Advice Request Which threats are not prevented by Voodooshield ?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

jetman

Level 10
Thread author
Verified
Well-known
Jun 6, 2017
470
If you don't really understand how it works (like me) is the recommendation to use Smart Mode or Autopilot ?

I have looked at the Voodooshield website and it isn't very clear.

(My tip to the developer is to try and improve the layout of the website and provide some simpler guidance for thickies like me !)
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
If you don't really understand how it works (like me) is the recommendation to use Smart Mode or Autopilot ?

I have looked at the Voodooshield website and it isn't very clear.

(My tip to the developer is to try and improve the layout of the website and provide some simpler guidance for thickies like me !)

The developer recommends using VS in Autopilot when testing like one would for other AVs, as this mode is closest to how an AV functions (very generally). You can see it in action in this old video by cruelsister:

See also her reply to the 5th comment on the same page. Otherwise, Smart or Always On are recommended after using Autopilot to build the whitelist. You may click on the blue info icon to learn more about VS Modes and Security Postures (SP is a newer feature). Becoming familiar with the UI really helped me to increase my understanding of how VS works. There is a User Manual which honestly needs to be updated. And it would be a good thing if the website offered more information about VS's history and the company generally. Hope this helps! (y)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Eddie Morra and Freki123,

You have the opposite opinions, but still your discussion is kept on the gentle path. That is not common and should be appreciated.(y)(y)
There are fanboys on every forum, but on MT the fanboys of VS are very reasonable.:emoji_fingers_crossed:

Freki123, some readers can have problems with understanding the statements like:
"Not everybody not agreeing with you in all points is one".:giggle:
Did you mean: "I am not alone to disagree with you on some points" ?
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
Freki123, some readers can have problems with understanding the statements like:
"Not everybody not agreeing with you in all points is one".:giggle:


For me a fan-boy is a person who would defend every move of a company and thinks the company is perfect and error free without any doubt.
So if:
-i like VS
-but still think that more info about the company should be on the website
-think VS is a nice program but has flaws like all programms
- but dont't believe any company would answer the 18 question (from the other VS thread here) = automaticly a fan-boy?
For me the fan-boy term just kills any discussion. Don't agree with a statement>fan-boy>enough said
Hope you understand how it is meant can't get it any better worded :D
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
For me a fan-boy is a person who would defend every move of a company and thinks the company is perfect and error free without any doubt.
So if:
-i like VS
-but still think that more info about the company should be on the website
-think VS is a nice program but has flaws like all programms
- but dont't believe any company would answer the 18 question (from the other VS thread here) = automaticly a fan-boy?
For me the fan-boy term just kills any discussion. Don't agree with a statement>fan-boy>enough said
Hope you understand how it is meant can't get it any better worded :D
Agreed, if we need to attach labels to others to spurn or make the point, then there is actually no "constructive" communication happening in the first place. ;) I love VS and have been along for it's journey from the start, seeing it is not at it's destination yet or "perfect" I am still interested. Perfect software would get boring very fast (for me anyway)
 
F

ForgottenSeer 69673

guess someone clicked the report button 3 times.
ScreenHunter_130 Dec. 09 08.49.jpg
 
Last edited by a moderator:
E

Eddie Morra

- but dont't believe any company would answer the 18 question (from the other VS thread here) = automaticly a fan-boy?
You do not have to believe that any company would answer all of the questions, and I did iterate on the original thread post that the chances of my questions being answered were "extremely slim".

The reality of it all is that most of the questions I asked over on the other thread would have provided insight as to how large the VoodooSoft, LLC team is, how well-equipped they would be to handle high maintenance work-loads and the quality of the code being produced for VoodooShield. All of which are important insights to some home customers and a common concern for business customers in general, not explicitly for VoodooShield.

I do not think that if someone on this forum were to be curious about companies like Microsoft, Google, Apple, Intel, AMD, or an Anti-Virus vendor, that they would be flamed with demands for justification on why they are curious, questioning how many license seats they represent, and talking about how they look suspicious and might be trying to commit identity theft.

A member on this forum recently created a thread to ask about which AV vendors used various programming practices... but they were not hit with useless, spam comments of emoticons nor potential and theoretical conspiracy theories about how they might be perceived as trying to break the law.

