• Unlock forum

    Guest, you need to be a "Verified" member to post a new thread or reply in this forum.

danb

From VoodooShield
Verified
Developer
@danb,
There are not many people who dare to test VS against nasty tricks and unconventional attack methods. One of the reasons is the complexity of VS (which is good for security).
You should know that your reaction to such tests and the way you promoting VS can be other reasons. After our posts, I have the impression that I have done something wrong and wasted much time. So, I am sorry for that and will pass with testing. Regards.(y)
TONS of people have tested VS in the past, but they do so privately, and not in an effort to promote their own product... and there is never an issue.

I find it ridiculous that after I silently and privately notified you of two issues with H_C that I found in 10 minutes, you not only post a non-issue on the VS thread, but then criticize me for my “reaction to such tests and the way you promoting VS” on the VS thread. Please give yourself a break for a couple of days, then come back and read through the posts again, I think you might have a different perspective.

Please keep in mind that MT is a security forum where testing various security software and changing their security config is commonplace, and really what this MT’s is all about. You are just going to have to get used to it when users uninstall H_C so they can try other software, or return to their main software of choice. Please do not take it personally or get upset when they do so. If they like your software enough, they will typically return to using it again at some point.

We REALLY should stick to our own threads.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
...
If this is the case, you are absolutely correct, I would skip the KMD altogether and go with WDAC... it would be an AMAZING addition to H_C and SHW. In fact, assuming that WDAC can work with Windows Home and Pro, I am going to get started on "VS WDAC" today. We will still keep the KMD version as well because it is probably more flexible than a WDAC implementation, but if I find out otherwise and if WDAC can do everything that the KMD can do, we will ditch the KMD... but I HIGHLY doubt that is the case.
(y)
If you have some questions about adopting WDAC to Windows Home, then you can look at my threat:

But, I am afraid that In the present form, the WDAC is not an appropriate solution for home users. :(
 

danb

From VoodooShield
Verified
Developer
(y)
If you have some questions about adopting WDAC to Windows Home, then you can look at my threat:

But, I am afraid that In the present form, the WDAC is not an appropriate solution for home users. :(
That is a bummer, it would have been amazing, but I agree, it is soooo not practical in its current state.

As with everything, there is no free lunch and there is always a catch ;). The only way around these idioms is to do it yourself the way you want to do it. It is a little more work, but much more rewarding in the end.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
@danb,

Please post about the issues related to H_C in the H_C threat. You should post also the issues that you wrongly thought as issues for H_C. I insist that you should do this, because I never could reproduce those issues, and even you could not reproduce them (probably of 10 minutes you spent on finding them) when I asked you about the details. After our discussion about the above (several weeks ago), you insisted that I should also test VS because you did so with H_C.:unsure:

My report here has nothing to do with VS issues. The test I made was rather accidental after reading an interesting article about exploiting CMD command-lines. I was curious if VS and some other security solutions (including H_C) can protect the user. I reported the test result which showed that VS protection did very well (I was really impressed). In my first post, I suggested a minor improvement to the information included in the VS alerts. I did it on this thread because the VS users might be interested to discuss it. After some other tests, I noticed, that the improvement can be done also by modifying the VS command-line checking. I spent much time to make it easier for you to reproduce the test. You thanked me a few times, but it seems that your thanks were not straight because in fact any tester is treated by you as a potential enemy. I can see it, so I said that I will pass with testing VS. You have a great talent for changing people who like you into the people who do not like you.(y)

Edit.
I defended you and VS many times in the past, especially when you had a long break on MT. Your supposition that I did the test with hidden intensions is unacceptable. You should be ashamed of this.
 
