Top100vn - Top tin tức chuyên công nghệ, game, du lịch
  • Home
  • Công Nghệ
  • Du Lịch
  • Kinh Doanh
No Result
View All Result
  • Home
  • Công Nghệ
  • Du Lịch
  • Kinh Doanh
No Result
View All Result
Top100vn - Top tin tức chuyên công nghệ, game, du lịch
No Result
View All Result

My thoughts on Application Whitelisting | SecureAPlus & Voodooshield Test

admin by admin
July 11, 2020
in Công Nghệ
44
My thoughts on Application Whitelisting | SecureAPlus & Voodooshield Test



Is whitelisting better than Antivirus. In this video I share my thoughts on Application Whitelisting, using the example of SecureAPlus and VoodooShield, while testing them against malware. Is a false positive better than a false negative?

——————————————-

Want to join the TPSC community? Join our Discord server!

Want instant updates when new malware is discovered? Follow me on Twitter:

Do you enjoy the content on this channel? YouTube ad revenue is virtually non-existent so please consider funding TPSC via Patreon:

For business inquiries, please contact:
leo@thepcsecuritychannel.com

Music from Jukedeck – create your own at

Nguồn: https://top100vn.com/

Xem thêm bài viết khác: https://top100vn.com/cong-nghe/

Xem thêm Bài Viết:

  • Top phần mềm quản lý bất động sản số hóa tối ưu
  • AMD Ryzen Threadripper 3000 mạnh gần gấp đôi so với Threadripper đời trước?
  • Google Authenticator là gì? Hướng dẫn chi tiết nhất về Google Authenticator
  • Unbox & Đánh giá chi tiết MSI Mag Z390 Tomahawk
  • Chew-WGA V0.9 có phải là phần mềm Crack Win 7 tốt nhất? Tại sao?
Previous Post

DU LỊCH MỸ CHỈ 26.900.000 đ - SAIGONSTAR TOURISM

Next Post

Váy Đầm Đẹp 2019 l Những Mẫu Đầm Dự Tiệc & Đầm Công Sở Đẹp Sang Trọng 👗😍

Next Post
Váy Đầm Đẹp 2019 l Những Mẫu Đầm Dự Tiệc & Đầm Công Sở Đẹp Sang Trọng 👗😍

Váy Đầm Đẹp 2019 l Những Mẫu Đầm Dự Tiệc & Đầm Công Sở Đẹp Sang Trọng 👗😍

Comments 44

  1. yotoprules says:
    2 years ago

    I can see these being useful for embedded systems which only need to run couple of pieces of software. Whitelist those software and just block everything else, as nothing else is needed anyway.

    Reply
  2. seb clot says:
    2 years ago

    I view whitelisting as essential tool. The fact that they give the user some control is a GOOD thing. I don't always want everything to be automated.

    Reply
  3. S S says:
    2 years ago

    Fix all issues that will fix my computer. I have had hackers

    Reply
  4. Feather Black says:
    2 years ago

    I rather play pacman.

    Reply
  5. Crazy Clown says:
    2 years ago

    I wirus not do thats very no good. Me testing & is wirus not good.

    Reply
  6. Bugzy Kek says:
    2 years ago

    If it is sent to server Secureaplus will scan it and give you an idea what it is…but I understand ur point, not all people know how to use AV. When I first got a PC, I was afraid to use the program so I just left the AV to do its thing. For example, my Mum is so afraid of viruses and she doesn't know how to use AV. She just leaves it and believes that the program will protect her. But then again, she doesn't visit sketchy websites, just a few she knows about.

    Reply
  7. The Secret Letters of a Hacker says:
    2 years ago

    Love this channel

    Reply
  8. Silent Forever says:
    2 years ago

    Just use f-secure safe 6 month free and very good detection

    Reply
  9. Nevigo says:
    2 years ago

    If you have used a computer a while and know the fundamentals, nothing beat Voodooshield. It's one of the few applications, that can show a clean sheet everytime you run a test. You got VirusTotal to help you out with
    decisions. I mean it's not nuclear science. I understand your point of wiew, but in the real world, I really think VS is one of the big dogs. I have used it 5-6 months, and I'm stunned.

