Malwarebytes
in [Windows XP Basics]
|
Prev: Shell32.dll Ocupied by address range for system dll
Next: How to Show Folder Contents as "Tiles" in 4 Columns?
From: Twayne on 23 Feb 2010 14:06 In news:4B820831.8DC31B3F(a)Guy.com, Virus Guy <Virus(a)Guy.com> typed: > Full-Quoter Twayne wrote: > >>> Is MBAM a virus scanner as well as a spyware scanner? >>> >>> The answer is absolutely yes, but I don't really know how >>> large it's viral/trojan definition database is. >>> >>> Dave can answer that - I don't know why he's being evasive >>> about it. >> >> Wow; Dave was a lot more correct than you are on this one. > drivel removed The question was posed as: >>> Is MBAM a virus scanner as well as a spyware scanner? >>> And self-answered as: >>> The answer is absolutely yes, but I don't really know how >>> large it's viral/trojan definition database is. Which is an immediate contradiction: It is, but it might not be very good at it. It isn't and doesn't claim to be usable for AV protection. A legitimate AV program is required for that. And regardless of your take on definitions, semantics and syntax, and any way you wish to spin them, MBAM is not a virus scanner as well as a spyware scanner in the context of the question that was posed. The fact that there may be overlaps as there often is with any malware detector, is irrelevant and a bonus to the product, but not anything to depend on. The fact that it might detect a hundred viruses is a moot point when it has to recognize and reach to hundreds of thousands of them. The fact that a virus may have portions of code that could be found while looking for spyware is a by-product, not a statement of any kind that the product protects against viruses. If your intent is to support AMB then it's failed because all you've accomplished is creating a thread that talks about what it CAN NOT do (be used for AV) as opposed to properly defining what it CAN do (catch malware). HTH, Twayne
From: Virus Guy on 25 Feb 2010 17:48 Why are you not able to format your replies correctly? Twayne wrote: > The question was posed as: > >>> Is MBAM a virus scanner as well as a spyware scanner? > And self-answered as: > >>> The answer is absolutely yes, but I don't really know how > >>> large it's viral/trojan definition database is. > Which is an immediate contradiction: It is, but it might not > be very good at it. If you've ever submitted a few (or a few dozen, or a few hundred) suspect files to Virus Total, you'd see that these so-called "Anti-Virus" programs have a highly variable rate of successful detection. So you latching on to my admission that "I don't know how large MBAM's virus definition list is" hardly constitutes any form of proof that MBAM is not as compentent as anything that happens to call itself an AV program. > It isn't and doesn't claim to be usable for AV protection. All I've stated here is that I have personally seen MBAM detect zbot files. I would not call zbot as being in the adware class of malware. I'm not an MBAM defender or fan (it doesn't run on win-98 so I have very little experience with it). > A legitimate AV program is required for that. Like I just said, I've seen first-hand how many so-called AV programs actually do a poor job of detecting threats. > MBAM is not a virus scanner as well as a spyware scanner in > the context of the question that was posed. What context? It was asked in a straight-forward way: Is MBAM a form of AV software? I said yes, because I've seen it detect viral or trojan malware (depending on how you define zbot). > The fact that it might detect a hundred viruses is a moot point > when it has to recognize and reach to hundreds of thousands of > them. Neither you nor I know how many viruses it can detect, and it's a fools game to speculate just what that number has to be to be considered an AV product. > If your intent is to support MBAM then it's failed I have no interest in supporting MBAM, especially since it doesn't run on win-98 > because all you've accomplished is creating a thread that > talks about what it CAN NOT do (be used for AV) What kind of fool are you? I've observed MBAM detecting viral files as part of it's functionality. How can that possibly constitute some form of negative proof of AV functionality?
