Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield Latest
Message
<blockquote data-quote="vtqhtr413" data-source="post: 777574" data-attributes="member: 65229"><p><img src="https://calendarofupdates.org/Themes/default/images/post/xx.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong><a href="https://calendarofupdates.org/index.php?topic=770.msg9433#msg9433" target="_blank">Re: VoodooShield v4 STABLE Thread</a></strong></p><p>« <strong>Reply #1154 on:</strong> <strong>Today</strong> at 05:47:45 pm »</p><p></p><p>A lot of people think of VS as just another application whitelisting utility... and that aspect of VS would be absolutely true if all VS did was whitelist based on hash, and possibly path or file size. One of the many things that sets VS apart from other application whitelisting utilities is that it has many, many attribute checks on the whitelist... and one of the most important and easy to explain is the parent process check.</p><p></p><p>For example, cmd or powershell has the ability to be good or bad... and it all depends on the context of the item. And this is pretty much true with any process / executable, especially ones that are abused and vulnerable. So the reason you have several different items listed in the whitelist for the same process is because VS is simply whitelisting the context of each user action, so that it can later perform parent process path comparison when the item is later launched. As an example, you might want to manually launch cmd.exe, but you certainly do not want Chrome to launch it without your permission <img src="https://calendarofupdates.org/Smileys/default/wink.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" />.</p><p></p><p>Simply classifying individual files as good or bad, and adding the "good" ones to the whitelist, makes little sense to me, especially when (at least in theory), every file is vulnerable. VS considers the entire context of the user action to determine whether to allow the item or not.</p><p></p><p>VS 3.0 was quite robust, but VS 4.0 is even more secure, and this is one of the reasons why. So when someone says "Product X already has a whitelisting feature, so you do not need VS", they are simply unaware of VS's advanced features. It is partially my fault because I do not publish our entire playbook. This is particularity true when Product X's whitelisting feature is largely cloud based (I could write another book on this).</p></blockquote><p></p>
[QUOTE="vtqhtr413, post: 777574, member: 65229"] [IMG]https://calendarofupdates.org/Themes/default/images/post/xx.gif[/IMG] [B][URL='https://calendarofupdates.org/index.php?topic=770.msg9433#msg9433']Re: VoodooShield v4 STABLE Thread[/URL][/B] « [B]Reply #1154 on:[/B] [B]Today[/B] at 05:47:45 pm » A lot of people think of VS as just another application whitelisting utility... and that aspect of VS would be absolutely true if all VS did was whitelist based on hash, and possibly path or file size. One of the many things that sets VS apart from other application whitelisting utilities is that it has many, many attribute checks on the whitelist... and one of the most important and easy to explain is the parent process check. For example, cmd or powershell has the ability to be good or bad... and it all depends on the context of the item. And this is pretty much true with any process / executable, especially ones that are abused and vulnerable. So the reason you have several different items listed in the whitelist for the same process is because VS is simply whitelisting the context of each user action, so that it can later perform parent process path comparison when the item is later launched. As an example, you might want to manually launch cmd.exe, but you certainly do not want Chrome to launch it without your permission [IMG]https://calendarofupdates.org/Smileys/default/wink.gif[/IMG]. Simply classifying individual files as good or bad, and adding the "good" ones to the whitelist, makes little sense to me, especially when (at least in theory), every file is vulnerable. VS considers the entire context of the user action to determine whether to allow the item or not. VS 3.0 was quite robust, but VS 4.0 is even more secure, and this is one of the reasons why. So when someone says "Product X already has a whitelisting feature, so you do not need VS", they are simply unaware of VS's advanced features. It is partially my fault because I do not publish our entire playbook. This is particularity true when Product X's whitelisting feature is largely cloud based (I could write another book on this). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