Many people have made various inquiries about a wide-variety of companies on this community as well as others and have not been hit with such flaming/spamming... regardless of whether the questions could actually be answered by other viewers on the community or not.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
All he asks is that someone present a thing VS won't protect against. Nobody come forth.
They make all kinds of remarks but don't provide prof .
Suppose that you want to sell the product to someone, but the buyer has some reasonable doubts. Would you say that he should buy it anyway or show the proof to you?

Many MT readers, believe that VS is a very good product, as a kind of smart Anti-Exe, and they like it. The smart part (VoodooAi) can make VS a next-gen Anti-Exe. Yet, there are some reasonable doubts that it could make VS the Advanced Threat Protection.

The VS protection can apply to executables started from the local drives. If the non-executable file F is opened (document, media file, etc.), then the protection does not appy to this file, but to the executable EX that can open it (office application, media player). So, F is not checked by VirusTotal + VoodooAi (see VS documentation). In the paid VS version the user can add some vulnerable EX to the group of specially protected applications, so VS has some anti-exploit protection too. But, there is no information about in memory capabilities of VS, so this anti-exploit protection is probably based on monitoring the child processes EXchild started via EX from the local drive. For example, this can prevent the infection via the media file (F) with embedded exploit that is opened by the Flash Player (EX) and uses powershell.exe (EXchild) to download/execute the payload filelessly. In organizations, the PowerShell can be generally allowed by VS, but not as a child process of the vulnerable application like Flash Player. This kind of VS protection can be schematicaly written as follows:
F --> EX (allowed & protected by VS) --> EXchild (script Interpreter blocked by VS)

I am not sure if VS works exactly like this, but such protection can be easily adopted by the anti-exe applications. The same can be done via checking the parent processes, and this type of anti-exe protection is known to be used by Excubits anti-exe driver (Bouncer). VS can also force the safe settings for the vulnerable applications (Word cannot run macros, OLE, etc.) by modifying the Registry keys.

Such protection does not apply to the exploit that can read the shellcode or DLL code from non-executable file F, and next injects that code to the process which is already running in the memory (for example to explorer.exe). Those kinds of exploits were used in the targeted attacks on organizations. The malicious code can be hidden in photos, media files, etc. to avoid signature detection. That is why, one of the Excubits drivers (MemProtect) was created to mitigate/isolate in-memory exploits - they could not be mitigated by anti-exe driver (Bouncer).

Summing up - maybe it is true that VoodooShield is a peacock among ducks, but that does not mean that it can fly away like an eagle.(y)
Anyone who claims otherwise, should prove it (in our case: VS developer, AV testing Lab, etc.). The potential VS buyers do not have to prove anything.
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Eddie Morra and Freki123,

You have the opposite opinions, but still your discussion is kept on the gentle path. That is not common and should be appreciated.(y)(y)
There are fanboys on every forum, but on MT the fanboys of VS are very reasonable.:emoji_fingers_crossed:

You're right. I hadn't thought about that... but it seems to be true.

When I tried VS early on, I thought it was too much trouble.... too many false positives. Too many alerts where I didn't have a good was to establish the correct choice. When I expressed that in 'the other' forum, you'd think I had attacked their moms..

And now years after I abandoned it... I use it again on one computer. And it has really been developed and smoothed out... Dan put in a lot of work on that product. I like it now.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Suppose that you want to sell the product to someone, but the buyer has some reasonable doubts. Would you say that he should buy it anyway or show the proof to you? ...

… Many MT readers, believe that VS is a very good product, as a kind of smart Anti-Exe, and they like it. The smart part (VoodooAi) can make VS a next-gen Anti-Exe. Yet, there are some reasonable doubts that it could make VS the Advanced Threat Protection. … ...Summing up - maybe it is true that VoodooShield is a peacock among ducks, but that does not mean that it can fly away like an eagle.(y)
Anyone who claims otherwise, should prove it (in our case: VS developer, AV testing Lab, etc.). The potential VS buyers do not have to prove anything.

@Andy Ful - I agree wholeheartedly. The onus is on the developer, AV testing labs, etc. The onus is not on Dan alone, in this case.

