Battle VoodooShield or SecureAPlus?

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
VS is known to block things that it is not supposed to, even if they are whitelisted.
SAP has a problem with their servers being down sometimes.
Those are the biggest problems that stand out in my mind. Neither of them are real deal-breakers.
Question is: which one is more effective at protecting from malware?
 

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
Do you mean any/all unsigned are flagged as threat i.e unsafe by VAi?

I have few unsigned And were not flagged as threat i.e unsafe by VAi.
All unsigned I've tried to run VS detects as a threat. If you ran a few unsigned that weren't flagged as a threat that would suggest that I may have been wrong in thinking all unsigned are flagged as threats, but, yes, let me know what your findings are.
 
D

Deleted member 2913

All unsigned I've tried to run VS detects as a threat. If you ran a few unsigned that weren't flagged as a threat that would suggest that I may have been wrong in thinking all unsigned are flagged as threats, but, yes, let me know what your findings are.
Latest VS from Official website - VS 3.33 Beta Free Version
VS Mode - Always ON
Windows 10 64 Pro Anniversary Build Clean Install & Fully Updated
Windows Defender & Windows Firewall

Unsigned Test - VAi
Portable SubtitleEdit - Safe
Portable VidCoder 64 Bits - Be Careful
Installer DataRecoveryExpress - Unsafe
Installer FortCryptoExtension - Safe
Installer WindowsFirewallControl 4.7.2.0 - Safe
Portable DataLifeguardDiagnostics 1.28 WesternDigital - Suspicious
Installer Tally - Safe
Portable DnsJumper - Unsafe

Be Careful & Suspicious Verdict are little sensitive And its to let you know VAi find something suspicious So in settings I check the option to auto-allow files not detected as Unsafe by VAi (I have Pro version).

Attached are the screenshots
 

Attachments

  • Portable SubtitleEdit.png
    Portable SubtitleEdit.png
    24.6 KB · Views: 405
  • Portable VidCoder 64 Bits.png
    Portable VidCoder 64 Bits.png
    25.4 KB · Views: 415
  • Installer DataRecoveryExpress.png
    Installer DataRecoveryExpress.png
    25.6 KB · Views: 377
  • Installer FortCryptoExtension.png
    Installer FortCryptoExtension.png
    24.9 KB · Views: 432
  • Installer WindowsFirewallControl 4.7.2.0.png
    Installer WindowsFirewallControl 4.7.2.0.png
    24.4 KB · Views: 470
  • Portable DataLifeguardDiagnostics.png
    Portable DataLifeguardDiagnostics.png
    24.9 KB · Views: 406
  • Installer Tally.png
    Installer Tally.png
    25.9 KB · Views: 414
  • Portable DnsJumper.png
    Portable DnsJumper.png
    25 KB · Views: 396
D

Deleted member 2913

uninfected1,

VS Dev's reply -
VoodooAi relies on A LOT more than just the digital signature. Sometimes signing the file makes a big difference with Ai, sometimes it does not... it all depends on the other 40 or so features, and what their values are. Either way, developers should always sign their files because this is a factor in all malware engines.

If you look at UWT website, they clearly state: NOTE: Some security software may report it as being suspect. This is because the tweaker changes Windows system setting. Rest assured that it is a false-positive. You will have to add it to your exceptions list and allow it, if you trust us.

Ultimate Windows Tweaker 4 for Windows 10

In all fairness, I would suggest that in this case, VoodooAi rendered the correct verdict... even the developer is aware that this particular file "looks" like malware to av engines. Not to mention the fact that the files is not signed. I signed the file and analyzed it again with VoodooAi, and the result was 0.7196... so no matter how you slice it, this file just looks like malware. I would be disappointed in VoodooAi if it called it safe.

I am by no means suggesting that VoodooAi is absolutely perfect... if it were, there would be no reason to have the blacklist, or the VoodooShield application whitelisting component. For effective protection, you really need all three. Simply having a lock without any kind of file insight is pointless for the vast majority of users. The blacklist scan takes care of the known malware, and VoodooAi takes care of the unknown and zero days.

