If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#76
|
|||
|
|||
Malwarebytes warning
"Mayayana"
Wed, 25 Nov 2015 14:26:00 GMT in alt.windows7.general, wrote: | Avira tagged my own EXE I wrote to them. I got | back a robo-email telling me to upload the problem | EXE. But it wasn't a problem EXE. Avira was tagging | 6 of my EXEs. And if they issued a fix for those I'd | be back in the same boat next time I compiled a | new version. | | Something was either off in the way you were designing the exes, | or protecting them after post compile. As they are most likely | HLL written, I don't know what "HLL" stands for. Should I? There was nothing "off in the design" of the EXEs that I know of. The compiler has never asked for my design ideas. It's actually a common problem, and an example of the outdated approach of AV software. There are millions of "virus signatures", which are simply byte strings considered unique. Avira found something in my EXE that apparently looked similar. (It clearly wasn't a match. In that case Avira would have said it was xyz virus and not assigned it the meaningless name of "TR/Dropper.Gen", which they use as a catchall diagnosis.) I suppose it doesn't matter in your case knowing what HLL is. You are doing HLL, but, if you're okay with not realizing it, it's really not my place to try and explain and wind up derailing this thread in the process. It's not a common problem per say... It's entirely possible avira didn't hit on an actual byte style signature but either during emulation or routine analysis, thought something might be amiss; to the point of closely resembling a trojan.dropper. If you aren't protecting your executable after post compile, this problem can be mitigated in one of two ways. Send avira a sample of your executable thats being wrongly said to contain malware, OR, change the physical location of some of your subroutines in the source file and compile it- you might be very surprised by the results of doing that simple task. So it's fixable, yes. But it's a hassle. It's not realistic to install all the popular AV programs and run them all with each compile. And it's not something I'm willing to do with freeware. I hate to tell you this, but a responsible author of freeware/shareware/commercial software SHOULD be checking it against the popular AV\AM packages to ensure (a) the package isn't going to scare clients and give you unnecessary support calls/emails. and (b) to ensure your software can install properly AND function with this AV program also present on the same machine. And there's a bigger problem with this: People using my software are getting warnings. In the case I'm talking about I was fortunate that someone wrote to me and told me about it. It's possible that my software is setting off alarms in other AV products now and I won't know because no one has told me. To imply that that is somehow my fault simply doesn't make sense. It's a little worse than that, actually. Some people are wrongly going to assume that you're writing malicious software and never take the time to check into the issue and learn otherwise. They'll tell others to avoid your programs for the very same reason. Their own ignorance will be your loss (as others won't even download your program, let alone try to use it; there friend said it was bad, the AV said so) and harm to your credibility. No. It's just a plain EXE, VB6 code compiled with Visual Studio 6. No "design". No aspack, UPX, or other compressors. It's free software, so there are no protection tricks. Again, your reasoning that a false positive must be the fault of the software author is backward. It's not backward if you understood what was actually going on here as well as whats involved in the development of AV/AM software and associated signatures. As I was saying above, the whole concept of AV virus definitions/signatures is long outdated. It was outdated when it began. Luckily, other technologies have been developed since then that not only increase reliability of the scanner, but, also work diligently to reduce false positives. | Your own apparent inability to effectively troubleshoot isn't the | fault of MBAM. Your lack of knowledge of the software isn't the | fault of MBAM either. MBAM has a quarantine system. If it makes | changes that you aren't okay with, you can restore them from | quarantine. You're reacting defensively, making excuses for MB. I've said repeatedly that I can and do research these things, and that my post was meant only to warn people who might be too trusting. I'm not reacting at all, and I assure you, I'm the last person you'll see making excuses for MBAM or otherwise defending them. -- Error: Creative signature file missing |
Ads |
#77
|
|||
|
|||
Malwarebytes warning
Charlie+
