VoodooShield Review by PCMag India

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb

If there are any danger than tweaking VS to detect more PUPs would increase the false positives, then in my opinion it might be best to not do so. Seeing as VS from I recall is still design to run alongside a competent AV. Let the AV deal with pups and VS with much more dangerous malware.
Exactly, that is one of the concerns and I agree, we do not want to increase the false positives. Yeah, VS focus has always been on the more dangerous malware. We can pretty much leave it the way it is, but if I am able to tweak it a little without increasing the false positives, I certainly will... but it is going to be difficult to do. Thank you!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb VS is a great product, thanks for all your work! I also asked @danb to check my license because I wasn't sure if it was active still and this guy gives me 3 years for free. Who does that?
Maybe bent needs a permaban if it's this guy stalking Dan.
Thank you guys for all of your help as well!
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Just keep doing what you're doing, because you are doing good!
@danb Hi Dan, great to see you here 👍
Like @shmu26 says, just keep doing what you're doing and don't get upset about the people that don't understand or don't want to understand VS.
It would be great if we can continue to discuss VS here without any personal attacks.
Personal attacks are such a waste of (precious) time :rolleyes:
 
F

ForgottenSeer 69673

hi dan, good to see you again. I have the same two files wlc does not like every time I get a new insider build.
ScreenHunter_146 Mar. 18 08.42.jpg
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb Hi Dan, great to see you here 👍
Like @shmu26 says, just keep doing what you're doing and don't get upset about the people that don't understand or don't want to understand VS.
It would be great if we can continue to discuss VS here without any personal attacks.
Personal attacks are such a waste of (precious) time :rolleyes:
Thank you Gandalf_The_Grey! It was always the same group of individuals responsible for the attacks and it looks like they are not around anymore, so we should be good to go!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
hi dan, good to see you again. I have the same two files wlc does not like every time I get a new insider build. View attachment 235040
Thank you for letting me know! I will have to think about how to fix this, but probably the best fix is to do a clean install of all of the insider builds as they are released, and then add all of the files to WLC.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@BVLon

I agree that our graphic design needs serious attention all around, and we will certainly address that soon. I also agree that at some point we should consider a trial version and rework the Free / Pro features, but it is working well for us for now, so while these are all items that need to be addressed, I am more concerned with a few other items, listed below.

From one of your previous posts, it appears that you genuinely understand the concept of VS, and that it is basically a tangible computer lock that offers dynamic levels of protection / security postures, and essentially locks the computer when it is at risk. A lot of people do not understand this core concept, so I am quite excited to see what suggestions you might have regarding the usability and protection capabilities of our toggling lock / dynamic levels of protection tech. A lot of users have offered suggestions along the way that has had a big positive impact on VS's usability and protection, so I would love to hear even more suggestions on how we can continue to refine VS.

It might help to think in the following terms. Take any traditional or next gen AV (including Windows Defender) and add an additional layer of protection that automatically locks the computer with dynamic levels of protection when it is at risk, and only allows the items on the tiny, customized whitelist while the user is engaged in risky activity. Then when the user is not engaged in risky activities, VS can be safely building the tiny, customized whitelist in the background so that the next time VS automatically toggles to a more aggressive level of protection, it will have automatically learned what safe items not to block. In other words, imagine your favorite traditional or next gen AV, then imagine it had the capability to automatically toggle to a more aggressive security posture when you are engaging in risky activity. That is what we are aiming for. I look forward to your suggestions, thank you!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I agree. Elements of Insider builds look uncertain to WLC so I would disable "Create firewall rules for unsafe items", just for starters.
Yes, that probably is wise to disable this feature by default. Then if someone wants to enable it later they certainly can. I am going to fix this right now, thank you!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb the alerts can be improved, they should be a bit more friendly and informative. I can design suggestions, but I am not home atm
Thank you, I would appreciate that a lot! I think our prompts are pretty good, like I would give them a C, but they need to be an A ;). They explain to the user what action to take, but we need to make sure the user reads the recommendation... which from working with local customers, not all of them read the entire prompt. Usually they know what action to take because otherwise they would not have clicked on the mini prompt first, but either way, we need to have amazing prompts.
 
B

BVLon

@BVLon

I agree that our graphic design needs serious attention all around, and we will certainly address that soon. I also agree that at some point we should consider a trial version and rework the Free / Pro features, but it is working well for us for now, so while these are all items that need to be addressed, I am more concerned with a few other items, listed below.

From one of your previous posts, it appears that you genuinely understand the concept of VS, and that it is basically a tangible computer lock that offers dynamic levels of protection / security postures, and essentially locks the computer when it is at risk. A lot of people do not understand this core concept, so I am quite excited to see what suggestions you might have regarding the usability and protection capabilities of our toggling lock / dynamic levels of protection tech. A lot of users have offered suggestions along the way that has had a big positive impact on VS's usability and protection, so I would love to hear even more suggestions on how we can continue to refine VS.

