VoodooShield Review by PCMag India

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Hello Dan how are you doing? I hope all is well.
I have some issues to discuss with you about V.S, why is it that when i download content with Internet Download Manager and proceed to open the software folder in I.D.M voodooshield blocks it. Next if a person start windows media player on windows 10 for the first time V.S block it from doing its stuff in the background (notice i said first time). And last it blocks sometimes windows defender platform updates,that shouldn't happen.
Thank you Champ.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
@danb I just tested VS @ Autopilot aggressive just issued 2 blocks of WD platform update. I've never encountered this in the past. Thought you should know. I think we're glad you're back here in the forum to answer queries.
Was there a web app open when that happened?
I had the same issue after I added Microsoft Teams to the web apps manually (now removed from Web Apps).
Because Teams is stays open in the systray, VS is at an aggressive security posture all the time and blocks more than it probably should 🤔
WD platform updates should never been blocked, but those updates leave your system vulnerable for a short while (during a restart of WD).
I can understand that when a web app or vulnerable app is open that could be an issue.
Curious what @danb has to say about this.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Thank you, I would appreciate that a lot! I think our prompts are pretty good, like I would give them a C, but they need to be an A ;). They explain to the user what action to take, but we need to make sure the user reads the recommendation... which from working with local customers, not all of them read the entire prompt. Usually they know what action to take because otherwise they would not have clicked on the mini prompt first, but either way, we need to have amazing prompts.
It seems that people like SecureAPlus alerts. Maybe there is a golden mean somewhere between VS and SAP. If the alerts are frequent, then they should not be probably too much striking to the eye.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I proposed the design up there, I can do it for them (if their UI is based on HTML and CSS)
I had in mind that it may be hard to inform the user correctly what to do. The advanced user does not need very informative alerts. More information is required for less advanced users.

Oops! There are problems with my internet connection, so my posts are sometimes doubled.:(
 
B

BVLon

I had in mind that it may be hard to inform the user correctly what to do. The advanced user does not have to get very informative alerts. More information is required for less advanced users.
I think the same course has to be followed. If it’s not in the whitelist, it gets scanned with all engines and the results are reported. The file is then blocked and the user is advised to quarantine it or stay away from it for a while. This eliminates the confusion and the need for different approaches for advanced/novice users.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I think the same course has to be followed. If it’s not in the whitelist, it gets scanned with all engines and the results are reported. The file is then blocked and the user is advised to quarantine it or stay away from it for a while. This eliminates the confusion and the need for different approaches for advanced/novice users.
It would be interesting to hear what other people (who use VS) think about it.
 
B

BVLon

It would be interesting to hear what other people (who use VS) think about it.
1584652605190.png

That's enough for novice and advanced users.

1584652665347.png

Here everyone can get rid of the file, advanced users can use the sandbox and get a report & false positive can be reported/excluded.
I don't see what more might someone wish to know. Cuckoo will provide enough info for people looking to dig deep into the infection.
The average Joe shouldn't and doesn't care about any technicalities (Process X loaded module Y and dropped file Z, downloaded from website A, in directory AB)...Forensic analysis is for people who know what they are doing, and if they know what they are doing, they will not be paying $30.00 for a second layer of security.People need to know that VoodooShield, in the least intrusive way possible, is indeed having their back.
Detailed information can be kept in a log or security history, but users don't have to be "traumatised" by blood-red popups full of "stuff" they don't understand. Some users will panic when they see the biohazard icon and will switch their PC off.
In addition, setting can be added for users to choose whether they want "simple" or "detailed" alert and telemetry can be monitored, or not.
If users have chosen "detailed", VS can feed them all details.

So the question here is, will you be doing "universal" software, useful to everybody, or will you be targeting a niche group of people, who like an alert to be taking half of their screen. I believe that companies like LG Mobile have already taught us that the "niche group" approach doesn't lead to success. Survey on the subject is not really needed.
Selling VoodooShield is like selling ice generator to households that already paid $2000 for a Whirlpool side-by-side fridge freezer. You better make sure this ice generator is damm good, quiet and "one size fits all", otherwise they will slam the door in your face.
 
Last edited by a moderator:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Be more creative. Let's do a whole shield and a broken (cracked shield) maybe? On hover, it can say "Your shield is up" and "Your shield is not up".
Security-wise it is actually very sophisticated software. I am still playing with it since last night. What I would like to see, I am not sure if the software architecture allows is, different scanning engines being toggled on and off and assigned a weight or "trust level". For example I trust Kaspersky's engine more than I trust Qihoo. Emsisoft is full of FP... Maybe a trust level of low, med and high can be added for each engine... but that is not mandatory. I think they can be "deduplicated" at least, as there are tens of Bitdefender-based solutions and forks so it's not really fair these products to be counted...

That's just a quick notification sample that I did... I will keep working on it.

Known malicious file:

View attachment 235083

and then when clicked...
View attachment 235085

Never-before-seen file:

View attachment 235089

View attachment 235090

File rescanned after 12 hours (period should be defined by user in settings)

Threat detected:

View attachment 235093

View attachment 235094

View attachment 235097

I suggest that all alerts fade or slide in.