Sun, 29 Nov 2015 16:13:05 GMT in alt.windows7.general, wrote: On Sun, 29 Nov 2015 07:39:31 +0000, Charlie+ wrote as underneath : On Tue, 24 Nov 2015 21:47:51 -0500, "Mayayana" wrote as underneath : I would look into the details of any such reports, anyway. My concern was for others who might have limited experience combined with undue confidence in malware hunters. I use (freeVer.) MBAM v 1.75.nnn a much older version which has a much better (proper menu) interface and more exact control than the modern versions which I havnt updated for many of the reasons OP has found. BUT with caveat I havnt tried installing it on W8.1 or W10. - the old versions still use the modern definitions files etc. I tried the modern MBAM 2015 version on a W7 laptop and immediately concluded that the interface had been dumbed down to idiot level, horrible! C+ I saw a question upthread: search source: https://malwaretips.com/threads/malw...ware-old-versi on-1-75-download-solved.35074/ Near the bottom of that page there is even a picture of the interface! Of course you have to set it not to update to a later version automaticly! Dont activate the paid version (unless you want that) - Standard stuff... As I indicated it updates the definition files as a current Ver. does C+ Normally, I'd let this go. but, for security reasons, it must be stated. Although the older versions of MBAM can still download and use the definitions file, they aren't able to take full advantage of the new commands/structure within that file. Their engine ignores the new commands because it does NOT recognize them. They didn't exist when v1.x series was being developed. Newer editions of MBAM have a newer engine under the hood which does know the new commands and can take advantage of them. Running the older version with the newest definitions is not ensuring your as protected as you could be. It's not like AV software that can also do an engine update with the definitions while keeping the older interface your more familiar with and prefer. IE: the nav2003 trick doesn't apply with MBAM. You're actually running with reduced functionality and less protection as a result. While the definition file does have more data and can handle newer malware varients as a result, it's only able to do this with an engine that fully supports it. The v2.x series only. -- Error: Creative signature file missing |
#78
|
|||
|
|||
Malwarebytes warning
"Mayayana" wrote in message ... | I don't see anything about supercookies on mine | I got that from their website. They seem to have a big focus on total cleaning of browser tracks. Supercookies are a fairly new kind of data storage that can be used by webpages to store relatively large amounts of data client-side. They're probably no worse than a simple web bug or normal cookie, since those can be used to track you online. But I don't see any use for them so I set the cache to 0 in Firefox. On the other hand, VanguardLH was pointing out one day that he likes a game website that uses supercookies for its functionality. So maybe some high-interaction sites have justification for using them. Ok, thanks. -- http://www.helpforheroes.org.uk/shop/ |
#79
|
|||
|
|||
Malwarebytes warning
"Paul" wrote in message ... Ophelia wrote: I don't see anything about supercookies on mine To evaluate whether your browser remembers things it shouldn't, you can check here. http://samy.pl/evercookie/ There are buttons there for inserting a persistent cookie into your browser, by using storage not intended to store identifying materials. You can then quit the browser, attempt to clean the browser as best you can, then go back to the web site, and have it evaluate whether the cookie is still present or extractable. On a real web site, if only one portion of the distributed cookie could still be located, the site would refresh the cookie into all of its original locations. Some of those techniques involve beating on one of the browser databases, multiple times in a burst pattern, in an effort to store "fake URLs" which encode the desired identifying content. And apparently, you cannot necessarily hear or see this as a physically detectable symptom. I would think a CPU core would get pinned for a second doing stuff like that. So if there is ever an abnormal freezing of the browser, the web page content could be trying something like that using Javascript. Web site developers have more techniques at their disposal, than the test implementation of the idea on that site. So no attempt is made on that site, to keep the implementation up to date with the latest tricks. It's good enough to know some of the tricks, so you have some idea how they're doing it. Thanks. I'll have a look at that. -- http://www.helpforheroes.org.uk/shop/ |
#80
|
|||
|
|||
Malwarebytes warning
