VoodooShield protects your PC by only allowing whitelisted programs to run - gHacks Tech News

VoodooShield protects your PC by only allowing whitelisted programs to run

Windows users have plenty of options at their disposal when it comes to protecting their system. Some solutions are recommended to all users, the installation of a good anti-virus solution comes to mind.

Others may be considered optional but they may improve the security in a way that anti-virus software can't. A sandboxing application like Sandboxie enables you to run apps in protected environments so that they cannot manipulate the system.

Anti-exploit software such as EMET or Malwarebytes Anti-Exploit mitigate specific attacks against the computer.

And then there are so-called anti-exe programs. What they do basically is whitelist programs that are allowed to run on the system and block any other program that is not whitelisted.

VoodooShield is such a program for Windows. It is free for personal use and a new version of it has just been released.

You are asked during installation whether you want UAC to be turned off with the program recommending to do so as it may interfere with program functionality if you don't. The choice is up to you however.

The program displays a welcome screen after start that explains its functionality. The program takes a snapshot of the system in that time to allow software that is already on the computer to run without issues.

This means that the system needs to be clean and without malware, as malware would be permitted to run as well if already present on the system.

voodooshield-2

Once you flip the switch and turn VoodooShield on, it will block all new programs automatically from running on the system. You do get a notification whenever that happens and an option to run that program and make an exception.

This is useful as you don't need to switch between on and off state all the time when you want to run a new program on the PC.

You find three modes listed when you right-click the desktop widget or system tray icon of VoodooShield.

  • Training: VoodooShield is off in that mode and does not protect the computer. It does learn about programs that you run on it though and will remember that choice.
  • Smart Mode: VoodooShield is still off but will protect your computer against programs run from the user space (under /user/username automatically.
  • Always On: The program is on and blocks any program from running that is not whitelisted or in the Windows folder or installed software.

The program displays notifications on the screen whenever executions are blocked so that you can allow it after all.

voodooshield

Another interesting feature is that it will scan any executable that is blocked on Virustotal automatically when you try to allow. It displays information about threats found in that program in a notification with options to block, sandbox (run with limited rights) or allow its execution.

If at least one hit is found, it recommends to block the application from running on the system. You can also run a manual scan of any file by dragging and dropping it on the VoodooShield desktop widget.

Limitations

The free version of the program is limited. It does not provide you with options to change advanced settings, for instance directories that you want blacklisted or whitelisted, or manage the whitelist in any way.

This is a serious problem as you have no control or even access to the whitelist to check whether a program is in it or not. If you accidentally allow malicious software to run in training mode, then it won't be blocked by the application later on when you turn it on.

Closing Words

VoodooSheld is an easy to use program that adds another layer of protection to Windows PCs. It is fundamental though that the PC is clean during installation and first run though and you may find that it lacks options and settings that you want control over. The paid version of the program resolves that and it is available for $19.99 at the company website.

Summary
software image
Author Rating
1star1star1stargraygray
5 based on 1 votes
Software Name
VoodooShield
Operating System
Windows
Landing Page

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Moloch-shall-rise said on October 18, 2014 at 8:51 pm
    Reply

    Anti-Executables deserve no consideration in my opinion.

    For one, they are too complicated for the layman, who will either allow malware to run or brick his OS by blocking legitimate operations. Why should an anti-exe be useful to someone who will answer every UAC prompt with yes anyway or has UAC even disabled?

    Adept users on the other hand know their deficiencies too well and have much more sophisticated solutions at their disposal. If you want to be more secure, you’ll need to restrict the behavior of trusted applications as well and not only focus on new untrusted processes. Hence solutions like Sandboxie or BlueRidge AppGuard are a much better choice, as anti-execution is only a small part of their armory.

    If you want to use a good anti-executable, just stick with User Account Control or a limited user account. Combined with the other security features of the OS this is already better than this anti-exe junk and on top of that it’s free.

    By the way, VoodooShield has only just become compatible with Windows 8.1. Considering how much time has passed since 8.1 has been released, it says a lot about the programmer’s abilities.

    1. ComputerGuy said on October 19, 2014 at 3:15 am
      Reply

      If you took a moment to try VoodooShield, you would quickly realize that it is extremely user friendly. You are not making any sense at all. You say that VoodooShield is potentially too difficult to use, then you recommend other technologies that are much more difficult to use? Very odd.

      VoodooShield has not been around as long as some of the other products, so did you ever stop to think that new features might be introduced in the near future. You know, like restricting the behavior of trusted applications? Did all of the other products have all of the features that they currently have, when they were on Version 2 of their software?