    Reply
  10. jcdt vv says:
    2 years ago

    Excellent contribution! -promo key (2 year) in spanish pdf here: http://stfly.io/Dmu7A4

    Reply
  11. ImpermanentHuman says:
    2 years ago

    As a noob, I would expect VoodooShield to block any new software I wanted to install (but I was as sure as I could be that the software was legitimate) but I would just unblock/allow it since I intentionally downloaded it, but where I would think it would be useful is when I’m browsing the net or clicking on a link in an email I thought was trustworthy and suddenly VoodooShield is alerting me that a software is trying to install/start when I haven’t intentionally tried to download or install anything at that time, in which case I would block/quarantine it and use a good AV to scan the system plus a second opinion scan too to get a good idea of its a known malware? If I was still suspicious that it could zero Day malware that my av software wasn’t familiar with yet I could just keep it in quarantine for a few weeks and test again once signatures are likely to have been updated?
    Although what is the difference between this and just running my computer in a ‘user’ account and needing to enter an admin password every time I want to install a software, or I’m browsing or reading through emails unexpectedly get an admin pop up screen asking for my password to install a software when I wasn’t intentionally trying to install anything at that time…how effective is simply using a computer as a ‘user’ compared to whitelisting?

    Reply
  12. Gameboy 1996 says:
    2 years ago

    Hello mate … Help me to choose a antivirus product for me.. i m a lite gamer and i do download from torrents.. help me out

    Reply
  13. zerocool says:
    2 years ago

    Secure APlus, messed up my system, never used again after that. I do like how it lets you decide though, I know what I should block and not.

    Reply
  14. Warwagon says:
    2 years ago

    Did you do the first system scan which goes through the auto-whitelisting process? Would one benefit of a whitelisting program be to prevent a dll or exe running via a drive-by download on a PC via a zero-day? Now the average user would probably just allow it. but someone more tech-savvy may stop and wonder where that came from.

    Reply
  15. hobbitmann says:
    2 years ago

    SecureAplus is not antivirus

    Reply
  16. Frank DeNunzio says:
    2 years ago

    You clearly did not take any time to introduce and explain the features of SAP or VoodooShield to your viewers, and your "test" was no test at all but simply an opinion. Maybe because you fail to understand the product? You rarely bother to do anything but install a product with default settings and you fail to educate your viewers about the features and uses of a product. The coup de grace is your recent addition of the automated malware downloader with which you bombard a product. Quantity (of malware) vs quality appears to be your modus operandi. It defies all logic, except the logic of $$$, slick videos and pleasant voiceovers. Yes, "Stay secure and stay informed." Just not on this site, please!

    Reply
  17. Traveel says:
    2 years ago

    What changed your mind from last year?

    Reply
  18. Traveel says:
    2 years ago

    Why not click on “need help deciding?”

    Reply
  19. Roast In Peace says:
    2 years ago

    Hello Leo why don't u review Comodo 11? I want to know your opinion on this thing:)

    Reply
  20. JS1. says:
    2 years ago

    I use Avast Free & MalwareBytes free. Is this good enough?

    Reply
  21. steve00055 says:
    2 years ago

    blocks 100% of all legitimate applications … BUT WILL IT BLOCK 100% OF ALL RANSOMWARE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Reply
  22. Alejandro Jesus says:
    2 years ago

    Can you put Lookout Mobile Security to the test its a app available on the Google play store for smartphones and tablets and it's also available for desktops and laptops

    Reply
  23. Tony T says:
    2 years ago

    White listing apps I think are better for servers where the constants are known and not changing as much. End user desktops change to much.

    Reply
  24. Andi_ x_HR says:
    2 years ago

    Leo, how much time did you spend with VoodooShield before this review, an hour, half of the hour?

    Reply
  25. Dp2o Gamez says:
    2 years ago

    Hey I need help with my pc I was hit by randsomeware but I had a backup and used it, but I thought that was done. (I was wrong) and now it tried to log onto my father’s gmail, and my bitcoin wallet. I have their ip address(and isp, it is Comcast) who do I contact I need help.

    Reply
  26. Sinan Soyturk says:
    2 years ago

    .

    Reply
  27. Quasar says:
    2 years ago

    I do use SecureAplus because I think myself as little advance user and do not install new application very often(maybe 1 or 2 in a month).

    Thank you for the video and advise.

    Reply
  28. Last Hope says:
    2 years ago

    5 mins in and this is exactly why I dislike VoodooShield. I've used it twice over the past few years and everyone singes it's praise it blocks all malware yeah!

    And I'm left thinking it blocks everything not just malware. What is the purpose of a security solution that blocks everything by default?

    There is a saying the only secure pc in the world is one that is in a box surrounded with 5 foot of concrete. There might be a very rare chance that a random file would drive by and download while trying to auto launch itself but most malware is ran with the thought it is a legitimate program. No one runs malware on purpose knowing it is malware so if you try to do something like this you would default to approving it. Stuff like this would be good for a childs computer to prevent them from messing with it. It will do nothing to stop someone who is trying to run a program that is malware but they assume it is not.

