Zero Trust (Solution Vote)

[Andrezj]

You're talking nonsense.
I was offered Voodooshield but I didn't vote for it!
I have tested Voodoo so much that it is excellent for me. I have also brought up various attack techniques that I know of to make the software better.

And especially that we are a minority of users to have had it as a gift, @danb must be paid for his work

a poll is valid only if the users have used and tested all products
it is just an opinion poll and opinion polls do not reveal why each person voted

giving away licenses creates a lot of product fanboys and devotees, it is a conflict of interest to have the people you gave free product to vote

 

[Andrezj]

I would also point out that given the exact same scenario, @RoboMan would have simply disabled any traditional Deny-by-default product he might have had installed (the non-prompting, non-file insght kind ), especially since it would have lacked the benefits of file insight and user recommendations.

way to put words into a user's mouth to promote your product
you do not know what roboman would have done
and he uses norton alone despite evaluating voodooshield, so that says something about your product
why does an enterprise product bother you so much, why does it bother you that some people choose to use a particular product, what does it matter to you which protection model they prefer to use?

 

[ErzCrz]

Voted Comodo in the end. My PC is old and WIn 10 Home version so missing features for extra protection. Runs pretty well all in all when I'm running that config.

 

[danb]

JT / hjlbx, nobody wants to argue except for you.

Grow up and stop being a Grinch .

 

[ForgottenSeer 69673]

A user at the beginning of this thread asked about recourse usage but did not get an answer.
Here is a truth about creating videos by testing security software. If you were doing this and found a program that stopped everything in its tracks, you might not promote it because further videos might become useless and the what fun would that be/

 

[Zero Knowledge]

A user at the beginning of this thread asked about recourse usage but did not get an answer.
Here is a truth about creating videos by testing security software. If you were doing this and found a program that stopped everything in its tracks, you might not promote it because further videos might become useless and the what fun would that be/

if there was such a 100% protection solution then the company would have a share price in the trillions and there wouldn't be forums like this one!

 

[Andrezj]

A user at the beginning of this thread asked about recourse usage but did not get an answer.
Here is a truth about creating videos by testing security software. If you were doing this and found a program that stopped everything in its tracks, you might not promote it because further videos might become useless and the what fun would that be/

danb has no answer, other than to take shots at products designed for enterprise\not consumers and those that use them, and then state they are flawed with no basis
he has thiis weird obsession with appguard (and srp - andy ful) and rails against protection models that have been developed and vetted over decades by the nsa, the nist, the dod, microsoft, linux groups - and tell them they're doing it all wrong - that his dynamic security profiles are the answer

next he uses completely flawed opinion polls as evidence that his product is superior, meanwhile the poll respondents have no idea what they are looking at in the list of products

voodooshield would fail miserably if it were tested on the basis of enterprise requirements and policies, such as integration with active directory\group policy\different security policies per ip address or users\ensuring defined groups only have access to programs per the applicable standard, of course products such as appguard and wdac already have all this integration because they are desinged for windows enterprise admins\not home users

in enterprise, scripts must be run sometimes with admin privileges, other times with standard user privileges, sometimes with delegation, uac must be blocked except for certain admins, such a policy needs to be enforced by access protocol (the policy will block all access except when, for example, powershell remote tunneled through SSH and JEA used), ip address, group membership, a product like appgaurd works within these context

this and a whole lot more policies can be implemented and distrbuted witha click of a button across hundreds of thousands of endpoints

any company that must meet nist 800-53 must apply the principle of least funcationality defined as blocking globally and permanently disabling lolbins, disabling services, disabling ports, disabling user acces to control panel, and so on

i could write a whole book but you get the point, i'm not saying anything you don't already know

try harder danb you have a lot of catching up to do

 

[Andrezj]

if there was such a 100% protection solution then the company would have a share price in the trillions and there wouldn't be forums like this one!

there is such a company, microsoft, $2.53 trillion
a correctly and fully hardened windows endpoint is unlikely to be breached, but you won't be able to download games and mods because that is the whole purpose of the protection, stopping users from doing stuff
since microsoft is not obligated to protect a home user data getting stolen, it provides baseline microsoft defender for all the users that want to use stuff
when it comes to paid customers, microsoft offers everything they need - and usability is not the primary consideration

 

[Zero Knowledge]

a correctly and fully hardened windows endpoint is unlikely to be breached

If this were true, then there wouldn't be a need for patch Tuesday every month

 

[danb]

if there was such a 100% protection solution then the company would have a share price in the trillions and there wouldn't be forums like this one!

Protection is the easy part. Designing the protection to be user-friendly enough for the masses is the difficult part. And it will most likely be billions, not trillions, but I get your point .