It might help to think in the following terms. Take any traditional or next gen AV (including Windows Defender) and add an additional layer of protection that automatically locks the computer with dynamic levels of protection when it is at risk, and only allows the items on the tiny, customized whitelist while the user is engaged in risky activity. Then when the user is not engaged in risky activities, VS can be safely building the tiny, customized whitelist in the background so that the next time VS automatically toggles to a more aggressive level of protection, it will have automatically learned what safe items not to block. In other words, imagine your favorite traditional or next gen AV, then imagine it had the capability to automatically toggle to a more aggressive security posture when you are engaging in risky activity. That is what we are aiming for. I look forward to your suggestions, thank you!
I'll download VS and play with it properly. The concept itself is perfect and you operate in a non-oversaturated field (unlike traditional AVs and second-opinion scanners). It's just the whole implementation and the way this seemingly simple, but otherwise complicated stuff (let's call it that way) is communicated to the user. I'll have a look at the software's capabilities again soon. :)
If you have a look at other reviews and comments I've made, I am mostly focused on user experience and I consider this to be the most important part of any software.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Before I forget, one of the most confusing elements of VS is the ON / OFF indicator on our desktop shield gadget. Essentially, the ON / OFF indicates whether the actual locking mechanism is ON or OFF at any given time, but this is very confusing to a lot of people. I think the best way to clarify this for the users would be to add a tiny lock icon / unlocked icon above the ON / OFF indicator, so basically it would be indicating Lock ON / Lock OFF. I am just finishing up the app to upload the new versions of Windows files to WLC, and once I finish I will start playing with this and it will be included in the next release. If you guys have any suggestions on how we can make it even better, please let me know.

As far as dynamic levels of protection / security postures goes, it actually gets even a little more interesting when you realize all of the benefits it provides. I will be a brief as possible because this could easily turn into a novel.

Windows Defender and other AV products have come a very long way the last few years, but they all have one thing in common. They focus solely on what causes an endpoint to become infected and do not even consider why an endpoint is infected. In other words, the industry focus has been on detecting malware or malicious actions (such as signatures, behavior, heuristics, ML/Ai etc.), which is what causes the system to become infected. Instead, what VoodooShield does is focus on why the system is infected. In almost all cases, the system was infected because the user was browsing the internet or checking email and they stumbled upon a malicious link or attachment.

VoodooShield solves this issue simply by offering dynamic levels of protection, based on the user’s current activities. All other traditional and next gen AV are only able to provide one static, constant level of protection. The end result is that these security products are not aggressive enough when they need to be and are over aggressive when they should not be. Sure, you can manually adjust the settings, but it is still a single, constant security posture.

The other thing that is pretty cool about toggling / dynamic levels of protection is that it is capable of creating the absolute most robust locking mechanism in the industry, which is something that most people completely overlook. Basically, security products that lock the computer full time can only make the locking mechanism so aggressive before it starts to cause serious issues, like quite possibly the computer not even being able to boot. But when you start at a lower security posture, and automatically toggle to a high security posture, you can lock the heck out of the machine, especially since it has already learned what not to block.

Which brings me to my final point. VoodooShield works by monitoring the actions and behaviors of all of the chain of events that occur on a system. For example, web browsers should be able to call Conhost.exe, but malware should not be able to. If you whitelist the entire C drive to build the initial whitelist, you are not able to utilize this type of “chain of events” mechanism. And what is even cooler, this also allows VS to protect essentially all of the Windows processes “out of the box” with this mechanism… not just the known vulnerable processes, especially since every couple of months the bad guys find a new vulnerable process / sponsor to exploit. If you protect essentially all of the Windows processes, you do not have to worry about adding new Windows vulnerable processes / sponsors to protected vulnerable app list.

And all of this is possible because VS automatically toggles between aggressive and relaxed security postures, based on the current user activity. Just imagine if your favorite traditional or next gen AV did this. False positives and false negatives would drop dramatically, and efficacy would go through the roof. There are other less significant benefits to dynamic security postures, but the above explains the key points in a nutshell.
 
B

BVLon

Before I forget, one of the most confusing elements of VS is the ON / OFF indicator on our desktop shield gadget. Essentially, the ON / OFF indicates whether the actual locking mechanism is ON or OFF at any given time, but this is very confusing to a lot of people. I think the best way to clarify this for the users would be to add a tiny lock icon / unlocked icon above the ON / OFF indicator, so basically it would be indicating Lock ON / Lock OFF.
Be more creative. Let's do a whole shield and a broken (cracked shield) maybe? On hover, it can say "Your shield is up" and "Your shield is not up".
Security-wise it is actually very sophisticated software. I am still playing with it since last night. What I would like to see, I am not sure if the software architecture allows is, different scanning engines being toggled on and off and assigned a weight or "trust level". For example I trust Kaspersky's engine more than I trust Qihoo. Emsisoft is full of FP... Maybe a trust level of low, med and high can be added for each engine... but that is not mandatory. I think they can be "deduplicated" at least, as there are tens of Bitdefender-based solutions and forks so it's not really fair these products to be counted...

That's just a quick notification sample that I did... I will keep working on it.

Known malicious file:

1584652605190.png


and then when clicked...
1584652665347.png


Never-before-seen file:

1584653923328.png


1584653937322.png


File rescanned after 12 hours (period should be defined by user in settings)

Threat detected:

1584654681237.png


1584654696329.png


1584655693254.png


I suggest that all alerts fade or slide in.

The concept of these alerts is pretty much the same. The VoodooShield logo is used as a guide, it displays the percentage of engines detecting this file as threat, check marks and question marks so the users know what's going on even without reading. The color-coded bar on top holds the file name, but it also helps users take instant decision. It follows the transitioning of the file from unknown (grey) to trusted (green), malicious (red), or more weirdly, still unknown (black).
VoodooShield is an excellent product, but program capabilities, as well as events need to be communicated to the user in the friendliest way possible. If users don't understand the program, neither they will pay for it, as they don't see the benefits, nor will they be able to secure their system.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top