Is MBAM is a 100% safe application?
in [Spyware]
|
From: ~BD~ on 30 Apr 2010 07:48 David H. Lipman wrote: > From: "David H. Lipman"<DLipman~nospam~@Verizon.Net> > > | From: "~BD~"<BoaterDave(a)hot.mail.co.uk> > > | FUD post ! > > | There is NO malware that infects are resides within the; BIOS, Motherboard or > | Video-card > | EEPROM. > > > That should have been... > "...that infects or resides within..." > > > So now we are in a situation where someone (drdos) has posted information on a well known technical forum saying one thing ....... and Mr David H Lipman (whoever he may *really* be!) making a post on Usenet groups claiming that the original poster is wrong. Take a step outside the box, David. How could anyone simply 'visiting' these groups have any notion of who is actually telling the truth? I am /inclined/ to believe what *you* say - but there is no supporting evidence to that effect - is there? Is it reasonable for readers to accept that, as you have made no disparaging comment to the contrary, that "Most wiping, erasing, formatting, and partitioning tools will not overwrite logical bad sectors on the Disk, leaving the Rootkits and their accompanying payload of malware behind and still active."? If so, what action would one recommend one takes before reinstalling an operating system on a previously used disk - Darik's Boot and Nuke? http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094_4-10151762.html Or, maybe FDISK will do? http://support.microsoft.com/kb/255867 Or does one simply assume that one's disk is Rootkit free and simply use a Windows set-up disk and the in-built formatting facility? -- Dave
From: Dustin Cook on 30 Apr 2010 14:13 ~BD~ <BoaterDave(a)hot.mail.co.uk> wrote in news:7ridndLhg8MJXkfWnZ2dnUVZ8rqdnZ2d(a)bt.com: > David H. Lipman wrote: >> From: "David H. Lipman"<DLipman~nospam~@Verizon.Net> >> >> | From: "~BD~"<BoaterDave(a)hot.mail.co.uk> >> >> | FUD post ! >> >> | There is NO malware that infects are resides within the; BIOS, >> | Motherboard or Video-card >> | EEPROM. >> >> >> That should have been... >> "...that infects or resides within..." >> >> >> > So now we are in a situation where someone (drdos) has posted > information on a well known technical forum saying one thing ....... > and Mr David H Lipman (whoever he may *really* be!) making a post on > Usenet groups claiming that the original poster is wrong. If the article claims an infection in the bios or eeprom vs corruption; then the article is indeed, wrong. BD. > Take a step outside the box, David. Google bios and eeproms David. You might find it somewhat enlightening. > How could anyone simply 'visiting' these groups have any notion of who > is actually telling the truth? By doing their own research into the matter? > I am /inclined/ to believe what *you* say - but there is no supporting > evidence to that effect - is there? See above. Google really is your friend. > Is it reasonable for readers to accept that, as you have made no > disparaging comment to the contrary, that "Most wiping, erasing, > formatting, and partitioning tools will not overwrite logical bad > sectors on the Disk, leaving the Rootkits and their accompanying > payload of malware behind and still active."? behind, possibly; active.. no. > If so, what action would one recommend one takes before reinstalling > an operating system on a previously used disk - Darik's Boot and Nuke? > http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094 > _4-10151762.html If it does sector overwrites (and I believe it can be configured to do so) yes. > Or, maybe FDISK will do? http://support.microsoft.com/kb/255867 FDISK is a partitioning tool. it doesn't address sectors marked as bad. > Or does one simply assume that one's disk is Rootkit free and simply > use a Windows set-up disk and the in-built formatting facility? If the system disc is clean and initializes the bootsector with clean code, bye bye rootkit. Assuming it was an MBR based one. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: David H. Lipman on 30 Apr 2010 16:31 From: "~BD~" <BoaterDave(a)hot.mail.co.uk> | So now we are in a situation where someone (drdos) has posted | information on a well known technical forum saying one thing ....... and | Mr David H Lipman (whoever he may *really* be!) making a post on Usenet | groups claiming that the original poster is wrong. | Take a step outside the box, David. | How could anyone simply 'visiting' these groups have any notion of who | is actually telling the truth? | I am /inclined/ to believe what *you* say - but there is no supporting | evidence to that effect - is there? | Is it reasonable for readers to accept that, as you have made no | disparaging comment to the contrary, that "Most wiping, erasing, | formatting, and partitioning tools will not overwrite logical bad | sectors on the Disk, leaving the Rootkits and their accompanying payload | of malware behind and still active."