Last edited:

danb

From VoodooShield
Verified
Developer
@danb,

Please post about the issues related to H_C in the H_C threat. You should post also the issues that you wrongly thought as issues for H_C. I insist that you should do this, because I never could reproduce those issues, and even you could not reproduce them (probably of 10 minutes you spent on finding them) when I asked you about the details. After our discussion about the above (several weeks ago), you insisted that I should also test VS because you did so with H_C.:unsure:

My report here has nothing to do with VS issues. The test I made was rather accidental after reading an interesting article about exploiting CMD command-lines. I was curious if VS and some other security solutions (including H_C) can protect the user. I reported the test result which showed that VS protection did very well (I was really impressed). In my first post, I suggested a minor improvement to the information included in the VS alerts. I did it on this thread because the VS users might be interested to discuss it. After some other tests, I noticed, that the improvement can be done also by modifying the VS command-line checking. I spent much time to make it easier for you to reproduce the test. You thanked me a few times, but it seems that your thanks were not straight because in fact any tester is treated by you as a potential enemy. I can see it, so I said that I will pass with testing VS. You have a great talent for changing people who like you into the people who do not like you.(y)

Edit.
I defended you and VS many times in the past, especially when you had a long break on MT. Your supposition that I did the test with hidden intensions is unacceptable. You should be ashamed of this.
I am not sure I can recognize a single truth in your entire statement.

How many times in the last couple of years have you posted that you were able to bypass VS, and then when I asked for you to post the bypasses, you refused to. Do 1). dll hijacking or 2). shortcut bypass ring a bell?

What are you talking about when you say that I was not able to reproduce anything? I even completely rebuilt the VM from scratch and was able to reproduce the vba bypass, it is all there in the PM. You could not get it to work because you did not have a license for Microsoft Office, so you even had me create the file and send it to you. Which honestly I thought you were just joking with me because surely you test H_C with Microsoft Office, right?

So the vba is the first one, and the second one we do not even need to test, because it is not a bypass, it is freaking gaping hole. Quite simply, web apps should never be able to call system space items unrestricted. Internet explorer should not be able to call conhost, cmd, ps, etc.

But keep in mind, these are just a few of the issues with H_C. Here is another… your AutoIt “code” is absolutely FULL of hacks rather than proper code. For example, the trick you used to update the whitelist without logging off is a total hack. A handful of hacks are okay, but at some point you have to draw the line.

I could care less if someone turns against me, it truly is their lost, and I can say that with 100% confidence because not once have I screwed someone over first, double crossed, or went behind someone’s back and started rumors. There have been a handful of people who used to be VS fans, but now have turned against me, but I assure you that it was nothing that I did or had control over. And I figured that if they were going to take someone else’s word over mine, then I want nothing to do with them anyway.

Besides, some people tend to get upset when VS does not work perfectly, simply because they absolutely love the concept of VS and the toggling computer lock, since it is so novel… like why has no one done this before. Also keep in mind that VS has orders of magnitude more users than H_C does, so I am not quite as accessible as you are, but I certainly do my best. But since you have so much more time than I do, you have the time to build stronger relationships with people on MT, and so of course your fans are going to side with you, even if you are completely wrong. It is honestly funny when they literally apologize for uninstalling H_C. It is the exact opposite with VS… they say stuff like “yeah guys, I’m just trying it out.” I am not here to build friendships, I am here to build a product, and if I meet some great people along the way, then that is all the better.

Don’t get me wrong, I completely understand how you feel when someone says things you do not like about H_C, exposes potential weaknesses or flaws in your product, or is deliberately intended to discredit your product. At the risk of sounding like Trump… No one knows that better than me ;). But ultimately it is something that you are going to have to get used to and while figuring out the best way to deal with it.

Now just imagine if what the haters were posting was demonstrably false and only served to defame your product (while promoting their product / their product of choice), and they do it over and over again for years, while enlisting their buddies to join in the “fun”. It is difficult to judge how anyone should react in this situation. But I can promise you, if you are this thin skinned now, and fly off the handle like this, and resort to personal attacks, then you have a very long rough road ahead.

As you requested, I disclosed the two items I found in the 10 minutes I tested H_C, so please grow up and stay on your threads.

Edit: It is worth noting that you were among the same group of people who used to troll me, so please do not make it seem like I argue with everyone, when in fact it is the same group.
 
Last edited:

Andy Ful

Level 62
Verified
Trusted
Content Creator
I am not sure I can recognize a single truth in your entire statement.