I agree that some of the OP's original questions are not unreasonable, but Eddie could have asked Dan himself. He was invited to last night by Dan
@ COU, about the time Eddie made his last post (since deleted by him or by mods!) accusing other posters of attacking him, cyberstalking him, using agents on other forums - with a grand finale by announcing his account deactivation! It's pure silliness, and insanity. It's a form of psychological ju-jitsu used by a few members here and it's childish. Their usual claims of 1. stifling debate, 2. emotionalism, and 3. FANBOYISM are tiresome and a turn-off to other members!

You on the other hand, are reasonable, dedicated, polite, civil, knowledgeable and dedicated. You are respected by all. (Does that make me a fanboy? :LOL:)

You're right. I hadn't thought about that... but it seems to be true.... ...And now years after I abandoned it... I use it again on one computer. And it has really been developed and smoothed out... Dan put in a lot of work on that product. I like it now.

Yes, VS seems to have come a long way. I believe Dan feels the same way. And he may believe that some critics may not appreciate the time and effort put into it. And I agree it is in his interest to put good info out there for those that would like to know. I use it, enough to purchase a license. But it is not for everyone. I I use it because I like simple. After all, I am oldschool! (y)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
[QUOTE="oldschool, post: 781742, member: 71262"
...
He was invited to last night by Dan@ COU, about the time Eddie made his last post (since deleted by him or by mods!) accusing other posters of attacking him, cyberstalking him, using agents on other forums - with a grand finale by announcing his account deactivation!
...[/QUOTE]
Dan knows Eddie Morra as Opcode, from the times when we were discussing if VS could block the kernel exploits (for example EternalBlue exploit). Dan respected Opcode for his knowledge about Windows Internals. He probably took seriously the thread with Eddie Morra questions.
The thread about VoodooShield is not the best place to judge people. Usually, the posts of Edi Morra are polite, knowledgeable and helpful. I am sure, that Eddie is not a fanboy of any security software.
He is very young, so sometimes can lose his temper. I was like him many years ago, so I can understand him well.:giggle:
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
[QUOTE="oldschool, post: 781742, member: 71262"
...
He was invited to last night by Dan@ COU, about the time Eddie made his last post (since deleted by him or by mods!) accusing other posters of attacking him, cyberstalking him, using agents on other forums - with a grand finale by announcing his account deactivation!
...
Dan knows Eddie Morra as Opcode, from the times when we were discussing if VS could block the kernel exploits (for example EternalBlue exploit). Dan respected Opcode for his knowledge about Windows Internals. He probably took seriously the thread with Eddie Morra questions.
The thread about VoodooShield is not the best place to judge people. Usually, the posts of Edi Morra are polite, knowledgeable and helpful.
He is very young, so sometimes can lose his temper. I was like him many years ago, so I can understand him well.Under[/QUOTE]


I am aware of some of that discussion at Wilders. I take the time to read. I respect peoples' knowledge, but not uncivil and disrespectful behavior - at any age. Or hidden motives. I've seen enough of it here. This is the reason MT has a reputation. Yes there is knowledge here. And there is nonsense. Others beside myself are able to see what was going on here in this thread, and it was something underneath the questions about a company's status, or the issue of VS and in-memory exploits (which are a form of malware in the broadest sense @Umbra, thank you very much!). We cannot say what EM's intention was, but it was something more than these two subjects. And in the end, especially his method of exit, the intention is what really matters! :) So let's get real! (y)
 
5

509322

@oldschool

Eddie Morra openly stated his intent multiple times. His stated motivations and purpose are clear and public. It is what he says they are, and not your interpretation of what you think they are.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
I am aware of some of that discussion at Wilders. I take the time to read. I respect peoples' knowledge, but not uncivil and disrespectful behavior - at any age. Or hidden motives.
...
There were probably hidden motives, but they were not destructive. The relations of some MT members with Dan are rather complicated, and some known & respected MT members, were sometimes disrespectful towards Dan (not without a reason). I like Dan, because he created a good software and was usually opened to critical discussion, but sometimes I wanted to tear him into pieces and throw to the Moon.:giggle:
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top