Register    Login    Search    Articles & downloads     Who We Are    Donate    Jaylach Free Sites

Board index » Technical Forums » General Computing




Post new topic Reply to topic  [ 26 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Voodooshield
 Post Posted: Sat Sep 08, 2012 6:16 pm 
Offline
welcoming committee

Joined: Sat Apr 21, 2012 3:35 pm
Posts: 147
hxxp://www.voodooshield.com/

I was just on their web site reading about it's white list method of protecting against viruii(sp?). Seems like an excellent notion NOTHING runs on YOUR computer unless you approve it. The learning mode would do the heavy listing to build your white list. No need for signature building databases. Not sure if it is W7 compatible.

It has no way of removing virii (sp?) so they recommend some standard products to take care of that.

My question:

Has anybody here heard of this one or used it?


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sat Sep 08, 2012 8:09 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Hi Escalader

I had never heard of it, but I took a look. They say a "new" approach, but there is nothing new about it at all. Faronics Anti Executable has been out for several years and is a much better implementation.

There are other products that are equally if not more affected, but I respect Patty's wish not to go there on this forum.

Pete


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 12:12 am 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2819
I can move this discussion to the Advanced Forum, if you two would like to pursue this. Just let me know.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 12:41 am 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
MacDuffie wrote:
I can move this discussion to the Advanced Forum, if you two would like to pursue this. Just let me know.


Please do Patty. That way I can expand on my answer.

Pete


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 4:27 am 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Indeed, there are more than a couple of us here at the Haven that use "white listing" products. My personal favorite is Online Armor and I know of at least one person who uses the Outpost product, two superior products that both, by the way, also offer excellent free versions.

With today's processors being so powerful and most of us now having at least 4gig of RAM I say, why not? Usually white listing products play quite nicely with antivirus since they are doing two different things. With so much computing power just sitting there what better use for it than adding more security. Of course the usual warning applies: don't add any new security product to your system without first making a complete backup of your entire system "just in case"...

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 12:00 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Actually I've taken it further. I have dropped all AV's and AS software to the relief of my system. I use a 3 tier approach that is a form of white listing. Also I want to know I am protected if I get a pop up and answer it wrong, I am still protected.

First Level is Sandboxie. Keeps everything contained in the sandbox. Won't let anything running there touch the system. I use a separate sandbox for each browser and outlook. Sandboxie allows me to specify what programs can run in each sandbox. It also allows me to specify what applications can access the internet. Finally it blocks access from anything running in the sandbox from accessing any of my data directories. Beauty of Sandboxie is when I am done with the browsers or Outlook and I close them, the sandbox is automatically emptied so anything bad that did get downloaded is gone.

Second Level is a program Appguard. Takes a little bit to wrap your mind around this beauty. In basic terms Appguard provides two levels of protection. It allows anything in what it calls system space, like the system area, program area to run, period. But in what it defines as user space, like the desktop, My Documents, etc, it blocks executables from running. You can over ride this and take advantage of it's 2nd level of protection. You run an exe say from your desktop, but decide to either run it guarded or unguarded. Unguarded means it can do what ever it wants. Guarded allows it to run, but won't let it touch the system areas. It does more, but that is the basic.

Third level is Online Armor. Aside from the firewall, it does alert me if something I am not aware of tries to run. Also it's Run Safer along with Appguard protect the system on the few occasions I have to run outside the sandbox.

This setup has kept me quite safe and in testing against some real nasties, it has proven effective.

Then there is the final step. Back up Back up Back up. And yes Acadia, I never install without first updating FDISR. :)

Pete


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 12:05 pm 
Offline
welcoming committee
User avatar

Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
It seems to me that there's nothing new here. This app blocks newly spawned processes. Well, that's basically what a firewall with HIPS does. That is, it won't allow the interaction between processes that don't already have permissions. I've only read about this app and haven't tried it but unless somebody points me in another direction then I'm not inclined to do so because I think I've already had this type of protection for years.

