A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Virus on page?



 
 
Thread Tools Rate Thread Display Modes
  #316  
Old March 28th 19, 08:04 PM posted to alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Virus on page?

In article , Carlos E.R.
wrote:

Anyway, enough. The fact is it is done. We have proven it. You can
ramble all you want against the practice, won't change it a bit. It is
done, no matter your complaints.


you haven't proven anything. you're just babbling.

partial fonts are rarely used in a pdf because there is no point in
bothering. the savings are not worth the trouble.

you personally might do it, but you'd be the exception, and you're just
making things difficult for those who have to read your pdfs.


I personally don't do anything. I use software, and the software is
designed to do it, despite your bablings to the contrary.


it might be designed to do it, but the reality is that very few people
actually do it. lots of features are rarely used, if at all.
Ads
  #317  
Old March 29th 19, 07:24 PM posted to alt.comp.os.windows-10
Carlos E.R.[_3_]
external usenet poster
 
Posts: 1,356
Default Virus on page?

On 28/03/2019 20.04, nospam wrote:
In article , Carlos E.R.
wrote:

Anyway, enough. The fact is it is done. We have proven it. You can
ramble all you want against the practice, won't change it a bit. It is
done, no matter your complaints.

you haven't proven anything. you're just babbling.

partial fonts are rarely used in a pdf because there is no point in
bothering. the savings are not worth the trouble.

you personally might do it, but you'd be the exception, and you're just
making things difficult for those who have to read your pdfs.


I personally don't do anything. I use software, and the software is
designed to do it, despite your bablings to the contrary.


it might be designed to do it, but the reality is that very few people
actually do it. lots of features are rarely used, if at all.


I don't use any features, just defaults...

--
Cheers, Carlos.
  #318  
Old March 29th 19, 07:57 PM posted to alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Virus on page?

In article , Carlos E.R.
wrote:

Anyway, enough. The fact is it is done. We have proven it. You can
ramble all you want against the practice, won't change it a bit. It is
done, no matter your complaints.

you haven't proven anything. you're just babbling.

partial fonts are rarely used in a pdf because there is no point in
bothering. the savings are not worth the trouble.

you personally might do it, but you'd be the exception, and you're just
making things difficult for those who have to read your pdfs.


I personally don't do anything. I use software, and the software is
designed to do it, despite your bablings to the contrary.


it might be designed to do it, but the reality is that very few people
actually do it. lots of features are rarely used, if at all.


I don't use any features, just defaults...


exactly, as do most people.

using a partial font requires an explicit user action, versus simply
using the defaults. you are agreeing with me yet you argue anyway.
  #319  
Old March 29th 19, 08:40 PM posted to alt.comp.os.windows-10
Carlos E.R.[_3_]
external usenet poster
 
Posts: 1,356
Default Virus on page?

On 29/03/2019 19.57, nospam wrote:
In article , Carlos E.R.
wrote:

Anyway, enough. The fact is it is done. We have proven it. You can
ramble all you want against the practice, won't change it a bit. It is
done, no matter your complaints.

you haven't proven anything. you're just babbling.

partial fonts are rarely used in a pdf because there is no point in
bothering. the savings are not worth the trouble.

you personally might do it, but you'd be the exception, and you're just
making things difficult for those who have to read your pdfs.


I personally don't do anything. I use software, and the software is
designed to do it, despite your bablings to the contrary.

it might be designed to do it, but the reality is that very few people
actually do it. lots of features are rarely used, if at all.


I don't use any features, just defaults...


exactly, as do most people.

using a partial font requires an explicit user action, versus simply
using the defaults. you are agreeing with me yet you argue anyway.


No, it doesn't. Using defaults I get a partial font.

--
Cheers, Carlos.
  #320  
Old March 29th 19, 08:45 PM posted to alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Virus on page?

