VoodooShield Review by PCMag India

[danb]

@danb here is what I posted earlier that you may have missed.

Thank you for reminding me... that's great to know. I should probably get a little more info from anyone who can help me reproduce the block because there are a few users who have reported a similar (or the same) block. So if anyone can give me the steps to reproduce I would greatly appreciate it.

 

[Digmor Crusher]

Dan, everytime I try to update Garmin Express VS throws up a warning.

 

[Arequire]

the "Automatically allow items that match a digital signature in the whitelist snapshot" does not apply to Microsoft sigs. We excluded Microsoft sigs until we are certain that they are not forged.

Ah. Didn't know that. Confusing block then.

 

[Andy Ful]

...
When it comes to endpoint protection, there are only a few options, and each has a valid use case.

1. Do not lock the endpoint at all and only rely on detection
2. Lock the computer full time
3. Lock the computer when it is at risk with VS

If there is another option I am missing that we can implement into VS, I would love to discuss the possibilities.
...

Nowadays, any user connected to the Internet is at risk. Many people do not run/open files from a friend's USB drive, but simply copy them to the hard drive and run/open them later (no USB drive connected). So, I do not see a significant difference between points 2 and 3.

A similar thing is true in businesses because the attack can be performed from the local network. Furthermore, many computers are disconnected from the Internet.

In fact, the VS protection (or similar) is required for full time.

 

[Freki123]

From memory since VS is not installed atm:
VS @ always on and agressive got lots of blocks from:
I think: macrium reflect (it was either updating it or it was downloading and installing a new rescue media to apply to bios),
For sure: adguard updates
That beeing said I still like the programm and the idea

 

[danb]

Dan, everytime I try to update Garmin Express VS throws up a warning.

Thank you for letting me know! I will try to download Garmin Express and see if I can reproduce the block.

 

[danb]

Ah. Didn't know that. Confusing block then.

Yeah, it is a confusing block. But I am sure there is a way to fix it, which might help fix other unnecessary blocks down the road, thank you!

 

[danb]

Nowadays, any user connected to the Internet is at risk. Many people do not run/open files from a friend's USB drive, but simply copy them to the hard drive and run/open them later (no USB drive connected). So, I do not see a significant difference between points 2 and 3.

A similar thing is true in businesses because the attack can be performed from the local network. Furthermore, many computers are disconnected from the Internet.

In fact, the VS protection (or similar) is required for full time.

Here is an analogy… think about emergency room doctors or people in the environmental field cleaning up environmental disasters. When they go to work, they are subject to serious exposure to viruses and chemicals so they wear a face mask, gloves and an entire array of other personal protective equipment. But when they are home with their families that level of PPE is not required, but they certainly still wash their hands and take other reasonable precautions.

Could you imagine if they were only afforded one security posture? That would mean that they would not be able to wear full PPE at work, because then that would mean that they would have to wear it at home as well, which would not only be a serious inconvenience at home, but it would also increase their exposure to viruses and chemicals at work.

For the same reason, when you are driving your car you should wear your seat belt. But when you are at the McDonald's drive through and you need to get your wallet out of your back pocket, you might need to undo your seat belt temporarily. But for the most part it is safe to not wear your seat belt at the drive through. If you had a seat belt that allowed you to access your wallet, then the seat belt by design would not be as effective.

The absolute vast majority of malware comes from the user browsing the web or checking email, but for the malware that does come from other sources, there are still protections in place when VS’s locking mechanism is OFF.

The one size fits all security posture model simply does not work for cybersecurity because it means that at any given time, the protections are either significantly more aggressive than they need to be or not aggressive enough. This also allows the locking mechanism to be even tighter than it would be able to be otherwise.

 

[danb]

From memory since VS is not installed atm:
VS @ always on and agressive got lots of blocks from:
I think: macrium reflect (it was either updating it or it was downloading and installing a new rescue media to apply to bios),
For sure: adguard updates
That beeing said I still like the programm and the idea

Thank you for letting me know! I believe 5.64 works great with Adguard but if this is not the case, someone please let me know! I am not sure about Macrium Reflect, I will have to test that unless someone knows for sure how 5.64 reacts to it.

 

[oldschool]

@danb does the security posture change automatically only in Smart mode?

