 RyanPremium
join:2001-03-03
Quincy, MA | Voodooshield Just learned about this application over at wilders. Its still in beta, but its pretty stable and the release version should be coming out soon. Its basically a lightweight anti-exe securing you from all malware. The normal mode aka smart mode will only activate the shield when you launch a web browser (typically the time where you would be targeted by malware such as driveby downloads). There also is an option to always enable the shield. Whitelisting an app is as simple as left clicking the shield which will automatically reactivate after 30 seconds. Whenever you launch the application again it will no longer be blocked.
By default it comes with a desktop gadget like shield, but it easily can be disabled in the options. The nice thing is it can be controled with one left click in the tray.
Another plus is its pretty lightweight.
Check it out at »voodooshield.com/ they also have a video demonstration.
This is definitely promising and the developer is pretty active at wilders too which is also a plus! |
|
 Triple HelixRIP My Dear Friend Donna BuenaventuraPremium
join:2007-07-26
Oshawa, ON
kudos:7
 ·Rogers Hi-Speed
| Yes I'm trying out also very promising!
TH 
--
Triple Helix - VIP Member Of ASAP - (Alliance of Security Analysis Professionals™)
Official Webroot SecureAnywhere (Prevx) Support Forum Helper!
(H59 Clan)
Software Updates Look Here! Calendar of Updates |
|
|
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:19 | reply to Ryan
Can it be run with other programs and play well, or does one have to run only this as an AV? |
|
RyanPremium
join:2001-03-03
Quincy, MA | said by jaykaykay:Can it be run with other programs and play well, or does one have to run only this as an AV?
It will work great with AV/Antimalware software since the app itself doesn't do any sort of scanning it just merely blocks executions. Quite a few people over at wilders are using it with no issues with their current antivirus software.
I personally am using it instead of a realtime scanner and relying on hitmanpro/eset online scan to do the periodic on demand scans and manual scans of things I download. |
|
 DownTheShoreTag, you're itPremium
join:2003-12-02
Beautiful NJ
kudos:11 | reply to Ryan
So how does this differ from any other behavior-blocking software, such as Mamutu or even Norton Labs UAC Tool, both of which "learn" which .exe actions to allow/block?
Perhaps I'm not understanding the "driveby downloads" terminology. What is downloading itself that I'm either not initiating myself, or not getting a head's up first from another bit of my security software? |
|
RyanPremium
join:2001-03-03
Quincy, MA | said by DownTheShore:So how does this differ from any other behavior-blocking software, such as Mamutu or even Norton Labs UAC Tool, both of which "learn" which .exe actions to allow/block?
A behavior blocker blocks when it suspects an application of being malicious. What exactly determines something as being malicious depends on the behavior blocker and is not usually made public. A behavior blocker also tends to use more cpu analyzing the application as it launches.
Voodooshield is not a behavior blocker it will block EVERYTHING unless otherwise authorized. Its basically a learning anti-executable. Basically you train it what to allow, but the way you train it is as simple as left clicking the tray icon simple as that. Its very lightweight since it doesnt do any actual analyzing. There of course is a downside to this (as with every security product), and that is it relies on the user to make educated decisions which is why it may not be best to run it without an antivirus.
said by DownTheShore:Perhaps I'm not understanding the "driveby downloads" terminology. What is downloading itself that I'm either not initiating myself, or not getting a head's up first from another bit of my security software?
Drive by downloads are for example say your browsing a website and the website you hit happened to have a new java or pdf exploit. The exploit initates the launch of a malware advertising application. Even though you specifically didnt choose to launch the application it launches itself via the exploit.
There are also more simple drive-by downloads that try to get the enduser to download and launch an exe from an advertisment, these however can be simply canceled or never actually executed after download.. These simple drive-by's usually rely on the end user to be "stupid" enough to run them. |
|
DownTheShoreTag, you're itPremium
join:2003-12-02
Beautiful NJ
kudos:11 | Thanks for that explanation!  |
|
PX EliezerPremium
join:2008-08-09
Hutt River
kudos:12 Reviews:
 ·voip.ms
·callwithus
·Callcentric
·Vitelity VOIP
·Optimum Voice
·Gizmo5
| reply to Ryan
said by Ryan:Voodooshield is not a behavior blocker it will block EVERYTHING unless otherwise authorized. Its basically a learning anti-executable.