In article , Carlos E.R.
wrote:

Anyway, enough. The fact is it is done. We have proven it. You can
ramble all you want against the practice, won't change it a bit. It is
done, no matter your complaints.

you haven't proven anything. you're just babbling.

partial fonts are rarely used in a pdf because there is no point in
bothering. the savings are not worth the trouble.

you personally might do it, but you'd be the exception, and you're just
making things difficult for those who have to read your pdfs.


I personally don't do anything. I use software, and the software is
designed to do it, despite your bablings to the contrary.

it might be designed to do it, but the reality is that very few people
actually do it. lots of features are rarely used, if at all.

I don't use any features, just defaults...


exactly, as do most people.

using a partial font requires an explicit user action, versus simply
using the defaults. you are agreeing with me yet you argue anyway.


No, it doesn't. Using defaults I get a partial font.


that's a very bad default, and not common.
  #321  
Old March 29th 19, 09:32 PM posted to alt.comp.os.windows-10
Carlos E.R.[_3_]
external usenet poster
 
Posts: 1,356
Default Virus on page?

On 29/03/2019 20.45, nospam wrote:
In article , Carlos E.R.
wrote:

Anyway, enough. The fact is it is done. We have proven it. You can
ramble all you want against the practice, won't change it a bit. It is
done, no matter your complaints.

you haven't proven anything. you're just babbling.

partial fonts are rarely used in a pdf because there is no point in
bothering. the savings are not worth the trouble.

you personally might do it, but you'd be the exception, and you're just
making things difficult for those who have to read your pdfs.


I personally don't do anything. I use software, and the software is
designed to do it, despite your bablings to the contrary.

it might be designed to do it, but the reality is that very few people
actually do it. lots of features are rarely used, if at all.

I don't use any features, just defaults...

exactly, as do most people.

using a partial font requires an explicit user action, versus simply
using the defaults. you are agreeing with me yet you argue anyway.


No, it doesn't. Using defaults I get a partial font.


that's a very bad default, and not common.


In your opinion.

In mine, a very good default, and very common.

--
Cheers, Carlos.
  #322  
Old March 30th 19, 10:19 AM posted to alt.comp.os.windows-10,alt.computer.workshop,alt.comp.freeware,rec.photo.digital
Diesel
external usenet poster
 
Posts: 344
Default Virus on page?

nospam
Thu, 28 Mar 2019
14:02:55 GMT in alt.comp.freeware, wrote:

In article
A3egU7, Diesel
wrote:


calling malwarebytes antivirus or antimalware is entirely
irrelevant in the context i used it, which was *not* about
malware or viruses. it doesn't change what was being discussed,
which was in a separate thread anyway.


people use both terms interchangeably. even malwarebytes
considers them to be equivalent terms.


As I wrote previously, I'm not interested in sales jargon.


it's not sales jargon. it's common usage.


It's sales jargon. It's relying on the general ignorance/laziness on
the part of the consumer. As sad (well, funny in a sarcastic sort of
way) as that is, Malwarebytes is correct in that sense; people don't
know the specifics concerning Malware, and Malwarebytes is free to
dumb it down and explain how their product fits in the grand scheme
of things. What they aren't being honest about is it's own
limitations. It is NOT an antivirus product, it DOES NOT DO ANYTHING
with viral infections.

if this was a discussion specifically about malware, then the
difference would matter, but since it is not, it doesn't. you are
arguing just to argue, especially since you brought it up in an
entirely different thread.


I'm doing nothing of the sort. I noticed someone else already tried
to correct your clear misunderstanding of what the product actually
is. They told you, it's not an antivirus. And in your well known,
smug short reply, you claimed it was. I took nothing you wrote out of
context. You were misinformed, AND, your post was misinforming other
readers. Malwarebytes is NOT and has NEVER been a replacement for an
actual antivirus product. I don't give two ****s what their latest
advertising claims are, they have NOTHING to back them up.

I'm not writing this as an end user, as you are; I'm writing this
from the point of view of a former employee who had full ****ing
access to the engine, database, and assorted tools required to
interact with it. When you claim Malwarebytes is in any possible way
an antivirus, and use their marketing material to back it up vs my
own, actual, hands on first hand knowledge of the inner workings of
the product, one can't help but clearly see you're an idiot
concerning the subject.

