White listing (done well) is probably the best protection. The "Race 2 Zero" contest is sponsored by a company that makes a security app that uses White Listing. None of the malware that the contestants created got thru the sponsor's security app. VoodooShield's claim to fame is the auto mode (so that the user does not have to authorize each app in the white list).
VoodooShield is an excellent app; however, some comments about that video:
The video is probably a great marketing tool. I wonder if VoodooShield's marketing department requested the test and the video or if the developers came up with the test method all by themselves.
They make this statement, "once a single line of malicious code is allowed to run... all bets are off". Many of those 1000 files that they ran, probably never executed a single line of malicious code. The antivirus apps being tested opted not to flag the installer of the malware. We don't know if the antivirus apps would have stopped* each piece of malware once it was extracted from the installers.
*stopped before "a single line of malicious code is allowed to run".
It is unfair of VoodooShield to make this statement, "We figured 5 months was enough time for leading Antivirus software to sufficiently detect these known threats." The testing shown does not indicate that the Antivirus software involved was not going to deal with the infection once it was unpacked from the installer (before "a single line of malicious code is allowed to run"). The testing simply shows that the Antivirus software being tested does not handle the installers in a way that VoodooShield would.
For the "non-installer files" that ran, but threw an error due to some missing file (presumably quarantined by the Antivirus software being tested): there was no analysis to determine if any harm was done. e.g. was a single line of malicious code allowed to run?
VoodooShield seems to consider allowing a bad file to be written to the hard drive as a failure - even if the bad file never executed. That said, there were clearly some files that ran unabated. We just don't know how many or how damaging (if at all) they were.
Caveats to the info above:
I mainly focused on what I saw as the flawed handling of installers in the testing. Some of the infections being run in that video were not installers. The exe being run was the malicious app itself. There will be malware that some Antivirus software will intentionally not flag as malware. It is a subjective call as to what constitutes a malicious file or action. You will never get all of the Antivirus companies to agree on just what constitutes a malicious file or action. For example, I have multiple key loggers installed on this work laptop. Some Antivirus apps have quarantined some of them. Others recognize them as non-malicious.
I know that an "installation screen" that is waiting for Next to be clicked might be a ruse. The installer might very well be doing malicious things without the need for user input. Without a careful analysis of the impact of running each of those 1000 apps, they really should not claim a level of failure on the part of any Antivirus software.