      And then you recommend the swiss cheese of malware protection, better known as User Account Control? Besides the fact that most users are accustomed to clicking yes by default, which is why VoodooShield uses a deny by default method, since it completely eliminates the issue of the user automatically clicking yes by default.

      I am not sure where you got the idea that VoodooShield recently became compatible with Windows 8.1. I installed Windows 8.1 the day it came out, and have been running beta versions of VoodooShield 2.0 ever since.

      It always cracks me up when people give their opinion on something without trying it first. You must work for a competitor of VoodooShield.

    2. VoodooShield said on November 5, 2014 at 8:23 pm
      Reply

      There are some people who do not understand VoodooShield and there are some people who do.

      Here is an example of someone who understands VoodooShield:

      http://www.pcmag.com/article2/0%2c2817%2c2470799%2c00.asp

  2. Hy said on October 18, 2014 at 8:53 pm
    Reply

    Looks interesting. Thanks for bringing this to our attention! Emsisoft’s free Online Armor provides similar functionality in a blacklist way, and checks all programs before allowing them to run, but I wouldn’t recommend Online Armor to anyone but advanced users…

  3. Kentar said on October 18, 2014 at 10:16 pm
    Reply

    Nice idea but poor implementation. Just because something is in the Windows folder it’s allowed to run? That’s just stupid.

    1. ComputerGuy said on October 19, 2014 at 3:22 am
      Reply

      What comes first, the chicken or the egg? If malware is never allowed to run in the first place, your machine will never become infected, right? Furthermore, do you prefer medicine over a vaccine?

  4. hessam said on October 19, 2014 at 3:23 am
    Reply
    1. ComputerGuy said on October 19, 2014 at 9:35 am
      Reply

      I just tried policeman, it seems like it might be a great idea. But there must be a bug because it broke my firefox. Now everything is displayed in plain html, no pictures or anything. I also tried to download some malware just to see what would happen, and it it let it right through. Just a couple of small bugs, but keep working on it, it sounds like a great idea, really!

      1. Martin Brinkmann said on October 19, 2014 at 9:37 am
        Reply

        I’m reviewing it currently. I suggest you check out the preferences and there the rules. Maybe something got mixed up.

    2. ComputerGuy said on October 19, 2014 at 9:08 pm
      Reply

      I just tried it again. So basically I have to allow every site I go to? Is it supposed to block malware, because so far it has let everything in once I create a rule. How should I know if I should create a rule or not when I cannot see the website? What am I missing here?

  5. Rick said on October 19, 2014 at 4:04 am
    Reply

    Allowing everything in the windows folder to run is a huge cope-out by the programmers. Instead of investing the time and effort to determine what is legit and what isn’t through any means makes, this VooNooShield pretty much useless unless you want to stop your great grandmother from playing Leisure Suit Larry.

    Military Grade Virus Protection – many virus/malware entries sit in the windows directory too. So this claim is hot gas as well.

    1. ComputerGuy said on October 19, 2014 at 9:28 am
      Reply

      Please investigate the technology known as “Windows Protected Folder”. Also, please read above.

      Also, isn’t everything legit in the Windows directory, assuming there is no virus on the computer?

      1. Rick said on October 19, 2014 at 7:22 pm
        Reply

        That the point! If anything gets into the windows folder like malware, even if you started with a clean computer when VooNooShield is installed, you aren’t protected.

        And even with AVs running, this can happen. Symatec has even stated that they are getting out of the AV business (consumer anyhow) as they can’t keep up with the variations.

        So again, what benefit is this app? None.

      2. ComputerGuy said on October 19, 2014 at 9:03 pm
        Reply

        How does something get into the windows folder if a script or executable is never allowed to run in the first place? Please provide an example, or better yet find ANYTHING that will bypass VoodooShield. There are a lot of things that bypass UAC.

        Besides, what other technology do you recommend that the vast majority of users can understand and use? I am all ears!

        It is time that we move away from medicine, and move towards a vaccine.

      3. Rick said on October 20, 2014 at 1:28 am
        Reply

        Already done – took a whooping 5 minutes and no special wisdom.

        A VB program that creates a script file and stores it in the system folder does not trigger. That script file can do anything it wants now. Neither trigger an AV warning.

        UAC is the only thing in between that rogue file and the entire system. So reliance is on UAC, not on VD.

        Anyhow .. enough comment on something that has been tried in the past.

    2. ComputerGuy said on October 20, 2014 at 2:38 am
      Reply

      Try it, VoodooShield will block it (yes, VS blocks scripts too). Can you please post a script file that can break VoodooShield?

      UAC on the other hand would not block it. UAC lets you run anything from the Windows directory. Try it.