From: Twayne on 25 Feb 2010 19:23 In news:4B86FE25.E9984F88(a)Guy.com, Virus Guy <Virus(a)Guy.com> typed: > Why are you not able to format your replies correctly? You mean: Why don't I format them as you think they should be formatted? Well, mostly because I can and my method is known as in-line posting. Sorry if that's too complicated for you. Perhaps it's the tool you've using for a news client? Anyway, it looks like I've stepped on your toes by daring to discuss cons of the program and you take great umbrage to that. Sorry about that, but the simple fact is, it is not capable of being the only malware protection one needs. Maybe it will be someday, but it's not there yet. There is good reason why no single entity can yet claim to discover every spyware in existance or that will exist. Each have their own strengths and weaknesses and it's no secret that it's still a great idea to have at least three such programs available plus a reliable AV program. The product claims it can run in concert with other malware detectors. Taken lterally, that's true. Taken to include AV, it's not true. Their own documentation includes comments about it not being compatible with some other AV programs and recommend turning the AV off, which to my mind is a dis-service to its users since it's not true. It sounds like it might surprise you to find that I use this program on my own machine. I paid for the first version since it's a reasonable price, but got my money back when I discovered it couldn't co-exist with my real-time AV program. As a result, I do consider it good enough to use their freebie version however, on all four machines in this room. I will not depend on a product that isn't an AV product to protect me in real time against viruses, no matter how good it may be in other areas. Right now, in my environment, it's running a close second to Adaware's latest version. Which, BTW, also has picked up a virus or two in the past. One in particular it removed partially, and it took my AV program to get the whole thing removed. I am purposely not naming my AV program so I can't be accused of fronting for it. In a different environment it could well come up with completely different results. AntimalwareBytes is a good program; but it still has its shortcomings. So on that note, I'll move to more inline commenting: > > Twayne wrote: > >> The question was posed as: > >>>>> Is MBAM a virus scanner as well as a spyware scanner? > >> And self-answered as: > >>>>> The answer is absolutely yes, but I don't really know how >>>>> large it's viral/trojan definition database is. > >> Which is an immediate contradiction: It is, but it might not >> be very good at it. > > If you've ever submitted a few (or a few dozen, or a few hundred) > suspect files to Virus Total, you'd see that these so-called > "Anti-Virus" programs have a highly variable rate of successful > detection. No, I haven't submitted a lot of mails to VirusTotal. In fact, I would question the capabilities of any who submitted a post such as this one and also tried to imply they have submitted "a few hundred" suspect files. It would seem your ability to determine whether something is new or not might be sub-standard. And if you're getting hundreds of them a day, well ... . A good netizen will check before submitting something that's "questionable", just so the other end doesn't have to waste time on it for no good reason. > > So you latching on to my admission that "I don't know how large MBAM's > virus definition list is" hardly constitutes any form of proof that > MBAM is not as compentent as anything that happens to call itself an > AV program. The point is, it doesn't HAVE a virus definition database that I can locate. Everything at their sites calls it a "malware" detector, and it has a malware database, but not a viral database. Would you care to expand on that and tell me where such is stored? I don't debate the fact that it catches some viruses - just that it's not effective as a major dependency for virus protection. It's not intended to catch all viruses and thus is not called an AV program. For any program that could honestly check each individual file on the computer for viruses, trojans, worms and other malware 100% the program would take hours to run. There are a couple that stop looking for certain malware after it hasn't been seen for so many months, only to be surprised to see it suddenly come back again and not be detected until they put it back into their signature lists, etc.. > >> It isn't and doesn't claim to be usable for AV protection. > > All I've stated here is that I have personally seen MBAM detect zbot > files. I would not call zbot as being in the adware class of malware. > I'm not an MBAM defender or fan (it doesn't run on win-98 so I have > very little experience with it). No, what you claimed, and apparently snipped, was that one could get rid of the other AV ware they had and only use this one program you're so fond of. > >> A legitimate AV program is required for that. > > Like I just said, I've seen first-hand how many so-called AV programs > actually do a poor job of detecting threats. And the same goes for "malware" detectors which antimalwarebytes calls itself. One has to know and research to be sure they're looking at workable, reliable and functional ware that