How many times in the last couple of years have you posted that you were able to bypass VS, and then when I asked for you to post the bypasses, you refused to. Do 1). dll hijacking or 2). shortcut bypass ring a bell?

What are you talking about when you say that I was not able to reproduce anything? I even completely rebuilt the VM from scratch and was able to reproduce the vba bypass, it is all there in the PM. You could not get it to work because you did not have a license for Microsoft Office, so you even had me create the file and send it to you. Which honestly I thought you were just joking with me because surely you test H_C with Microsoft Office, right?

So the vba is the first one, and the second one we do not even need to test, because it is not a bypass, it is freaking gaping hole. Quite simply, web apps should never be able to call system space items unrestricted. Internet explorer should not be able to call conhost, cmd, ps, etc.

But keep in mind, these are just a few of the issues with H_C. Here is another… your AutoIt “code” is absolutely FULL of hacks rather than proper code. For example, the trick you used to update the whitelist without logging off is a total hack. A handful of hacks are okay, but at some point you have to draw the line.

I could care less if someone turns against me, it truly is their lost, and I can say that with 100% confidence because not once have I screwed someone over first, double crossed, or went behind someone’s back and started rumors. There have been a handful of people who used to be VS fans, but now have turned against me, but I assure you that it was nothing that I did or had control over. And I figured that if they were going to take someone else’s word over mine, then I want nothing to do with them anyway.

Besides, some people tend to get upset when VS does not work perfectly, simply because they absolutely love the concept of VS and the toggling computer lock, since it is so novel… like why has no one done this before. Also keep in mind that VS has orders of magnitude more users than H_C does, so I am not quite as accessible as you are, but I certainly do my best. But since you have so much more time than I do, you have the time to build stronger relationships with people on MT, and so of course your fans are going to side with you, even if you are completely wrong. It is honestly funny when they literally apologize for uninstalling H_C. It is the exact opposite with VS… they say stuff like “yeah guys, I’m just trying it out.” I am not here to build friendships, I am here to build a product, and if I meet some great people along the way, then that is all the better.

Don’t get me wrong, I completely understand how you feel when someone says things you do not like about H_C, exposes potential weaknesses or flaws in your product, or is deliberately intended to discredit your product. At the risk of sounding like Trump… No one knows that better than me ;). But ultimately it is something that you are going to have to get used to and while figuring out the best way to deal with it.

Now just imagine if what the haters were posting was demonstrably false and only served to defame your product (while promoting their product / their product of choice), and they do it over and over again for years, while enlisting their buddies to join in the “fun”. It is difficult to judge how anyone should react in this situation. But I can promise you, if you are this thin skinned now, and fly off the handle like this, and resort to personal attacks, then you have a very long rough road ahead.

As you requested, I disclosed the two items I found in the 10 minutes I tested H_C, so please grow up and stay on your threads.
No comment.
Please post to the H_C thread about your POC, then I will explain to you why it is not a POC. I am serious. I can only warn you that this only prove that you do not have enough knowledge about Windows Policies. (y)
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
@danb
I am sorry. I have the talent to hurt people through words. I tried to avoid this and go away, but your comments did not give me a choice. I consider you as a good and smart guy in everything except promoting VS. I read many times your helpful posts in many threads.
I would like to recall to you our private discussions over several years starting from the EternalBlue exploit. Here are your words from a few weeks ago:
"Thank you, I see what you are saying, and in a way I agree this is a bypass…". For the information of VS users, this vector of attack can happen (in my opinion) only in targetted attacks in enterprises.

I never said that VS is not good. On the contrary, I said many times that it is very good, because I think so. I always try to present constructive critics. In the case of VS, my critical posts were not related to VS but to your claims that it can cover some vectors of attack. In my opinion, you are too much defensive about what VS can do.
Be safe.(y)
 
Last edited:

danb

From VoodooShield
Verified
Developer
@danb
I am sorry. I have the talent to hurt people through words. I tried to avoid this and go away, but your comments did not give me a choice. I consider you as a good and smart guy in everything except promoting VS. I read many times your helpful posts in many threads.
I would like to recall to you our private discussions over several years starting from the EternalBlue exploit. Here are your words from a few weeks ago:
"Thank you, I see what you are saying, and in a way I agree this is a bypass…". For the information of VS users, this vector of attack can happen (in my opinion) only in targetted attacks in enterprises.