_________________
Best regards,
Manny Carvalho
MS-MVP since 2002


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 12:10 pm 
Offline
welcoming committee

Joined: Sat Apr 21, 2012 3:35 pm
Posts: 147
MacDuffie wrote:
I can move this discussion to the Advanced Forum, if you two would like to pursue this. Just let me know.


Yes, I would prefer this in the advanced forum. But I see it is alreadys there!

Thanks.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 12:46 pm 
Offline
welcoming committee

Joined: Sat Apr 21, 2012 3:35 pm
Posts: 147
Manny Carvalho wrote:
It seems to me that there's nothing new here. This app blocks newly spawned processes. Well, that's basically what a firewall with HIPS does. That is, it won't allow the interaction between processes that don't already have permissions. I've only read about this app and haven't tried it but unless somebody points me in another direction then I'm not inclined to do so because I think I've already had this type of protection for years.



Hi Manny

Thanks for replying. I posted to Pete about avoiding Product x vs y on the FW side so that said I hope you will contibute anyway.

Yes I'll bet you are right nothing new here. BUT I'm hoping to move to a White list setup over time and stop having to play catch up with signature based and even heauristic logic updates and the bad guys are smart and fast.

Right now I we think conceptually about it and not product wise the thread will not get closed.

So like acadia for me if the gun was to my head and had to remove all security software but 1 it would be the FW.

I don't have Sandboxie (yet) and can't understand why I need it. This is a learning thread for me I guess. No need for debate as many many combos of tool types may be able to provide the same security layers.

When I read the voodo thingy I kept thinking it's just a HIPS but IF I have to tell it run or no run that is a pain for me. Access to www should in my view be controlled by user but when users (me get a pop up saying do you want #$%^^&&.exe to run I don't always know what it does.

Complexity is not a good thing as I may / will make the wrong call!


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 2:00 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Escalader wrote:
Manny Carvalho wrote:
It seems to me that there's nothing new here.

If I am not mistaken Manny was talking about the Appguard program in particular and not about whitelisting in general (Manny, PLEASE correct me if I am wrong here).

As far as SandboxIE goes, imagine this: Even if you configure Sandboxie incorrectly so that Trojans hiding inside of Rootkits come in, once you dissolve the sandbox, nothing remains. And if a person had configured it correctly in the first place, admittedly not something for beginners, the baddie would have never gotten in to begin with.

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 2:50 pm 
Offline
welcoming committee
User avatar

Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
I was referring to the topic of the thread - voodoshield. It allows only the processes you decide are safe to execute. That concept isn't new although it looks like these guys have taken it a step further and just block processes without telling you about it [after you taught it what it a proper process]. For me, I'd prefer to know about it. All I was saying that this concept has been used by firewalls - and I'm not singling any product out, although y'all know my favorite - for a good while. Generally, it's a pretty good idea but it just seems like another security program on top of another one if you are running a modern firewall and not really needed as I see it. I'm sure it does what it does very well.

I've tried Sandboxie and it works fine but I've managed to use my machines for decades now without and it hasn't been an issue so I'm reluctant to add more stuff when I feel I'm covered. Just my take on it. There's nothing wrong with this concept either.

I've thought for years that the signature based AV programs would fall by the wayside because they can't possibly keep up. It hasn't happened and I suppose it's because heuristics hasn't turned out as well as expected. A problem with any kind of listing - white or black - is that you better understand what you are doing since some of the background process get pretty hard to figure out. Svchost.exe being a prime example because it's a general handler of many process. Try making an effective white list for that. I've tried with the firewall and I always give up and go with the defaults which are necessarily broader than i would like but I do have a life where I want to do other things.

_________________
Best regards,
Manny Carvalho
MS-MVP since 2002


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 2:57 pm 
Offline
welcoming committee
User avatar

Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
Peter2150 wrote:
This setup has kept me quite safe and in testing against some real nasties, it has proven effective.

Then there is the final step. Back up Back up Back up. And yes Acadia, I never install without first updating FDISR. :)

Pete
I know you said it but Backup can't really be emphasized enough can it.