does what it says it does and has a reputation to support it all. > >> MBAM is not a virus scanner as well as a spyware scanner in >> the context of the question that was posed. > > What context? Lol! Sorry, I don't teach English. The context of your post. > > It was asked in a straight-forward way: Is MBAM a form of AV > software? > > I said yes, because I've seen it detect viral or trojan malware > (depending on how you define zbot). > >> The fact that it might detect a hundred viruses is a moot point >> when it has to recognize and reach to hundreds of thousands of >> them. > > Neither you nor I know how many viruses it can detect, and it's a > fools game to speculate just what that number has to be to be > considered an AV product. No, I'm afraid that's just plain not the case. I don't need to know "how many" in any way except that the program's purpose and reputation states that it catches nearly all the AV they can design for. AMB is simply a lightweight in that area and makes no claims to be an AV replacement that I've ever seen. You seem to be of the opinion that because a program can catch a few viruses that it can catch them all, or at least equal and beat an application whose major purpose in life is to catch the virus. My AV and others also claim to find and delete "malware" too, but they don't claim to be all that's needed to do so. It's like saying McAfee AV doesn't have to be accompanied by other spyware detectors because it catches spyware and I saw it do it a few times; it just makes no sense. And no, i don't use McAfee. > >> If your intent is to support MBAM then it's failed > > I have no interest in supporting MBAM, especially since it doesn't run > on win-98 M BAM is reported to be functional for: Operating System: Win98, Win2k Pro, XP Pro, XP Home > >> because all you've accomplished is creating a thread that >> talks about what it CAN NOT do (be used for AV) > > What kind of fool are you? > > I've observed MBAM detecting viral files as part of it's > functionality. No, you've "observed" it detecting parts of a virus that conform to malware. It'll remove the parts that it's aware of, but possibly NOT the entire virus payload; you cannot tell. The virus may well return eventually in a lot of cases. > > How can that possibly constitute some form of negative proof of AV > functionality? I guess you need some assistance with reading comprehension: I never said that; you did. I simply said that your comment about not needing anything else was in error. If you can't remember, go back and look at the first post I replied to. In addition, your comments smell a bit trollish so I am unlkely to bother reading anything else you have to say. Twayne
From: glee on 26 Feb 2010 00:42 "Twayne" <nobody(a)spamcop.net> wrote in message news:OtA4rnntKHA.4568(a)TK2MSFTNGP05.phx.gbl... > In news:4B86FE25.E9984F88(a)Guy.com, > Virus Guy, also known as 98 Guy and numerous other aliases, typed a > lot of word-playing rubbish > snip > In addition, your comments smell a bit trollish so I am unlkely to > bother reading anything else you have to say. Ahh, now you are catching on: namely, don't feed the trolls!
From: Virus Guy on 26 Feb 2010 11:41
Twayne wrote: > > Why are you not able to format your replies correctly? > > You mean: Why don't I format them as you think they should be > formatted? Well, mostly because I can and my method is known > as in-line posting. Sorry if that's too complicated for you. I know that you use in-line posting (that is the correct way to post to usenet, and you should have noticed that I do the same). The formatting problem that I raised was that you don't leave a blank line between the quoted part and the response part. > Perhaps it's the tool you've using for a news client? Again, I'm surprised that you are embarrasing yourself by not making the simple observation that I also perform inline quoting and therefore must know and understand the concept. > Anyway, it looks like I've stepped on your toes by daring to > discuss cons of the program and you take great umbrage to > that. No, you're not stepping on any toes. If you want to argue your pov, then so will I. Is there anything wrong with that? > Sorry about that, but the simple fact is, it is not capable of > being the only malware protection one needs. That wasn't what the OP asked. It was asked if MBAM can or does perform as a virus scanner. I said it does, and I also said I don't know how well it does it. People are always asking (in the anti-malware newsgroups) how various AM (anti-malware) products compare against each other. You seem to think that as long as a piece of software claims itself to be "Anti-Virus" that that's the end of the discussion - that all AV products are comparable just because they call themselves AV. > There is good reason why no single entity can yet claim to > discover every spyware in existance or that will exist. That's an irrelavent point. If, hypothetically, MBAM has a virus detection rate that is *on-par* with the average detection rates (or even the *worst* detection rates) of programs that actually call themselves AV programs, then MBAM can be legitamately called an AV product. > The product claims it can run in concert with other malware > detectors. Taken lterally, that's true. Taken to include AV, > it's not true. Their own