From: Twayne on
In news:4B820831.8DC31B3F(a)Guy.com,
Virus Guy <Virus(a)Guy.com> typed:
> Full-Quoter Twayne wrote:
>
>>> Is MBAM a virus scanner as well as a spyware scanner?
>>>
>>> The answer is absolutely yes, but I don't really know how
>>> large it's viral/trojan definition database is.
>>>
>>> Dave can answer that - I don't know why he's being evasive
>>> about it.
>>
>> Wow; Dave was a lot more correct than you are on this one.
>

drivel removed

The question was posed as:
>>> Is MBAM a virus scanner as well as a spyware scanner?
>>>
And self-answered as:
>>> The answer is absolutely yes, but I don't really know how
>>> large it's viral/trojan definition database is.
Which is an immediate contradiction: It is, but it might not be very good at
it. It isn't and doesn't claim to be usable for AV protection. A legitimate
AV program is required for that.

And regardless of your take on definitions, semantics and syntax, and any
way you wish to spin them, MBAM is not a virus scanner as well as a spyware
scanner in the context of the question that was posed. The fact that there
may be overlaps as there often is with any malware detector, is irrelevant
and a bonus to the product, but not anything to depend on. The fact that it
might detect a hundred viruses is a moot point when it has to recognize and
reach to hundreds of thousands of them.
The fact that a virus may have portions of code that could be found while
looking for spyware is a by-product, not a statement of any kind that the
product protects against viruses.
If your intent is to support AMB then it's failed because all you've
accomplished is creating a thread that talks about what it CAN NOT do (be
used for AV) as opposed to properly defining what it CAN do (catch malware).

HTH,

Twayne





From: Virus Guy on
Why are you not able to format your replies correctly?

Twayne wrote:

> The question was posed as:

> >>> Is MBAM a virus scanner as well as a spyware scanner?

> And self-answered as:

> >>> The answer is absolutely yes, but I don't really know how
> >>> large it's viral/trojan definition database is.

> Which is an immediate contradiction: It is, but it might not
> be very good at it.

If you've ever submitted a few (or a few dozen, or a few hundred)
suspect files to Virus Total, you'd see that these so-called
"Anti-Virus" programs have a highly variable rate of successful
detection.

So you latching on to my admission that "I don't know how large MBAM's
virus definition list is" hardly constitutes any form of proof that MBAM
is not as compentent as anything that happens to call itself an AV
program.

> It isn't and doesn't claim to be usable for AV protection.

All I've stated here is that I have personally seen MBAM detect zbot
files. I would not call zbot as being in the adware class of malware.
I'm not an MBAM defender or fan (it doesn't run on win-98 so I have very
little experience with it).

> A legitimate AV program is required for that.

Like I just said, I've seen first-hand how many so-called AV programs
actually do a poor job of detecting threats.

> MBAM is not a virus scanner as well as a spyware scanner in
> the context of the question that was posed.

What context?

It was asked in a straight-forward way: Is MBAM a form of AV software?

I said yes, because I've seen it detect viral or trojan malware
(depending on how you define zbot).

> The fact that it might detect a hundred viruses is a moot point
> when it has to recognize and reach to hundreds of thousands of
> them.

Neither you nor I know how many viruses it can detect, and it's a fools
game to speculate just what that number has to be to be considered an AV
product.

> If your intent is to support MBAM then it's failed

I have no interest in supporting MBAM, especially since it doesn't run
on win-98

> because all you've accomplished is creating a thread that
> talks about what it CAN NOT do (be used for AV)

What kind of fool are you?

I've observed MBAM detecting viral files as part of it's functionality.

How can that possibly constitute some form of negative proof of AV
functionality?
From: Twayne on
In news:4B86FE25.E9984F88(a)Guy.com,
Virus Guy <Virus(a)Guy.com> typed:
> Why are you not able to format your replies correctly?

You mean: Why don't I format them as you think they should be formatted?
Well, mostly because I can and my method is known as in-line posting. Sorry
if that's too complicated for you. Perhaps it's the tool you've using for a
news client?