"Diesel" wrote in message ... "Ophelia" Thu, 26 Nov 2015 12:43:42 GMT in alt.windows7.general, wrote: "Mayayana" wrote in message ... | There have been many suggestions over the years NOT to touch | the Registry repair in MBAM (or anywhere else). I don't have | the OP's post, but I believe he complained about registry | damage. Best to avoid letting MBAM touch it. | | | MBAM doesn't perform 'registry repair' It can remove | bad/unwanted keys and reset others to MS defaults. You don't call that Registry repair? If not then we're just quibbling over terminolgy. The MB I ran listed mostly Registry "threats". It even made up official sounding names for them. The tweak to stop IE from blocking downloads gets the name "PUM.LowRiskFileTypes". Sounds like a virus. Turns out "PUM" stands for "potentially unwanted modification". Would you expect the average person to understand all that? Many people might apply the IE nag-stop without understanding the details. Those same people might very well run MB, see scary threats with names like "PUM.LowRiskFileTypes", and let MB fix them. Whether you call that repair or not is splitting hairs. Would you not set PUP and PUM to to be 'fixed' automatically? Even if I saw the thing it was warning against I still wouldn't have a clue. This is a very interesting thread and it has thrown things up that concern me. Users like me just trust the stuff to work! In the past I had dreadful problems with Norton and would never touch it again. Are you saying I ought to be wary of this?. I would appreciate any advice on how to set these things. I wouldn't. You might actually want the bittorrent client Malwarebytes detected. You might NOT want the default keys set back. It may have been you who changed them for some reason. -- Error: Creative signature file missing Oh my. I have so much to learn! Thank you. -- http://www.helpforheroes.org.uk/shop/ |
#81
|
|||
|
|||
Malwarebytes warning
| To evaluate whether your browser remembers things
| it shouldn't, you can check here. | | http://samy.pl/evercookie/ | Worth noting the first part of that page: "a javascript API available that produces extremely persistent cookies in a browser" Yet another example of how difficult it is to hope for any real security or privacy with script enabled. Though for most people, if a site really wants to track, IP address is probably the easiest method, except that it requires server-side data storage. There was an interesting interview with Edward Snowden recently: https://theintercept.com/2015/11/12/...-your-privacy/ He recommends the Tor browser and an ad blocker as basics for achieving reasonable privacy online. (The main point of the ad blocker being to block tracking -- a function that gets ignored in the discussions about whether people have a duty to view ads.) |
#82
|
|||
|
|||
Malwarebytes warning
"Mayayana" wrote in message ...
| So because MBAM does not react in wording YOU want, you start warning | that people should not trust MBAM. | Yes, indeed, Fred. I want to warn people to do exactly what you advised me: "If you can't handle false positives, don't TRY security software you don't understand." Your wisdom was exceeded only by your succinctness. Your arrogance and stubbornness and narrow-mindedness is very apparent in this discussion. -- Buffalo |
#83
|
|||
|
|||
Malwarebytes warning
Mayayana wrote on 11/28/2015 10:06 PM:
| If I were going to use them myself I'd drastically | reduce their functionality. Defaults that scan | everything at boot and scan every process seem | wasteful to me. I don't see any reason to scan | other than new files or unrecognized processes. | | Are you talking about real-time or a scheduled scan? I meant real time. When I've looked at AV settings the defaults usually seem to be set up to scan almost constantly. A lot of that seems unnecessary. And scheduled scans would also be unnecessary if there are real time scans. Can't you envision a virus getting past the A-V on day zero, and then being caught N days later after the A-V signatures have been updated? |
#84
|
|||
|
|||
Malwarebytes warning - now CCleaner
Ophelia wrote on 11/29/2015 8:57 AM:
"J. P. Gilliver (John)" wrote in message ... In message , Ophelia writes: [] May I tag on here to ask your opinion on CCleaner? Hello again (-:! In general, and particularly on this 'group, it's unwise to tag on with that sort of change, since (in this case) those who have views on CCleaner may have dropped out of what seems to be a pro/anti Malwarebytes thread. But anyway: the general consensus here seems to be that CC is in general a Good Thing, as long as you don't use its registry cleaning facility. Ahh! I run both each day before I close down!! Do you use the CC registry cleaner? If so, don't and you will have nothing to fear from CC. |
#85
|
|||
|
|||
Malwarebytes warning - now CCleaner
"Cy Burnot" wrote in message ... Ophelia wrote on 11/29/2015 8:57 AM: "J. P. Gilliver (John)" wrote in message ... In message , Ophelia writes: [] May I tag on here to ask your opinion on CCleaner? Hello again (-:! In general, and particularly on this 'group, it's unwise to tag on with that sort of change, since (in this case) those who have views on CCleaner may have dropped out of what seems to be a pro/anti Malwarebytes thread. But anyway: the general consensus here seems to be that CC is in general a Good Thing, as long as you don't use its registry cleaning facility. Ahh! I run both each day before I close down!! Do you use the CC registry cleaner? If so, don't and you will have nothing to fear from CC. Not any more Thanks -- http://www.helpforheroes.org.uk/shop/ |