    Reply
  29. Timi says:
    2 years ago

    There's only one "whitelisting" application that I use over any antivirus and it's built in Windows,it's called secpol.msc(Local Group Policy Editor)and it works like a charm!

    Reply
  30. Sinan Soyturk says:
    2 years ago

    Chomar security test please please :((((((

    Reply
  31. Wesley Daholtarre says:
    2 years ago

    Can you please test = RansomOff from Heilig Defense against ransomware ? It can be a great free program to have, for you're protection. Thank you in advantage.

    Reply
  32. Shaun Zhang says:
    2 years ago

    I would say most novice users better off with Comodo Internet Security, it whitelists quite a lot of trusted software companies, and any unknown files are sandboxed, then the unknown files are sent to Comodo for analysis. If the file turns out to be malware, Comodo will include the signature of the file in the next signature update, if the file turns out to be legitimate, Comodo will release the file from the sandbox and add it into the whitelist.

    Reply
  33. Alessandro says:
    2 years ago

    I want to say mine on this topic. Basically, in 2018, if the user is using a secure email client and is not downloading torrents, there is not much risk of getting infected with serious malware. However, I have to say that I still use VoodooShield paired with Windows Defender in one of my systems (a shared computer). The idea about teaching a beginner to use whitelisting solutions is, first of all, to start from a clean install of Windows. The rule I could give them is: "If something pops-up but you didn't run anything, then it's probably a false positive and you should allow it". "If you executed a something, it's blocked and it's an email attachment, then it's malware for sure" (few standard users are sent software via email). "If you downloaded a new program the issue comes: if it's downloaded from a trusted site, then it's probably a false positive, and if it's from a site you don't trust, you should block it (but who can say, in the case of CCleaner hack. But, in that situation, also blacklisting solutions couldn't detect it at the beginning). The positive factor and issue about VoodooShield is the fact it's using VirusTotal, and users should be thought first how to use it. This could increase much the detection, but produce also false positives. The other issue is their command-line monitoring: sometimes VoodooShield blocks some command lines, especially when installing new software. That's an other rule to add "If the software blocks a command line while you are installing a software, just allow it". So yeah, there are a lot of rules to teach, but in my case the software works well because the system is not modified very much and new programs are installed rarely. I also use a Standard User Account in all my systems (I read in various places it's recommended to use). However, in my personal system I switched from COMODO to Windows hardening via NovirusThanks Syshardender (basically disabling wscript, macros, DDEauto, autorun and other risky features), because it doesn't impact on the system at all (just registry modifications) and I don't use those features at all. I could also have enabled software restriction policies, but I don't really like them.

    Reply
  34. hey_yo_reviews says:
    2 years ago

    Hey Leo, can you also compare it to Kaspersky's optional "Trusted Applications Mode"? https://support.kaspersky.com/14372

    Reply
  35. Xmetal says:
    2 years ago

    Only watched the first three minutes so far … while I do agree with you're comments 100% so far …. I also just have to say that those files by MS should have been signed .. but stilll I agree 100% so far with what you're saying

    Reply
  36. Alrek Arinbjorn says:
    2 years ago

    08:57 voodooshield allows everything in the program files folder by default, so I don't think very many normal users would have to worry about VS making the system unusable. I have elderly friends that I've set up with VS and they never have any issues with it. They call me every now and then about how it blocked something and I go over there to check it out for them and every time it turns out to be malware that they got from a spam email.

    Reply
  37. Alrek Arinbjorn says:
    2 years ago

    03:01 I admit, if I was a regular user, I wouldn't know what to do with an alert like that. The reason why I advocate for whitelisting products so aggressively is mostly because of polymorphous malware and the fact that it's much easier to track the new releases of legit software than it is to track the new variants of malware. I'm a much bigger advocate of voodoo shield and comodo, because their contingencies for when they encounter unknown files are much easier for a normal user to understand.

    Reply
  38. Mattcraft25 says:
    2 years ago

    I know this is off topic but if my av has blocked a file and then I delete the av, will the file be free?

    Reply
  39. samer samha says:
    2 years ago

    As always realy nice and useful videos leo, but i have a question please: why always malwarebytes which i ever trust flag the Advanced system care software as PUP, while most other Av flags it as a clean cheat?

    Reply
  40. Hell says:
    2 years ago

    This is why you use Comodo.

