Video Intermission - VoodooShield Free 6.62 Test vs Fresh Malware Samples [League of Antivirus]

Status
Not open for further replies.
Source
https://www.youtube.com/watch?v=dWT9wyGLs30
Video created by
League of Antivirus

JoeN

Level 4
Verified
May 10, 2011
194
Are you willing to publicly state that malware did indeed disable VoodooShield, and that it was not VoodooShield's auto-deactivation feature that switched VoodooShield to OFF Mode?

OR

Are you willing to publicly state that all of the samples in the malware pack used in the League of Antivirus VoodooShield test were 100% verified malware?

OR

Are you willing to publicly state that the VoodooShield test performed by League of Antivirus was perfectly valid in every way, and that the suggestions made on this thread would not improve the validity of the test?

There is absolutely no hate here at all. All I see is people making suggestions on how League of Antivirus can improve the validity of their tests.

Hi @danb I was not aware that VoodooShield will be disabled by its own after certain time. Can this expose user to EternalBluelike attack when he is AFK? I didn't change anything in the setting, and most options are grayed out anyway.
 

oldschool

Level 66
Verified
Top poster
Well-known
Mar 29, 2018
5,585
The whole tone of this thread is going to be anti-League of Antivirus. The hive will say you are the problem, and not the software you tested. They will say your test is flawed, and the bypass you discovered is not legitimate.

Just keep an eye on the posts. It's already happening. Ad hominems and aspersions have been cast against you.
Oh really?
new york GIF by Visit The USA
air help GIF by Robert E Blackmon
Desperately Seeking Susan Summer GIF

:LOL::LOL::LOL:
 

bribon77

Level 35
Verified
Top poster
Well-known
Jul 6, 2017
2,418
The whole tone of this thread is going to be anti-League of Antivirus. The hive will say you are the problem, and not the software you tested. They will say your test is flawed, and the bypass you discovered is not legitimate.

Just keep an eye on the posts. It's already happening. Ad hominems and aspersions have been cast against you.
I think you are wrong, there are only criticisms, "if you can call them criticisms", and it is the speed of the video because you can't understand it. In MT there is no bad feeling with anyone.:)
 

danb

From VoodooShield
Verified
Top poster
Developer
Well-known
May 31, 2017
1,163
Hi @danb I was not aware that VoodooShield will be disabled by its own after certain time. Can this expose user to EternalBluelike attack when he is AFK? I didn't change anything in the setting, and most options are grayed out anyway.
Hey Joe, I just realized you were with LOAV. I am assuming you are asking about how VS blocks the command line in the Eternal Blue / Double Pulsar attack, which interrupts the attack chain. There is no easy way to answer this question that covers all possible malware attack scenarios, but hopefully this will answer your question, if not, please let me know.

First, VS's Dynamic Security Posture feature is much more than just simply toggling VS's locking mechanism ON and OFF (depending on if the user is engaging in risky activities or not). See, even when VS is OFF, certain protections are still enabled, and I believe this command line would be blocked when VS is OFF, but I would have to test to make absolutely sure. On the other hand, background events that are considered safe or low risk are automatically allowed when VS toggles to OFF so that these items are not blocked when the user is later engaging in risky activities and VS is ON. The goal is to automatically build the whitelist for the end user and to reduce the number of unwanted user prompts as much as possible.

Traditional static deny-by-default tech is just not practical for most users and can be a true pain. For example, why block your backup software when you are not even using the computer? (Not a great example, but you get the point). Dynamic Security Postures allows VS to automatically fine tune the security posture so that it better fits the endpoint's current state.

As far as traditional antivirus goes... think of your favorite traditional antivirus, and just imagine how much better it would be if it utilized Dynamic Security Postures. It would be more aggressive when it needed to be and less aggressive when it was able to be. This would drastically increase malware blocking efficacy while also drastically reducing false positives.

Operating systems are not static environments. They are highly dynamic. So why would anyone ever believe they could be properly protected with static security software and a single security posture?

So while VS's toggling feature might seem simple on the surface, it does a lot more than people realize. And now that we have combined Dynamic Security Postures with our new Contextual Engine, things get even cooler (which I hope to be able to explain soon). The whole goal is to answer the question... "should this event be blocked or should it be auto allowed?", obviously based on context and the state of the machine.

I hope to be able to explain how it all works within the next week or two, and how the Contextual Engine synergizes with Dynamic Security Postures. It is incredibly difficult to describe in words, but I will do my best ;).

These are just some of the reasons VS is incredibly difficult to test properly. Then again, VS was not designed to test, it was designed to lock the computer when the user is engaging in risky activities ;).

Having said all that, you can always disable the auto deactivation feature if it is a concern ;).

Thanks again for the test! If I can think of other malware testing tips I will let you know. Here is one... besides making sure that the malware pack samples are true malware, you might want to check the packs for duplicates as well. For some odd reason there are a lot of dups and benign samples in a lot of malware packs.
 

n8chavez

Level 8
Well-known
Feb 26, 2021
394
If that is the case, then it is 1000 times worse. A security software that disables itself and allows the system to become infected, all while the user is opening executable files.

Oh that's precious. That rates as an epic fail.

You are aware that most people are not going to be testing VoodooShield against malware packs and that these kind s of test are in no way any indication of the average users' usage, right. Also, there are settings you can toggle to prevent diactivation. I'm assuming you know all that and you are just determined to be bitchy no matter what anyone says, so I'll leave you to that.
 

Shadowra

Level 17
Verified
Malware Tester
Sep 2, 2021
836
If that is the case, then it is 1000 times worse. A security software that disables itself and allows the system to become infected, all while the user is opening executable files.

Oh that's precious. That rates as an epic fail.

A failure?
No.
Voodooshield is not an Antivirus and never will be...
It is just a program that strengthens the security of the system.
And it doesn't leave the user without security, a trick of the mouse or something else and Voodoo wakes up directly.
DanB explained it to you twice, but you didn't read it...

I think you're here to denigrate MalwareTips, its members, Voodooshield and DanB's work to create sandbox dramas about a failure that doesn't exist...
You have to be able to read, but don't feel the troll 😉

Personnaly I use Voodooshield
 
Status
Not open for further replies.