 

[Andy Ful]

@danb
That is true that the user is in danger while browsing the Internet, and that about 90% of attacks are performed via emails (malicious URLs + attachments).
But, the fact is that many people start work by running a web browser and do not turn it off for most of the day. Many use web clients that start with Windows. So, they are at risk at full time. It means that VS will lock their computers full time, too. They will see more alerts, and this can be annoying to them.

 

[Terry Ganzi]

Dan can you please stop talking about the lock for a moment and tell the people who are watching and don't know, what this product actually protect people against.
Labels give people comfort no one is going to buy an or try a free product if they don't know for sure what it protect or defends against etc (files malware,Process Hollowing,Mimikatz,worms,Dll Hijacking) I think this is the first layer you should address to give people who come across this software the inclination to try it.
When i read most of V.S threads most people seems not to know what makes it a great or good option, all of them seems to know about the lock but most never use it.
Let's be real here if a program stops or hinders important processes or files, who in their right mind will still engage a lock on the said software? Next almost every product on this forum sells it self off of what the label,manual or dev say it can do, had not for cruel sister or peter form wilders V.S was not gracing my pc, I saw your vids but you made the product so to me it never count,but when an outsider that has knowledge on serious protect did a vid (C.S) that's when i activate the go for it switch because cruel sister advice is always solid,and I was watching you from day 1. Now you have no one of that caliber testing this software,no label or manual on the types of stuff it protects or defend against, so why will new people gravitate to it, this is some serious mine boggling stuff...............................Yet again foundation my friend Foundation.

Accountability this is what labels and manuals mean to a person, locks on software's are features,when a Dev labels his product it show a sign of accountability and authenticity also holding his self liable for or against anything related to said product.
What i need you to do is own it which entitle the above, so that the love for this product can't be easily polluted.

 

[Gandalf_The_Grey]

@danb
That is true that the user is in danger while browsing the Internet, and that about 90% of attacks are performed via emails (malicious URLs + attachments).
But, the fact is that many people start work by running a web browser and do not turn it off for most of the day. Many use web clients that start with Windows. So, they are at risk at full time. It means that VS will lock their computers full time, too. They will see more alerts, and this can be annoying to them.

That is very true and the reason I use VoodooShield in AutoPilot Mode.

 

[danb]

@danb does the security posture change automatically only in Smart mode?

Just to clarify for everyone reading, for the purposes of this discussion, when I say dynamic levels of protection / security posture, what I am really talking about is VS's mode. Obviously VS has the Security Posture setting as well and to a certain extent interacts with the VS Mode.

But to answer your question... as far as Web Apps that cause VS to toggle, yes, that only happens in Smart Mode. But for example, in Always ON mode, by default VS's locking mechanism with automatically deactivate after 10 minutes of user inactivity to automatically allow background processes and updates. It will also deactivate when a user goes to Control Panel / Programs and Features... and I need to have it do the same for Windows 10 Settings / Apps & Features. It used to do so, but there was a change in Windows 10, so I need to update this.

 

[simmerskool]

Dan, everytime I try to update Garmin Express VS throws up a warning.

FWIW I updated Garmin Express a few weeks ago, I don't recall getting an alert, but some chance I might have put VS in install mode when I saw Garmin wanted to update?? EDIT: or I might have put VS in learning mode...

 

[danb]

@danb
That is true that the user is in danger while browsing the Internet, and that about 90% of attacks are performed via emails (malicious URLs + attachments).
But, the fact is that many people start work by running a web browser and do not turn it off for most of the day. Many use web clients that start with Windows. So, they are at risk at full time. It means that VS will lock their computers full time, too. They will see more alerts, and this can be annoying to them.

Hey Andy, I completely understand your points and please do not take the following as me being defensive (especially the "irrelevant" part below ), I am just happy that we can discuss this so that everyone has a better understanding of what VS is all about and what we are aiming for.

The short answer is... I agree, if the user is browsing the web and checking email, the computer needs to be locked, even if they run a web app most of the time. Just like if you are a doctor that works 18 hour shifts, you will be wearing full PPE the entire time. Of if you are a truck driver you will be wearing your seat belt a lot more than the general population.

If after a few days of running VS in Smart Mode you want to switch to Always ON, that is perfectly reasonable. But I promise you, if I were to make it so VS only ran in Always ON from the time of initial installation, it would not be able to properly learn all of the actions and behaviors of all of the chain of events, and most likely the KMD would not even let the computer fully boot. The fact that this only happens once for each event chain (and subsequently remembers the event) is irrelevant... the only thing that matters is that it is able to do so at all. And still, in general, the only way to apply the most robust lock possible is to do so after all of the system processes are up and running.

