VoodooShield new project: SimpleBackup

Back3

Level 8
Apr 14, 2019
362
I have just installed NeuShield free with F-Secure Safe. So far so good. I like that it protects OneDrive.

Capture.PNG
 
Last edited:

danb

From VoodooShield
Verified
Developer
May 31, 2017
878
I wonder how Neushield works with other solutions that offer rollbacks, such as Bitdefender, Kaspersky or Webroot... maybe it's time to create a new thread for it.
I wonder that as well... I am certain they have provisions for this and that it works quite well with other rollback tech. I played around with Neushield quite a bit and pretty much understand how it works now. Their main proprietary tech, Mirror Shielding, is very cool (and is certainly worthy of a new thread), and not what I originally had in mind for SimpleBackup. I was thinking more along the lines of a very simple, traditional backup product that would restore files quickly... like I was saying, kind of the kill two birds with one stone approach.
 

Gandalf_The_Grey

Level 46
Verified
Trusted
Content Creator
Apr 24, 2016
3,515
Regarding NeuShield, I hope you guys don't mind but as it may help folk who don't frequent Wilders I'll cross-post something I blathered about the other day:

"I took NeuShield Data Sentinel (free) for a quick dance and consider it quite nice for what it is. For those not familiar with this product, they state:

"does more than just detecting and blocking ransomware attacks. We’re the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup. Data Sentinel uses Mirror Shielding™ to protect files ensuring that you can instantly recover your important data from any ransomware attack."

Upon installation (which was done on a system with the bare minimum of resources, mimicking the biggest piece of junk one can imagine) the main application as well as a Service were created, neither of which were memory/CPU intensive. No tweaking of any sort was needed (nor possible).

The protection is specific for the usual suspects (the Folders- Documents, Music, Pictures, Desktop, Contacts, Games, Videos). Upon running diverse ransomware, although encryption occurred (remember this is not an anti-ransomware application), all files were able to be restored by opening up the GUI and clicking Revert for each of the folders and all the encypted items were deleted. The exception to this was some files (esp. executables) that were trashed by the malware were put into the Trash bin upon reverting (not a big deal as they could be readily reclaimed).

NeuShield does also have intrinsic protection against ransomware that mess with the MBR and this works well and prevents such manipulation. Unlike the Home and Biz versions, the free version does not have the ability to restore Windows System files, and although they say that all versions have: "Boot Protection Prevents ransomware from making your system unable to boot" I can assure you that it did not work against a little cutie that I coded especially to test this.

Finally, it is important to note that NeuShield will NOT protect files in Folders outside of those that I listed above, so this can be problematic with Fortress Class malware (those that will trash files of any type anywhere).

But other than that a rather interesting application that will coexist nicely with other security apps if one feels that their current setup may be lacking."

ps- Could be wrong here but I can't really think of any common security app that it wouln't play nice with.
It seems not to be compatible with some Windows buit-in features like Controlled Folder Access (Windows 10 ransomware protection) and File History (Windows 10 backup).
For CFA it is a great and probably better substitute, any recommendations for a simple backup program? @danb your new project?
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,615
I have just installed NeuShield free with F-Secure Safe. So far so good. I like that it protects OneDrive.

View attachment 253751
But does OneDrive need protection? I believe you are covered by Ransomware protection offered by OneDrive. If you get hit by ransomware, you can easily revery to a previous version of the affected files.
OneDrive, Koofr and Jottacloud support storing up to tens of versions of stored files. This is not only mean for ransomware protection, but it also helps you revert to previous version of a word file you mistakenly edited or removed parts of it.
For me I see no reason for using such tools as my precious data is always-on-sync. The resident protection offered by the security solution installed will suffice. You can go a step further and do regular backups. For me a system backup just saves me time not my files. It saves me from spending some hours doing a clean install, but my files are always in the cloud.
 

Lenny_Fox

Level 21
Verified
Oct 1, 2019
1,038
It's funny that you mention WLC and I started updating it last night... I have something in mind, it should be ready in a week or two ;). Trust me, you guys will love it.
:) Simple backup combined with WLC?

Only the exe's whitelisted in the cloud are allowed to write + delete the backed up data, all other exe's only have read access.

I would let Windows Defender Controlled Folder access protect my regular data (D partition with documents and M partition with media files) and let Simple Backup Shield backup and protect my backup drive (Q for quick backup, for which I now use Syncback Free). Free version of Simple Backup Shiled only provides the backup functionality, paid version also protects the backed up data.

Chances of a double fail (both WD controlled folder access and Simple Backup Shield bypassed) is near zero I would guess.

Am I right?
 

DDE_Server

Level 22
Verified
Sep 5, 2017
1,091
I believe neither! First, I believe most of the users who use VS are using it alongside another security solution, and Ransomeware recovery is most likely to be incorporated in these solutions. Second, VS should focus on preventing Ransomware from running in the first place rather remediating its damage. It should never be allowed to run. I’d love VS and other default-deny solution to be as light as possible and just do their job. I do not want any more features.