We can debate this all you like, but it's not going to change what
you wrote, mistakenly and have tried to defend since having written
it, AND been called out for it.

I repeat, from the point of view of an insider who couldn't get any
closer if he wanted, (I was already on the front line, disecting 0day
malware of all types; thanks), you are not correct in your claims of
Malwarebytes being an antivirus. I don't care what their misleading
advertising claims are, or how they're trying to blur everything into
one general category to backup their totally bull**** claims.

If you or anyone else is stupid enough to replace your current
antivirus (free or paid edition) in leu of Malwarebytes and only
Malwarebytes, you're an idiot who's not only placing your machine in
harms way, but that of others you share the internet with.

Malwarebytes is and has always been, a glorified, super over hyped
trojan scanner/removal tool. Trojans do not require the same level of
coding knowledge or skill to deal with as a virus does. Find trojan,
delete trojan, done deal. Find virus, remove virus code from host; if
you have to toss the baby out with the bathwater, you aren't
deserving of space on anyones machine and certainly aren't worthy of
a dime of their money.

Malwarebytes as I told you previously cannot disinfect a single file
for you, it's never been able to do that; it's engine is by no means
capable of doing that in it's present state, AND, they do not have
the research staff with the required knowledge to even begin getting
into the virus game. For ****s sake, they can't even design a
reliable, BINARY BASED database for their own damn engine.

That database it downloads is a very big compressed plain ASCII text
file under the hood, with very easy to read USER level commands. To
store, a string for example (I don't mind sharing this, it's
technology *I* shared with them!) requires the following information.

I'll explain what a string is briefly first. It's a 'unique' series
of bytes in a specific sequence (wildcard is supported, so not all
have to be an exact match) at a specific location that's used as the
'signature' for the baddie. In order for this to be stored in
Malwarebytes fashion, it's an actual command like this:

bad.guy.detection=location of bytes, string of bytes where each byte
is represented in 2character hexadecimal. Yes, to store a 4 byte
string (they'd never use such a short one) you have to use 8bytes
just for the string, not even including the other relevant data. The
actual location for the string to be searched for is specified in
straight decimal, like so:

If I want to scan for a 16byte string at byte offset 127384 in the
suspect file, I have to literally store it as 127384,(32 characters
of hex), name of baddie, optional parameters which aren't relevant to
this discussion. You may think I'm bashing on them or something here,
but, I'm not. I'm just you telling how out it actually is and how it
actually works, but I'm not getting too specific, because my goal is
NOT to teach any upcoming malware lamer how to evade it entirely.

The commands to deal with suspect bad registry entries are along the
same lines. Everything you need the engine to do is written entirely
as human friendly text. This is because, *drum roll* very few people
employed by Malwarebytes are actually in any possible way, low level
programmers or coders. The majority of my own research term consisted
of script kiddies, on a good day. At the time, infact, it was only
myself and Doug who could read assembler, let alone write anything in
it.

And, that huge gap in technical knowledge hasn't been improved since
my departure.

I'll make this even easier, wrap you up all nice n neat in a bow, by
explaining to you how the typical non coding capable 'researcher'
goes about a malware sample analysis. This is NOT the standard
operating procedure I used, because, I don't need my hands held, I
understand how to read assembler. IDA Pro doesn't intimidate me.

But! the following has always been standard operating procedure for
those who can't code, or barely understand various scripting
languages available today. Malwarebytes is the only antimalware
company that I know of which uses the following methodology for
malware analysis. Everyone else I know actually uses coders like me,
and automated systems to do the grunt work. They certainly DO NOT do
what i'm disclosing below. As, if they did, and word got out, they'd
be laughed right the **** out of business, and rightfully so.


So here it is, the professional (Malwarebytes idea of professional
anyways) official Malware research process (for those who are unable
to fire up IDA pro and understand what they are looking at. Read: the
bulk of Malwarebytes staff. No, I'm not joking, it's that sad)

First, harvest samples; usually acquired by downloading suspicious
samples from a large list of urls that's frequently updated. Along
with user submissions and inside contacts who've done the right thing
to help everyone and shared samples.