? | If so, what action would one recommend one takes before reinstalling an | operating system on a previously used disk - Darik's Boot and Nuke? | http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094_4-10151762.html | Or, maybe FDISK will do? http://support.microsoft.com/kb/255867 | Or does one simply assume that one's disk is Rootkit free and simply use | a Windows set-up disk and the in-built formatting facility? | -- | Dave Show us *any* malware in the wild that; infects or resides within the; BIOS, Motherboard or Video-card. **And I do not mean some engineer in lab environment who found he could introduce malware into the BIOS, Motherboard or Video-card. There is not taking a step outside the box. This is the reality. There is NO malware that infects or resides within the; BIOS, Motherboard or Video-card. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 30 Apr 2010 19:04 "~BD~" <BoaterDave(a)hot.mail.co.uk> wrote in message news:RbSdnY3dLah7CUfWnZ2dnUVZ8nSdnZ2d(a)bt.com... > FromTheRafters wrote: > >> >> Maybe, but I believe he is not stupid > > That's good to know! :) > >> - just annoying as all hell. :oD > > Name two things which I do which you find annoying - if necessary, > please explain why so. I *may* change what I do! 1) Introducing your personal vendetta against PF whenever it suits you. 2) Needlessly crossposting your posts, even when from within another's thread and transplanting posts from other places and posting off topic and getting too obsessed with having other people's personal information and practically *demanding* that others assuage any personal "hinky feeling" you may have and ... well ... that's enough for number two. > Now ....... > > Here's an item for you to get your teeth into, FTR! > > It's an extract from a thread I once started here:- > > http://forum.kaspersky.com/index.php?showtopic=50275&st=40 > > (this is post No 46) > Performing a standard Disk Format and Reinstall of the Operating > System > will render common infections incompatible, Incompatible with what? > but not all Rootkits and its accompanying payload of malware..... ??? Had this person posted here, there would have been opposing viewpoints voiced, I haven't visited that forum, so I don't know what went on there. > Rootkits work from outside the Operating System There are user mode and kernel mode rootkits - how is that considered "outside" the OS? I might agree with *some* rootkits work from outside the OS (VM or hypervisor based perhaps?) > and can hide in Bad Sectors of the Hard Disk thus have places to hide > on the Hard Disk that are essentially outside the Operating Systems > environment, untouchable by it, yet still at hand. There are many places to hide stuff, that doesn't mean it is code that can be invoked or otherwise executed. > Most wiping, erasing, formatting, and partitioning tools will not > overwrite logical bad sectors on the Disk, leaving the Rootkits and > their accompanying payload of malware behind and still active. Usually, such tactics render the malware "headless" and as such it is not *active*. [...] > Rootkits reside in the Root of things, thus the name 'Root' that > service as an protective container for the accompanying payload of > malware, or on the bright side, the accompanying payload of Software > Code with productive, safe intentions, together they are a > 'KIT'.....thus the name 'ROOTKIT'.....and Rootkits are not a joke. Rootkit's used to be a collection of programs that an attacker could use to replace tools with trojanized versions - once having obtained root privileges. Now they are mostly just filter drivers to filter out information that is being made available to such tools. > Once the Computer is compromised by an Rootkit with its accompanying > payload of malware, all files in the System can not be trusted and are > likely infected..... Why infect programs when you can install malware in a stealthed (filtered) condition? When you have the system as host, there is little reason to also use a program to host code. [...] > Rootkits can also hide in the Firmware of Hardware Components, in the > BIOS, Motherboard, Video-card EEPROM or Alternate Data Streams..... There is room for "bad code" in those places. There may even be enough room for enough code to actually function as a starting point for the implementation of a rootkit (or other malicious functions). Having *only* a starting point is not enough to qualify it as a rootkit. > Rootkits hide their processes, files, and folders by using > sophisticated hooking and filtering techniques. As a result, > traditional methods of viewing the system state typically return no > indication of foul play.....the Rootkit makes sure of that. A rootkit might also cease doing the cloaking if it detects that a rootkit detector is executing. [...] > ************* > > I'd be most interested to discuss these comments of drdos further - > you will note that the thread was closed by the moderator shortly > after we reached this stage! I'll just accept that as a fact, no need to go there. > In particular, do you agree that "Rootkits can also hide in the > Firmware of Hardware Components, in the BIOS, Motherboard, Video-card > EEPROM or Alternate Data Streams....." ? I'll agree that subversive code could hide in there, but that's a long way from saying a rootkit or virus could launch from there. [...]
