Malwarebytes
in [Windows XP Basics]
|
Prev: Shell32.dll Ocupied by address range for system dll
Next: How to Show Folder Contents as "Tiles" in 4 Columns?
From: David H. Lipman on 21 Feb 2010 10:30 From: "David H. Lipman" <DLipman~nospam~@Verizon.Net> | That's not true either. | MBAM doesn't just target "spyware", a form of non-viral malware in the trojan class. | MBAM targets other forms of non-viral malware in the trojan class such as; adware, | BHOS, | Dialers, keyloggers, banker/bancos, various C2 bots, trojan rootkits, trojans agents, | etc. | But it doesn't target exploit codes. I should modify that as Keyloggers are a sub-class of spyware. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Virus Guy on 21 Feb 2010 10:37 "David H. Lipman" wrote: > | Is this a virus *and* spyware scanner, or just a spyware scanner? > MBAM is not an anti virus application and is geared towards non-viral > malware. It may block a virus but it will not remove a virus once > the files are infected. I don't know why Dave is being evasive about this. I've used MBAM exactly once so far, and that was on a drive where the user downloaded and ran one of those fake AV scanners because they panicked during a web-surfing session. I removed the infected hard drive and attached it as a slave to a good/trusted system and ran several AV scanners against the drive. MBAM did detect several files that were remnants of a zbot infection. So I'd have to say that MBAM does have *some* ability to ID files that are viral / trojan in nature. Will MBAM function as a resident application or service and perform real-time scanning of incoming files or data? I don't know. Probably not. Will MBAM remove viral files (both running in memory and on the file system) and undo all viral registry entries? I don't know. Probably some-what. Not many apps that actually call themselves "Anti-Virus" do a good job of that. Is MBAM a virus scanner as well as a spyware scanner? The answer is absolutely yes, but I don't really know how large it's viral/trojan definition database is. Dave can answer that - I don't know why he's being evasive about it.
From: David H. Lipman on 21 Feb 2010 11:46 From: "Virus Guy" <Virus(a)Guy.com> | "David H. Lipman" wrote: >> | Is this a virus *and* spyware scanner, or just a spyware scanner? >> MBAM is not an anti virus application and is geared towards non-viral >> malware. It may block a virus but it will not remove a virus once >> the files are infected. | I don't know why Dave is being evasive about this. | I've used MBAM exactly once so far, and that was on a drive where the | user downloaded and ran one of those fake AV scanners because they | panicked during a web-surfing session. | I removed the infected hard drive and attached it as a slave to a | good/trusted system and ran several AV scanners against the drive. | MBAM did detect several files that were remnants of a zbot infection. | So I'd have to say that MBAM does have *some* ability to ID files that | are viral / trojan in nature. | Will MBAM function as a resident application or service and perform | real-time scanning of incoming files or data? I don't know. Probably | not. | Will MBAM remove viral files (both running in memory and on the file | system) and undo all viral registry entries? I don't know. Probably | some-what. Not many apps that actually call themselves "Anti-Virus" do | a good job of that. | Is MBAM a virus scanner as well as a spyware scanner? | The answer is absolutely yes, but I don't really know how large it's | viral/trojan definition database is. | Dave can answer that - I don't know why he's being evasive about it. There is always some overlap between various anti malware applications. Anti virus with non-viral malware and non-viral trageting products getting viruses. However to be a "true" anti virus application the product must be able to deal with file infecting viruses. That is a virus that will append, prepend or insert code on a given executable. The anti virus application would then have remove the added code and make the executable to be back at its original condition. [NOTE: The condition may be restored but the binary may have a different MD5 checksum]. Likewise you would have to deal with boot sector infectors. MBAM does NOT perform these erradications and thus can not be called an anti virus application. I am one who will call worms a sub-class of virus and MBAM does target various worms such as AutoRun and some Internet. However the consequences of these kinds of malware is more trojan like in the effect that files being infected and thus code has to be removed from the binary. Trojans don't get cleaned, then get deleted. This is also the case of many worms. Another gray area is concerning trojanized files. In this case malware will infect a given binary and append, prepend or insert code. However that infected bianry can not, in turn, infect other bianries like a virus can. In the case of trojanized files you can simply delete the file like an ordinary trojan because the file is legitimate,m and needed for the OS, but the added code does the bidding of the malware author's intention. An anti virus application may be able to clean the file. MBAM does not. It has to REPLACE the file. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Ken Blake, MVP on 21 Feb 2010 13:47 On Sun, 21 Feb 2010 10:13:14 -0500, "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: > From: "Ken Blake, MVP" <kblake(a)this.is.an.invalid.domain> > > | On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown > | <the_stan_brown(a)fastmail.fm> wrote: > > >> I've checked on the Web page but can't find a clear answer: > > >> Is this a virus *and* spyware scanner, or just a spyware scanner? > >> They say "malware" over and over, and to em that implies both, but > >> they never actually said what they mean as far as i could see. > > >> I raise the point because a friend claims that Malwarebytes Anti- > >> malware does spyware scanning only, not virus scanning > > > | Your friend is essentially right. Good a product as it is, they use > | the word "malware" improperly, to mean just spyware, not all malware, > | including viruses. > > That's not true either. > > MBAM doesn't just target "spyware", a form of non-viral malware in the trojan class. OK, if you want to use the terms very precisely. I meant it more generally. All anti-virus programs target more than just viruses too. > MBAM targets other forms of non-viral malware in the trojan class such as; adware, BHOS, > Dialers, keyloggers, banker/bancos, various C2 bots, trojan rootkits, trojans agents, etc. > > But it doesn't target exploit codes. > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > -- Ken Blake, Microsoft MVP - Windows Desktop Experience Please Reply to the Newsgroup
From: Stan Brown on 21 Feb 2010 15:56
Sun, 21 Feb 2010 07:53:18 -0700 from Ken Blake, MVP <kblake(a)this.is.an.invalid.domain>: > > On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown > <the_stan_brown(a)fastmail.fm> wrote: > > > I've checked on the Web page but can't find a clear answer: > > > > Is this a virus *and* spyware scanner, or just a spyware scanner? > > They say "malware" over and over, and to em that implies both, but > > they never actually said what they mean as far as i could see. > > > > I raise the point because a friend claims that Malwarebytes Anti- > > malware does spyware scanning only, not virus scanning > > > Your friend is essentially right. Good a product as it is, they use > the word "malware" improperly, to mean just spyware, not all malware, > including viruses. Thank you -- that's very clear. It doesn't exactly build confidence that they misuse such a crucial word in the description of their product! -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://OakRoadSystems.com Shikata ga nai... |