Anyway, it looks like I've stepped on your toes by daring to discuss cons of
the program and you take great umbrage to that. Sorry about that, but the
simple fact is, it is not capable of being the only malware protection one
needs. Maybe it will be someday, but it's not there yet.
There is good reason why no single entity can yet claim to discover every
spyware in existance or that will exist. Each have their own strengths and
weaknesses and it's no secret that it's still a great idea to have at least
three such programs available plus a reliable AV program.
The product claims it can run in concert with other malware detectors.
Taken lterally, that's true. Taken to include AV, it's not true. Their own
documentation includes comments about it not being compatible with some
other AV programs and recommend turning the AV off, which to my mind is a
dis-service to its users since it's not true.
It sounds like it might surprise you to find that I use this program on
my own machine. I paid for the first version since it's a reasonable price,
but got my money back when I discovered it couldn't co-exist with my
real-time AV program. As a result, I do consider it good enough to use their
freebie version however, on all four machines in this room. I will not
depend on a product that isn't an AV product to protect me in real time
against viruses, no matter how good it may be in other areas.
Right now, in my environment, it's running a close second to Adaware's
latest version. Which, BTW, also has picked up a virus or two in the past.
One in particular it removed partially, and it took my AV program to get the
whole thing removed. I am purposely not naming my AV program so I can't be
accused of fronting for it. In a different environment it could well come
up with completely different results.
AntimalwareBytes is a good program; but it still has its shortcomings.
So on that note, I'll move to more inline commenting:

>
> Twayne wrote:
>
>> The question was posed as:
>
>>>>> Is MBAM a virus scanner as well as a spyware scanner?
>
>> And self-answered as:
>
>>>>> The answer is absolutely yes, but I don't really know how
>>>>> large it's viral/trojan definition database is.
>
>> Which is an immediate contradiction: It is, but it might not
>> be very good at it.
>
> If you've ever submitted a few (or a few dozen, or a few hundred)
> suspect files to Virus Total, you'd see that these so-called
> "Anti-Virus" programs have a highly variable rate of successful
> detection.

No, I haven't submitted a lot of mails to VirusTotal. In fact, I would
question the capabilities of any who submitted a post such as this one and
also tried to imply they have submitted "a few hundred" suspect files. It
would seem your ability to determine whether something is new or not might
be sub-standard. And if you're getting hundreds of them a day, well ... .
A good netizen will check before submitting something that's
"questionable", just so the other end doesn't have to waste time on it for
no good reason.

>
> So you latching on to my admission that "I don't know how large MBAM's
> virus definition list is" hardly constitutes any form of proof that
> MBAM is not as compentent as anything that happens to call itself an
> AV program.

The point is, it doesn't HAVE a virus definition database that I can locate.
Everything at their sites calls it a "malware" detector, and it has a
malware database, but not a viral database. Would you care to expand on
that and tell me where such is stored? I don't debate the fact that it
catches some viruses - just that it's not effective as a major dependency
for virus protection. It's not intended to catch all viruses and thus is not
called an AV program.
For any program that could honestly check each individual file on the
computer for viruses, trojans, worms and other malware 100% the program
would take hours to run. There are a couple that stop looking for certain
malware after it hasn't been seen for so many months, only to be surprised
to see it suddenly come back again and not be detected until they put it
back into their signature lists, etc..
>
>> It isn't and doesn't claim to be usable for AV protection.
>
> All I've stated here is that I have personally seen MBAM detect zbot
> files. I would not call zbot as being in the adware class of malware.
> I'm not an MBAM defender or fan (it doesn't run on win-98 so I have
> very little experience with it).

No, what you claimed, and apparently snipped, was that one could get rid of
the other AV ware they had and only use this one program you're so fond of.

>
>> A legitimate AV program is required for that.
>
> Like I just said, I've seen first-hand how many so-called AV programs
> actually do a poor job of detecting threats.

And the same goes for "malware" detectors which antimalwarebytes calls
itself. One has to know and research to be sure they're looking at
workable, reliable and functional ware that does what it says it does and
has a reputation to support it all.

>
>> MBAM is not a virus scanner as well as a spyware scanner in
>> the context of the question that was posed.
>
> What context?

Lol! Sorry, I don't teach English. The context of your post.

>
> It was asked in a straight-forward way: Is MBAM a form of AV
> software?
>
> I said yes, because I've seen it detect viral or trojan malware
> (depending on how you define zbot).
>
>> The fact that it might detect a hundred viruses is a moot point
>> when it has to recognize and reach to hundreds of thousands of
>> them.
>
> Neither you nor I know how many viruses it can detect, and it's a
> fools game to speculate just what that number has to be to be
> considered an AV product.

