App Review Intermission - VoodooShield Free 6.62 Test vs Fresh Malware Samples [League of Antivirus]

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Status
Not open for further replies.
Content created by
League of Antivirus
JoeN

JoeN

Level 6
Verified
May 10, 2011
294
danb said:
Are you willing to publicly state that malware did indeed disable VoodooShield, and that it was not VoodooShield's auto-deactivation feature that switched VoodooShield to OFF Mode?

OR

Are you willing to publicly state that all of the samples in the malware pack used in the League of Antivirus VoodooShield test were 100% verified malware?

OR

Are you willing to publicly state that the VoodooShield test performed by League of Antivirus was perfectly valid in every way, and that the suggestions made on this thread would not improve the validity of the test?

There is absolutely no hate here at all. All I see is people making suggestions on how League of Antivirus can improve the validity of their tests.
Click to expand...

Hi @danb I was not aware that VoodooShield will be disabled by its own after certain time. Can this expose user to EternalBluelike attack when he is AFK? I didn't change anything in the setting, and most options are grayed out anyway.
 
  • Like
Reactions: tipo, Nevi and roger_m
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,102
burmr said:
The whole tone of this thread is going to be anti-League of Antivirus. The hive will say you are the problem, and not the software you tested. They will say your test is flawed, and the bypass you discovered is not legitimate.

Just keep an eye on the posts. It's already happening. Ad hominems and aspersions have been cast against you.
Click to expand...
Oh really?
new york GIF by Visit The USA
air help GIF by Robert E Blackmon
Desperately Seeking Susan Summer GIF

:LOL::LOL::LOL:
 
  • HaHa
  • Like
Reactions: Dave Russo, tipo, Kongo and 3 others
bribon77

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
burmr said:
The whole tone of this thread is going to be anti-League of Antivirus. The hive will say you are the problem, and not the software you tested. They will say your test is flawed, and the bypass you discovered is not legitimate.

Just keep an eye on the posts. It's already happening. Ad hominems and aspersions have been cast against you.
Click to expand...
I think you are wrong, there are only criticisms, "if you can call them criticisms", and it is the speed of the video because you can't understand it. In MT there is no bad feeling with anyone.:)
 
  • Like
  • Applause
  • +Reputation
Reactions: Dave Russo, tipo, Kongo and 3 others
danb

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,658
JoeN said:
Hi @danb I was not aware that VoodooShield will be disabled by its own after certain time. Can this expose user to EternalBluelike attack when he is AFK? I didn't change anything in the setting, and most options are grayed out anyway.
Click to expand...
Hey Joe, I just realized you were with LOAV. I am assuming you are asking about how VS blocks the command line in the Eternal Blue / Double Pulsar attack, which interrupts the attack chain. There is no easy way to answer this question that covers all possible malware attack scenarios, but hopefully this will answer your question, if not, please let me know.

First, VS's Dynamic Security Posture feature is much more than just simply toggling VS's locking mechanism ON and OFF (depending on if the user is engaging in risky activities or not). See, even when VS is OFF, certain protections are still enabled, and I believe this command line would be blocked when VS is OFF, but I would have to test to make absolutely sure. On the other hand, background events that are considered safe or low risk are automatically allowed when VS toggles to OFF so that these items are not blocked when the user is later engaging in risky activities and VS is ON. The goal is to automatically build the whitelist for the end user and to reduce the number of unwanted user prompts as much as possible.

Traditional static deny-by-default tech is just not practical for most users and can be a true pain. For example, why block your backup software when you are not even using the computer? (Not a great example, but you get the point). Dynamic Security Postures allows VS to automatically fine tune the security posture so that it better fits the endpoint's current state.

As far as traditional antivirus goes... think of your favorite traditional antivirus, and just imagine how much better it would be if it utilized Dynamic Security Postures. It would be more aggressive when it needed to be and less aggressive when it was able to be. This would drastically increase malware blocking efficacy while also drastically reducing false positives.

Operating systems are not static environments. They are highly dynamic. So why would anyone ever believe they could be properly protected with static security software and a single security posture?

So while VS's toggling feature might seem simple on the surface, it does a lot more than people realize. And now that we have combined Dynamic Security Postures with our new Contextual Engine, things get even cooler (which I hope to be able to explain soon). The whole goal is to answer the question... "should this event be blocked or should it be auto allowed?", obviously based on context and the state of the machine.

I hope to be able to explain how it all works within the next week or two, and how the Contextual Engine synergizes with Dynamic Security Postures. It is incredibly difficult to describe in words, but I will do my best ;).

These are just some of the reasons VS is incredibly difficult to test properly. Then again, VS was not designed to test, it was designed to lock the computer when the user is engaging in risky activities ;).

Having said all that, you can always disable the auto deactivation feature if it is a concern ;).

Thanks again for the test! If I can think of other malware testing tips I will let you know. Here is one... besides making sure that the malware pack samples are true malware, you might want to check the packs for duplicates as well. For some odd reason there are a lot of dups and benign samples in a lot of malware packs.
 
  • Like
  • +Reputation
  • Applause
Reactions: tipo, Kongo, roger_m and 4 others
Shadowra

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,295
burmr said:
The video evidence is pretty clear. The malware disabled Voodooshield protection and multiple system infections resulted.
Click to expand...

The malware has not deactivated the protection, Voodoo switches itself off in case of user's inactivity.
DanB even told you!
 
  • Like
  • Applause
Reactions: tipo, Nevi and roger_m
n8chavez

n8chavez

Level 17
Well-known
Feb 26, 2021
806
burmr said:
If that is the case, then it is 1000 times worse. A security software that disables itself and allows the system to become infected, all while the user is opening executable files.

Oh that's precious. That rates as an epic fail.
Click to expand...

You are aware that most people are not going to be testing VoodooShield against malware packs and that these kind s of test are in no way any indication of the average users' usage, right. Also, there are settings you can toggle to prevent diactivation. I'm assuming you know all that and you are just determined to be bitchy no matter what anyone says, so I'll leave you to that.
 
  • Like
  • +Reputation
  • Applause
Reactions: tipo, Kongo, Nevi and 2 others
Shadowra

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,295
burmr said:
If that is the case, then it is 1000 times worse. A security software that disables itself and allows the system to become infected, all while the user is opening executable files.

Oh that's precious. That rates as an epic fail.
Click to expand...

A failure?
No.
Voodooshield is not an Antivirus and never will be...
It is just a program that strengthens the security of the system.
And it doesn't leave the user without security, a trick of the mouse or something else and Voodoo wakes up directly.
DanB explained it to you twice, but you didn't read it...

I think you're here to denigrate MalwareTips, its members, Voodooshield and DanB's work to create sandbox dramas about a failure that doesn't exist...
You have to be able to read, but don't feel the troll 😉

Personnaly I use Voodooshield
 
  • Applause
  • Like
Reactions: tipo, Nevi, roger_m and 1 other person
Status
Not open for further replies.

Similar threads

NB InfoTech
    • Like
    • Love
App Review "Unveiling the Secrets: 360 Total Security vs Nano Antivirus - Which One Will Shield You Best?"
Replies
0
Views
434
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech
NB InfoTech
    • Like
App Review Kaspersky Standard Antivirus Review | Kaspersky Standard Antivirus vs 100 + 10 Malware Sample | 2023
Replies
0
Views
807
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech
RoxasDev
    • Like
    • Applause
    • +Reputation
App Review Avast Free 2023 - Test
Replies
1
Views
1,045
Video Reviews - Security and Privacy
Seandc33
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top