A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Malwarebytes warning



 
 
Thread Tools Rate Thread Display Modes
  #76  
Old November 29th 15, 06:38 PM posted to alt.windows7.general
Diesel
external usenet poster
 
Posts: 937
Default Malwarebytes warning

"Mayayana"
Wed, 25 Nov 2015 14:26:00 GMT in alt.windows7.general, wrote:

| Avira tagged my own EXE I wrote to them. I got
| back a robo-email telling me to upload the problem
| EXE. But it wasn't a problem EXE. Avira was tagging
| 6 of my EXEs. And if they issued a fix for those I'd
| be back in the same boat next time I compiled a
| new version.
|
| Something was either off in the way you were designing the exes,
| or protecting them after post compile. As they are most likely
| HLL written,

I don't know what "HLL" stands for. Should I?
There was nothing "off in the design" of the EXEs
that I know of. The compiler has never asked for
my design ideas. It's actually a common problem,
and an example of the outdated approach of AV
software. There are millions of "virus signatures",
which are simply byte strings considered unique.
Avira found something in my EXE that apparently
looked similar. (It clearly wasn't a match. In that
case Avira would have said it was xyz virus and not
assigned it the meaningless name of "TR/Dropper.Gen",
which they use as a catchall diagnosis.)


I suppose it doesn't matter in your case knowing what HLL is. You are
doing HLL, but, if you're okay with not realizing it, it's really not
my place to try and explain and wind up derailing this thread in the
process.

It's not a common problem per say... It's entirely possible avira
didn't hit on an actual byte style signature but either during
emulation or routine analysis, thought something might be amiss; to
the point of closely resembling a trojan.dropper. If you aren't
protecting your executable after post compile, this problem can be
mitigated in one of two ways. Send avira a sample of your executable
thats being wrongly said to contain malware, OR, change the physical
location of some of your subroutines in the source file and compile
it- you might be very surprised by the results of doing that simple
task.

So it's fixable, yes. But it's a hassle. It's not
realistic to install all the popular AV programs and run
them all with each compile. And it's not something I'm
willing to do with freeware.


I hate to tell you this, but a responsible author of
freeware/shareware/commercial software SHOULD be checking it against
the popular AV\AM packages to ensure (a) the package isn't going to
scare clients and give you unnecessary support calls/emails. and (b)
to ensure your software can install properly AND function with this
AV program also present on the same machine.

And there's a bigger problem with this: People using
my software are getting warnings. In the case I'm talking
about I was fortunate that someone wrote to me and
told me about it. It's possible that my software is setting
off alarms in other AV products now and I won't know
because no one has told me. To imply that that is somehow
my fault simply doesn't make sense.


It's a little worse than that, actually. Some people are wrongly
going to assume that you're writing malicious software and never take
the time to check into the issue and learn otherwise. They'll tell
others to avoid your programs for the very same reason. Their own
ignorance will be your loss (as others won't even download your
program, let alone try to use it; there friend said it was bad, the
AV said so) and harm to your credibility.

No. It's just a plain EXE, VB6 code compiled with Visual
Studio 6. No "design". No aspack, UPX, or other compressors.
It's free software, so there are no protection tricks. Again,
your reasoning that a false positive must be the fault of
the software author is backward.


It's not backward if you understood what was actually going on here
as well as whats involved in the development of AV/AM software and
associated signatures.

As I was saying above, the whole concept of AV
virus definitions/signatures is long outdated.


It was outdated when it began. Luckily, other technologies have been
developed since then that not only increase reliability of the
scanner, but, also work diligently to reduce false positives.


| Your own apparent inability to effectively troubleshoot isn't the
| fault of MBAM. Your lack of knowledge of the software isn't the
| fault of MBAM either. MBAM has a quarantine system. If it makes
| changes that you aren't okay with, you can restore them from
| quarantine.
You're reacting defensively, making excuses for
MB. I've said repeatedly that I can and do research
these things, and that my post was meant only
to warn people who might be too trusting.