Second,

Verify you actually have .exe files to deal with. Right off the bat,
this step is going to kill many scripts that may/may not have been
downloaded that could be malicious. Yep, you're going to miss them,
bye bye they be. You do this by running one of the insider utilities,
it seperates exe files (two bytes MZ in the front is enough, it
doesn't verify the file's actually intact or complete; it's a really
dumb tool) from everything else, deleting everything that wasn't
flagged as an executable. Remember, I told you, this is a good way to
lose a pile of text based scripts that could be malicious that
Malwarebytes engine could infact deal with.

Third,

scan survivors with Malwarebytes using latest public released
definitions; make absolutely sure it's not using your own definition
site as you work. Allow malwarebytes to delete any known ones.

Fourth, upload each and every single surviving exe to virustotal;
this will help determine if it's malware AND provide the name it's
already known as. Yes, that's right, I didn't mistype this, you're
going to submit a sample of the file you're supposed to be analyzing
to virustotal for help.

Fifth, assuming virus total says yea, it's known by this many
products already and it goes by this name for the majority, you
determine how you're going to train the malwarebytes engine to detect
it. You have basically the following detection options:

** this also means that if virustotal doesn't recognize it as malware
of any kind, you skip it and move onto the next one. (I didn't,
because I took the time to disassemble the ****ers). If you do it the
official malwarebytes way, you'll never know if you just let a new
0day malware sample take a free pass, right under your ****ing nose.

OTH, if virustotal recognizes it as malicious, you can use the
following methods to detect the file:

1. You can md5hash it (yes, md5!)

2. You can string it (if you can find a suitable string; this has
lead to instances of thousands of systems being taken out with a
single bad definitions update, multiple times now, due to bad string
selection. Non coders don't realize, legitimate programs written and
compiled in the same language as alot of malware is going to have
some sections of code in common that has nothing to do with malware.
It's *NEVER* a good idea to use one of those as a string. Yet, it's
been done, many times. Just check their forums for the false positive
took my system out stories.

3. You can lock onto it's filename and location, or just the
filename. At this point, the file could be completely empty of
content, as in zero (yes, zero, as in NONE) bytes and still be
flagged as Malware. And yes, Malwarebytes still defends this line of
thinking and calls it part of the advanced heuristics technology.
It's nice marketing, but, hardly advanced and barely heuristics.

Those are your only options, btw. The Malwarebytes engine itself
isn't advanced enough to provide more. Which is okay, because the
staff isn't advanced enough to require them. They didn't even have a
string scan function prior to my employment, it was literally a pile
of md5sum hashes for malware. All acquired from the aforementioned
processes. I wound up cracking the damn program by accident during an
analysis session because the powers that be thought it wise to have
the key related to the ID by being nothing more than an md5hash sum
of the ID itself. What can I say, they love the hashing functions.
The exploited, known for years now not to rely on, hashing functions.

Their entire database relies on it. Does that make you feel a little
safer? It wouldn't me.

Now that we know for sure (because virustotal told us it was) it's
malware and currently unknown to malwarebytes, it's time to execute
it using total uninstall (or whatever monitoring app you prefer
*larf*) and watch it. Keep track of any changes it's made to the
system, new exe files it's downloaded, created, etc. Repeat the
process above for each one you find.

That part used to annoy the **** out of me, if I actually followed
that specific procedure; within minutes, the new sample would have
rendered the machine nearly unusable. You were expected to run a
clean with the latest public definitions, and, if that didn't cure
you, hunt for remaining offenders and repeat the processes above.