I never said that VS is not good. On the contrary, I said many times that it is very good, because I think so. I always try to present constructive critics. In the case of VS, my critical posts were not related to VS but to your claims that it can cover some vectors of attack. In my opinion, you are too much defensive about what VS can do.
Be safe.(y)
If in fact I am overly defensive about VS, isn't that even more reason to not post a potential issue to the VS thread, but rather email me privately like I did for you? The funny thing is that you freaked out a thousand times worse than I ever did. Just please stop.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
If in fact I am overly defensive about VS, isn't that even more reason to not post a potential issue to the VS thread, but rather email me privately like I did for you? The funny thing is that you freaked out a thousand times worse than I ever did. Just please stop.
As you know I did it a few weeks ago and posted privately the potential issue. I did not posted to this thread any issue related to VS detection. On the contrary, I noticed that the detection in my short test was very good. Initially, I suggested some minor improvements related to alert information. A similar topic was already discussed publicly on another thread, when I defended VS against other members who thought that VS "is useless". If you can recall, after this discussion the person changed his opinion about VS (he was a smart guy).
https://malwaretips.com/threads/voodooshield-review-by-pcmag-india.99132/post-866189
https://malwaretips.com/threads/voodooshield-review-by-pcmag-india.99132/post-866303
Yet, from defending VS against unjust opinions it does not follow that I have to be blind to the potential vectors of attack. I can hold on my opinion of VS usefulness & strong protection, and any my critique related to overestimating its abilities.

@danb, I simply try to be objective. I do the same for every software, also for my applications (you could see this after reading the H_C manual).
 
Last edited:

danb

From VoodooShield
Verified
Developer
As you know I did it a few weeks ago and posted privately the potential issue. I did not posted to this thread any issue related to VS detection. On the contrary, I noticed that the detection in my short test was very good. Initially, I suggested some minor improvements related to alert information. A similar topic was already discussed publicly on another thread, when I defended VS against other members who thought that VS "is useless". If you can recall, after this discussion the person changed his opinion about VS (he was a smart guy).
https://malwaretips.com/threads/voodooshield-review-by-pcmag-india.99132/post-866189
https://malwaretips.com/threads/voodooshield-review-by-pcmag-india.99132/post-866303
Yet, from defending VS against unjust opinions it does not follow that I have to be blind to the potential vectors of attack. I can hold on my opinion of VS usefulness & strong protection, and any my critique related to overestimating its abilities.

@danb, I simply try to be objective. I do the same for every software, also for my applications (you could see this after reading the H_C manual).
BVLon changing his mind about VS probably had a lot less to do with you "defending" VS, and a lot more to do with him running and testing VS for a while. I encourage everyone to read through all of his posts on that thread so they can see what really happened. Long story short, BLVon did not like the name "VoodooShield" so he never tried it, but once he ran and tested it for a while and discovered how unique and powerful VS is, it was a COMPLETELY different story.

Can we please stick to our own threads now?
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
BVLon changing his mind about VS probably had a lot less to do with you "defending" VS, and a lot more to do with him running and testing VS for a while. I encourage everyone to read through all of his posts on that thread so they can see what really happened. Long story short, BLVon did not like the name "VoodooShield" so he never tried it, but once he ran and tested it for a while and discovered how unique and powerful VS is, it was a COMPLETELY different story.

Can we please stick to our own threads now?
This happened just as you described it. I and some other MT members defended VS at the beginning of this thread. Next, BLVon was smart enough to not insist on his initial opinion and tested VS more thoroughly to find out that he was wrong. Next, there was an interesting discussion about VS alerts and some other topics. All of this was constructive and reasonable.
I would like to end this discussion too.(y)
 

silversurfer

Level 63
Verified
Trusted
Content Creator
Malware Hunter
Top