I'm not reacting at all, and I assure you, I'm the last person you'll
see making excuses for MBAM or otherwise defending them.



--
Error: Creative signature file missing
Ads
  #77  
Old November 29th 15, 06:38 PM posted to alt.windows7.general
Diesel
external usenet poster
 
Posts: 937
Default Malwarebytes warning

Charlie+
Sun, 29 Nov 2015
16:13:05 GMT in alt.windows7.general, wrote:

On Sun, 29 Nov 2015 07:39:31 +0000, Charlie+
wrote as underneath :

On Tue, 24 Nov 2015 21:47:51 -0500, "Mayayana"
wrote as underneath :



I would look into the details of any such reports,
anyway. My concern was for others who might have
limited experience combined with undue confidence
in malware hunters.


I use (freeVer.) MBAM v 1.75.nnn a much older version which has a
much better (proper menu) interface and more exact control than
the modern versions which I havnt updated for many of the reasons
OP has found. BUT with caveat I havnt tried installing it on W8.1
or W10. - the old versions still use the modern definitions files
etc. I tried the modern MBAM 2015 version on a W7 laptop and
immediately concluded that the interface had been dumbed down to
idiot level, horrible! C+


I saw a question upthread: search source:
https://malwaretips.com/threads/malw...ware-old-versi
on-1-75-download-solved.35074/ Near the bottom of that page there
is even a picture of the interface! Of course you have to set it
not to update to a later version automaticly! Dont activate the
paid version (unless you want that) - Standard stuff...
As I indicated it updates the definition files as a current Ver.
does C+


Normally, I'd let this go. but, for security reasons, it must be
stated. Although the older versions of MBAM can still download and
use the definitions file, they aren't able to take full advantage of
the new commands/structure within that file. Their engine ignores the
new commands because it does NOT recognize them. They didn't exist
when v1.x series was being developed.

Newer editions of MBAM have a newer engine under the hood which does
know the new commands and can take advantage of them. Running the
older version with the newest definitions is not ensuring your as
protected as you could be. It's not like AV software that can also do
an engine update with the definitions while keeping the older
interface your more familiar with and prefer. IE: the nav2003 trick
doesn't apply with MBAM.

You're actually running with reduced functionality and less
protection as a result. While the definition file does have more data
and can handle newer malware varients as a result, it's only able to
do this with an engine that fully supports it. The v2.x series only.


--
Error: Creative signature file missing
  #78  
Old November 29th 15, 06:55 PM posted to alt.windows7.general
Ophelia[_4_]
external usenet poster
 
Posts: 106
Default Malwarebytes warning



"Mayayana" wrote in message
...

| I don't see anything about supercookies on mine
|

I got that from their website. They seem to have
a big focus on total cleaning of browser tracks.

Supercookies are a fairly new kind of data storage
that can be used by webpages to store relatively
large amounts of data client-side. They're probably
no worse than a simple web bug or normal cookie,
since those can be used to track you online. But
I don't see any use for them so I set the cache to
0 in Firefox. On the other hand, VanguardLH was
pointing out one day that he likes a game website
that uses supercookies for its functionality. So maybe
some high-interaction sites have justification for
using them.


Ok, thanks.

--
http://www.helpforheroes.org.uk/shop/

  #79  
Old November 29th 15, 06:57 PM posted to alt.windows7.general
Ophelia[_4_]
external usenet poster
 
Posts: 106
Default Malwarebytes warning



"Paul" wrote in message
...
Ophelia wrote:

I don't see anything about supercookies on mine


To evaluate whether your browser remembers things
it shouldn't, you can check here.

http://samy.pl/evercookie/

There are buttons there for inserting a persistent
cookie into your browser, by using storage not
intended to store identifying materials.

You can then quit the browser, attempt to clean
the browser as best you can, then go back to the
web site, and have it evaluate whether the
cookie is still present or extractable.

On a real web site, if only one portion of the
distributed cookie could still be located, the
site would refresh the cookie into all of its
original locations.