From: ~BD~ on 1 May 2010 07:19
Dustin Cook wrote: > > If the article claims an infection in the bios or eeprom vs corruption; > then the article is indeed, wrong. BD. Thank you, Dustin. >> Take a step outside the box, David. > > Google bios and eeproms David. You might find it somewhat enlightening. I've done much research! >> How could anyone simply 'visiting' these groups have any notion of who >> is actually telling the truth? > > By doing their own research into the matter? On Usenet there is absolutely no way of telling who is telling the truth AFAICT. I know much about you and, in spite of what you may think I thought (!) I'm quite sure that you a real young man with a mom and a family. I know absolutely *nothing* about David H. Lipman, save for the fact that he thinks he is God's gift to Usenet and is a contributor at Malwarebytes forums. His English is poor and he has little understanding of human nature. >> I am /inclined/ to believe what *you* say - but there is no supporting >> evidence to that effect - is there? > > See above. Google really is your friend. I find nothing about the personal/professional life of Mr Lipman. Quote: 1. The "False Authority Syndrome" Don't believe everything. Some people talk or write about viruses as if they were an authority in this field, but in fact they are often not. Ref: http://www.claymania.com/info-fas.html >> Is it reasonable for readers to accept that, as you have made no >> disparaging comment to the contrary, that "Most wiping, erasing, >> formatting, and partitioning tools will not overwrite logical bad >> sectors on the Disk, leaving the Rootkits and their accompanying >> payload of malware behind and still active."? > > behind, possibly; active.. no. OK - possible to be reactivated once back on-line? >> If so, what action would one recommend one takes before reinstalling >> an operating system on a previously used disk - Darik's Boot and Nuke? >> http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094 >> _4-10151762.html > > If it does sector overwrites (and I believe it can be configured to do > so) yes. That was my understanding. Thanks. >> Or, maybe FDISK will do? http://support.microsoft.com/kb/255867 > > FDISK is a partitioning tool. it doesn't address sectors marked as bad. At that link it says - quote:- "When you run the fdisk command to create, delete, or change a partition, all of the data on that partition is permanently deleted". I've always understood that to mean that any malware would be destroyed too! >> Or does one simply assume that one's disk is Rootkit free and simply >> use a Windows set-up disk and the in-built formatting facility? > > If the system disc is clean How can one be sure that it *is* clean?!!! > and initializes the bootsector with clean > code, bye bye rootkit. Assuming it was an MBR based one. That is my understanding too. My niggling concern has always been that malware (call it what you will) might remain 'somewhere' within a box ready to continue with it's malicious activity even though it's been flattened and windows reinstalled (or even if a *new* hard disk has been installed!). I suspect such thoughts came about from my contact and discussion with our then High Tech Crime Unit - who recommended that I *destroy/trash* the machine involved in my identity theft encounter. The implication was that there is much more going on 'behind the scenes'- things that the authorities do not want the public to know about! As I'm sure you have gathered, I prefer honesty and openness! :) -- Dave |