Also, keep in mind, VoodooAi is not quite as accurate with all of the lesser known utilities that computer enthusiast use, simply because they are not as well developed as some of the larger developers, like Microsoft, Adobe, Mozilla, etc. Then again, the vast majority of users do not use these files nearly as much as the products from the larger companies.

Here is a great example. If I develop a simple app that is essentially one line of code, and all it does as display a message box, VoodooAi will probably think that it resembles malware much closer than it resembles a well developed, useful application, that has many functions and many lines of code... simply because it does resemble malware more than it does a safe program. Most malware (something like 99%) are super small in size, because they essentially have only one purpose, so they are less complex and functional than safe programs.

This is just the way Ai works (and always will), and why it is so effective at stopping unknown and zero days... but also why it needs to be combined with a blacklist scanner just to be sure.

FixWin for Windows 10 tested safe with VoodooAi... probably because it is further along in development than an older version of FixWin.

Anyway, I just wanted to give you guys a little better understanding of how VoodooAi works. If you have any questions, please let me know!
 

ElectricSheep

Level 14
Verified
Top Poster
Well-known
Aug 31, 2014
655
uninfected1,

VS Dev's reply -
VoodooAi relies on A LOT more than just the digital signature. Sometimes signing the file makes a big difference with Ai, sometimes it does not... it all depends on the other 40 or so features, and what their values are. Either way, developers should always sign their files because this is a factor in all malware engines.

If you look at UWT website, they clearly state: NOTE: Some security software may report it as being suspect. This is because the tweaker changes Windows system setting. Rest assured that it is a false-positive. You will have to add it to your exceptions list and allow it, if you trust us.

Ultimate Windows Tweaker 4 for Windows 10

In all fairness, I would suggest that in this case, VoodooAi rendered the correct verdict... even the developer is aware that this particular file "looks" like malware to av engines. Not to mention the fact that the files is not signed. I signed the file and analyzed it again with VoodooAi, and the result was 0.7196... so no matter how you slice it, this file just looks like malware. I would be disappointed in VoodooAi if it called it safe.

I am by no means suggesting that VoodooAi is absolutely perfect... if it were, there would be no reason to have the blacklist, or the VoodooShield application whitelisting component. For effective protection, you really need all three. Simply having a lock without any kind of file insight is pointless for the vast majority of users. The blacklist scan takes care of the known malware, and VoodooAi takes care of the unknown and zero days.

Also, keep in mind, VoodooAi is not quite as accurate with all of the lesser known utilities that computer enthusiast use, simply because they are not as well developed as some of the larger developers, like Microsoft, Adobe, Mozilla, etc. Then again, the vast majority of users do not use these files nearly as much as the products from the larger companies.

Here is a great example. If I develop a simple app that is essentially one line of code, and all it does as display a message box, VoodooAi will probably think that it resembles malware much closer than it resembles a well developed, useful application, that has many functions and many lines of code... simply because it does resemble malware more than it does a safe program. Most malware (something like 99%) are super small in size, because they essentially have only one purpose, so they are less complex and functional than safe programs.

This is just the way Ai works (and always will), and why it is so effective at stopping unknown and zero days... but also why it needs to be combined with a blacklist scanner just to be sure.

FixWin for Windows 10 tested safe with VoodooAi... probably because it is further along in development than an older version of FixWin.

Anyway, I just wanted to give you guys a little better understanding of how VoodooAi works. If you have any questions, please let me know!

Very informative!:D I just learned something new there as I'm no coder or anything like that! Thanks for the post:cool:
 

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
uninfected1,

Here is a great example. If I develop a simple app that is essentially one line of code, and all it does as display a message box, VoodooAi will probably think that it resembles malware much closer than it resembles a well developed, useful application, that has many functions and many lines of code... simply because it does resemble malware more than it does a safe program.
Thanks a lot for looking into this. What you say is correct. This is exactly the kind of program VS flags up as a threat, simple apps often developed by forum members. One such example is one I regularly use to manage restore points, QRM Plus Manager, developed by a member of The Windows Club. Another example from Bleeping Computer, SecurityCheck, neither of them signed. I have allowed both as I am sufficiently satisfied they are not a threat.

PS - I'm using the free version of VS so lack the configurability you have with paid version.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top