If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#316
|
|||
|
|||
Virus on page?
In article , Carlos E.R.
wrote: Anyway, enough. The fact is it is done. We have proven it. You can ramble all you want against the practice, won't change it a bit. It is done, no matter your complaints. you haven't proven anything. you're just babbling. partial fonts are rarely used in a pdf because there is no point in bothering. the savings are not worth the trouble. you personally might do it, but you'd be the exception, and you're just making things difficult for those who have to read your pdfs. I personally don't do anything. I use software, and the software is designed to do it, despite your bablings to the contrary. it might be designed to do it, but the reality is that very few people actually do it. lots of features are rarely used, if at all. |
Ads |
#317
|
|||
|
|||
Virus on page?
On 28/03/2019 20.04, nospam wrote:
In article , Carlos E.R. wrote: Anyway, enough. The fact is it is done. We have proven it. You can ramble all you want against the practice, won't change it a bit. It is done, no matter your complaints. you haven't proven anything. you're just babbling. partial fonts are rarely used in a pdf because there is no point in bothering. the savings are not worth the trouble. you personally might do it, but you'd be the exception, and you're just making things difficult for those who have to read your pdfs. I personally don't do anything. I use software, and the software is designed to do it, despite your bablings to the contrary. it might be designed to do it, but the reality is that very few people actually do it. lots of features are rarely used, if at all. I don't use any features, just defaults... -- Cheers, Carlos. |
#318
|
|||
|
|||
Virus on page?
In article , Carlos E.R.
wrote: Anyway, enough. The fact is it is done. We have proven it. You can ramble all you want against the practice, won't change it a bit. It is done, no matter your complaints. you haven't proven anything. you're just babbling. partial fonts are rarely used in a pdf because there is no point in bothering. the savings are not worth the trouble. you personally might do it, but you'd be the exception, and you're just making things difficult for those who have to read your pdfs. I personally don't do anything. I use software, and the software is designed to do it, despite your bablings to the contrary. it might be designed to do it, but the reality is that very few people actually do it. lots of features are rarely used, if at all. I don't use any features, just defaults... exactly, as do most people. using a partial font requires an explicit user action, versus simply using the defaults. you are agreeing with me yet you argue anyway. |
#319
|
|||
|
|||
Virus on page?
On 29/03/2019 19.57, nospam wrote:
In article , Carlos E.R. wrote: Anyway, enough. The fact is it is done. We have proven it. You can ramble all you want against the practice, won't change it a bit. It is done, no matter your complaints. you haven't proven anything. you're just babbling. partial fonts are rarely used in a pdf because there is no point in bothering. the savings are not worth the trouble. you personally might do it, but you'd be the exception, and you're just making things difficult for those who have to read your pdfs. I personally don't do anything. I use software, and the software is designed to do it, despite your bablings to the contrary. it might be designed to do it, but the reality is that very few people actually do it. lots of features are rarely used, if at all. I don't use any features, just defaults... exactly, as do most people. using a partial font requires an explicit user action, versus simply using the defaults. you are agreeing with me yet you argue anyway. No, it doesn't. Using defaults I get a partial font. -- Cheers, Carlos. |
#320
|
|||
|
|||
Virus on page?
In article , Carlos E.R.
wrote: Anyway, enough. The fact is it is done. We have proven it. You can ramble all you want against the practice, won't change it a bit. It is done, no matter your complaints. you haven't proven anything. you're just babbling. partial fonts are rarely used in a pdf because there is no point in bothering. the savings are not worth the trouble. you personally might do it, but you'd be the exception, and you're just making things difficult for those who have to read your pdfs. I personally don't do anything. I use software, and the software is designed to do it, despite your bablings to the contrary. it might be designed to do it, but the reality is that very few people actually do it. lots of features are rarely used, if at all. I don't use any features, just defaults... exactly, as do most people. using a partial font requires an explicit user action, versus simply using the defaults. you are agreeing with me yet you argue anyway. No, it doesn't. Using defaults I get a partial font. that's a very bad default, and not common. |
#321
|
|||
|
|||
Virus on page?