You surely can ask users if they need such a feature, and if you see reasonable demand, you can make it a standalone product. Thus, VS remains light and unbloated. Personally, I do not need this feature as my data are stored in the cloud and i can simply revert to previous version of the affected files.
i would recommend to add it in pro version and leave the free one as basic version without any non essential features :):)
 

Tutman

Level 10
Verified
Apr 17, 2020
470
I wonder that as well... I am certain they have provisions for this and that it works quite well with other rollback tech. I played around with Neushield quite a bit and pretty much understand how it works now. Their main proprietary tech, Mirror Shielding, is very cool (and is certainly worthy of a new thread), and not what I originally had in mind for SimpleBackup. I was thinking more along the lines of a very simple, traditional backup product that would restore files quickly... like I was saying, kind of the kill two birds with one stone approach.
Would Neusheild be a compliment to existing AV? Or would it clash in some cases if you have ransomware protection already in the AV?
 
  • Like
Reactions: Back3

danb

From VoodooShield
Verified
Developer
May 31, 2017
878
It seems not to be compatible with some Windows buit-in features like Controlled Folder Access (Windows 10 ransomware protection) and File History (Windows 10 backup).
For CFA it is a great and probably better substitute, any recommendations for a simple backup program? @danb your new project?
I actually could not find one so I figured I would write one. Originally SimpleBackup was going to be a 5-10 hour project just for fun, and so I could become even more accustomed to C# (even though it is quite similar to what I am used to). I used to use Mozy... it was amazing and simple. There was also a github project a while back that was pretty cool, but not exactly what I was looking for. Anyway, it will be ready in a couple of weeks, unless I get derailed with new idea tangents.
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
878
:) Simple backup combined with WLC?

Only the exe's whitelisted in the cloud are allowed to write + delete the backed up data, all other exe's only have read access.

I would let Windows Defender Controlled Folder access protect my regular data (D partition with documents and M partition with media files) and let Simple Backup Shield backup and protect my backup drive (Q for quick backup, for which I now use Syncback Free). Free version of Simple Backup Shiled only provides the backup functionality, paid version also protects the backed up data.

Chances of a double fail (both WD controlled folder access and Simple Backup Shield bypassed) is near zero I would guess.

Am I right?
Yeah, that is a big part of it ;). I actually have not spent a lot of time studying ransomware specifically, but I am really getting into it now. I always figured that there were a lot of people "working on it", and that someone would come up with a tech that would truly end ransomware as we know it.

And actually this all came about because of the encryption of quarantined folders feature in VS that @harlan4096 recommended. I was working on SimpleBackup and figured if we were going to upload the files to the cloud, we better encrypt them. Then one thing led to another, and now it is completely out of hand ;).

If anyone finds any bugs in VS, I will fix them first, but in the meantime, with C19 and it being cold outside, I am happy to have discovered a new "hobby"... its like solving a puzzle. It's fun.
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
878
Would Neusheild be a compliment to existing AV? Or would it clash in some cases if you have ransomware protection already in the AV?
I'm not sure at all because I do not know exactly how their tech works. I think in a nutshell, it is best to explain their tech from 50,000 feet as "volume shadow copy on steroids"... the same was VS is basically UAC on steroids. I can see where these techs might clash, but as I was saying, I am sure they are working on mitigations, assuming the incompatibilities are fixable. It certainly is a very, very cool tech, especially if it does not clash with anything. When I was testing it, it worked pretty much as advertised but there were certainly things that could be improved (as with any software ;)), and I am not sure if the minor issues were simple bugs in the software or systemic, non-fixable issues with the tech. I prefer a simple, tried and true approach (especially when it kills two birds with one stone) instead of something fancy, especially when it come to protecting your data.

Having said that, Neushield is very cool product and I am certain there are use cases for it. I think it is certainly worth trying to see if it works in your specific security setup.
 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
729
I think the beauty of Voodooshield is its simplicity- it performs one funtion extremely well. I think this is its unique selling point.

However, innovation is always good and it would be interesting to see where this simple backup project goes. On the face of it, perhaps it would be better to start this out as a entirely separate product to test the concept first ?
@danb I think @jetman is on to somethin' here. I would recommend (and you probably are doing this) that this project/product starts off totally separate.

I have been perfecting the code, for many, many months now ;). Has anyone seen any bugs?

I took a couple of days off but with C19 and it being cold outside I started to get a little bored. Ever since Mozy was discontinued, I always wanted to write my own backup app, so I started playing around with that. Then one thing led to another and I started working on the anti-ransom part.
Oh Mozy! I remember that product. Highly interested to see where this all goes! We should create a totally new thread for all things related to this new potential product development news. Exciting times Dan! Keep up the good work in everything you are doing.

You are helping the cyber security community @danb

~Brian
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
878
Thank you guys, I appreciate that! BTW, the new project is called DataDefender... it is basically a simple backup app with some pretty cool features. It should be ready in 2-3 weeks. Once you guys try the new app, we will figure out if any of the new features should be implemented into VS or not.
 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
729
Thank you guys, I appreciate that! BTW, the new project is called DataDefender... it is basically a simple backup app with some pretty cool features. It should be ready in 2-3 weeks. Once you guys try the new app, we will figure out if any of the new features should be implemented into VS or not.
Sweet!!!! Count me in @danb ! Looking forward to trying this out. So excited man!
 
Top