documentation includes comments about > it not being compatible with some other AV programs and recommend > turning the AV off, which to my mind is a dis-service to its users > since it's not true. What isin't true? Are they saying to turn off other AV programs when you perform an MBAM scan? Why is that a dis-service? > It sounds like it might surprise you to find that I use this > program on my own machine. No, I wouldn't be surprised. > I paid for the first version since it's a reasonable price, > but got my money back when I discovered it couldn't co-exist > with my real-time AV program. As a result, I do consider it > good enough to use their freebie version however, on all four > machines in this room. I will not depend on a product that > isn't an AV product to protect me in real time against viruses, > no matter how good it may be in other areas. Perhaps MBAM has no actual real-time detection ability or mechanism. That still doesn't mean that when run as an "on-demand" scanner, that it doesn't have virus-detection capabilities in that mode of operation. > > If you've ever submitted a few (or a few dozen, or a few hundred) > > suspect files to Virus Total, you'd see that these so-called > > "Anti-Virus" programs have a highly variable rate of successful > > detection. > > No, I haven't submitted a lot of mails to VirusTotal. In fact, > I would question the capabilities of any who submitted a post > such as this one and also tried to imply they have submitted > "a few hundred" suspect files. Please explain. There are those of us who go out of our way to obtain malware samples for our own investigation, and submitting them to VT as part of that investigation. We form our own opinions as to which AV programs appear to react the fastest to new malware by doing that. > It would seem your ability to determine whether something is new or > not might be sub-standard. And if you're getting hundreds of them > a day, well ... . Again, you seem to have formed some faulty impressions. I'm not sure why or where you'd get the idea that my ability to determine the vintage of any given piece of malware is "sub-standard" based on what I've said up to this point. And I never claimed the _rate_ at which I obtain malware samples or submit them for testing. > A good netizen will check before submitting something that's > "questionable", just so the other end doesn't have to waste > time on it for no good reason. That comment would not stand up or be agreed with in the virus and anti-virus newsgroups I participate in. The VT website is designed to handle many submissions per day, and the idea that the operators of that site are put to a disadvantage because of having to scan non-viral files has never been raised before - and I'm sure would be laughed at and ridiculed. > > So you latching on to my admission that "I don't know how large > > MBAM's virus definition list is" hardly constitutes any form > > of proof that MBAM is not as compentent as anything that happens > > to call itself an AV program. > > The point is, it doesn't HAVE a virus definition database that I > can locate. Like most anti-malware programs (and viruses are generally considered a form of malware) MBAM does download program updates. I presume those updates are infact the definition files that it uses when it performs it's file and registry scanning. > Everything at their sites calls it a "malware" detector, and it has > a malware database, but not a viral database. Would you care to > expand on that and tell me where such is stored? You want me to tell you that perhaps what MBAM calls a "malware definition file" might infact contain definitions for viruses and trojans? > I don't debate the fact that it catches some viruses - just > that it's not effective as a major dependency for virus > protection. How exactly would you know that it's "not effective as a major dependency for virus protection" ? You seemed to claim earlier that it (or AdAware) detected some viral files that your un-named AV program did not (or perhaps I didn't read that correctly). > It's not intended to catch all viruses and thus is not > called an AV program. You said earlier that no application can detect all malware (or words to that effect). You have also just made this statement: "It's not intended to catch all viruses and thus is not called an AV program." That implies that if something calls itself an AV program, then by your definition it *is* intended to catch ALL viruses, because anything that does not catch all viruses can not be called an AV program. I just want to clarify that point. You believe that something that does not catch (detect) all viruses can not be called an AV progam - is that right? And you also believe that no application can detect all malware? I see a contradiction or a lack of coherency when those two statements are combined. > For any program that could honestly check each individual file > on the computer for viruses, trojans, worms and other malware > 100% the program would take hours to run. Depending on how many files a system has, yes, I have performed scans on my systems that take several hours to run. Is that a strange concept? > > All I've stated here is that I have personally seen MBAM > > detect zbot files. I would not call zbot as being in the > > adware class of malware. I'm