The concept of these alerts is pretty much the same. The VoodooShield logo is used as a guide, it displays the percentage of engines detecting this file as threat, check marks and question marks so the users know what's going on even without reading. The color-coded bar on top holds the file name, but it also helps users take instant decision. It follows the transitioning of the file from unknown (grey) to trusted (green), malicious (red), or more weirdly, still unknown (black).
VoodooShield is an excellent product, but program capabilities, as well as events need to be communicated to the user in the friendliest way possible. If users don't understand the program, neither they will pay for it, as they don't see the benefits, nor will they be able to secure their system.
Thank you for your suggestions! VS actually already has a false positive detection feature that is quite similar to what you are talking about. Although, it does not include your idea about the Bitdefender sigs... that is a great point and an easy fix. But yeah, you will see a purple alert (mix of red and blue) from time to time that is a false positive alert, and it recommends that the user allow the file, assuming they intended to launch it.

I completely agree that our alerts need to be as user friendly as possible, which is the entire point of this discussion. I will say, we get TONS of compliments on our alerts... even Leo from the PCSC likes VS's alerts, which is significant since he is no longer a fan of the non-traditional products.



So we are not looking to completely change our alerts, unless someone comes up with a concept that absolutely blows everyone away. We are looking to tweak and clarify them, kind of like what you did in your design samples. For example, VS has a user recommendation on the prompts, and we need to make that more clear to the user. VS has been growing tremendously the last year or two, and we do not want to fix something that is not broken.

Thanks again for the design samples, I am excited to see what people think!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Hello Dan how are you doing? I hope all is well.
I have some issues to discuss with you about V.S, why is it that when i download content with Internet Download Manager and proceed to open the software folder in I.D.M voodooshield blocks it. Next if a person start windows media player on windows 10 for the first time V.S block it from doing its stuff in the background (notice i said first time). And last it blocks sometimes windows defender platform updates,that shouldn't happen.
Thank you Champ.
Thank you Terry, I hope you are doing well too! Thank you for letting me know about IDM... I had to fix a similar issue with Free Download Manager a while back. I am aware of the WMP block... for that we will probably just want to hardcode it. But I am not familiar with the Windows Defender platform updates block... was this an automatic or manual update?

BTW, what version of VS are you running? If you are not running the 5.64 beta, please let me know how it does with IDM... there is a chance that it is fixed in this version.

https://voodooshield.com/Download/InstallVoodooShield564beta.exe

I will look into the others as well, thank you!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb I just tested VS @ Autopilot aggressive just issued 2 blocks of WD platform update. I've never encountered this in the past. Thought you should know. I think we're glad you're back here in the forum to answer queries.
Hey OS... I am sure you are running the 5.64 beta, right? The next time this happens, if anyone could send me the path and hopefully the parent path, that would help a lot. Thank you!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Was there a web app open when that happened?
I had the same issue after I added Microsoft Teams to the web apps manually (now removed from Web Apps).
Because Teams is stays open in the systray, VS is at an aggressive security posture all the time and blocks more than it probably should 🤔
WD platform updates should never been blocked, but those updates leave your system vulnerable for a short while (during a restart of WD).
I can understand that when a web app or vulnerable app is open that could be an issue.
Curious what @danb has to say about this.
Yeah, the system will certainly be more locked down when a web app is running, but I need to make sure that Windows Defender updates are never blocked.

Has anyone ever experienced any other Windows update blocks?
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
It seems that people like SecureAPlus alerts. Maybe there is a golden mean somewhere between VS and SAP. If the alerts are frequent, then they should not be probably too much striking to the eye.
I agree that it should not be too striking to the eye or flashy. The design of VS's GUI (settings) was based on the Windows 8 GUI design, and which was later updated to Windows 10, but I have not updated it since then. The whole point was for it to blend into the OS. Then I created the prompts from there, trying to make them blend in as much as possible. Our alerts are working extremely well for us, but we are always looking to improve whatever is possible to improve. Hopefully people understand that I have been working directly with end users for 20+ years, so I have a great understanding of what they prefer and of their pain points. And throughout the years of trying different things on the prompts, and then watching user's reaction and response in realtime, we have a pretty good understanding of what our prompts should look like. Having said that, I am extremely open to making any changes that make sense.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
You have set the bar very high.:unsure:
I agree, they need to be as concise as possible. One reason our alerts work so well is that the miniprompt is presented first. Novice and average users should not be forced to make a decision on the spot for a prompt... that is VERY dangerous. Think about it for a second... UAC blurs the screen and forces the user to make a decision, with extremely limited file insight. Our miniprompt makes it so the user is not forced to make a decision.

I hear doubters say frequently that novice VS users are unable to handle the prompts. Trust me, if they can handle UAC they can EASILY handle VS prompts. I have seen it in person for 8-9 years. It's funny, novice users seem to understand VS better than a lot of advanced users who overthink VS, simply because they say "oh, that's my toggling computer lock", and they understand it is a lock that is there to protect them, and withing a couple of minutes they completely understand the concept. Whereas advanced users tend to overthink VS and seem to make the main functionality more complicated then it needs to be.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top