No, I'm afraid that's just plain not the case. I don't need to know "how
many" in any way except that the program's purpose and reputation states
that it catches nearly all the AV they can design for. AMB is simply a
lightweight in that area and makes no claims to be an AV replacement that
I've ever seen. You seem to be of the opinion that because a program can
catch a few viruses that it can catch them all, or at least equal and beat
an application whose major purpose in life is to catch the virus.
My AV and others also claim to find and delete "malware" too, but they
don't claim to be all that's needed to do so. It's like saying McAfee AV
doesn't have to be accompanied by other spyware detectors because it catches
spyware and I saw it do it a few times; it just makes no sense. And no, i
don't use McAfee.

>
>> If your intent is to support MBAM then it's failed
>
> I have no interest in supporting MBAM, especially since it doesn't run
> on win-98

M BAM is reported to be functional for:
Operating System: Win98, Win2k Pro, XP Pro, XP Home

>
>> because all you've accomplished is creating a thread that
>> talks about what it CAN NOT do (be used for AV)
>
> What kind of fool are you?
>
> I've observed MBAM detecting viral files as part of it's
> functionality.

No, you've "observed" it detecting parts of a virus that conform to malware.
It'll remove the parts that it's aware of, but possibly NOT the entire virus
payload; you cannot tell. The virus may well return eventually in a lot of
cases.
>
> How can that possibly constitute some form of negative proof of AV
> functionality?

I guess you need some assistance with reading comprehension: I never said
that; you did. I simply said that your comment about not needing anything
else was in error. If you can't remember, go back and look at the first
post I replied to.

In addition, your comments smell a bit trollish so I am unlkely to bother
reading anything else you have to say.

Twayne

From: glee on
"Twayne" <nobody(a)spamcop.net> wrote in message
news:OtA4rnntKHA.4568(a)TK2MSFTNGP05.phx.gbl...
> In news:4B86FE25.E9984F88(a)Guy.com,
> Virus Guy, also known as 98 Guy and numerous other aliases, typed a
> lot of word-playing rubbish
> snip
> In addition, your comments smell a bit trollish so I am unlkely to
> bother reading anything else you have to say.

Ahh, now you are catching on: namely, don't feed the trolls!

From: Virus Guy on
Twayne wrote:

> > Why are you not able to format your replies correctly?
>
> You mean: Why don't I format them as you think they should be
> formatted? Well, mostly because I can and my method is known
> as in-line posting. Sorry if that's too complicated for you.

I know that you use in-line posting (that is the correct way to post to
usenet, and you should have noticed that I do the same). The formatting
problem that I raised was that you don't leave a blank line between the
quoted part and the response part.

> Perhaps it's the tool you've using for a news client?

Again, I'm surprised that you are embarrasing yourself by not making the
simple observation that I also perform inline quoting and therefore must
know and understand the concept.

> Anyway, it looks like I've stepped on your toes by daring to
> discuss cons of the program and you take great umbrage to
> that.

No, you're not stepping on any toes. If you want to argue your pov,
then so will I. Is there anything wrong with that?

> Sorry about that, but the simple fact is, it is not capable of
> being the only malware protection one needs.

That wasn't what the OP asked.

It was asked if MBAM can or does perform as a virus scanner. I said it
does, and I also said I don't know how well it does it. People are
always asking (in the anti-malware newsgroups) how various AM
(anti-malware) products compare against each other. You seem to think
that as long as a piece of software claims itself to be "Anti-Virus"
that that's the end of the discussion - that all AV products are
comparable just because they call themselves AV.

> There is good reason why no single entity can yet claim to
> discover every spyware in existance or that will exist.

That's an irrelavent point. If, hypothetically, MBAM has a virus
detection rate that is *on-par* with the average detection rates (or
even the *worst* detection rates) of programs that actually call
themselves AV programs, then MBAM can be legitamately called an AV
product.

> The product claims it can run in concert with other malware
> detectors. Taken lterally, that's true. Taken to include AV,
> it's not true. Their own documentation includes comments about
> it not being compatible with some other AV programs and recommend
> turning the AV off, which to my mind is a dis-service to its users
> since it's not true.

What isin't true?

Are they saying to turn off other AV programs when you perform an MBAM
scan? Why is that a dis-service?