On 29/03/2019 20.45, nospam wrote:
In article , Carlos E.R. wrote: Anyway, enough. The fact is it is done. We have proven it. You can ramble all you want against the practice, won't change it a bit. It is done, no matter your complaints. you haven't proven anything. you're just babbling. partial fonts are rarely used in a pdf because there is no point in bothering. the savings are not worth the trouble. you personally might do it, but you'd be the exception, and you're just making things difficult for those who have to read your pdfs. I personally don't do anything. I use software, and the software is designed to do it, despite your bablings to the contrary. it might be designed to do it, but the reality is that very few people actually do it. lots of features are rarely used, if at all. I don't use any features, just defaults... exactly, as do most people. using a partial font requires an explicit user action, versus simply using the defaults. you are agreeing with me yet you argue anyway. No, it doesn't. Using defaults I get a partial font. that's a very bad default, and not common. In your opinion. In mine, a very good default, and very common. -- Cheers, Carlos. |
#322
|
|||
|
|||
Virus on page?
nospam
Thu, 28 Mar 2019 14:02:55 GMT in alt.comp.freeware, wrote: In article A3egU7, Diesel wrote: calling malwarebytes antivirus or antimalware is entirely irrelevant in the context i used it, which was *not* about malware or viruses. it doesn't change what was being discussed, which was in a separate thread anyway. people use both terms interchangeably. even malwarebytes considers them to be equivalent terms. As I wrote previously, I'm not interested in sales jargon. it's not sales jargon. it's common usage. It's sales jargon. It's relying on the general ignorance/laziness on the part of the consumer. As sad (well, funny in a sarcastic sort of way) as that is, Malwarebytes is correct in that sense; people don't know the specifics concerning Malware, and Malwarebytes is free to dumb it down and explain how their product fits in the grand scheme of things. What they aren't being honest about is it's own limitations. It is NOT an antivirus product, it DOES NOT DO ANYTHING with viral infections. if this was a discussion specifically about malware, then the difference would matter, but since it is not, it doesn't. you are arguing just to argue, especially since you brought it up in an entirely different thread. I'm doing nothing of the sort. I noticed someone else already tried to correct your clear misunderstanding of what the product actually is. They told you, it's not an antivirus. And in your well known, smug short reply, you claimed it was. I took nothing you wrote out of context. You were misinformed, AND, your post was misinforming other readers. Malwarebytes is NOT and has NEVER been a replacement for an actual antivirus product. I don't give two ****s what their latest advertising claims are, they have NOTHING to back them up. I'm not writing this as an end user, as you are; I'm writing this from the point of view of a former employee who had full ****ing access to the engine, database, and assorted tools required to interact with it. When you claim Malwarebytes is in any possible way an antivirus, and use their marketing material to back it up vs my own, actual, hands on first hand knowledge of the inner workings of the product, one can't help but clearly see you're an idiot concerning the subject. We can debate this all you like, but it's not going to change what you wrote, mistakenly and have tried to defend since having written it, AND been called out for it. I repeat, from the point of view of an insider who couldn't get any closer if he wanted, (I was already on the front line, disecting 0day malware of all types; thanks), you are not correct in your claims of Malwarebytes being an antivirus. I don't care what their misleading advertising claims are, or how they're trying to blur everything into one general category to backup their totally bull**** claims. If you or anyone else is stupid enough to replace your current antivirus (free or paid edition) in leu of Malwarebytes and only Malwarebytes, you're an idiot who's not only placing your machine in harms way, but that of others you share the internet with. Malwarebytes is and has always been, a glorified, super over hyped trojan scanner/removal tool. Trojans do not require the same level of coding knowledge or skill to deal with as a virus does. Find trojan, delete trojan, done deal. Find virus, remove virus code from host; if you have to toss the baby out with the bathwater, you aren't deserving of space on anyones machine and certainly aren't worthy of a dime of their money. Malwarebytes as I told you previously cannot disinfect a single file for you, it's never been able to do that; it's engine is by no means capable of doing that in it's present state, AND, they do not have the research staff with the required knowledge to even begin getting into the virus game. For ****s sake, they can't even design a reliable, BINARY BASED database for their own damn engine. That database it downloads is a very big compressed plain ASCII text file under the hood, with very easy to read USER level commands. To store, a string for example (I don't mind sharing this, it's technology *I* shared with them!) requires the following information. I'll explain what a string is briefly first. It's a 'unique' series of bytes in a specific sequence (wildcard is supported, so not all have to be an exact match) at a specific location that's used as the 'signature' for the baddie. In order for this to be stored in Malwarebytes fashion, it's