I'm only asking to make sure I understand this:
So how is this program different from Windows User Account Control (UAC)?
They both sound equally annoying. |
|
| UAC does not actually block anything, especially drive by viruses, they just go right through it. VoodooShield blocks everything unless you train it, and I know that sounds annoying, but it really isn't. It does not take long to train VoodooShield, and once you do, you hardly even know it is there. If VoodooShield blocks something after you train it, you simply left click on the shield to allow it. Just look at all of the positive comments over at wilderssecurity.com. |
|
jp10558Premium
join:2005-06-24
Willseyville, NY | reply to Ryan
So.... it's a Traditional HIPS? |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Ryan
Gee...insists I must watch a video on how it works. Insists this repeatedly. Won't tell me much about it...says I have to watch the video. Right there, amateurish. I don't have Flash Player which I suppose is what it wants. Anything that tries to force Flash Player on me is suspect before I even CONSIDER trying it.
In one spot on Voodooshield website, it claims TWO WEEKS is needed for training it. In another spot it claims 10 MINUTES is all that is needed. Uh huh, yeah....I think they should make up their minds. 
This sounds like Anti-Executable from Faronics right? Same thing looks to me.
It is NOT a classic HIPS. Those are almost IMPOSSIBLE to find these days. This is just another lightweight piece of software that won't protect your computer like ProcessGuard or any true classic HIPS. It apparently is built on the premise that threats are ONLY from web surfing which is utterly absurd. This is for newbies and ignorant of computers users. Wilders is a bit wacko on HIPS these days. They were highly recommending No Virus Thanks EXE Radar Pro recently. It has turned out to be no way a classic HIPS and it is only 32bit. At least this Voodoo one runs on 64 bit but that makes it suspect as how can any classic HIPS run on 64 bit? Microsoft won't allow it. Plus, this one actually recommends Microsoft antivirus program as a companion! With a true classic HIPS, you do not need antivirus although you can use one if you want.
I was puzzled by the specific recommendation of MSE with it until I went to SafenSec site just now and I see their HIPS is now FREE if used with MSE so I suppose the two applications (Voodoo and Safensec) are competing with each other in this regard. SafenSec does have a paid Pro version and it's the one I will try first whenever I get a new computer.
How did they arrive at such an odd name? The name also turns me off instantly. It conveys UNPROFESSIONAL, SILLY, WEIRD.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
| said by Mele20:A bunch of nonsense....
Now I'm interested in it. I wasn't, but if you hate it, it must be innovative and useful.
Your objections are silly and a bit over the top paranoid. 'Weird name' 'no hips on 64 bit' 'all flash is suspect'.
Rant on silly person. You amuse us all.... |
|
RyanPremium
join:2001-03-03
Quincy, MA | reply to Mele20
said by Mele20:Gee...insists I must watch a video on how it works. Insists this repeatedly. Won't tell me much about it...says I have to watch the video. Right there, amateurish. I don't have Flash Player which I suppose is what it wants. Anything that tries to force Flash Player on me is suspect before I even CONSIDER trying it.
In one spot on Voodooshield website, it claims TWO WEEKS is needed for training it. In another spot it claims 10 MINUTES is all that is needed. Uh huh, yeah....I think they should make up their minds.
This sounds like Anti-Executable from Faronics right? Same thing looks to me.
It is NOT a classic HIPS. Those are almost IMPOSSIBLE to find these days. This is just another lightweight piece of software that won't protect your computer like ProcessGuard or any true classic HIPS. It apparently is built on the premise that threats are ONLY from web surfing which is utterly absurd. This is for newbies and ignorant of computers users. Wilders is a bit wacko on HIPS these days. They were highly recommending No Virus Thanks EXE Radar Pro recently. It has turned out to be no way a classic HIPS and it is only 32bit. At least this Voodoo one runs on 64 bit but that makes it suspect as how can any classic HIPS run on 64 bit? Microsoft won't allow it. Plus, this one actually recommends Microsoft antivirus program as a companion! With a true classic HIPS, you do not need antivirus although you can use one if you want.
