For the purpose of illuminating further, security programs (especially free ones) can be broken down into two basic types… monitoring or on-demand. Monitoring type security programs are any which include real time protection, such as your antivirus, or with a process or processes continually running in the background. On-demand type security programs, such as Malwarebytes Anti-Malware Free, are those which do not include any monitoring or real time activity and only consume system resources when actually required and run by the user. The “do not install more then one” rule does not generally apply for on-demand type security programs.
There are many different types of security programs one can include in a multilayer system, including HIPS (Host Intrusion Prevention System), anti-exploit, anti-keylogger, sandboxing, anti-executable, etc. VoodoShield falls into the anti-executable category. Until recently, VoodooShield was only available in a premium edition requiring annual subscriptions, the developers have now released a free edition for non-commercial use.
VoodooShield – What is Anti-Executable?
In simple terms anti-executable type software is designed to prevent all programs (executable code) from running on the system except for those included in a whitelist. This is a diametrically opposite approach to that of traditional antivirus which generally blocks via a blacklist. Here’s how the VoodooShield developer describes it:
Traditional blacklist antivirus software attempts to block the 15,000+ new viruses a day. We realized that antivirus companies cannot possibly keep up with all of the new viruses, so we created a different approach. VoodooShield
blocks all executable code (including viruses), except the software you allow.
VoodooShield Free – Download and Usage
Download consists of a relatively small 3.1 MB executable which scans 100% clean through Virus Total. Installation is also 100% clean with zero bundling or unwanted extras to worry about. During the installation process you will be asked to turn off UAC (User Account Control), this is recommended because UAC may interfere with the program’s functionality if left on. A restart is required to complete installation.
Two welcome screens then open to explain VoodooShield’s functionality:
The program takes a snapshot of the system to identify running software and add same to a whitelist. From there, with VoodooShield’s protection set to On, the process is very simple – only whitelisted programs are allowed to run, including installed programs and anything running from the Windows directory, everything else is blocked. However, if you do try to run a new program, you will receive a notification with an option to make an exception and run the program.
VoodooShield also includes a useful feature to automatically scan blocked executables through Virus Total when you elect to allow. It then displays information about any threats identified, with options to Block or Sandbox, as well as Allow:
If at least one hit is found, the recommendation is to block the application from running on the system, which is exactly as it should be. However, more experienced users will be well aware that one or two flags through Virus Total’s multiple AV engines can often be written off as a false positive, so a certain amount of user discretion is still required.
You can also run a manual scan of any file at any time simply by dragging and dropping it on the VoodooShield desktop widget.
VoodooShield’s basic principle is; if VoodooShield blocks something you intended or wanted to run, allow it. If, on the other hand, VodooShield blocks something unexpected, work on the assumption that it is likely malware.
VoodoShield Free – Limitations and Bottom Line
The free version of VoodooShield includes the exact same blocking features as the Pro version but does not provide the user with options to change advanced settings, including adding directories or editing the whitelist. In my opinion, this is a pretty serious limitation because if the user inadvertently let’s through any malware with VoodooShield off or in Training mode, the malicious code will be automatically whitelisted with no way to reverse the situation… at least that’s the way I’m seeing it. Perhaps someone who is more conversant with the software might be able to confirm or clarify. (Of course, these limitations do not apply to the Pro version at a cost of $19.99us per annum)
*Also bear in mind that VoodooShield does not block anything running from the Windows directory, because of this and the aforementioned limitation it is imperative to make sure the machine is 100% free from malware prior to installing VoodooShield.
VoodooShield is lightweight and easy to use and I do like the principle behind it, perhaps not so much for more advanced users but it can certainly add a useful second layer of protection for less experienced users who are not so security savvy. One minor concern being that the program still relies on user input/choices to a certain extent.