> It sounds like it might surprise you to find that I use this
> program on my own machine.

No, I wouldn't be surprised.

> I paid for the first version since it's a reasonable price,
> but got my money back when I discovered it couldn't co-exist
> with my real-time AV program. As a result, I do consider it
> good enough to use their freebie version however, on all four
> machines in this room. I will not depend on a product that
> isn't an AV product to protect me in real time against viruses,
> no matter how good it may be in other areas.

Perhaps MBAM has no actual real-time detection ability or mechanism.
That still doesn't mean that when run as an "on-demand" scanner, that it
doesn't have virus-detection capabilities in that mode of operation.

> > If you've ever submitted a few (or a few dozen, or a few hundred)
> > suspect files to Virus Total, you'd see that these so-called
> > "Anti-Virus" programs have a highly variable rate of successful
> > detection.
>
> No, I haven't submitted a lot of mails to VirusTotal. In fact,
> I would question the capabilities of any who submitted a post
> such as this one and also tried to imply they have submitted
> "a few hundred" suspect files.

Please explain. There are those of us who go out of our way to obtain
malware samples for our own investigation, and submitting them to VT as
part of that investigation. We form our own opinions as to which AV
programs appear to react the fastest to new malware by doing that.

> It would seem your ability to determine whether something is new or
> not might be sub-standard. And if you're getting hundreds of them
> a day, well ... .

Again, you seem to have formed some faulty impressions. I'm not sure
why or where you'd get the idea that my ability to determine the vintage
of any given piece of malware is "sub-standard" based on what I've said
up to this point.

And I never claimed the _rate_ at which I obtain malware samples or
submit them for testing.

> A good netizen will check before submitting something that's
> "questionable", just so the other end doesn't have to waste
> time on it for no good reason.

That comment would not stand up or be agreed with in the virus and
anti-virus newsgroups I participate in. The VT website is designed to
handle many submissions per day, and the idea that the operators of that
site are put to a disadvantage because of having to scan non-viral files
has never been raised before - and I'm sure would be laughed at and
ridiculed.

> > So you latching on to my admission that "I don't know how large
> > MBAM's virus definition list is" hardly constitutes any form
> > of proof that MBAM is not as compentent as anything that happens
> > to call itself an AV program.
>
> The point is, it doesn't HAVE a virus definition database that I
> can locate.

Like most anti-malware programs (and viruses are generally considered a
form of malware) MBAM does download program updates. I presume those
updates are infact the definition files that it uses when it performs
it's file and registry scanning.

> Everything at their sites calls it a "malware" detector, and it has
> a malware database, but not a viral database. Would you care to
> expand on that and tell me where such is stored?

You want me to tell you that perhaps what MBAM calls a "malware
definition file" might infact contain definitions for viruses and
trojans?

> I don't debate the fact that it catches some viruses - just
> that it's not effective as a major dependency for virus
> protection.

How exactly would you know that it's "not effective as a major
dependency for virus protection" ?

You seemed to claim earlier that it (or AdAware) detected some viral
files that your un-named AV program did not (or perhaps I didn't read
that correctly).

> It's not intended to catch all viruses and thus is not
> called an AV program.

You said earlier that no application can detect all malware (or words to
that effect).

You have also just made this statement:

"It's not intended to catch all viruses and thus is not called
an AV program."

That implies that if something calls itself an AV program, then by your
definition it *is* intended to catch ALL viruses, because anything that
does not catch all viruses can not be called an AV program.

I just want to clarify that point. You believe that something that does
not catch (detect) all viruses can not be called an AV progam - is that
right? And you also believe that no application can detect all
malware? I see a contradiction or a lack of coherency when those two
statements are combined.

> For any program that could honestly check each individual file
> on the computer for viruses, trojans, worms and other malware
> 100% the program would take hours to run.

Depending on how many files a system has, yes, I have performed scans on
my systems that take several hours to run. Is that a strange concept?

> > All I've stated here is that I have personally seen MBAM
> > detect zbot files. I would not call zbot as being in the
> > adware class of malware. I'm not an MBAM defender or fan
> > (it doesn't run on win-98 so I have very little experience
> > with it).
>
> No, what you claimed, and apparently snipped, was that one
> could get rid of the other AV ware they had and only use this
> one program you're so fond of.

