VoodooShield – Additional Protection for your PC


voodooshield-logoMost of you will be aware of the multilayer approach to security, which simply means utilizing a number of different programs to help protect your PC. The most important aspects to keep in mind when implementing this type of strategy is to make sure you do not install two or more programs of the same kind with monitoring abilities or overburden your system with resource hungry security software.

For the purpose of illuminating further, security programs (especially free ones) can be broken down into two basic types… monitoring or on-demand. Monitoring type security programs are any which include real time protection, such as your antivirus, or with a process or processes continually running in the background. On-demand type security programs, such as Malwarebytes Anti-Malware Free, are those which do not include any monitoring or real time activity and only consume system resources when actually required and run by the user. The “do not install more then one” rule does not generally apply for on-demand type security programs.

There are many different types of security programs one can include in a multilayer system, including HIPS (Host Intrusion Prevention System), anti-exploit, anti-keylogger, sandboxing, anti-executable, etc. VoodoShield falls into the anti-executable category. Until recently, VoodooShield was only available in a premium edition requiring annual subscriptions, the developers have now released a free edition for non-commercial use.

VoodooShield – What is Anti-Executable?

In simple terms anti-executable type software is designed to prevent all programs (executable code) from running on the system except for those included in a whitelist. This is a diametrically opposite approach to that of traditional antivirus which generally blocks via a blacklist. Here’s how the VoodooShield developer describes it:

Traditional blacklist antivirus software attempts to block the 15,000+ new viruses a day. We realized that antivirus companies cannot possibly keep up with all of the new viruses, so we created a different approach. VoodooShield™ blocks all executable code (including viruses), except the software you allow.

VoodooShield Free – Download and Usage

Download consists of a relatively small 3.1 MB executable which scans 100% clean through Virus Total. Installation is also 100% clean with zero bundling or unwanted extras to worry about. During the installation process you will be asked to turn off UAC (User Account Control), this is recommended because UAC may interfere with the program’s functionality if left on.  A restart is required to complete installation.


Two welcome screens then open to explain VoodooShield’s functionality:

voodooshield message 1voodooshield post installation message 2

The program takes a snapshot of the system to identify running software and add same to a whitelist. From there, with VoodooShield’s protection set to On, the process is very simple – only whitelisted programs are allowed to run, including installed programs and anything running from the Windows directory, everything else is blocked. However, if you do try to run a new program, you will receive a notification with an option to make an exception and run the program.

VoodooShield also includes a useful feature to automatically scan blocked executables through Virus Total when you elect to allow. It then displays information about any threats identified, with options to Block or Sandbox, as well as Allow:

voodooshield-popup message

If at least one hit is found, the recommendation is to block the application from running on the system, which is exactly as it should be. However, more experienced users will be well aware that one or two flags through Virus Total’s multiple AV engines can often be written off as a false positive, so a certain amount of user discretion is still required.

You can also run a manual scan of any file at any time simply by dragging and dropping it on the VoodooShield desktop widget.


VoodooShield’s basic principle is; if VoodooShield blocks something you intended or wanted to run, allow it. If, on the other hand, VodooShield blocks something unexpected, work on the assumption that it is likely malware.

VoodoShield Free – Limitations and Bottom Line

The free version of VoodooShield includes the exact same blocking features as the Pro version but does not provide the user with options to change advanced settings, including adding directories or editing the whitelist. In my opinion, this is a pretty serious limitation because if the user inadvertently let’s through any malware with VoodooShield off or in Training mode, the malicious code will be automatically whitelisted with no way to reverse the situation… at least that’s the way I’m seeing it. Perhaps someone who is more conversant with the software might be able to confirm or clarify. (Of course, these limitations do not apply to the Pro version at a cost of $19.99us per annum)

*Also bear in mind that VoodooShield does not block anything running from the Windows directory, because of this and the aforementioned limitation it is imperative to make sure the machine is 100% free from malware prior to installing VoodooShield.

VoodooShield is lightweight and easy to use and I do like the principle behind it, perhaps not so much for more advanced users but it can certainly add a useful second layer of protection for less experienced users who are not so security savvy. One minor concern being that the program still relies on user input/choices to a certain extent.

voodooshield - pros and consView more details and download direct from the developer here: http://voodooshield.com/

 

About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

10 Comments

  1. Hi,
    Will ‘Voodoo Shield’ work with ‘Tiny Wall’ ? Tiny Wall does the same thing doesn’t it?

    Shiri

  2. Good day Jim. Believe you should put the following

    Also bear in mind that VoodooShield does not block anything running from the Windows directory, because of this and the aforementioned limitation it is imperative to make sure the machine is 100% free from malware prior to installing VoodooShield.

    in BOLD. To purge a program from the white list, one could uninstall completely, reboot, and start all over, Mindblower! 🙂

  3. This concept to me sounds much better than traditional ones. However the fact that I could have malware already hidden in my computer/registry at anytime I installed voodoo… is a worry for sure. Fortunately I have several image backups made at certain levels from initial image with only the basics, to what I am running now, and so can image back to a known safe level and install voodoo there. Then I could add any programs I need to bring it back up to an accepted level. When I am finally happy with everything… then make a final image backup. In that way I would imagine my system would then be pretty much safe from all virus and malware. Recon I might give it a go anyway. Thanks for this great info on Voodoo Jim.

  4. Hi Jim, thank you for the great review! The latest release of VS includes a whitelist editor and user log. Also, VS only allows a select handful of Windows folders, and we believe the way we implemented this feature is perfectly safe. I could go into a long explanation, but we did give this serious consideration during development. We actually found that UAC does the exact same thing ;). Also, we realize that pre-existing malware is perhaps our weakest attribute, and as mindblower suggested, the user just simply needs to reset the whitelist after they are certain their traditional antivirus has done its job, and the computer is clean. There is now a button in the free version in the UserLog / Snapshot editor that allows the user to easily reset their whitelist. So thank you for the great review… it sounds like you actually spent quite a bit of time and had a great understanding of VS before writing a review. And we appreciate that, because if someone just spends 10 minutes with it, and they do not understand how advanced and effective it really is, then their reviews are not quite as positive ;). This is especially true since VS is so simple on the surface. But we intended it to be that way so that everyone could use it, even novices. Anyway, we appreciate your review, thank you!

    • The latest release of VS includes a whitelist editor and user log.

      Just to clarify; are these now available in the free edition too?

      Thanks for your input here and the additional info, appreciated.

  5. Yes, sorry, I did not explain that well. The userlog / snapshot editor is now included in the free version as well. The whole idea of the free version is that it is a computer lock for the home user, and we believe most home users will find the settings are set to an optimal state, and there probably is no need for most home users to adjust them. I actually prefer the free version… all I want is a simple togging desktop shield gadget / computer lock that locks my computer when I am (most) at risk, and unlocks it when I am not at risk. The Pro features are intended for enterprise situations, so that admins can, for example, adjust the settings, and create a whitelist snapshot (and settings) and distribute the snapshot and settings to all computers in their enterprise. Please let me know if you have any questions. The best way to reach me is dan@voodooshield.com, but I will try to remember to check this site from time to time to see if there are any other questions. Thank you Jim and mindblower!