an actual command like this: bad.guy.detection=location of bytes, string of bytes where each byte is represented in 2character hexadecimal. Yes, to store a 4 byte string (they'd never use such a short one) you have to use 8bytes just for the string, not even including the other relevant data. The actual location for the string to be searched for is specified in straight decimal, like so: If I want to scan for a 16byte string at byte offset 127384 in the suspect file, I have to literally store it as 127384,(32 characters of hex), name of baddie, optional parameters which aren't relevant to this discussion. You may think I'm bashing on them or something here, but, I'm not. I'm just you telling how out it actually is and how it actually works, but I'm not getting too specific, because my goal is NOT to teach any upcoming malware lamer how to evade it entirely. The commands to deal with suspect bad registry entries are along the same lines. Everything you need the engine to do is written entirely as human friendly text. This is because, *drum roll* very few people employed by Malwarebytes are actually in any possible way, low level programmers or coders. The majority of my own research term consisted of script kiddies, on a good day. At the time, infact, it was only myself and Doug who could read assembler, let alone write anything in it. And, that huge gap in technical knowledge hasn't been improved since my departure. I'll make this even easier, wrap you up all nice n neat in a bow, by explaining to you how the typical non coding capable 'researcher' goes about a malware sample analysis. This is NOT the standard operating procedure I used, because, I don't need my hands held, I understand how to read assembler. IDA Pro doesn't intimidate me. But! the following has always been standard operating procedure for those who can't code, or barely understand various scripting languages available today. Malwarebytes is the only antimalware company that I know of which uses the following methodology for malware analysis. Everyone else I know actually uses coders like me, and automated systems to do the grunt work. They certainly DO NOT do what i'm disclosing below. As, if they did, and word got out, they'd be laughed right the **** out of business, and rightfully so. So here it is, the professional (Malwarebytes idea of professional anyways) official Malware research process (for those who are unable to fire up IDA pro and understand what they are looking at. Read: the bulk of Malwarebytes staff. No, I'm not joking, it's that sad) First, harvest samples; usually acquired by downloading suspicious samples from a large list of urls that's frequently updated. Along with user submissions and inside contacts who've done the right thing to help everyone and shared samples. Second, Verify you actually have .exe files to deal with. Right off the bat, this step is going to kill many scripts that may/may not have been downloaded that could be malicious. Yep, you're going to miss them, bye bye they be. You do this by running one of the insider utilities, it seperates exe files (two bytes MZ in the front is enough, it doesn't verify the file's actually intact or complete; it's a really dumb tool) from everything else, deleting everything that wasn't flagged as an executable. Remember, I told you, this is a good way to lose a pile of text based scripts that could be malicious that Malwarebytes engine could infact deal with. Third, scan survivors with Malwarebytes using latest public released definitions; make absolutely sure it's not using your own definition site as you work. Allow malwarebytes to delete any known ones. Fourth, upload each and every single surviving exe to virustotal; this will help determine if it's malware AND provide the name it's already known as. Yes, that's right, I didn't mistype this, you're going to submit a sample of the file you're supposed to be analyzing to virustotal for help. Fifth, assuming virus total says yea, it's known by this many products already and it goes by this name for the majority, you determine how you're going to train the malwarebytes engine to detect it. You have basically the following detection options: ** this also means that if virustotal doesn't recognize it as malware of any kind, you skip it and move onto the next one. (I didn't, because I took the time to disassemble the ****ers). If you do it the official malwarebytes way, you'll never know if you just let a new 0day malware sample take a free pass, right under your ****ing nose. OTH, if virustotal recognizes it as malicious, you can use the following methods to detect the file: 1. You can md5hash it (yes, md5!) 2. You can string it (if you can find a suitable string; this has lead to instances of thousands of systems being taken out with a single bad definitions update, multiple times now, due to bad string selection. Non coders don't realize, legitimate programs written and compiled in the same language as alot of malware is going to have some sections of code in common that has nothing to do with malware. It's *NEVER* a good idea to use one of those as a string. Yet, it's been done, many times. Just check their forums for the false positive took my system out stories. 