From: David H. Lipman on
From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

| That's not true either.

| MBAM doesn't just target "spyware", a form of non-viral malware in the trojan class.

| MBAM targets other forms of non-viral malware in the trojan class such as; adware,
| BHOS,
| Dialers, keyloggers, banker/bancos, various C2 bots, trojan rootkits, trojans agents,
| etc.

| But it doesn't target exploit codes.


I should modify that as Keyloggers are a sub-class of spyware.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Virus Guy on
"David H. Lipman" wrote:

> | Is this a virus *and* spyware scanner, or just a spyware scanner?

> MBAM is not an anti virus application and is geared towards non-viral
> malware. It may block a virus but it will not remove a virus once
> the files are infected.

I don't know why Dave is being evasive about this.

I've used MBAM exactly once so far, and that was on a drive where the
user downloaded and ran one of those fake AV scanners because they
panicked during a web-surfing session.

I removed the infected hard drive and attached it as a slave to a
good/trusted system and ran several AV scanners against the drive.

MBAM did detect several files that were remnants of a zbot infection.

So I'd have to say that MBAM does have *some* ability to ID files that
are viral / trojan in nature.

Will MBAM function as a resident application or service and perform
real-time scanning of incoming files or data? I don't know. Probably
not.

Will MBAM remove viral files (both running in memory and on the file
system) and undo all viral registry entries? I don't know. Probably
some-what. Not many apps that actually call themselves "Anti-Virus" do
a good job of that.

Is MBAM a virus scanner as well as a spyware scanner?

The answer is absolutely yes, but I don't really know how large it's
viral/trojan definition database is.

Dave can answer that - I don't know why he's being evasive about it.
From: David H. Lipman on
From: "Virus Guy" <Virus(a)Guy.com>

| "David H. Lipman" wrote:

>> | Is this a virus *and* spyware scanner, or just a spyware scanner?

>> MBAM is not an anti virus application and is geared towards non-viral
>> malware. It may block a virus but it will not remove a virus once
>> the files are infected.

| I don't know why Dave is being evasive about this.

| I've used MBAM exactly once so far, and that was on a drive where the
| user downloaded and ran one of those fake AV scanners because they
| panicked during a web-surfing session.

| I removed the infected hard drive and attached it as a slave to a
| good/trusted system and ran several AV scanners against the drive.

| MBAM did detect several files that were remnants of a zbot infection.

| So I'd have to say that MBAM does have *some* ability to ID files that
| are viral / trojan in nature.

| Will MBAM function as a resident application or service and perform
| real-time scanning of incoming files or data? I don't know. Probably
| not.

| Will MBAM remove viral files (both running in memory and on the file
| system) and undo all viral registry entries? I don't know. Probably
| some-what. Not many apps that actually call themselves "Anti-Virus" do
| a good job of that.

| Is MBAM a virus scanner as well as a spyware scanner?

| The answer is absolutely yes, but I don't really know how large it's
| viral/trojan definition database is.

| Dave can answer that - I don't know why he's being evasive about it.

There is always some overlap between various anti malware applications. Anti virus with
non-viral malware and non-viral trageting products getting viruses.

However to be a "true" anti virus application the product must be able to deal with file
infecting viruses. That is a virus that will append, prepend or insert code on a given
executable. The anti virus application would then have remove the added code and make the
executable to be back at its original condition. [NOTE: The condition may be restored
but the binary may have a different MD5 checksum].

Likewise you would have to deal with boot sector infectors.

MBAM does NOT perform these erradications and thus can not be called an anti virus
application.

I am one who will call worms a sub-class of virus and MBAM does target various worms such
as AutoRun and some Internet. However the consequences of these kinds of malware is more
trojan like in the effect that files being infected and thus code has to be removed from
the binary. Trojans don't get cleaned, then get deleted. This is also the case of many
worms.

Another gray area is concerning trojanized files. In this case malware will infect a
given binary and append, prepend or insert code. However that infected bianry can not, in
turn, infect other bianries like a virus can. In the case of trojanized files you can
simply delete the file like an ordinary trojan because the file is legitimate,m and needed
for the OS, but the added code does the bidding of the malware author's intention. An
anti virus application may be able to clean the file. MBAM does not. It has to REPLACE
the file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Ken Blake, MVP on
On Sun, 21 Feb 2010 10:13:14 -0500, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

> From: "Ken Blake, MVP" <kblake(a)this.is.an.invalid.domain>
>
> | On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown
> | <the_stan_brown(a)fastmail.fm> wrote:
>
> >> I've checked on the Web page but can't find a clear answer:
>
> >> Is this a virus *and* spyware scanner, or just a spyware scanner?
> >> They say "malware" over and over, and to em that implies both, but
> >> they never actually said what they mean as far as i could see.
>
> >> I raise the point because a friend claims that Malwarebytes Anti-
> >> malware does spyware scanning only, not virus scanning
>
>
> | Your friend is essentially right. Good a product as it is, they use
> | the word "malware" improperly, to mean just spyware, not all malware,
> | including viruses.
>
> That's not true either.
>
> MBAM doesn't just target "spyware", a form of non-viral malware in the trojan class.


OK, if you want to use the terms very precisely. I meant it more
generally. All anti-virus programs target more than just viruses too.


> MBAM targets other forms of non-viral malware in the trojan class such as; adware, BHOS,
> Dialers, keyloggers, banker/bancos, various C2 bots, trojan rootkits, trojans agents, etc.
>
> But it doesn't target exploit codes.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>

--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
From: Stan Brown on
Sun, 21 Feb 2010 07:53:18 -0700 from Ken Blake, MVP
<kblake(a)this.is.an.invalid.domain>:
>
> On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown
> <the_stan_brown(a)fastmail.fm> wrote:
>
> > I've checked on the Web page but can't find a clear answer:
> >
> > Is this a virus *and* spyware scanner, or just a spyware scanner?
> > They say "malware" over and over, and to em that implies both, but
> > they never actually said what they mean as far as i could see.
> >
> > I raise the point because a friend claims that Malwarebytes Anti-
> > malware does spyware scanning only, not virus scanning
>
>
> Your friend is essentially right. Good a product as it is, they use
> the word "malware" improperly, to mean just spyware, not all malware,
> including viruses.

Thank you -- that's very clear. It doesn't exactly build confidence
that they misuse such a crucial word in the description of their
product!


--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com
Shikata ga nai...