RansomOff 5.2017.101.7020 (Beta)

[Captain Awesome]

11 Apr 2017

• Modified installer to include better error checking and more robust restore point creation.
• Improved false positive detection.
• Fixed startup UI hang issue.
• General bug fixes.

 

[Evjl's Rain]

@HeiDef I had problems with this version
1/ ransomoff blocked okayfreedom VPN from installing and uninstalling. After closing Ransomoff tray icon, okayfreedom worked normally and was able to uninstall. During the installtion of okayfreedom, ransomoff blocked the main process
2/ after closing ransomoff, I could not open it again -> tried to reinstall, not successful -> I tried to open process explorer -> the VM was completely frozen and unusable. on my main desktop, CPU usage was constantly 50% (equivalent to 100% of the VM) -> forced rebooted -> BSOD loop -> the VM was completely dead and could never turn on again -> had to restore from a snapshot

updated:
after restoring from the snapshot, I tried to run process explorer again => system froze again
fortunately, I was able to identify the problem and no more BSOD seen
Ransomoff conflicted with process explorer and caused process explorer to use 100% CPU

 

[HeiDef]

@HeiDef I had problems with this version
1/ ransomoff blocked okayfreedom VPN from installing and uninstalling. After closing Ransomoff tray icon, okayfreedom worked normally and was able to uninstall. During the installtion of okayfreedom, ransomoff blocked the main process
2/ after closing ransomoff, I could not open it again -> tried to reinstall, not successful -> I tried to open process explorer -> the VM was completely frozen and unusable. on my main desktop, CPU usage was constantly 50% (equivalent to 100% of the VM) -> forced rebooted -> BSOD loop -> the VM was completely dead and could never turn on again -> had to restore from a snapshot

updated:
after restoring from the snapshot, I tried to run process explorer again => system froze again
fortunately, I was able to identify the problem and no more BSOD seen
Ransomoff conflicted with process explorer and caused process explorer to use 100% CPU
View attachment 146077

Thanks @Evjl's Rain. We'll build up a test VM to try to repro the issues and get back you soonest once we figure things out. We made some changes in the last few builds to prevent system processes from being injected so we have a feeling that's causing the Process Explorer issues.

For the BSOD loop, did it get as far as logging in or did the VM just crash even before Windows loaded?

 

[Evjl's Rain]

Thanks @Evjl's Rain. We'll build up a test VM to try to repro the issues and get back you soonest once we figure things out. We made some changes in the last few builds to prevent system processes from being injected so we have a feeling that's causing the Process Explorer issues.

For the BSOD loop, did it get as far as logging in or did the VM just crash even before Windows loaded?

windows crashed during boot (windows 7 logo was flying) so unbootable. I forgot to take a photo of the bluescreen

 

[HeiDef]

windows crashed during boot (windows 7 logo was flying) so unbootable. I forgot to take a photo of the bluescreen

Just to give a quick update. We believe we fixed the issues described by @Evjl's Rain and we were hoping to get an updated build out tonight but we'll likely push it until tomorrow to test it some more just to make sure.

 

[HeiDef]

We just posted version 5.2017.102.8559.

This should take care of the identified issues.

 

[Jogos]

We just posted version 5.2017.102.8559.

This should take care of the identified issues.

This version does not destroy the system?

 

[HeiDef]

This version does not destroy the system?

Well it is still beta but we hope not.

We believe that the BSOD issue you and @Evjl's Rain experienced was from a registry issue relating to the MBR protection driver when you attempted to uninstall RansomOff. We added additional checks to the installer to make sure all the conditions are met for an uninstall to work properly.