  6. Terry Hollett said on October 19, 2014 at 3:02 pm
    Reply

    The weakest link, like with all security programs, is always the end user. What do you block? What don’t you block? I’ve recently had to fix a number of computers that had a bunch of these optimizer/speed-up programs on them. I’m assuming they are getting pop up ads that say something is wrong with there computer, click here to fix it. Most have UAC enabled so they are clicking on the option to allow to run. If they had this installed they would probably be doing the same thing. What we need is more educated users and less miracle programs that promise to protect you from the evils of the on-line world.

    1. ComputerGuy said on October 19, 2014 at 6:30 pm
      Reply

      Try VoodooShield and you will quickly realize that it fixes the problem you just described here.

  7. pd said on October 19, 2014 at 5:26 pm
    Reply

    I find this concept very sensible. Much more so than anti-malware software which is essentially a tax on system resources that users have to pay for the privilege of remaining ignorant of simple proactive security practices.

    Unfortunately it’s payware but hopefully an open source version will arrive if this becomes popular. Innovative software like this seems rare in the open source world but they do tend to copy a proprietary idea if it’s popular enough, eventually!

    Unfortunately Martin you missed your usual helpful warning that this program requires a bloat runtime, in this case .Net 3.5 according to the installer. That and the (reasonable but I’m cheap) cost make it irrelevant for me, alas.

    1. ComputerGuy said on October 19, 2014 at 6:33 pm
      Reply

      VoodooShield is free, and .net 3.5 is native to Windows 7, and only has to be activated in Windows 8 and 8.1.

    2. Martin Brinkmann said on October 19, 2014 at 7:43 pm
      Reply

      The free version is not limited in regards to how long it can be used. It is however limited in functionality which is definitely a problem as you don’t have much control over the blocking.

      Sorry for not mentioning the .Net dependency.

      1. ComputerGuy said on October 19, 2014 at 9:17 pm
        Reply

        You obviously did not spend enough time during your little test drive, otherwise you would know that the free version and pro version are the exact same when it comes to blocking. If you are talking about editing the whitelist that is a different story. Should every option be available in the free version? If so, why even have a free version? You do realize that developers have costs associated with bringing a product like this to the market, and they do have to pay rent and buy food, right? Do you work for free? Obviously not, so then why do you expect other people to work for free? It is not like $20 is that much money anyway.

        .net 3.5 is native to Windows 7, and only has to be activated in Windows 8 and 8.1.

      2. Martin Brinkmann said on October 19, 2014 at 11:34 pm
        Reply

        I meant options to manage the whitelist mostly. I’m not suggesting anything, just stating that the lack of that option is the reason why I won’t be using it and maybe for others as well who would give it a try otherwise.

        You interpret too much into this.

  8. Moloch-shall-rise said on October 19, 2014 at 11:26 pm
    Reply

    1) “You say that VoodooShield is potentially too difficult to use, then you recommend other technologies that are much more difficult to use? Very odd.”

    No. I explicitly said it has no target audience. The really inept won’t be able to handle it and the adept have way better solutions at their disposal. I never recommended Sandboxie or AppGuard to someone who I consider not adept enough for VoodooShield.

    2) “Did all of the other products have all of the features that they currently have, when they were on Version 2 of their software?”

    Yes of course. Sandboxie and AppGuard have been restricting behavior of applications from their beginning because this is what they were designed to do and anti execution has always been only a small part of their armory. A lot of more powerful technology is under the hood.

    3) “And then you recommend the swiss cheese of malware protection, better known as User Account Control? Besides the fact that most users are accustomed to clicking yes by default, which is why VoodooShield uses a deny by default method, since it completely eliminates the issue of the user automatically clicking yes by default.”

    Trashing Windows’ internal security mechansims when there are applications making perfect use of it, like the Chromium sandbox.

    4) “I am not sure where you got the idea that VoodooShield recently became compatible with Windows 8.1. I installed Windows 8.1 the day it came out, and have been running beta versions of VoodooShield 2.0 ever since.”

    Yes, BETA versions. Since your program is supposed to be designed for laymen, you recommend beta versions to them, where they had to register in a forum because they were not available on your website? You mean these people who answer every UAC prompt with yes? Sure. NVT ExeRadar Pro has been fully compatible with official stable released much longer. When was the first stable official release of 8.1 compatible VoodooShield and how many months have passed since the official release of Windows 8.1?

    Just in case you are wondering why my tone is so hostile, it is purely because of your marketing. Personally I am already sick and tired of these alternative tools trying to capitalize on the weaknesses of AVs and trashing Windows’ security feautres, whereas they are actually inferior to these already existing solutions. I am no advocate of the AV industry but for laymen they are still the best choice and the good ones already offer much better protection than your anti-executable and are still much more user friendly.