    Allows files verified as Trusted, whilst also Allowing Unknown files to run in a sandbox that is unable to infect the machine (whilst Comodo Cloud services analyze the file) and finally Blocks files verified as Malicious.

    Reply
  41. Traveel says:
    2 years ago

    PC Matic is does whitelisting

    Reply
  42. VoodooShield says:
    2 years ago

    “Process Hacker's powerful process termination capabilities bypass most security software and rootkits, ending the entire affected process.”

    https://download.cnet.com/Process-Hacker/3000-2094_4-10971791.html

    Think about what you are testing here Leo… you are testing ProcessHacker. ProcessHacker is a great program, but you should know that as a malware analyst, it contains many attributes that make it appear indistinguishable from malware. One of the signatures was “not-a-virus:HEUR:RiskTool.Win32.ProcHack.gen”… you should know as a malware analyst what this means… it means that other engines almost certainly detected this file as a false positive in the past and had to manually whitelist it. Right?

    In other words, if VoodooAi did not detect this file as unsafe, then I would be deeply concerned. If traditional signatures do not detect ProcessHacker as malware, I would be equally concerned… and we should all hope and pray that the only reason that other 64 engines did not detect ProcessHacker as unsafe is because they manually whitelisted the file.

    If you want to perform a test that would be interesting and applicable to people who are not malware analyst, simply download the top 100 or 1000 files from any download site and test again. These are the types of files that our novice, moderate and advanced users download. VoodooShield actually works extremely well for novices and moderate users because most of them never install software (certainly not ProcessHacker), they basically use the same 5-10 apps everyday like I do.

    Also, VS does not toggle when on AutoPilot, it only toggles in Smart Mode. Please do not take this as an insult, but this makes me wonder how much time you spent evaluating VS in the first place. Please do me a favor… try VS for one week and let everyone know what you think after using it for a week. After that, install it on your parent’s computer for a week, and just tell them that it a lock for their computer. I will even provide the licenses. Thank you!

    Reply
  43. Arkadius says:
    2 years ago

    Can you do a video on Zemana being useless now?

    Reply
  44. Gosu says:
    2 years ago

    Our company is MSP for Comodo ITSM software. It has many predefined trusted apps and files, so it's not that intrusive. AV is good enough, Valkyrie is good at categorizing threats and Containment at its heart works wonders protecting clients. Console gives us info about threats with hashes and links directing right to virus total. In this kind of combo is example where Whitelisting really shines.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Xem Thêm

Hướng dẫn lựa chọn du thuyền độc thân tốt nhất cho du khách ở mọi lứa tuổi

Hướng dẫn lựa chọn du thuyền độc thân tốt nhất cho du khách ở mọi lứa tuổi

December 14, 2022
TOUR HỒ TRÀM 3 NGÀY 2 ĐÊM  | DU LỊCH HỒ TRÀM – DU LICH YẾN VIỆT / TOUR HO TRAM 2N1D 1740000 VND

TOUR HỒ TRÀM 3 NGÀY 2 ĐÊM | DU LỊCH HỒ TRÀM – DU LICH YẾN VIỆT / TOUR HO TRAM 2N1D 1740000 VND

July 14, 2020
DU LỊCH SÀI GÒN | Khám phá Chợ Bến Thành ngày và đêm: Nhiều Người đẹp và Món ăn ngon

DU LỊCH SÀI GÒN | Khám phá Chợ Bến Thành ngày và đêm: Nhiều Người đẹp và Món ăn ngon

July 14, 2020
HỒ CỐC BÃI BIỂN ĐẸP MÊ HỒN | XUYÊN MỘC | VŨNG TÀU

HỒ CỐC BÃI BIỂN ĐẸP MÊ HỒN | XUYÊN MỘC | VŨNG TÀU

July 14, 2020
Thác Bản Giốc – CAO BẰNG – Động Gườm Ngao – Pắc Bó – BẮC KẠN – Hồ Ba Bể – Tuyên Quang – Thái Nguyên

Thác Bản Giốc – CAO BẰNG – Động Gườm Ngao – Pắc Bó – BẮC KẠN – Hồ Ba Bể – Tuyên Quang – Thái Nguyên

July 14, 2020
HOTDEAL.VN | Đẹp Toàn Diện Tại Hệ Thống Spa Việt Hàn – Âu Hàn. #hotdeal

HOTDEAL.VN | Đẹp Toàn Diện Tại Hệ Thống Spa Việt Hàn – Âu Hàn. #hotdeal

July 14, 2020
  • Chính Sách Bảo Mật
  • Liên Hệ

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Công Nghệ
  • Du Lịch
  • Kinh Doanh

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.