For the purpose of illuminating further, security programs (especially free ones) can be broken down into two basic types… monitoring or on-demand. Monitoring type security programs are any which include real time protection, such as your antivirus, or with a process or processes continually running in the background. On-demand type security programs, such as Malwarebytes Anti-Malware Free, are those which do not include any monitoring or real time activity and only consume system resources when actually required and run by the user. The “do not install more then one” rule does not generally apply for on-demand type security programs.
There are many different types of security programs one can include in a multilayer system, including HIPS (Host Intrusion Prevention System), anti-exploit, anti-keylogger, sandboxing, anti-executable, etc. VoodoShield falls into the anti-executable category. Until recently, VoodooShield was only available in a premium edition requiring annual subscriptions, the developers have now released a free edition for non-commercial use.
VoodooShield – What is Anti-Executable?
In simple terms anti-executable type software is designed to prevent all programs (executable code) from running on the system except for those included in a whitelist. This is a diametrically opposite approach to that of traditional antivirus which generally blocks via a blacklist. Here’s how the VoodooShield developer describes it:
Traditional blacklist antivirus software attempts to block the 15,000+ new viruses a day. We realized that antivirus companies cannot possibly keep up with all of the new viruses, so we created a different approach. VoodooShield™ blocks all executable code (including viruses), except the software you allow.
VoodooShield Free – Download and Usage
Download consists of a relatively small 3.1 MB executable which scans 100% clean through Virus Total. Installation is also 100% clean with zero bundling or unwanted extras to worry about. During the installation process you will be asked to turn off UAC (User Account Control), this is recommended because UAC may interfere with the program’s functionality if left on. A restart is required to complete installation.
Two welcome screens then open to explain VoodooShield’s functionality:
The program takes a snapshot of the system to identify running software and add same to a whitelist. From there, with VoodooShield’s protection set to On, the process is very simple – only whitelisted programs are allowed to run, including installed programs and anything running from the Windows directory, everything else is blocked. However, if you do try to run a new program, you will receive a notification with an option to make an exception and run the program.
VoodooShield also includes a useful feature to automatically scan blocked executables through Virus Total when you elect to allow. It then displays information about any threats identified, with options to Block or Sandbox, as well as Allow:
If at least one hit is found, the recommendation is to block the application from running on the system, which is exactly as it should be. However, more experienced users will be well aware that one or two flags through Virus Total’s multiple AV engines can often be written off as a false positive, so a certain amount of user discretion is still required.
You can also run a manual scan of any file at any time simply by dragging and dropping it on the VoodooShield desktop widget.
VoodooShield’s basic principle is; if VoodooShield blocks something you intended or wanted to run, allow it. If, on the other hand, VodooShield blocks something unexpected, work on the assumption that it is likely malware.
VoodoShield Free – Limitations and Bottom Line
The free version of VoodooShield includes the exact same blocking features as the Pro version but does not provide the user with options to change advanced settings, including adding directories or editing the whitelist. In my opinion, this is a pretty serious limitation because if the user inadvertently let’s through any malware with VoodooShield off or in Training mode, the malicious code will be automatically whitelisted with no way to reverse the situation… at least that’s the way I’m seeing it. Perhaps someone who is more conversant with the software might be able to confirm or clarify. (Of course, these limitations do not apply to the Pro version at a cost of $19.99us per annum)
*Also bear in mind that VoodooShield does not block anything running from the Windows directory, because of this and the aforementioned limitation it is imperative to make sure the machine is 100% free from malware prior to installing VoodooShield.
VoodooShield is lightweight and easy to use and I do like the principle behind it, perhaps not so much for more advanced users but it can certainly add a useful second layer of protection for less experienced users who are not so security savvy. One minor concern being that the program still relies on user input/choices to a certain extent.
Hi,
Will ‘Voodoo Shield’ work with ‘Tiny Wall’ ? Tiny Wall does the same thing doesn’t it?
Shiri
Good day Jim. Believe you should put the following
Also bear in mind that VoodooShield does not block anything running from the Windows directory, because of this and the aforementioned limitation it is imperative to make sure the machine is 100% free from malware prior to installing VoodooShield.
in BOLD. To purge a program from the white list, one could uninstall completely, reboot, and start all over, Mindblower! 🙂
Agreed MB. Done!
This concept to me sounds much better than traditional ones. However the fact that I could have malware already hidden in my computer/registry at anytime I installed voodoo… is a worry for sure. Fortunately I have several image backups made at certain levels from initial image with only the basics, to what I am running now, and so can image back to a known safe level and install voodoo there. Then I could add any programs I need to bring it back up to an accepted level. When I am finally happy with everything… then make a final image backup. In that way I would imagine my system would then be pretty much safe from all virus and malware. Recon I might give it a go anyway. Thanks for this great info on Voodoo Jim.
Hi Jim, thank you for the great review! The latest release of VS includes a whitelist editor and user log. Also, VS only allows a select handful of Windows folders, and we believe the way we implemented this feature is perfectly safe. I could go into a long explanation, but we did give this serious consideration during development. We actually found that UAC does the exact same thing ;). Also, we realize that pre-existing malware is perhaps our weakest attribute, and as mindblower suggested, the user just simply needs to reset the whitelist after they are certain their traditional antivirus has done its job, and the computer is clean. There is now a button in the free version in the UserLog / Snapshot editor that allows the user to easily reset their whitelist. So thank you for the great review… it sounds like you actually spent quite a bit of time and had a great understanding of VS before writing a review. And we appreciate that, because if someone just spends 10 minutes with it, and they do not understand how advanced and effective it really is, then their reviews are not quite as positive ;). This is especially true since VS is so simple on the surface. But we intended it to be that way so that everyone could use it, even novices. Anyway, we appreciate your review, thank you!
Just to clarify; are these now available in the free edition too?
Thanks for your input here and the additional info, appreciated.
I almost forgot… you can get a free 1 year VoodooShield Pro subscription here:
http://www.voodooshield.com/freeoffer/
Thanks for the free upgrade, Mindblower!
Yes, sorry, I did not explain that well. The userlog / snapshot editor is now included in the free version as well. The whole idea of the free version is that it is a computer lock for the home user, and we believe most home users will find the settings are set to an optimal state, and there probably is no need for most home users to adjust them. I actually prefer the free version… all I want is a simple togging desktop shield gadget / computer lock that locks my computer when I am (most) at risk, and unlocks it when I am not at risk. The Pro features are intended for enterprise situations, so that admins can, for example, adjust the settings, and create a whitelist snapshot (and settings) and distribute the snapshot and settings to all computers in their enterprise. Please let me know if you have any questions. The best way to reach me is dan@voodooshield.com, but I will try to remember to check this site from time to time to see if there are any other questions. Thank you Jim and mindblower!
v2.12 (the free version) now has basic whitelist editing.