#86
|
|||
|
|||
Malwarebytes warning
| I meant real time. When I've looked at AV settings
| the defaults usually seem to be set up to scan almost | constantly. A lot of that seems unnecessary. And | scheduled scans would also be unnecessary if there | are real time scans. | | Can't you envision a virus getting past the A-V on day zero, and then | being caught N days later after the A-V signatures have been updated? I guess that's a good point, but a very long shot. Even then, why does one need a startup scan if it was scanning at shutdown? Why does one need to scan MS Word and the doc it opens if those were just scanned a few minutes ago and nothing has changed? I just think the typical default settings are excessive resource hogs. |
#87
|
|||
|
|||
Malwarebytes warning
| Your arrogance and stubbornness and narrow-mindedness is very apparent in
| this discussion. | Which is to say what... that you disagree with my views? Do you have a point? I'm happy to discuss with anyone who makes a valid point, even if they're disrespectful, as you and FredW are being. I'm not without faults and maybe there's something to be learned, so I don't want to reject people merely on manners. But insults and name calling are neither points nor manners. |
#88
|
|||
|
|||
Malwarebytes warning
"Ophelia"
Sun, 29 Nov 2015 17:59:34 GMT in alt.windows7.general, wrote: "Diesel" wrote in message ... "Ophelia" Thu, 26 Nov 2015 12:43:42 GMT in alt.windows7.general, wrote: "Mayayana" wrote in message ... | There have been many suggestions over the years NOT to | touch the Registry repair in MBAM (or anywhere else). I | don't have the OP's post, but I believe he complained about | registry damage. Best to avoid letting MBAM touch it. | | | MBAM doesn't perform 'registry repair' It can remove | bad/unwanted keys and reset others to MS defaults. You don't call that Registry repair? If not then we're just quibbling over terminolgy. The MB I ran listed mostly Registry "threats". It even made up official sounding names for them. The tweak to stop IE from blocking downloads gets the name "PUM.LowRiskFileTypes". Sounds like a virus. Turns out "PUM" stands for "potentially unwanted modification". Would you expect the average person to understand all that? Many people might apply the IE nag-stop without understanding the details. Those same people might very well run MB, see scary threats with names like "PUM.LowRiskFileTypes", and let MB fix them. Whether you call that repair or not is splitting hairs. Would you not set PUP and PUM to to be 'fixed' automatically? Even if I saw the thing it was warning against I still wouldn't have a clue. This is a very interesting thread and it has thrown things up that concern me. Users like me just trust the stuff to work! In the past I had dreadful problems with Norton and would never touch it again. Are you saying I ought to be wary of this?. I would appreciate any advice on how to set these things. I wouldn't. You might actually want the bittorrent client Malwarebytes detected. You might NOT want the default keys set back. It may have been you who changed them for some reason. -- Error: Creative signature file missing Oh my. I have so much to learn! Thank you. I have a bittorrent client which is fine, but due to it's nature, MBAM would detect it and if I gave it permission to auto remove PUPs (potentially unwanted programs) it would remove that program too. The program is fine, although it does have potential for abuse and legal issues for the system owner if it's used in a way contrary to law. If you don't know it's present, you might want to. Someone could be using it to download copyrighted music, movies, video games, etc without your knowledge or permission. When caught, as you're the account holder, it'll be your arse in the fire, not them. So, you might like to know if your computer has software like that present; in the event you didn't install it. A friend or family member may have. They probably don't realize that using it to download tv shows, movies, and, free music is most likely going to be illegal in the form of copyright infringement. Which is why MBAM detects it and those similar in nature to it. it doesn't detect every single one, afaik, but, it tries to detect the popular/well known ones. I have this machine set to disable auto updates of any kind from MS. I've also elected to turn the notification off concerning this. As a result, MBAM would notice these registry key values are not defaults and report (complain, rofl, imho) about it. As I already know I made these decisions and fully understand the risks associated, I can tell MBAM to ignore what it found and it won't bother me about this again. MBAM tries to guess what the majority of people might want it to do as a default, not what someone like myself would prefer it did. Which is why you can turn some those scan options off and you can always tell mbam to ignore something it thinks it found that might be harmful, but, that you know isn't. And of course, you're always encouraged to send suspect samples and files you know are clean but MBAM false hit on, so that it can be corrected with a definitions update. False positives are going to happen. Nobody has a magic bullet or perfect solution to prevent it all of the time. I don't even think it's a mathematically sound possibility at this time. -- Error: Creative signature file missing |