_________________
Best regards,
Manny Carvalho
MS-MVP since 2002


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 3:07 pm 
Offline
welcoming committee
User avatar

Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
Escalader wrote:
When I read the voodo thingy I kept thinking it's just a HIPS but IF I have to tell it run or no run that is a pain for me. Access to www should in my view be controlled by user but when users (me get a pop up saying do you want #$%^^&&.exe to run I don't always know what it does.

Complexity is not a good thing as I may / will make the wrong call!
Right but the first thing with the voodo thingy is that YOU train it. It doesn't train itself. So you are back to the user understanding what needs to be allowed.

The problem is - and I imagine will always be - that good things can be used for bad purposes. I'm not sure there's a way around a user not knowing or not answering popups. Software just ain't that intelligent. I'm afraid that some people will always get infected somehow. Even so the infection ratio isn't all that high. Take a look at what ESET sees for their user base. In the US, less than 3% of their users report an infection. That's bad if it's you, but generally speaking that's not terrible: http://www.virusradar.com/

_________________
Best regards,
Manny Carvalho
MS-MVP since 2002


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 3:38 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Manny Carvalho wrote:
- that good things can be used for bad purposes.

Yup, would you believe me that rootkits were actually created by the good guys, not the bad. But the bad guys were so smart that they figured out a way to use them to their advantage, to hide Trojans.

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Sep 09, 2012 6:45 pm 
Offline
welcoming committee

Joined: Sat Apr 21, 2012 3:35 pm
Posts: 147
Acadia wrote:
Manny Carvalho wrote:
- that good things can be used for bad purposes.

Yup, would you believe me that rootkits were actually created by the good guys, not the bad. But the bad guys were so smart that they figured out a way to use them to their advantage, to hide Trojans.

Acadia


Thanks all of you. Like manny there is life outside of security. Must go BBQ a steak!

I'm going to read this thread again tommorow then think and post back.

I'm still befuddled about why I might need a sandboxie, I know nobody said that BUT if I thought for 1 minute I could cast off all my tools and use one I'd do it in a flash.

It seems to imply I can let anything in baddies and all then muck about and close sandboxie and the setup is still pure as snow. That can't be right can it?


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Mon Sep 10, 2012 6:53 am 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Also there are two other ways of returning a system to a pristine state, virtual-lite programs and the true virtual machines. I have used all three even more than one at the same time.

The virtual-lite programs such as Returnil and Deep Freeze, etc., freeze your entire C drive in a certain state. Then you go ahead and surf or do whatever you want. Then you reboot your computer and it is returned to its original state, all changes, baddies, whatever, are gone as if you had never done anything. Where I used to work, at the State Library, all of the computers that the patrons used were protected by such a program, I don't know which one, and every morning all computers were returned to their pristine state because who knows what the library patrons where doing with them the day before.

Then there are the true complete virtual machine programs where you install another entire actual operating system onto your system, you essentially now have two computers in one. Using the OS installed inside of the VM you can surf, install programs, do literally anything that you would on your main computer, then return your entire virtualize OS to the state that you began with, it is called returning to the original Snapshot. Using a program called VirtualBox I have Windows XP installed on top of my Windows 7 system and I do all of my surfing there. I even open up the entire XP virtual machine inside of Sandboxie, yup, Sandboxie can contain the entire many gigabytes of my virtualize XP. Many would say overkill but I love the double protection.

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Mon Sep 10, 2012 11:27 am 
Offline
welcoming committee
User avatar

Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
Acadia - a man who loves to wear both a belt and suspenders because you just never know! :mrgreen:

_________________
Best regards,
Manny Carvalho
MS-MVP since 2002


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Mon Sep 10, 2012 1:43 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2819
:rofl2:

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Mon Sep 10, 2012 2:15 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Manny Carvalho wrote:
Acadia - a man who loves to wear both a belt and suspenders because you just never know! :mrgreen:

:dance2:
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Mon Sep 10, 2012 4:37 pm 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1916
Location: Pembrokeshire, South Wales, UK
:rofl2: And we love him for it. :lol:

I have XPMode on my Windows 7 machine but don't use it that much, also something else I've not used but I believe Acronis has some kind of sandbox in their True Image program. I know it's one of the tabs and tells you you can try out things without hurting your machine.
As I said though I've not looked into that.