And this discussion has been solely about automatic toggling... we have not even discussed manual toggling yet. The majority of computer novices have no idea how to right click on a tray icon to disable their security software. The whole point of VS is to provide the end user a TANGIBLE computer lock that automatically toggles when they are engaging in risky activities. VS is also there to comfort the user and to assure them that their computer is locked when they are about to click on something they are unsure of that might be suspicious. And even the most novice of users will not allow a new item after they click on a suspicious link and VS blocks something.

Some computers, like ATM machines, need to be locked full time. Computers that are not connected to the internet do not need VS at all... this is about the worst possible use case for VS. VS is intended for users who want a tangible automatic and manual toggling lock / gadget. Such a thing did not exist 8 or so years ago, so I built one .

 

[danb]

Dan can you please stop talking about the lock for a moment and tell the people who are watching and don't know, what this product actually protect people against.
Labels give people comfort no one is going to buy an or try a free product if they don't know for sure what it protect or defends against etc (files malware,Process Hollowing,Mimikatz,worms,Dll Hijacking) I think this is the first layer you should address to give people who come across this software the inclination to try it.
When i read most of V.S threads most people seems not to know what makes it a great or good option, all of them seems to know about the lock but most never use it.
Let's be real here if a program stops or hinders important processes or files, who in their right mind will still engage a lock on the said software? Next almost every product on this forum sells it self off of what the label,manual or dev say it can do, had not for cruel sister or peter form wilders V.S was not gracing my pc, I saw your vids but you made the product so to me it never count,but when an outsider that has knowledge on serious protect did a vid (C.S) that's when i activate the go for it switch because cruel sister advice is always solid,and I was watching you from day 1. Now you have no one of that caliber testing this software,no label or manual on the types of stuff it protects or defend against, so why will new people gravitate to it, this is some serious mine boggling stuff...............................Yet again foundation my friend Foundation.

Accountability this is what labels and manuals mean to a person, locks on software's are features,when a Dev labels his product it show a sign of accountability and authenticity also holding his self liable for or against anything related to said product.
What i need you to do is own it which entitle the above, so that the love for this product can't be easily polluted.

Thank you for your advice, that is certainly a different way of looking at things . Yes, I need to update our User Guide, and I will as soon as I get time. I also agree that there are not nearly as many malware testing videos as there were a couple of years ago. But to be honest, I would bet that less than 5% of our users read the User Guide or watch cybersecurity youtube videos. The absolute vast majority of our users come from cybersecurity pros at SMB's, IT consulting firms, and to a lesser extent enterprise, who let their buddies in the industry know about a relatively new product that happens to be a toggling computer lock. And most of these grassroots efforts are a result of a company being infected by malware and who are looking to lock things down a little more.

I do not believe our attorneys would allow me to specify exactly what attacks that VS protects against. And even if they did, since there are always exceptions, I would rather not make a promise that we cannot keep.

 

[BVLon]

@danb I am curious how do you identify "the risk factor"? Also, I agree that VS is quite intuitive and easy to pick up. It's just some very novice users might find it confusing. Any pro won't be needing a guide.

 

[danb]

FWIW I updated Garmin Express a few weeks ago, I don't recall getting an alert, but some chance I might have put VS in install mode when I saw Garmin wanted to update?? EDIT: or I might have put VS in learning mode...

Interesting... I actually have a Garmin that needs to be updated, so I will do that when I have time, thank you!

 

[danb]

@danb I am curious how do you identify "the risk factor"? Also, I agree that VS is quite intuitive and easy to pick up. It's just some very novice users might find it confusing. Any pro won't be needing a guide.

Well, by far the main risk factor is the user browsing the web and checking email, but if there are others that people can think of, we certainly should talk about and consider them. When we first started, we played around with network activity as a risk factor, but it was not reliable at all (for obvious reasons with the benefit of 20/20).

You would be shocked how well complete novices take to VS. They do not overthink VS like a lot of people do. All they know is that they now have a toggling computer lock, and the vast majority completely understand the general concept in a few minutes. There are a small percentage of people who might struggle with it a little initially, but at least they are protected, and by the time they learn to allow a new non-whitelisted item, they pretty much have the hang of it.

I have to take Gracie to the park before it gets dark, everyone enjoy your weekend!