Nice to meet you WhyNot!
VS's whitelisting feature is quite different from all of the other whitelisting products. We have several proprietary and patented features that allows VS to do things that other products cannot do. Well, if they do, please let me know
. Anyway, VS is not actually an application whitelisting utility... it certainly shares some similarities, but it is much more appropriate to classify VS as a user-friendly toggling computer lock. There are not any other user-friendly toggling computer lock, so there is probably not a class to put VS in, which is probably why most people just classify it as an application whitelisting utility.
Let me explain how I came up with the idea / concept for VS, and that will help explain what VS is all about, and how it is so incredibly different from all of the other products. The night I came up with the idea, it was 3am and I was removing malware for 2 different clients on 2 different laptops. At that time, I had been a computer consultant for 13 years, and the one question people kept asking me over and over again was “I have antivirus software, how did I get a virus?”. For the longest time, it was difficult for me to explain to my clients why they were infected even though they had antivirus software installed. I knew innately why it was so… but I just could not put it into words… especially words that they would understand. I love my clients, but most of them are extreme computer novices, and they would never understand such things .
Anyway, it was 3am and I started removing the malware, and the first thing I did was to bring up the task manager so I could start investigating the malware. When I opened the task manager, the malware immediately killed it, and simply would not let me open the task manager or any other software. Out of pure frustration, I said out loud “man, if I could just do what the malware is doing to the computer / me, but be first, so that I was in control… then we would not have this problem”. So then I was thinking… man, we just need to take a snapshot of all of the running processes, and not let anything else start unless we allowed it. Then 20 seconds later I thought to myself… no, that would be a huge pain to have to manually allow everything… a fulltime lock is certainly not the answer.
Then a few minutes later, I was looking down at the clock because I knew it was getting late, and that is when I happened to imagine a desktop shield gadget / computer lock, that the user could manually click on the toggle the computer lock from OFF to ON. So then I was thinking… you know, there might be something to this.
Then another few minutes later, once I was actually able to start programs without the malware killing them, I opened a web browser, and out of shear coincidence, I happened to imagine the lock / desktop shield gadget toggling from OFF to ON as I opened a web browser. And I was like… “That’s it!!! Whenever I am doing something risky on the computer, it needs to be locked. Then when I am not doing anything risky, the protection will automatically toggle to OFF.”
So then I started to get excited about this concept and called an acquaintance (who was a developer for Hallmark Cards at the time) the next day to tell him the idea. He loved the idea and we got to work immediately on VS.
Keep in mind application whitelisting was very uncommon back then and there were very, very few application whitelisting products on the market. The only one that I heard about was Faronics Anti-Executable (there were others but they are no longer around)… and the only reason I heard about it was because our patent attorney found their patent during the patent search. Luckily the concept of VS did not infringe on their patent at all… and the reason is quite simple… VS is not an application whitelisting product… it is a toggling computer lock .
As far as global / cloud whitelisting is concerned… it is definitely a worthwhile security mechanism, but it certainly is nowhere nearly as effective as locking the computer. First, look at the link below… there are roughly 3.5 times the number of safe files compared to malware.
Statistics - VirusTotal
This cracks me up… the industry has been saying now for a very long time that “Antivirus cannot keep up with all of the new malware.” Ummm… if they cannot keep up with the blacklist or signatures, how are they going to keep up with a whitelist that is roughly 3.5 times larger? Not only that, but how do they absolutely guarantee that a file they are adding to the global cloud whitelist is 100% safe.
Also, keep in mind, I currently have 220 items on my whitelist (I just checked )… compare that to millions or billions of items on a global cloud whitelist. I mean, if you are a bouncer at a bar, you can handle 220 people… but you cannot handle millions or billions.
See, AV companies have malware detection machines (sandboxes) running 24x7 to continually analyze all of the new samples. These machines are quite similar to Cuckoo Sandbox, but I am certain that most of them are much more sophisticated and accurate. No offense to Cuckoo… it is a phenomenal product, but a lot of AV companies have a massive budget and research / development team that is able to create some really cool stuff.
But anyone who has been working with malware long enough will tell you that even the most sophisticated malware detection machines have limitations… severe limitations. This is equally true for the machine learning / Ai products. The cybersecurity companies also have malware researchers who supplement the automatic analysis performed by these machines, but it is a massive workload and they can never keep up. Not only that, but from my experience, all malware detection mechanisms can be tricked… including VoodooAi.
And since they can be tricked, if security is important enough to the end user, the only reasonable solution is to install a deny-by-default product, as opposed to an allow-by-default product. I prefer VS because it is not a constant lock as it offers the end user multiple levels of protection. Think of it this way… do you use an umbrella when it is not raining? No, that would be a huge pain, right? For the very same reason, computers should not be locked fulltime.
VS is the only product that is able to automatically and dynamically adjust the level of protection based on the end user’s activities. If the end user is engaging in risky behavior, the security product should be more aggressive (well, the computer should be locked). If the end user is playing Microsoft Solitaire, writing a letter, using Quickbooks, etc., the level of protection should be lowered.
Since its inception, the security industry has only focused on HOW users become infected, and as far as I know, VS is the only product that also focuses on WHEN the user becomes infected. Having said that… the security industry has come a very, very long way in the last 6-7 years, and there are tons of truly amazing products on the market now. They all offer one level of protection (unless the user manually changes a setting or disables the product), which is more than sufficient for when the end user is not engaging in a risky activity such as browsing the web or checking email. But when the user is engaging in risky activity, I think it is wise to automatically lock the computer with VS . Besides, VS complements all AV’s very, very nicely… and actually, with most AV products, when VS toggles to OFF, it should actually stop all protections and not block anything… and basically let the AV do its thing. At some point we will implement this, but a lot of users are now running just VS with Windows Defender, because it has improved drastically over the last couple of years… and basically, I am just being a little extra cautious for now.
So back to my originally story. If a user were to ask me today “I have antivirus software, how did I get a virus”, I would simply say… “because your computer was not locked when you were at risk”.
As far as your other questions / recommendations go…
- VS doesnt start every time anymore. Last Win 10 update could be the problem? Dan will fix?
This should be fixed in 4.51, but if not, please let me know!
- I would like to see ie "Voodooshield ver 4.50 in Smart Mode" when I hoover over the icons.
Interesting… do you mean when you hover over the desktop shield gadget? Thank you for the suggestion… we might be able to do something really cool with that .
- Can Malware be set to execute say one hour after arrival? If so, will Smart Mode protect me if I have shut down Chrome and Outlook and VS is Off? Is always ON the only way?
No… this should not be a concern. I guess technically someone could hack a website and create a timer that would fire in an hour or so, but this is highly unlikely. Besides, even when VS is OFF, it is VERY protective when it comes to web apps, and VS should easily block something like this. Now, if you are talking about a standard malware executable… remember, the executable has to run first in order to be able to start a timer .
Wow… longest post ever . Hopefully the other ones will go a little quicker . Thank you!
