Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield Latest
Message
<blockquote data-quote="danb" data-source="post: 916962" data-attributes="member: 62850"><p>VS already has an obstacle for unknowns, but I like the way [USER=32260]@Andy Ful[/USER] is thinking in that we should be able to enhance this in some way.</p><p></p><p>[ATTACH=full]250343[/ATTACH]</p><p></p><p>We also already have these options for business users...</p><p></p><p>- Require admin approval before letting the user allow new, non-whitelisted files (disables left click of VoodooShield)</p><p> - Analyze items the user wants to allow with Cuckoo Sandbox and post an alert in the Management Console</p><p></p><p>When UAC was announced as a new feature before the Windows Vista release in 2006, I was super excited because I was tired of my clients being infected with malware, and I was under the impression that it was going to solve the malware crises. UAC has come a very long way since then, but I personally believe it still lacks a lot of important features, such as file insight and user recommendations. When I first thought of the idea for VS several years later, I immediately realized that it was going to end up being an enhanced version of UAC, that was specifically designed to block malware. From what I remember, Microsoft's main purpose for UAC was to gently persuade devs to stop running everything as Admin, and it was not specifically designed as an antimalware mechanism.</p><p></p><p>The reason I mention this is because I think a lot of people misunderstand VS's purpose. Modern AV's are going to stop 95-99%+ of all malware. VS is designed to complement the AV by blocking potential malware pre-execution so as to give the user pause and a second chance of blocking malware, especially when they are just clicking away and not paying attention. Combined with an AV, VS provides an additional robust level of protection.</p><p></p><p>There are 2 possible scenarios that we should consider...</p><p></p><p>1. VS is blocking an item that the user is trying to run or install. In this case, the user thinks "ohhh, VoodooShield is blocking this thing I am trying to run", and they kind of chuckle. The reason I know this is because even to this day I hear this on the phone when helping a customer via remote when they download the remote software. And believe me, they chuckle. Every single time <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />.</p><p></p><p>2. The user is browsing the web or checking email and VS blocks something out of the blue (especially when just clicking away or not paying attention). The user simply thinks that VS blocked something from infecting their computer, so they just ignore the VS prompt and are happy that VS "saved them".</p><p></p><p>You can actually configure VS to lock everything down and to block everything without a single prompt, and there are other products that are designed to function this way as well. There are certainly use cases for a total lockdown, for example ATM and voting machines. But for endpoints that the user interacts with on a daily basis, I think most end users want their computer to be as usable as possible.</p><p></p><p>Having said all that, if anyone can think of a better secondary obstacle, I think it is certainly worth exploring.</p></blockquote><p></p>
[QUOTE="danb, post: 916962, member: 62850"] VS already has an obstacle for unknowns, but I like the way [USER=32260]@Andy Ful[/USER] is thinking in that we should be able to enhance this in some way. [ATTACH type="full"]250343[/ATTACH] We also already have these options for business users... - Require admin approval before letting the user allow new, non-whitelisted files (disables left click of VoodooShield) - Analyze items the user wants to allow with Cuckoo Sandbox and post an alert in the Management Console When UAC was announced as a new feature before the Windows Vista release in 2006, I was super excited because I was tired of my clients being infected with malware, and I was under the impression that it was going to solve the malware crises. UAC has come a very long way since then, but I personally believe it still lacks a lot of important features, such as file insight and user recommendations. When I first thought of the idea for VS several years later, I immediately realized that it was going to end up being an enhanced version of UAC, that was specifically designed to block malware. From what I remember, Microsoft's main purpose for UAC was to gently persuade devs to stop running everything as Admin, and it was not specifically designed as an antimalware mechanism. The reason I mention this is because I think a lot of people misunderstand VS's purpose. Modern AV's are going to stop 95-99%+ of all malware. VS is designed to complement the AV by blocking potential malware pre-execution so as to give the user pause and a second chance of blocking malware, especially when they are just clicking away and not paying attention. Combined with an AV, VS provides an additional robust level of protection. There are 2 possible scenarios that we should consider... 1. VS is blocking an item that the user is trying to run or install. In this case, the user thinks "ohhh, VoodooShield is blocking this thing I am trying to run", and they kind of chuckle. The reason I know this is because even to this day I hear this on the phone when helping a customer via remote when they download the remote software. And believe me, they chuckle. Every single time ;). 2. The user is browsing the web or checking email and VS blocks something out of the blue (especially when just clicking away or not paying attention). The user simply thinks that VS blocked something from infecting their computer, so they just ignore the VS prompt and are happy that VS "saved them". You can actually configure VS to lock everything down and to block everything without a single prompt, and there are other products that are designed to function this way as well. There are certainly use cases for a total lockdown, for example ATM and voting machines. But for endpoints that the user interacts with on a daily basis, I think most end users want their computer to be as usable as possible. Having said all that, if anyone can think of a better secondary obstacle, I think it is certainly worth exploring. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