Some of those techniques involve beating on
one of the browser databases, multiple times
in a burst pattern, in an effort to store "fake URLs"
which encode the desired identifying content. And
apparently, you cannot necessarily hear or see this
as a physically detectable symptom. I would think
a CPU core would get pinned for a second
doing stuff like that. So if there is ever
an abnormal freezing of the browser, the
web page content could be trying something
like that using Javascript.

Web site developers have more techniques at
their disposal, than the test implementation
of the idea on that site. So no attempt is
made on that site, to keep the implementation
up to date with the latest tricks. It's good
enough to know some of the tricks, so you
have some idea how they're doing it.


Thanks. I'll have a look at that.

--
http://www.helpforheroes.org.uk/shop/

  #80  
Old November 29th 15, 06:59 PM posted to alt.windows7.general
Ophelia[_4_]
external usenet poster
 
Posts: 106
Default Malwarebytes warning



"Diesel" wrote in message
...
"Ophelia"
Thu, 26 Nov 2015 12:43:42 GMT
in alt.windows7.general, wrote:

"Mayayana" wrote in message
...
| There have been many suggestions over the years NOT to touch
| the Registry repair in MBAM (or anywhere else). I don't have
| the OP's post, but I believe he complained about registry
| damage. Best to avoid letting MBAM touch it.
|
|
| MBAM doesn't perform 'registry repair' It can remove
| bad/unwanted keys and reset others to MS defaults.

You don't call that Registry repair? If not then
we're just quibbling over terminolgy. The MB I
ran listed mostly Registry "threats". It even
made up official sounding names for them. The
tweak to stop IE from blocking downloads gets
the name "PUM.LowRiskFileTypes". Sounds like
a virus. Turns out "PUM" stands for "potentially
unwanted modification". Would you expect
the average person to understand all that? Many
people might apply the IE nag-stop without
understanding the details. Those same people might
very well run MB, see scary threats with names
like "PUM.LowRiskFileTypes", and let MB fix them.
Whether you call that repair or not is splitting hairs.


Would you not set PUP and PUM to to be 'fixed' automatically?
Even if I saw the thing it was warning against I still wouldn't
have a clue. This is a very interesting thread and it has thrown
things up that concern me. Users like me just trust the stuff to
work! In the past I had dreadful problems with Norton and would
never touch it again. Are you saying I ought to be wary of this?.
I would appreciate any advice on how to set these things.



I wouldn't. You might actually want the bittorrent client
Malwarebytes detected. You might NOT want the default keys set back.
It may have been you who changed them for some reason.


--
Error: Creative signature file missing


Oh my. I have so much to learn! Thank you.

--
http://www.helpforheroes.org.uk/shop/

  #81  
Old November 29th 15, 07:31 PM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default Malwarebytes warning

| To evaluate whether your browser remembers things
| it shouldn't, you can check here.
|
| http://samy.pl/evercookie/
|
Worth noting the first part of that page:
"a javascript API available that produces
extremely persistent cookies in a browser"

Yet another example of how difficult it is to
hope for any real security or privacy with
script enabled. Though for most people, if
a site really wants to track, IP address is
probably the easiest method, except that
it requires server-side data storage.

There was an interesting interview with
Edward Snowden recently:

https://theintercept.com/2015/11/12/...-your-privacy/

He recommends the Tor browser and an ad
blocker as basics for achieving reasonable
privacy online. (The main point of the ad
blocker being to block tracking -- a function
that gets ignored in the discussions about
whether people have a duty to view ads.)


  #82  
Old November 29th 15, 08:55 PM posted to alt.windows7.general
Buffalo[_3_]
external usenet poster
 
Posts: 686
Default Malwarebytes warning

"Mayayana" wrote in message ...

| So because MBAM does not react in wording YOU want, you start warning
| that people should not trust MBAM.
|

Yes, indeed, Fred. I want to warn people to do exactly
what you advised me:

"If you can't handle false positives, don't TRY security software you
don't understand."