not an MBAM defender or fan > > (it doesn't run on win-98 so I have very little experience > > with it). > > No, what you claimed, and apparently snipped, was that one > could get rid of the other AV ware they had and only use this > one program you're so fond of. I never said that MBAM could or should replace other pre-existing anti-malware (anti-viral) software on a given system. I encourage you to go back over my posted material and quote any such comment that you think I made. And I never said I had any particular fondness for MBAM. In fact, I claimed to have only used it once, and I don't use it regularly because it doesn't run under my main OS (windows 98). So how could I possibly have a fondness for it? > >> MBAM is not a virus scanner as well as a spyware scanner in > >> the context of the question that was posed. > > > > What context? > > Lol! Sorry, I don't teach English. The context of your post. The context of the question was not ambiguous, so no context-disclaimer need be made. > > Neither you nor I know how many viruses it can detect, and it's > > a fools game to speculate just what that number has to be to be > > considered an AV product. > > No, I'm afraid that's just plain not the case. I don't need to > know "how many" in any way except that the program's purpose and > reputation states that it catches nearly all the AV they can > design for. So you put more stock in the simple claim that a given piece of software "catches nearly all the AV they can design for" versus the size or the number of entries in their scanner's database files? Don't you think that a quantitative metric in this case is more useful vs a qualitative one? > MBAM is simply a lightweight in that area and makes no claims > to be an AV replacement that I've ever seen. I never said MBAM claimed to be an AV program nor said it claimed to be an AV replacement. It was asked if MBAM is a virus/trojan detector. I said it was. I also said I didn't know how it compared to other virus/trojan detection programs. There is a wide range of effectiveness and ability within the AM/AV class of software, and I wouldn't be surprised if MBAM ranked as eqivalent to some of them in terms of detection compentency. > You seem to be of the opinion that because a program can > catch a few viruses that it can catch them all, That argument could be made equally if you or I was talking about any so-called AV program. Which is why I would never make such an argument. It's not true for what you consider a "real" AV program, and it's not true for MBAM either. > or at least equal and beat an application whose major purpose > in life is to catch the virus. You are speculating that MBAM's virus detection abilities ranks lower than the worst commercial or share-ware package that labels itself as being an anti-virus program. Do you have anything other than a gut-feeling to support that claim? > > I have no interest in supporting MBAM, especially since it > > doesn't run on win-98 > > M BAM is reported to be functional for: > Operating System: Win98, Win2k Pro, XP Pro, XP Home --------------------- http://www.malwarebytes.org/mbam.php Key Features * Support for Windows 2000, XP, Vista, and 7 (32-bit and 64-bit). Download * Version: 1.44 * File Size: 4.87 MB * Operating Systems: Microsoft � Windows 2000, XP, Vista, 7. -------------------- Where do you see compatibility with win-98? > > I've observed MBAM detecting viral files as part of it's > > functionality. > > No, you've "observed" it detecting parts of a virus that conform > to malware. Who says that viruses and trojans are not forms of malware? > It'll remove the parts that it's aware of, but possibly NOT > the entire virus payload; you cannot tell. The same is true for many AV programs. They do a horrible job of removing all remnants of viruses and trojans (files, registry entries, etc). > The virus may well return eventually in a lot of cases. Many viruses and trojans actively interfere with proper AV operation. The truth is that AV software does a pathetic job these days of detecting new threats in real time. > > How can that possibly constitute some form of negative proof > > of AV functionality? > > I guess you need some assistance with reading comprehension: > I never said that; you did. This is what you said: | because all you've accomplished is creating a thread that | talks about what it CAN NOT do (be used for AV) You said that my arguments supported the conclusion that MBAM CAN NOT be used as an AV scanner. Which is the same as saying that what I said about MBAM constitutes some form of negative proof of AV functionality. > I simply said that your comment about not needing anything > else was in error. If you can't remember, go back and look > at the first post I replied to. I suggest you go and look up what I said and quote it in your next reply, just so we're both exactly sure of what you're referring to. I continue to assert that I never said that MBAM was (or was not) suitable as one's sole or only AM/AV software. > In addition, your comments smell a bit trollish so I am > unlkely to bother reading anything else you have to say. That would be a mistake, as it would indicate that you would surrender this conversation over to me. It's a common tactic used by those that know they are arguing from a weak position or POV. |