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Tue Sep 11, 2012 10:17 am 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Couple of comments. I don't find anything about what Acadia is doing as over kill. Having had to clean up a few machines that were a total mess from infections, overkill is great if it keeps the computer clean, compared to the pain of clean up.

Now back to Escalators question about why Sandboxie. Best answer is an example. My apartment building manager is a good example. Totally a non computer person. Also managing to get infected once or twice a year in spite of running the "classic" AV As protection. Usually the result of accidentally clicking on a wrong link. Finally early last early last year I talked to her about Sanboxie. She bought it, we configured it, and I showed her how to use it. She doesn't do anything differently, but the difference is no infections, since we installed it.

Then there is Outlook. I use Outlook for my business Email. I may be suspicious, but if I get an Email from a key client, I have to open it, I may have to click a link, open an attachment, it just depends. Also I have two gals who log onto my machine, and take cared of a lot of the business stuff. They have to be able to look at stuff. Also we may need to keep the email even if dodgy. Hence Sandboxie. Outlook runs sandboxed, so if they have to click a link, open an attachment, they are pretty safe. If they open something and it tries to run something, it can't run, and even if it can't the system is safe, and the worst case.....I've tested against a virus that totally takes over the machine. But even then when rebooting, instead of owning the machine, it's gone. Delete the sandbox, and it's removed from the system.

Escalader, since my router more or less serves as a firewall(inbound), I like Acadia if forced to choose, I'd take Sandboxie over a firewall.

Pete


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Tue Sep 11, 2012 4:20 pm 
Offline
welcoming committee

Joined: Sat Apr 21, 2012 3:35 pm
Posts: 147
Manny Carvalho wrote:
I was referring to the topic of the thread - voodoshield. It allows only the processes you decide are safe to execute. That concept isn't new although it looks like these guys have taken it a step further and just block processes without telling you about it [after you taught it what it a proper process]. For me, I'd prefer to know about it. All I was saying that this concept has been used by firewalls - and I'm not singling any product out, although y'all know my favorite - for a good while. Generally, it's a pretty good idea but it just seems like another security program on top of another one if you are running a modern firewall and not really needed as I see it. I'm sure it does what it does very well.

I've tried Sandboxie and it works fine but I've managed to use my machines for decades now without and it hasn't been an issue so I'm reluctant to add more stuff when I feel I'm covered. Just my take on it. There's nothing wrong with this concept either.

I've thought for years that the signature based AV programs would fall by the wayside because they can't possibly keep up. It hasn't happened and I suppose it's because heuristics hasn't turned out as well as expected. A problem with any kind of listing - white or black - is that you better understand what you are doing since some of the background process get pretty hard to figure out. Svchost.exe being a prime example because it's a general handler of many process. Try making an effective white list for that. I've tried with the firewall and I always give up and go with the defaults which are necessarily broader than i would like but I do have a life where I want to do other things.


Hi Manny:

Funny you mention svchost.exe! I stuggled with rules on that one for a long while and consulted the "experts" but came away none the wiser.

But maybe just maybe we could run svchost inside sandboxie?


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sat Oct 06, 2012 7:07 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9435
Location: The state of confusion; I just use Wyoming for mail.
OK, I merged some posts from this thread and another to a new thread in Security named Sandboxie. Some post that I left could have been moved but seemed more directly involved with this thread.

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sat Oct 06, 2012 7:20 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2819
Cool.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post subject: Re: Voodooshield
 Post Posted: Sun Oct 07, 2012 2:14 am 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9435
Location: The state of confusion; I just use Wyoming for mail.
LOL! Not as cool as I thought... forgot the second page of posts here. It is now done.

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 26 posts ]  Go to page 1, 2  Next

Board index » Technical Forums » General Computing


Who is online

Registered users: No registered users

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

cron