#89
|
|||
|
|||
Malwarebytes warning
Charlie+
Sun, 29 Nov 2015 19:06:24 GMT in alt.windows7.general, wrote: On Sun, 29 Nov 2015 17:38:31 -0000 (UTC), Diesel wrote as underneath : Charlie+ m Sun, 29 Nov 2015 16:13:05 GMT in alt.windows7.general, wrote: On Sun, 29 Nov 2015 07:39:31 +0000, Charlie+ wrote as underneath : On Tue, 24 Nov 2015 21:47:51 -0500, "Mayayana" wrote as underneath : I would look into the details of any such reports, anyway. My concern was for others who might have limited experience combined with undue confidence in malware hunters. I use (freeVer.) MBAM v 1.75.nnn a much older version which has a much better (proper menu) interface and more exact control than the modern versions which I havnt updated for many of the reasons OP has found. BUT with caveat I havnt tried installing it on W8.1 or W10. - the old versions still use the modern definitions files etc. I tried the modern MBAM 2015 version on a W7 laptop and immediately concluded that the interface had been dumbed down to idiot level, horrible! C+ I saw a question upthread: search source: https://malwaretips.com/threads/malw...alware-old-ver si on-1-75-download-solved.35074/ Near the bottom of that page there is even a picture of the interface! Of course you have to set it not to update to a later version automaticly! Dont activate the paid version (unless you want that) - Standard stuff... As I indicated it updates the definition files as a current Ver. does C+ Normally, I'd let this go. but, for security reasons, it must be stated. Although the older versions of MBAM can still download and use the definitions file, they aren't able to take full advantage of the new commands/structure within that file. Their engine ignores the new commands because it does NOT recognize them. They didn't exist when v1.x series was being developed. Newer editions of MBAM have a newer engine under the hood which does know the new commands and can take advantage of them. Running the older version with the newest definitions is not ensuring your as protected as you could be. It's not like AV software that can also do an engine update with the definitions while keeping the older interface your more familiar with and prefer. IE: the nav2003 trick doesn't apply with MBAM. You're actually running with reduced functionality and less protection as a result. While the definition file does have more data and can handle newer malware varients as a result, it's only able to do this with an engine that fully supports it. The v2.x series only. Yup! Sure you'r possibly right.. I would expect they would try to improve their product over time, pity they couldnt leave the useable interface alone! I would rather slightly less (safety?) (false positives?) and keep the controls!! Everyone to their own poison! C+ I'm one who preferred the older GUI over this new one as well. It's a bit more than slightly less most likely as some definition commands are outright being ignored in the older version. Due to some changes in the way in which malware works and takes efforts to hide, this does present a greater risk of those types of malware evading the older engine's ability to detect and/or remove it. As much as I hate the newer interface, the engine under it's hood IS more advanced and you are currently doing yourself a disservice by relying on the older engine to protect you from the malware you're likely to run into these days. The older engine is continuing to lose ground here. It doesn't do you any good to have the latest definitions which can detect the malware, if the engine processing those definitions cannot make complete use of them. If anything, it's giving you a very real false sense of security. I say this because you're giving up the (imo) ugly gui in exchange for the one your comfortable with; as a result, You're also using the older engine which cannot protect you from all of the signatures that it tells you are present in the definitions/database update. It's unable to read a large (and growing) majority of them. -- Error: Creative signature file missing |
#90
|
|||
|
|||
Malwarebytes warning
In message , FredW
writes: [] Your opinion that there would be useful information revealed here, is just pampering and makes me wonder what you really did understand of this discussion. Maybe you can stop preaching about emotive words (whatever that may be) and start talking? [] plonk -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Although I may disagree with what you say, I will defend to the death your right to hear me tell you how wrong you are. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|