Your wisdom was exceeded only by
your succinctness.


Your arrogance and stubbornness and narrow-mindedness is very apparent in
this discussion.


--
Buffalo

  #83  
Old November 29th 15, 09:10 PM posted to alt.windows7.general
Cy Burnot
external usenet poster
 
Posts: 163
Default Malwarebytes warning

Mayayana wrote on 11/28/2015 10:06 PM:
| If I were going to use them myself I'd drastically
| reduce their functionality. Defaults that scan
| everything at boot and scan every process seem
| wasteful to me. I don't see any reason to scan
| other than new files or unrecognized processes.
|
| Are you talking about real-time or a scheduled scan?

I meant real time. When I've looked at AV settings
the defaults usually seem to be set up to scan almost
constantly. A lot of that seems unnecessary. And
scheduled scans would also be unnecessary if there
are real time scans.


Can't you envision a virus getting past the A-V on day zero, and then
being caught N days later after the A-V signatures have been updated?
  #84  
Old November 29th 15, 09:12 PM posted to alt.windows7.general
Cy Burnot
external usenet poster
 
Posts: 163
Default Malwarebytes warning - now CCleaner

Ophelia wrote on 11/29/2015 8:57 AM:


"J. P. Gilliver (John)" wrote in message
...
In message , Ophelia
writes:
[]
May I tag on here to ask your opinion on CCleaner?

Hello again (-:!

In general, and particularly on this 'group, it's unwise to tag on with
that sort of change, since (in this case) those who have views on CCleaner
may have dropped out of what seems to be a pro/anti Malwarebytes thread.

But anyway: the general consensus here seems to be that CC is in general a
Good Thing, as long as you don't use its registry cleaning facility.


Ahh! I run both each day before I close down!!


Do you use the CC registry cleaner? If so, don't and you will have
nothing to fear from CC.
  #85  
Old November 29th 15, 09:35 PM posted to alt.windows7.general
Ophelia[_4_]
external usenet poster
 
Posts: 106
Default Malwarebytes warning - now CCleaner



"Cy Burnot" wrote in message
...
Ophelia wrote on 11/29/2015 8:57 AM:


"J. P. Gilliver (John)" wrote in message
...
In message , Ophelia
writes:
[]
May I tag on here to ask your opinion on CCleaner?

Hello again (-:!

In general, and particularly on this 'group, it's unwise to tag on with
that sort of change, since (in this case) those who have views on
CCleaner
may have dropped out of what seems to be a pro/anti Malwarebytes thread.

But anyway: the general consensus here seems to be that CC is in general
a
Good Thing, as long as you don't use its registry cleaning facility.


Ahh! I run both each day before I close down!!


Do you use the CC registry cleaner? If so, don't and you will have
nothing to fear from CC.


Not any more

Thanks



--
http://www.helpforheroes.org.uk/shop/

  #86  
Old November 29th 15, 09:45 PM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default Malwarebytes warning

| I meant real time. When I've looked at AV settings
| the defaults usually seem to be set up to scan almost
| constantly. A lot of that seems unnecessary. And
| scheduled scans would also be unnecessary if there
| are real time scans.
|
| Can't you envision a virus getting past the A-V on day zero, and then
| being caught N days later after the A-V signatures have been updated?

I guess that's a good point, but a very long shot.
Even then, why does one need a startup scan if
it was scanning at shutdown? Why does one need
to scan MS Word and the doc it opens if those
were just scanned a few minutes ago and nothing
has changed? I just think the typical default settings
are excessive resource hogs.


  #87  
Old November 29th 15, 09:58 PM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default Malwarebytes warning

| Your arrogance and stubbornness and narrow-mindedness is very apparent in
| this discussion.
|

Which is to say what... that you disagree with
my views? Do you have a point? I'm happy to
discuss with anyone who makes a valid point,
even if they're disrespectful, as you and FredW
are being. I'm not without faults and maybe
there's something to be learned, so I don't
want to reject people merely on manners.
But insults and name calling are neither points
nor manners.