    A good AV will delete downloaded executable files if their reputation is too low and keep them if their reputation is solid, without bothering the user. Signatures will help to remove known malicious files. Behavioral analysis will block executables if they show signs of malicious behavior and protects the user even after execution. Signatures also help to remove threats after the fact. Then there is vulnerability protection and so on and so forth.

    Now these programs are far(!) from perfect and I would feel uncomfortable relying only them. Yet if I want to get more serious about protection there are, as mentioned before, more solid options available, but for laymen a good AV is still the best and the only choice.

    By the way, I still remember when somebody wrote without real effort a POC executable killing your anti-executable easily because of its poor implementation at that time. Now this poor implementation is no longer the case but at that time you were already talking about the weaknesses of AVs whereas your superior anti-executable solution was already being killed by executables. The same attack would not have worked with these “traditional blacklisting AVs” but hey, it’s always ok to trash AVs.

    1. ComputerGuy said on October 20, 2014 at 12:31 am
      Reply

      Where did you explicitly say it has “no target audience”? Do you not know what explicitly means?

      VoodooShield 2.0 beta was compatible with 8.1 the day 8.1 was released. There were bugs in the beta, just like any other beta. You do know what a beta is, right?

      So what you are saying is that every software product should take the exact amount of time to develop, even though it has completely different features?

      So it is your job to tell other people what they should run on their systems? What do you recommend? Test whatever you recommend against VoodooShield, and I bet you VoodooShield ties or wins.

      You do realize that there is a serious virus and malware issue that is getting worse every single day, correct? And the industry is slipping further and further behind . So what you are saying is that no one should try to develop new technologies to help fix the problem? Everyone should just give up and just let the malware have its way with our computers? You did see the Symantec comment above, correct? It would be a different story if the security industry was not losing the battle against malware, but the reality is, they are losing the battle big time.

      You do know that VoodooShield has a free version, right? How is that capitalizing on anything?

      I am not sure what you are talking about, but nothing is bulletproof, but VoodooShield ranks with the best of them as far as this goes.

      Your other comments are not even worth my time to be perfectly honest.

      1. Jim said on October 20, 2014 at 4:05 pm
        Reply

        Are you the developer or have some other interest in this program? Either way you have commented negatively on every single post in this discussion. That makes you a troll and therefore nothing you have said or will say is of any value.

      2. ComputerGuy said on October 20, 2014 at 6:53 pm
        Reply

        Moloch-shall-rise was the first to troll, just read his posts. He trashes VoodooShield all over the internet and spreads his propaganda.

        Why should I tell you who I am? You or Moloch-shall-rise have not posted your identity.

        All you need to know is that I am a big VoodooShield fan and I am tired of his antics. So where ever Moloch-shall-rise trolls I am going to troll.

  9. PhoneyVirus said on October 21, 2014 at 9:07 pm
    Reply

    Boo $19.99 I’ll just keep using only Malwarebytes, that’s right I never used a Anti-virus in three years and will continue to do.

  10. Anonymous said on October 24, 2014 at 12:07 am
    Reply

    “for instance directories that you want blacklisted or whitelisted, or manage the whitelist in any way.”

    the v2.12 FREE version now has it so you can do basic management of the whitelist.

    1. Martin Brinkmann said on October 24, 2014 at 7:13 am
      Reply

      That’s great, thanks for letting us know.

      1. securitystar said on October 3, 2015 at 2:40 am
        Reply

        Voodooshield is nothing special. White-listing. Yeehaa. Appguard is so much more and it really is not that tough to tweak. You pay once for a lifetime security product. Why would I want the free version of VDS? I mean if that’s what your pocket can afford then it’s a nice little free app for users who need hand holding. Also, VDS also adds 20 seconds to my boot time and Appguard zero.

  11. Its Me ! said on November 18, 2015 at 6:23 pm
    Reply

    Perhaps Its all in the words!. VOODOOSHIELD. VOODOO is black magic, practiced by satan worshipers (satanists), who are evil people who hurt the innocent. Moloch Shall Rise. (the guy of try’s very hard to dismiss voodooshield). MOLOCH is a deity worshiped by satanists… Worked it out yet !…
    Furthermore, Real hacking is via the Microsoft System & users who are not I.T Pro’s, who have OEM installations are at much greater risk as an full OEM installation has everything they need. With this in mind, VoodooShield replaces the MS UAC & this cant be a bad thing, as anything that gets in the way of hackers utilizing MS files/ Accounts/ permissions structures/ WMI/ SVHOSTS and so on, is without doubt a good thing !. Don’t listen to that Moloch Person & his invalid instructions & distractions with his dangerous advise & Install VoodooShield NOW !…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.