I was puzzled by the specific recommendation of MSE with it until I went to SafenSec site just now and I see their HIPS is now FREE if used with MSE so I suppose the two applications (Voodoo and Safensec) are competing with each other in this regard. SafenSec does have a paid Pro version and it's the one I will try first whenever I get a new computer.
How did they arrive at such an odd name? The name also turns me off instantly. It conveys UNPROFESSIONAL, SILLY, WEIRD.
No one said its a HIPS, No Virus Thanks EXE Radar PRO also isn't a HIPS. They are both clearly advertised as an anti-executables.
Also 99% of infections come from web browsing or email so thats when it kicks on, but you have the option to always enable it.
Anyway the way voodooshield whitelists things imho is better then Faronics or No Virus Thanks EXE. You dont have to deal with popups or manually whitelisting applications through a configuration screen within the application, its a simple matter of clicking the tray icon. |
|
| The only problem I personally have with those tools like Anti-exec or No Virus Thanks is the fact that it won't protect me from me.
Before, you argue, wait.
What I mean is that it won't protect me from executing a safe payload that might hide a malicious payload during the installation sequence. So the initial payload can be safe, you open it, it starts install but in the process of installing it deploys another payload which is not yet part of your AV definitions.
I understand that's not what this tool is meant to prevent, however that is why I try to run Browsers and other web aware apps in a sandbox and forgo the extra headache of popup's each time the executable that's currently white listed gets an update. (java, adobe family, chrome, firefox etc). |
|
RyanPremium
join:2001-03-03
Quincy, MA | said by wontprotectm :The only problem I personally have with those tools like Anti-exec or No Virus Thanks is the fact that it won't protect me from me.
Before, you argue, wait.
What I mean is that it won't protect me from executing a safe payload that might hide a malicious payload during the installation sequence. So the initial payload can be safe, you open it, it starts install but in the process of installing it deploys another payload which is not yet part of your AV definitions.
I understand that's not what this tool is meant to prevent, however that is why I try to run Browsers and other web aware apps in a sandbox and forgo the extra headache of popup's each time the executable that's currently white listed gets an update. (java, adobe family, chrome, firefox etc).
Agreed thats the huge problem with anti-exec and thats why they are not for everyone. I definitely recommend if you take this route for total protection you run on demand scans of things you download with hitmanpro or get the virustotal context menu so you can simply submit the file to virustotal for analysis. |
|
 planet
join:2001-11-05
Oz
kudos:1 | Is this freeware? You have to register before downloading (which I haven't) so I'm not sure.
If free, this sounds like a great app. I paid $45 for a Faronics license that needs to be renewed annually if I want to upgrade or receive support.
An anti-exe app isn't 100% but it sure adds to a layered approach.
Thanks for this info Ryan. |
|
| reply to EdmundGerber
said by EdmundGerber:said by Mele20:A bunch of nonsense....
Now I'm interested in it. I wasn't, but if you hate it, it must be innovative and useful. Your objections are silly and a bit over the top paranoid. 'Weird name' 'no hips on 64 bit' 'all flash is suspect'. Rant on silly person. You amuse us all.... I thought Mele brought up a couple interesting points, and a few I wouldn't agree. In contrast, I disagree with almost entirely with everything you said. Sure Mele rants, that's her style. Discouraging people from expressing themselves and offering viewpoint is never a good idea, especially if you presume to speak for all - Which you don't. You could always skip her posts, and also the ignore button is available to you.
-Jim |
|
RyanPremium
join:2001-03-03
Quincy, MA
1 edit | reply to Ryan
Its going to be payware, but from what I hear from the developer, he is going to make the license cost as reasonable as possible. I dont expect it to be as pricey as Faronics. Either way for now the beta is free so you can get a taste of whether its worth it to you. |
|
| reply to planet
Install the beta now and you get 6 months free use when it goes commercial. |
|
 ZZZZZZZPremium
join:2001-05-27
PARADISE | reply to Ryan
Online Armour has the ''Program Guard'' which does exactly the same thing ,asking if you want the process to start.
--
~~Get our troops home...now!!~~ |
|