  #88  
Old November 29th 15, 11:31 PM posted to alt.windows7.general
Diesel
external usenet poster
 
Posts: 937
Default Malwarebytes warning

"Ophelia"
Sun, 29 Nov 2015 17:59:34 GMT
in alt.windows7.general, wrote:

"Diesel" wrote in message
...
"Ophelia"
Thu, 26 Nov 2015 12:43:42
GMT in alt.windows7.general, wrote:

"Mayayana" wrote in message
...
| There have been many suggestions over the years NOT to
| touch the Registry repair in MBAM (or anywhere else). I
| don't have the OP's post, but I believe he complained about
| registry damage. Best to avoid letting MBAM touch it.
|
|
| MBAM doesn't perform 'registry repair' It can remove
| bad/unwanted keys and reset others to MS defaults.

You don't call that Registry repair? If not then
we're just quibbling over terminolgy. The MB I
ran listed mostly Registry "threats". It even
made up official sounding names for them. The
tweak to stop IE from blocking downloads gets
the name "PUM.LowRiskFileTypes". Sounds like
a virus. Turns out "PUM" stands for "potentially
unwanted modification". Would you expect
the average person to understand all that? Many
people might apply the IE nag-stop without
understanding the details. Those same people might
very well run MB, see scary threats with names
like "PUM.LowRiskFileTypes", and let MB fix them.
Whether you call that repair or not is splitting hairs.

Would you not set PUP and PUM to to be 'fixed' automatically?
Even if I saw the thing it was warning against I still wouldn't
have a clue. This is a very interesting thread and it has thrown
things up that concern me. Users like me just trust the stuff
to work! In the past I had dreadful problems with Norton and
would never touch it again. Are you saying I ought to be wary
of this?.
I would appreciate any advice on how to set these things.



I wouldn't. You might actually want the bittorrent client
Malwarebytes detected. You might NOT want the default keys set
back. It may have been you who changed them for some reason.


--
Error: Creative signature file missing


Oh my. I have so much to learn! Thank you.


I have a bittorrent client which is fine, but due to it's nature,
MBAM would detect it and if I gave it permission to auto remove PUPs
(potentially unwanted programs) it would remove that program too.
The program is fine, although it does have potential for abuse and
legal issues for the system owner if it's used in a way contrary to
law. If you don't know it's present, you might want to.

Someone could be using it to download copyrighted music, movies,
video games, etc without your knowledge or permission. When caught,
as you're the account holder, it'll be your arse in the fire, not
them. So, you might like to know if your computer has software like
that present; in the event you didn't install it. A friend or family
member may have. They probably don't realize that using it to
download tv shows, movies, and, free music is most likely going to
be illegal in the form of copyright infringement. Which is why MBAM
detects it and those similar in nature to it. it doesn't detect
every single one, afaik, but, it tries to detect the popular/well
known ones.

I have this machine set to disable auto updates of any kind from MS.
I've also elected to turn the notification off concerning this. As a
result, MBAM would notice these registry key values are not defaults
and report (complain, rofl, imho) about it. As I already know I made
these decisions and fully understand the risks associated, I can
tell MBAM to ignore what it found and it won't bother me about this
again.

MBAM tries to guess what the majority of people might want it to do
as a default, not what someone like myself would prefer it did.
Which is why you can turn some those scan options off and you can
always tell mbam to ignore something it thinks it found that might
be harmful, but, that you know isn't.

And of course, you're always encouraged to send suspect samples and
files you know are clean but MBAM false hit on, so that it can be
corrected with a definitions update. False positives are going to
happen. Nobody has a magic bullet or perfect solution to prevent it
all of the time. I don't even think it's a mathematically sound
possibility at this time.