 

[Windows_Security]

Don't try Beta's without an image backup to fall back to. So glad I had an image backup when trying out V4, so I will pass on V5 for the moment

 

[Amelith Nargothrond]

Don't try Beta's without an image backup to fall back to. So glad I had an image backup when trying out V4, so I will pass on V5 for the moment

I'm subtle as a brick as always, and I apologize for this as I know it's not the most elegant approach, but I really can't help it. I now really have a (probably personal) problem with their slogan, combined with the results of the ones here on MT who took the time and tested the product. "The World's Most Advanced Anti-Ransomware Solution" gets released to the general public (true, as a beta) while:

1. There are/were several issues with the installation packages
2. There are/were several issues with the detection engine
3. There are/were several issues with the recovery part
4. There are/were several issues with the stability of the system after the product is installed

How can this be? A beta is a feature complete version of a software with minor bugs; this is the definition of beta software. This is far from a beta version, at most an alpha, but most probably a proof of concept. I don't understand the rush in releasing a software with such major issues. Where's the QA, management? It feels more like a one man company with every release, trying to do everything by himself. It's a security product, a complex one, guardian of valuable data, not a PlayStation game, how can anybody trust in the quality of future versions like this?

Please don't feel offended @HeiDef , I really and honestly mean well, regardless of my blunt feedback. There's potential here, but there's no room for such mistakes in this competitive world, even if the product is free (or especially?).

 

[HeiDef]

I'm subtle as a brick as always, and I apologize for this as I know it's not the most elegant approach, but I really can't help it. I now really have a (probably personal) problem with their slogan, combined with the results of the ones here on MT who took the time and tested the product. "The World's Most Advanced Anti-Ransomware Solution" gets released to the general public (true, as a beta) while:

1. There are/were several issues with the installation packages
2. There are/were several issues with the detection engine
3. There are/were several issues with the recovery part
4. There are/were several issues with the stability of the system after the product is installed

How can this be? A beta is a feature complete version of a software with minor bugs; this is the definition of beta software. This is far from a beta version, at most an alpha, but most probably a proof of concept. I don't understand the rush in releasing a software with such major issues. Where's the QA, management? It feels more like a one man company with every release, trying to do everything by himself. It's a security product, a complex one, guardian of valuable data, not a PlayStation game, how can anybody trust in the quality of future versions like this?

Please don't feel offended @HeiDef , I really and honestly mean well, regardless of my blunt feedback. There's potential here, but there's no room for such mistakes in this competitive world, even if the product is free (or especially?).

No offense taken. Few points though.

"Software in the beta phase will generally have many more bugs in it than completed software, as well as speed/performance issues and may still cause crashes or data loss." (Software release life cycle - Wikipedia)

That's a pretty good definition of where RansomOff is at now.

Had we not released RansomOff a few weeks ago we never would of gotten the feedback, primarily from the MT community, to get where we are now. There are probably still issues to be found but there are issues with all software even non-beta software. You can't test everything internally and need real-world feedback to work the kinks out. And where better than a message board full of enthusiasts willing to try out new things?

To your point about QA, management, etc. We are a small team and we all wear many hats. We also have other products and paying customers to support. So if it feels rushed that's just because we are trying to iterate as fast as we can and still support our other responsibilities.

We are doing this for free, for the betterment of computer security. We don't care if it's a competitive landscape because if it helps just a few people from having to pay a ransom then we are satisfied. If folks are not comfortable with using RansomOff after seeing the "sausage being made" then we understand but for those that continue to test and provide feedback so it becomes a better product we appreciate it.

 

[Amelith Nargothrond]

No offense taken. Few points though.

"Software in the beta phase will generally have many more bugs in it than completed software, as well as speed/performance issues and may still cause crashes or data loss." (Software release life cycle - Wikipedia)

That's a pretty good definition of where RansomOff is at now.

Had we not released RansomOff a few weeks ago we never would of gotten the feedback, primarily from the MT community, to get where we are now. There are probably still issues to be found but there are issues with all software even non-beta software. You can't test everything internally and need real-world feedback to work the kinks out. And where better than a message board full of enthusiasts willing to try out new things?

To your point about QA, management, etc. We are a small team and we all wear many hats. We also have other products and paying customers to support. So if it feels rushed that's just because we are trying to iterate as fast as we can and still support our other responsibilities.

