VoodooShield and levels of system protection

Published on October 19, 2014 By DrJBHL In Personal Computing

Certainly, a good antiviral will help protect your computer (as will common sense), but some 15,000 new viruses are occurring everyday so antivirals are in a little to be envied “catch up” position. But, while no new versions of common sense are available, sometimes it just isn’t your fault if you catch a ‘drive by’.

There are additional levels of protection such as virtualization of browsing and to allow running apps in a protected environment…like Sandboxie which also exists in some Chrome, and are available to virtualize the OS.

Another level of antimalware exists which mitigate certain types of attacks like EMET and Malwarebytes Anti-Exploit.

There are also “Anti-EXE” programs, and VoodooShield is one such (others: https://duckduckgo.com/?q=anti-exe+programs).

VoodooShield (free for personal use) is the one reported on here, after appearing on Neowin and gHacks. It allows only “whitelisted” programs and blocks any others not “whitelisted”.

Problem one: When installing, it asks permission to turn off your UAC and states that if you choose ‘don’t’, that might interfere with functionality. While the UAC isn’t the greatest of protections, it still is worthwhile having, if only as a “let me think about this again” pause before installing. VoodooShield then takes a snapshot and defaults to all current software being whitelisted.

Problem two: So, you have to have scanned your system (I recommend herdProtect online) for malware and dealt with all of it before proceeding and installing.

Then you turn on the software and it will protect your status quo and not allow anything new to run. If something new does attempt to run, you are notified and can choose to allow it or not.

When right clicking the systray icon (or widget) you get three modes:

Training: VoodooShield is off in that mode and does not protect the computer. It does learn about programs that you run on it though and will remember that choice.

Smart Mode: VoodooShield is still off but will protect your computer against programs run from the user space (under /user/username automatically).

Always On: The program is on and blocks any program from running that is not whitelisted or in the Windows folder or installed software.

VoodooShield also scans any .exe that is blocked by Virustotal and will display info about threats in that program.

More problems: The free edition doesn’t allow changes in the program’s advanced options. Not good, since you can’t manage directories you want whitelisted, nor manage the whitelist in any way…so you can’t even check if a program is whitelisted or not, or whether it’s not running because of a problem in the program. Also, If you accidentally run malware during the training mode, it will be ‘whitelisted’.

Worse: It automatically whitelists everything in the Windows folder. This alone should make you think 20 times about installing it in the free form, anyway. Who says everything in your Windows folder or which got into your windows folder in the past, is just fine?

Also, I don’t know whether uninstalling it will return your UAC to the prior level, or whether that will change the programs not whitelisted before.

All in all? I don’t recommend the free edition.

If you insist on installing it, please backup your full disk before doing so. Do some research about the software. Think again another 2 or so times.

Source:

http://www.ghacks.net/2014/10/18/voodooshield-protects-your-pc-by-only-allowing-whitelisted-programs-to-run/?_m=3n%2e0038%2e1400%2ehj0ao01hy5%2e1g6i

http://www.neowin.net/news/voodooshield-211-is-now-available-as-freeware

Comments

JustMe111

on Oct 19, 2014

Solution One: Do not disable UAC when installing VoodooShield. The no button is really close to the yes button, just click it instead.

Solution Two: If you want to stick with traditional blacklist that does not work, then great. Otherwise, scan your computer with a few different removal tools, then install VoodooShield so you can lock your computer and never have a virus again.

Solution Three: Quit being cheap and spend the $20. That is, if you want this level of protection.

Solution Four: UAC DOES THE EXACT SAME THING. TRY IT FOR YOURSELF, YOU WILL SEE.

Please do a lot of research about this product. You will see the words "MasterPiece", "Genious", "Game Changer" and "Love" come up quite often. When was the last time you heard someone "Love" their security software? I see it all the time with VoodooShield.

DrJBHL

on Oct 19, 2014

Unfortunately, we're getting 'nesting' again with the quoting.

JustMe111

reply 1

Do not disable UAC when installing VoodooShield.

Answer:

O.P. - When installing, it asks permission to turn off your UAC and states that if you choose ‘don’t’, that might interfere with functionality.
[/quote]

Comment: I don't make this up, and you should take a look at the gHacks and Neowin articles...they both state this. Also, how would you know if its functionality is impaired or not? Unfortunately, not disabling the UAC produces a situation akin to running 2 antivirals at the same time.

JustMe111

reply 1

scan your computer with a few different removal tools

O.P. - So, you have to have scanned your system (I recommend herdProtect online)

Comment: At least take the trouble to read what I wrote.

[quote who="JustMe111" reply="1" id="3501498"]
install VoodooShield so you can lock your computer and never have a virus again

Comment: Is that their claim, or yours? It does not prevent infection. It prevents an exe running w/o your permission. That's two completely different things. Besides, if the viral exe resides in your Windows folder, it will run, and that's because VoodooShield defines that folder as whitelisted, automatically.

Also, if you had read the OP more carefully, you would have seen I was talking about the free version and its drawbacks which are considerable.

I believe that if a firm wishes to sell its software, it shouldn't force one to actually buy the software before its capabilities are fully revealed. It should be shareware and then let the user decide.

Also, the number of 'positive' comments doesn't determine whether the software is good or not. Responsible reviews are a better guide.

I edited your comment to remove the derogatory.

JustMe111

on Oct 19, 2014

Please Dr., explain to me the difference between preventing infection and prevent an exe from running without my permission? Are you saying that those are 2 different things? VoodooShield prevents infection by preventing an exe from running without my permission. Is that a fair statement?

You said "Besides, if the viral exe resides in your Windows folder, it will run, and that's because VoodooShield defines that folder as whitelisted, automatically." And my point is that UAC does the exact same thing, along with other whitelisting applications.

Yes, I know you are talking about the free version. So why do you only review the free version, and bash it, but then not review the pro version and give your honest opinion of it?

So maybe VoodooShield can offer a fully functional trial? Then you would be happy? If you were more familiar with security software, you would know that a lot of security software companies will detect a virus, and notify the user that they have a virus, but will not remove the virus unless they pay. To me, that is just pure evil, but you failed to mention that.

If you ask me, I would trust user comments from users that have been using the software for months or years, much more than I would some blogger that is just looking to write an interesting article, after only spending a little time evaluating the product.

So Doc, what do you recommend users do for virus protection? Obviously not UAC, you even admit it is not good. So what do you recommend?

DrJBHL

on Oct 19, 2014

The difference is that the virus still resides on your system, therefore, your system is infected. Also, if malware is missed on the first scan (no scanner is perfect, but herdProtect comes pretty close), it will run. Also, if it's run during the 'Training period' it will continue to run.

I have no intention of paying $20 for something I don't need. I specifically pointed out the drawbacks of the free version, which many here might opt into without knowing the negatives. As for what you define as 'evil', that's purely your business and none of my concern. Shareware is perfectly fine for someone who wishes to examine the software. I don't know if I'd be happy or not with the product with all its capabilities enabled. How could I predict?

Who you trust is your business, not mine...I trust the opinions of professionals more than amateurs, though. That's only logical.

What I recommend? I recommend browsing with a guest account not the Admin account using virtualizing software. I also recommend NoScripts as a browser extension [whitelisting this site]. As for antiviral? One of the better known ones such as BitDefender or Kaspersky or Malwarebytes Antimalware...I leave it up to the individual. However, none will prevent infection 100% of the time. There are also those who maintain (with good reason) that antivirals make the system more vulnerable (for various reasons such as elevation of privileges and methods of update to name only two).

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!