--
Error: Creative signature file missing
  #89  
Old November 29th 15, 11:31 PM posted to alt.windows7.general
Diesel
external usenet poster
 
Posts: 937
Default Malwarebytes warning

Charlie+
Sun, 29 Nov 2015
19:06:24 GMT in alt.windows7.general, wrote:

On Sun, 29 Nov 2015 17:38:31 -0000 (UTC), Diesel
wrote as underneath :

Charlie+
m Sun, 29 Nov 2015
16:13:05 GMT in alt.windows7.general, wrote:

On Sun, 29 Nov 2015 07:39:31 +0000, Charlie+
wrote as underneath :

On Tue, 24 Nov 2015 21:47:51 -0500, "Mayayana"
wrote as underneath :



I would look into the details of any such reports,
anyway. My concern was for others who might have
limited experience combined with undue confidence
in malware hunters.


I use (freeVer.) MBAM v 1.75.nnn a much older version which has
a much better (proper menu) interface and more exact control
than the modern versions which I havnt updated for many of the
reasons OP has found. BUT with caveat I havnt tried installing
it on W8.1 or W10. - the old versions still use the modern
definitions files etc. I tried the modern MBAM 2015 version on a
W7 laptop and immediately concluded that the interface had been
dumbed down to idiot level, horrible! C+

I saw a question upthread: search source:
https://malwaretips.com/threads/malw...alware-old-ver
si on-1-75-download-solved.35074/ Near the bottom of that page
there is even a picture of the interface! Of course you have to
set it not to update to a later version automaticly! Dont
activate the paid version (unless you want that) - Standard
stuff... As I indicated it updates the definition files as a
current Ver. does C+


Normally, I'd let this go. but, for security reasons, it must be
stated. Although the older versions of MBAM can still download and
use the definitions file, they aren't able to take full advantage
of the new commands/structure within that file. Their engine
ignores the new commands because it does NOT recognize them. They
didn't exist when v1.x series was being developed.

Newer editions of MBAM have a newer engine under the hood which
does know the new commands and can take advantage of them. Running
the older version with the newest definitions is not ensuring your
as protected as you could be. It's not like AV software that can
also do an engine update with the definitions while keeping the
older interface your more familiar with and prefer. IE: the
nav2003 trick doesn't apply with MBAM.

You're actually running with reduced functionality and less
protection as a result. While the definition file does have more
data and can handle newer malware varients as a result, it's only
able to do this with an engine that fully supports it. The v2.x
series only.


Yup! Sure you'r possibly right.. I would expect they would try to
improve their product over time, pity they couldnt leave the
useable interface alone! I would rather slightly less (safety?)
(false positives?) and keep the controls!! Everyone to their own
poison! C+


I'm one who preferred the older GUI over this new one as well. It's a
bit more than slightly less most likely as some definition commands
are outright being ignored in the older version. Due to some changes
in the way in which malware works and takes efforts to hide, this
does present a greater risk of those types of malware evading the
older engine's ability to detect and/or remove it.

As much as I hate the newer interface, the engine under it's hood IS
more advanced and you are currently doing yourself a disservice by
relying on the older engine to protect you from the malware you're
likely to run into these days. The older engine is continuing to lose
ground here.

It doesn't do you any good to have the latest definitions which can
detect the malware, if the engine processing those definitions cannot
make complete use of them. If anything, it's giving you a very real
false sense of security. I say this because you're giving up the
(imo) ugly gui in exchange for the one your comfortable with; as a
result, You're also using the older engine which cannot protect you
from all of the signatures that it tells you are present in the
definitions/database update. It's unable to read a large (and
growing) majority of them.



--
Error: Creative signature file missing
  #90  
Old November 29th 15, 11:59 PM posted to alt.windows7.general
J. P. Gilliver (John)
external usenet poster
 
Posts: 5,291
Default Malwarebytes warning

In message , FredW
writes:
[]
Your opinion that there would be useful information revealed here,
is just pampering and makes me wonder what you really did understand of
this discussion.
Maybe you can stop preaching about emotive words (whatever that may be)
and start talking?

[]
plonk
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Although I may disagree with what you say, I will defend to the death your
right to hear me tell you how wrong you are.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 08:11 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.