Reply To: VoodooShield and SRP


    SudoJudo: The problem I found with SRP are the incessant blocking of good things, and constant prompts.



    AppGuard, even after just a couple days nearly drove me to drink. AppGuard, IMO, is so limited in usability that I don’t really know anyone that can/would use it, even on the commercial level. When you block almost everything, it isn’t hard to achieve nearly perfect protection!

    Speaking from enterprise market.. This is what we do to secure the average enterprise environment;

    1) Strong lockdowns with Group Policies.

    2) Limited (Standard) user accounts.

    3) Security Profiles for folder/drive access.

    4) Install Endpoint Security Product.

    5) Implement a quality backup solution.


    For anything needing even stronger security we setup a VDI (Virtual Desktop Environment) which allows complete isolation in HyperV for desktops, and at the same time, an instant wipe and restore of them with any issues.

    There really isn’t any need for AppGuard/SRP at the enterprise level. HOWEVER, there would be a need for WLC-Enterprise, because it would provide great insight into what is running that is safe.

    For VS, the fact it does so much and does it without breaking systems like AppGuard does, and without incessant, annoying prompts, means for almost everyone it is a superior product. It also explains why AppGuard generally speaking, wouldn’t have much of a widespread market.

    I think if VS offered some of the lockdown options within OSArmor it would be really helpful. Maybe a couple of footprint options on install that enable OSArmor type lockdowns depending on desired profile ‘Light, Firm, Paranoid’.  Would something like that be helpful at all?

    I am not going to comment either way about AppGuard and I am referring specifically to SRP as a tech, mainly the one built into Windows.  Years ago a lot of people believed that VS blocked entirely too much as well, which is why I spent all of the time refining the usability tweaks.  But either way, whether the tech is SRP, VS, AppLocker, whatever, I have believed for a very long time that a perfect balance between security and usability is absolutely vital.

    VS has always had hardwired rules that are quite similar to the OSArmor rules, but the rules have not been user definable / optional.  There might be a few rules we can make optional and available to the user for tweaking, but I highly doubt most people would ever want to tweak them.  And some rules really should not be modified… for example, some users flat out block (without prompt) interpreters like ps, wscript, cscript, etc., and then they later wonder why their computer acts funny or does not update, or whatever.  They are disabling vital components on the machine that devs use all of the time to perform certain tasks.

    We might be able to tweak the Security Posture feature (Aggressive, Moderate, Relaxed, Silent) a little more.  What do you think?

    • This reply was modified 10 months, 4 weeks ago by Dan.