We are doing this for free, for the betterment of computer security. We don't care if it's a competitive landscape because if it helps just a few people from having to pay a ransom then we are satisfied. If folks are not comfortable with using RansomOff after seeing the "sausage being made" then we understand but for those that continue to test and provide feedback so it becomes a better product we appreciate it.

I understand your point of view and I respect it, I really do, but I cannot agree with it. If it's of any value, here's my advice:

1. Do not consider the beta branch of your software (or any software) the way Wikipedia describes it, that's something in the past was valid, but not now; there are no such things as hangs and freezes of the client's OS after every 3rd installation, in a beta. Very rare and occasional "level 1 - critical" bugs are acceptable as long as they were unknown and are extremely difficult to reproduce.
2. Think about your clients/target. RansomOff will monetize Correlate, which is an enterprise-grade product, paid. Also, the tech in RansomOff, as you defined it on the website, is also present in Correlate. Now, if RansomOff freezes, crashes, has installation issues, misses popular samples, what would the Correlate client think? I'm not answering this, just think about it yourself.
3. Feedback is very important and MT is a great place for such a thing, but there is a fine line between testing the product with the general public at QA level and asking for feedback. I am repeating myself as I feel it is important: this is a security product and people rely on your software to guard their valuable family photos, office documents against ransomware attack, even if it's a beta. Ask anywhere else in the world (except IT forums) what is a beta and analyze their answers. Now mix RansomOff and its issues with their answers, also add the fact that RansomOff is available for download for free by anyone, and I'm sure you're already getting the bigger picture. For the IT crowd, also imagine as of how this could backfire on Correlate.
4. Your efforts are much appreciated and you should keep doing it. But you should care about the competition, if not for anything else but as a business model because if you are not selling Correlate, you will most probably be unable to support RansomOff development and support. Unless you are some very rich guy that has unlimited funds... but if not, at one point both RansomOff and Correlate will disappear and nobody will benefit from this, you also have to eat and pay off your employees, maybe even get richer (why not if you deserve it?).
5. Don't satisfy just a handful of IT enthusiasts with VMs, satisfy as many people as you can; then you will also feel real satisfaction

I didn't waste my time writing this just to show off, I also have hopes you know, otherwise, I would not be doing it, I do have stuff to do and earn my living. I'm telling you this because I want RansomOff to succeed. But, I will shut up from now on, I guess I already said too much. I will monitor your development from the background for my personal general knowledge.

Take care @HeiDef and all my best wishes to you, the team and the products!

 

[_CyberGhosT_]

No offense taken. Few points though.

"Software in the beta phase will generally have many more bugs in it than completed software, as well as speed/performance issues and may still cause crashes or data loss." (Software release life cycle - Wikipedia)

That's a pretty good definition of where RansomOff is at now.

Had we not released RansomOff a few weeks ago we never would of gotten the feedback, primarily from the MT community, to get where we are now. There are probably still issues to be found but there are issues with all software even non-beta software. You can't test everything internally and need real-world feedback to work the kinks out. And where better than a message board full of enthusiasts willing to try out new things?

To your point about QA, management, etc. We are a small team and we all wear many hats. We also have other products and paying customers to support. So if it feels rushed that's just because we are trying to iterate as fast as we can and still support our other responsibilities.

We are doing this for free, for the betterment of computer security. We don't care if it's a competitive landscape because if it helps just a few people from having to pay a ransom then we are satisfied. If folks are not comfortable with using RansomOff after seeing the "sausage being made" then we understand but for those that continue to test and provide feedback so it becomes a better product we appreciate it.

I feel ya brother, and appreciate what your trying to do, please know that
Having a long history in Beta and Alphaing gaming software then Security software I fully understand where your coming from and don't envy your work load.
I admire the dedication Dev's like yourself exhibit, Dan of VoodooShield and Jeremy of Bitsum are two more who constantly
have their noses to the grind like it's a olympic event lol. Not all dev's exhibit that passion and drive, those that do are rarely understood and
sometimes that's a good thing judging by some posts
Keep up the awesome work brother.