenience, without FF this test will take forever (50p allows you to slow down the video) and music is royalty free. In this video first part is on Autopilot, and second half was on Smart mode. Please feel free to ask any question here or in the comment section.

If I can give you an advice (because I also during the shooting, my videos are long), cut them in several parts :)
Don't accelerate everything in 5x, 1,50 or 2x is more than enough.
I don't know what editing software you use, but Filmora is easy to create parts during a test (what I use)
 

Andy Ful

Level 79
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
6,815
Nice demonstration of how VS looks and works. (y)

Of course, any such demonstration cannot be convincing about the real strength of the tested software.
The test is only consistent with the already known fact that any usable security software can be bypassed in some way. Sometimes, such tests can be also helpful for the vendor to improve the software.:)
Simply, we cannot compare the results with other good security programs. I found some other tests, but they were done on a different set of samples. The 10000 fresh samples are probably enough to see the real difference between very-good and only-good security products, when they are tested on exactly the same pule of samples at the same time.
Another problem is related to the diversity of samples - If I am not wrong, the EXE samples were used in the test. Nowadays, the EXE files are often the payloads. In the real world, most samples used in the test could be prevented by restricting scripts and CmdLines or parent-child restrictions (VS is very good in such things).
 
Last edited:

SecureKongo

Level 28
Thread author
Verified
Top poster
Well-known
Feb 25, 2017
1,724
Hey, @JoeN I think it would be pretty helpful for @danb if you could send the sample that caused the termination of the protection. I'm sure it will help him to improve VoodooShield's tamper protection.
 
Last edited:

danb

From VoodooShield
Verified
Top poster
Developer
Well-known
May 31, 2017
1,164
Hey guys, I watched some of the video and posted the following comment on youtube. Hopefully this clears up all of the confusion, but if it does not please let me know, and I will try to watch the entire video ;). I wish someone would convince that youtuber to now use crazy graphics that make the videos unwatchable.

Thank you for testing VS! VS is extremely difficult to test properly, but when I get a chance I will try to figure out what testing procedures in your video could be optimized. For example, malware did not disable VS. VS probably turned off due to user inactivity (not using the mouse or keyboard for 10 minutes). While testing, it is best to disable VS's auto deactivation feature. And it is also extremely important to reset the whitelist often... basically after every test. It is also important to make sure that the malware packs only contain actual malware. A lot of malware packs have benign files (for some odd reason), so these are not actually bypasses, they are actually correct verdicts. Thanks again!
 

Shadowra

Level 17
Verified
Malware Tester
Sep 2, 2021
843
The whole tone of this thread is going to be anti-League of Antivirus. The hive will say you are the problem, and not the software you tested. They will say your test is flawed, and the bypass you discovered is not legitimate.

Just keep an eye on the posts. It's already happening. Ad hominems and aspersions have been cast against you.

There is no slander, at least on my part.
Just misunderstandings, questions or whatever.

As I said a long time ago, I watch and subscribe to League Of Antivirus, and I also gave him advice above to improve.
I think the MalwareTips community is smart enough to give constructive criticism on a YouTubers or whatever ;) (and if ever there would be insults or something, the moderators would have already punished the protagonists)
 

Shadowra

Level 17
Verified
Malware Tester
Sep 2, 2021
843
Really ? You mean like how MTers bash PC Security Channel at every opportunity and any other video test by any other author they disagree with ?

The post history is public here. All one need do is look back at how the hive and fanbois behave here.

I don't think it's bashing, personally since I've been here, I've never seen it...
I've had people disagree with one of my videos for example, and the person in question was very courteous.

As I said before, the moderators would have already banned if there were insults or something else........
 

SecureKongo

Level 28
Thread author
Verified
Top poster
Well-known
Feb 25, 2017
1,724
The whole tone of this thread is going to be anti-League of Antivirus. The hive will say you are the problem, and not the software you tested. They will say your test is flawed, and the bypass you discovered is not legitimate.

Just keep an eye on the posts. It's already happening. Ad hominems and aspersions have been cast against you.
If you don't like the way people are behaving here on MT then why are you even taking the time to read through all of this? Nobody was saying that his testing failed or that he was faking the bypass. Stop making problems where there aren't any. The only thing people are criticising is the video editing.

Really ? You mean like how MTers bash PC Security Channel at every opportunity and any other video test by any other author they disagree with ?

The post history is public here. All one need do is look back at how the hive and fanbois behave here.
True that he is getting a lot of hate here, but that is his own fault for the most part. He has quite a big audience on Youtube and because of this some kind of responsibility. Testing AV's half-hearted like he does with Microsoft Defender just doesn't help anybody.
 

danb

From VoodooShield
Verified
Top poster
Developer
Well-known
May 31, 2017
1,164
The whole tone of this thread is going to be anti-League of Antivirus. The hive will say you are the problem, and not the software you tested. They will say your test is flawed, and the bypass you discovered is not legitimate.

Just keep an eye on the posts. It's already happening. Ad hominems and aspersions have been cast against you.
Are you willing to publicly state that malware did indeed disable VoodooShield, and that it was not VoodooShield's auto-deactivation feature that switched VoodooShield to OFF Mode?

OR

Are you willing to publicly state that all of the samples in the malware pack used in the League of Antivirus VoodooShield test were 100% verified malware?

OR

Are you willing to publicly state that the VoodooShield test performed by League of Antivirus was perfectly valid in every way, and that the suggestions made on this thread would not improve the validity of the test?

There is absolutely no hate here at all. All I see is people making suggestions on how League of Antivirus can improve the validity of their tests.
 

Andy Ful

Level 79
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
6,815
The whole tone of this thread is going to be anti-League of Antivirus.
It is not. Simply it is not possible to make reliable protection test in this way. Even the professional AV Labs are not able to do this in one test that lasts about one or two months. So even if one is a genius, the video test will be only a kind of demonstration of how the program works.
The critique in this thread is mainly directed to the wrong interpretation of the demonstration-test results, usually made not by the author but often by the observers.
If you are interested to extend your knowledge about testing problems then there are many resources available, for example:
https://www.amtso.org/documents/
https://antimalwaretesting.wordpress.com/testing-resources-2/
https://research.fit.edu/media/site...ficant-improvement-for-anti-malware-tests.pdf
https://strata.uga.edu/software/pdf/clusterTutorial.pdf
https://www.av-comparatives.org/wp-content/uploads/legacy/pdfs/statistics/somestats.pdf
https://malwaretips.com/threads/randomness-in-the-av-labs-testing.104104/

Anyone who has bothered to read these sources can understand that any video test cannot have much in common with protection testing.(y)
 
Last edited:
Status
Not open for further replies.