 

[danb]

danb has no answer, other than to take shots at products designed for enterprise\not consumers and those that use them, and then state they are flawed with no basis
he has thiis weird obsession with appguard (and srp - andy ful) and rails against protection models that have been developed and vetted over decades by the nsa, the nist, the dod, microsoft, linux groups - and tell them they're doing it all wrong - that his dynamic security profiles are the answer

next he uses completely flawed opinion polls as evidence that his product is superior, meanwhile the poll respondents have no idea what they are looking at in the list of products

voodooshield would fail miserably if it were tested on the basis of enterprise requirements and policies, such as integration with active directory\group policy\different security policies per ip address or users\ensuring defined groups only have access to programs per the applicable standard, of course products such as appguard and wdac already have all this integration because they are desinged for windows enterprise admins\not home users

in enterprise, scripts must be run sometimes with admin privileges, other times with standard user privileges, sometimes with delegation, uac must be blocked except for certain admins, such a policy needs to be enforced by access protocol (the policy will block all access except when, for example, powershell remote tunneled through SSH and JEA used), ip address, group membership, a product like appgaurd works within these context

this and a whole lot more policies can be implemented and distrbuted witha click of a button across hundreds of thousands of endpoints

any company that must meet nist 800-53 must apply the principle of least funcationality defined as blocking globally and permanently disabling lolbins, disabling services, disabling ports, disabling user acces to control panel, and so on

i could write a whole book but you get the point, i'm not saying anything you don't already know

try harder danb you have a lot of catching up to do

One of us is correct and the other is clueless and completely missed the mark.

I guess we will soon see who is who .

 

[Zero Knowledge]

Protection is the easy part. Designing the protection to be user-friendly enough for the masses is the difficult part. And it will most likely be billions, not trillions, but I get your point .

Agreed. The problem is always usability . Keep at it and get it working for the masses and you would be the richest man on earth danb .

 

[Sandbox Breaker]

One of us is correct and the other is clueless and completely missed the mark.

I guess we will soon see who is who .

Hey Dan have you seen that crack for your program floating around. Are you going to squash it?

 

[simmerskool]

A user at the beginning of this thread asked about recourse usage but did not get an answer.
Here is a truth about creating videos by testing security software. If you were doing this and found a program that stopped everything in its tracks, you might not promote it because further videos might become useless and the what fun would that be/

?? IIRC @cruelsister's video(s) of comodo firewall with her suggested settings seemed to, or did, stop everything in its tracks, she promoted it, many of us used it, good videos kept on coming, and continue with videos from Shadowra, and others. the fun continues.

 

[Andrezj]

One of us is correct and the other is clueless and completely missed the mark.

I guess we will soon see who is who .

there is no missing the mark, technologies such as appguard and wdac are designed to meet the requirements set forth in the government standards
in that standard users are not permitted to download and install software, only admins

 

[Andrezj]

Agreed. The problem is always usability . Keep at it and get it working for the masses and you would be the richest man on earth danb .

for home users, but for those home users that want and are inclined to harden their systems using a least functionality protection model, they have no problem figuring it out and their systems are completely usable
file insight is not important to a user that does not download and install software

 

[Andrezj]

?? IIRC @cruelsister's video(s) of comodo firewall with her suggested settings seemed to, or did, stop everything in its tracks, she promoted it, many of us used it, good videos kept on coming, and continue with videos from Shadowra, and others. the fun continues.

there is one problem with virtualiztion, it does not give indications of malicious actions
ransomware would be obvious to users, but there's a lot of malware that would not be identifiable as malicious to the uninitiated user, so they might decide to run the software on their real system
CFW does work if the user runs sandboxed software every time that comodo sandboxes it
with the CFW settings the user never has to respond to an alert

 

[danb]

Hey Dan have you seen that crack for your program floating around. Are you going to squash it?

Yeah, but all software can be cracked, so it is better to not turn it into a cat and mouse game.

 

[oldschool]

but there's a lot of malware that would not be identifiable as malicious to the uninitiated user,

Users wouldn't necessarily be able to identify safe files either, which is one reason I don't use Cruel Comodo.

 

[danb]

there is no missing the mark, technologies such as appguard and wdac are designed to meet the requirements set forth in the government standards
in that standard users are not permitted to download and install software, only admins

Now if you could just get anyone to use it, you would be golden .

Edit: This post seemed to upset 1-2 people should explain a little more of what I meant. For the last 2-3 years JT has been contacting numerous avid VS users through private messaging to see if they wanted a free license of his preferred software. Of the users that contacted me to let me know that he had been contacting numerous avid VS users, they all took JT up on his offer and tried his preferred software, but remain avid VS users.

So I literally meant... "Now if you (JT) could just convert anyone that you have approached with a free license, you would be golden ."

For the record, I have never contacted any avid fan of any software to see if I could convert them to VS. Something about it seems very shady to me.

The thing people need to understand about software, especially security software, is that no matter how good it is, or how good you think or other people think it is, there will always be use cases where other software simply fits better. No single company is going to capture 90% marketshare in the zero-trust space, and probably not even 50%. So companies should just live and let live, and appreciate that other people are developing cool new tech as well. I have never had an issue with AppGuard. My issue is JT stalking me for 5+ years.