I never said that MBAM could or should replace other pre-existing
anti-malware (anti-viral) software on a given system. I encourage you
to go back over my posted material and quote any such comment that you
think I made.

And I never said I had any particular fondness for MBAM. In fact, I
claimed to have only used it once, and I don't use it regularly because
it doesn't run under my main OS (windows 98). So how could I possibly
have a fondness for it?

> >> MBAM is not a virus scanner as well as a spyware scanner in
> >> the context of the question that was posed.
> >
> > What context?
>
> Lol! Sorry, I don't teach English. The context of your post.

The context of the question was not ambiguous, so no context-disclaimer
need be made.

> > Neither you nor I know how many viruses it can detect, and it's
> > a fools game to speculate just what that number has to be to be
> > considered an AV product.
>
> No, I'm afraid that's just plain not the case. I don't need to
> know "how many" in any way except that the program's purpose and
> reputation states that it catches nearly all the AV they can
> design for.

So you put more stock in the simple claim that a given piece of software
"catches nearly all the AV they can design for" versus the size or the
number of entries in their scanner's database files?

Don't you think that a quantitative metric in this case is more useful
vs a qualitative one?

> MBAM is simply a lightweight in that area and makes no claims
> to be an AV replacement that I've ever seen.

I never said MBAM claimed to be an AV program nor said it claimed to be
an AV replacement.

It was asked if MBAM is a virus/trojan detector. I said it was. I also
said I didn't know how it compared to other virus/trojan detection
programs.

There is a wide range of effectiveness and ability within the AM/AV
class of software, and I wouldn't be surprised if MBAM ranked as
eqivalent to some of them in terms of detection compentency.

> You seem to be of the opinion that because a program can
> catch a few viruses that it can catch them all,

That argument could be made equally if you or I was talking about any
so-called AV program. Which is why I would never make such an
argument. It's not true for what you consider a "real" AV program, and
it's not true for MBAM either.

> or at least equal and beat an application whose major purpose
> in life is to catch the virus.

You are speculating that MBAM's virus detection abilities ranks lower
than the worst commercial or share-ware package that labels itself as
being an anti-virus program.

Do you have anything other than a gut-feeling to support that claim?

> > I have no interest in supporting MBAM, especially since it
> > doesn't run on win-98
>
> M BAM is reported to be functional for:
> Operating System: Win98, Win2k Pro, XP Pro, XP Home

---------------------
http://www.malwarebytes.org/mbam.php

Key Features
* Support for Windows 2000, XP, Vista, and 7 (32-bit and 64-bit).

Download

* Version: 1.44
* File Size: 4.87 MB
* Operating Systems: Microsoft � Windows 2000, XP, Vista, 7.
--------------------

Where do you see compatibility with win-98?

> > I've observed MBAM detecting viral files as part of it's
> > functionality.
>
> No, you've "observed" it detecting parts of a virus that conform
> to malware.

Who says that viruses and trojans are not forms of malware?

> It'll remove the parts that it's aware of, but possibly NOT
> the entire virus payload; you cannot tell.

The same is true for many AV programs. They do a horrible job of
removing all remnants of viruses and trojans (files, registry entries,
etc).

> The virus may well return eventually in a lot of cases.

Many viruses and trojans actively interfere with proper AV operation.
The truth is that AV software does a pathetic job these days of
detecting new threats in real time.

> > How can that possibly constitute some form of negative proof
> > of AV functionality?
>
> I guess you need some assistance with reading comprehension:
> I never said that; you did.

This is what you said:

| because all you've accomplished is creating a thread that
| talks about what it CAN NOT do (be used for AV)

You said that my arguments supported the conclusion that MBAM CAN NOT be
used as an AV scanner. Which is the same as saying that what I said
about MBAM constitutes some form of negative proof of AV functionality.

> I simply said that your comment about not needing anything
> else was in error. If you can't remember, go back and look
> at the first post I replied to.

I suggest you go and look up what I said and quote it in your next
reply, just so we're both exactly sure of what you're referring to. I
continue to assert that I never said that MBAM was (or was not) suitable
as one's sole or only AM/AV software.

> In addition, your comments smell a bit trollish so I am
> unlkely to bother reading anything else you have to say.

That would be a mistake, as it would indicate that you would surrender
this conversation over to me.

It's a common tactic used by those that know they are arguing from a
weak position or POV.