Oh yea, and restore the system from last known good image so you can
**** it all up again a few minutes later. Now maybe you understand
why I preferred to reverse engineer by disassembly, instead. I could
see everything the malware had under it's coat; where as trying to
run it instead, the Malware isn't necessarily going to give me
everything it has in hiding. And obviously, if you ran something that
had self replication features (heh), the uninstall app isn't going to
be able to help you with that, and there's literally NO COMMAND in
the database to do anything about it. So you have a fuxored test
system that can't even provide you enough usable information to
prevent it from happening to someone else. Best case scenario, stop
gap measure, try to detect the dropper file so the user never
accidently executes it. Great for paid users, not so good for you if
you're an ondemand only user; executing the virus sample once is
going to **** you two ways from sunday.

I once told another technician when they claimed (like you) that
viruses and malware are interchangable the following, to sum it
up and end the otherwise, dull as **** all conversation. You
don't treat the flu with antibiotics.

i didn't claim that virus and malware is interchangeable.


Actually, you tried to.

Message-ID:

When nospam claimed Malwarebytes was an antivirus, I stopped
reading their posts. [g] I know what the software is and isn't, I
worked for the ****ing company in Malware Research; not sales.
*GRIN*


semantic bull****. while technically there is a minor difference, it
is irrelevant in this context and the terms are used interchangeably
by just about everyone anyway.

*** end paste

The difference isn't minor, either. One is much much easier to deal
with, you don't even have to be a programmer to analyse them. The
other, heh, if you can't code low level, you're not going to be doing
much with it.

I really don't care if the general public uses the terms
interchangably or not. The general public is the reason such
products exist, because said general public is entirely incapable of
protecting themselves and making sound I.T decisions. They tend to
be very gullible and easily owned by those who have I.T knowledge
and nefarious intent. That and, let's be honest, the general public
is a cash cow, no matter the trade.

what i said was that malwarebytes was an anti-virus utility,
something the company itself even claims. nobody is confused if
it's technically anti-malware and not anti-virus. it's a stupid
semantic argument.


Yes, I'm well aware of what you said and what they've been lying
(yes, that's what it is, no PC about me) about their products actual
abilities. It is NOT and has never been an antivirus program.

The reason malwarebytes even brings the subject up is because myself
and another former employee (who's also well known in the av/am/vx
circles as one of the good guys) called them out on it. Initially, in
private, much later, in public, right here on usenet.

The scathing reverse engineering report done by Project zero wasn't
exactly a public relations fiesta, either. Infact, it matches every
single thing I've written about the product, going back for several
years. I've always been candid concerning the limitations and it's
positive aspects.


https://www.malwarebytes.com/antivirus/
For the most part, łantivirus˛ and łanti-malware˛ mean the
same thing. They both refer to software designed to detect,
protect against, and remove malicious software.


Nice sales marketing on a very thin line. I expect nothing better
from a company that actually recommends (knowing full well their
products engine/database/development/research team limitations)
replacing your antivirus product with theirs. A foolish decision,
on a good day.


the go bitch at them to change it.


Marcin is well aware of my issue with his claim, He's known about it
for years. Initially, he claimed the advertising/sales dept wasn't
keeping in touch with the tech depts as they should have been. In
other words, he tried to tell me it was a misunderstanding. I didn't
buy it then, and since he's outright making the claims himself now in
print, I have no reason to buy it now. I know better. I know what the
product actually is and what it actually does because I'm one of the
people who's responsible for various technologies it's using to keep
suckers (like you I suppose) safer.

They had no string system prior to me, it's technology I straight up
taught them in a meeting. The engine was modified by Marcin himself
to accomodate it. Along with the quick scantimes; that was
accomplished by teaching them how to look for exe files specifically
by looking for the magic bytes in the front of the file. Prior to
that, they were md5sum hashing every single file on your hard disk
and comparing it to the list stored in the database. When I was hired
on, I quickly learned the program under the hood was hardly complex,
or even capable of much on it's own without some serious help. That's
where I came in. I wasn't just doing Malware research. I was head of
the antipiracy dept, outright, too.

So, enough with the bull**** claim of yours and your sorry ass
defense of having made it. When you claim Malwarebytes is an
antivirus, you are writing straight from your arsehole.

--
The invasion has been postponed. Yes! Definitely postponed!
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 05:25 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.