3. You can lock onto it's filename and location, or just the filename. At this point, the file could be completely empty of content, as in zero (yes, zero, as in NONE) bytes and still be flagged as Malware. And yes, Malwarebytes still defends this line of thinking and calls it part of the advanced heuristics technology. It's nice marketing, but, hardly advanced and barely heuristics. Those are your only options, btw. The Malwarebytes engine itself isn't advanced enough to provide more. Which is okay, because the staff isn't advanced enough to require them. They didn't even have a string scan function prior to my employment, it was literally a pile of md5sum hashes for malware. All acquired from the aforementioned processes. I wound up cracking the damn program by accident during an analysis session because the powers that be thought it wise to have the key related to the ID by being nothing more than an md5hash sum of the ID itself. What can I say, they love the hashing functions. The exploited, known for years now not to rely on, hashing functions. Their entire database relies on it. Does that make you feel a little safer? It wouldn't me. Now that we know for sure (because virustotal told us it was) it's malware and currently unknown to malwarebytes, it's time to execute it using total uninstall (or whatever monitoring app you prefer *larf*) and watch it. Keep track of any changes it's made to the system, new exe files it's downloaded, created, etc. Repeat the process above for each one you find. That part used to annoy the **** out of me, if I actually followed that specific procedure; within minutes, the new sample would have rendered the machine nearly unusable. You were expected to run a clean with the latest public definitions, and, if that didn't cure you, hunt for remaining offenders and repeat the processes above. Oh yea, and restore the system from last known good image so you can **** it all up again a few minutes later. Now maybe you understand why I preferred to reverse engineer by disassembly, instead. I could see everything the malware had under it's coat; where as trying to run it instead, the Malware isn't necessarily going to give me everything it has in hiding. And obviously, if you ran something that had self replication features (heh), the uninstall app isn't going to be able to help you with that, and there's literally NO COMMAND in the database to do anything about it. So you have a fuxored test system that can't even provide you enough usable information to prevent it from happening to someone else. Best case scenario, stop gap measure, try to detect the dropper file so the user never accidently executes it. Great for paid users, not so good for you if you're an ondemand only user; executing the virus sample once is going to **** you two ways from sunday. I once told another technician when they claimed (like you) that viruses and malware are interchangable the following, to sum it up and end the otherwise, dull as **** all conversation. You don't treat the flu with antibiotics. i didn't claim that virus and malware is interchangeable. Actually, you tried to. Message-ID: When nospam claimed Malwarebytes was an antivirus, I stopped reading their posts. [g] I know what the software is and isn't, I worked for the ****ing company in Malware Research; not sales. *GRIN* semantic bull****. while technically there is a minor difference, it is irrelevant in this context and the terms are used interchangeably by just about everyone anyway. *** end paste The difference isn't minor, either. One is much much easier to deal with, you don't even have to be a programmer to analyse them. The other, heh, if you can't code low level, you're not going to be doing much with it. I really don't care if the general public uses the terms interchangably or not. The general public is the reason such products exist, because said general public is entirely incapable of protecting themselves and making sound I.T decisions. They tend to be very gullible and easily owned by those who have I.T knowledge and nefarious intent. That and, let's be honest, the general public is a cash cow, no matter the trade. what i said was that malwarebytes was an anti-virus utility, something the company itself even claims. nobody is confused if it's technically anti-malware and not anti-virus. it's a stupid semantic argument. Yes, I'm well aware of what you said and what they've been lying (yes, that's what it is, no PC about me) about their products actual abilities. It is NOT and has never been an antivirus program. The reason malwarebytes even brings the subject up is because myself and another former employee (who's also well known in the av/am/vx circles as one of the good guys) called them out on it. Initially, in private, much later, in public, right here on usenet. The scathing reverse engineering report done by Project zero wasn't exactly a public relations fiesta, either. Infact, it matches every single thing I've written about the product, going back for several years. I've always been candid concerning the limitations and it's positive aspects. https://www.malwarebytes.com/antivirus/ For the most part, łantivirus˛ and łanti-malware˛ mean the same thing. They both refer to software designed to detect, protect against, and remove malicious software. Nice sales marketing on a very thin line. I expect nothing better from a company that actually recommends (knowing full well their products engine/database/development/research team limitations) replacing your antivirus product with theirs. A foolish decision, on a good day. the go bitch at them to change it. Marcin is well aware of my issue with his claim, He's known about it for years. Initially, he claimed the advertising/sales dept wasn't keeping in touch with the tech depts as they should have been. In other words, he tried to tell me it was a misunderstanding. I didn't buy it then, and since he's outright making the claims himself now in print, I have no reason to buy it now. I know better. I know what the product actually is and what it actually does because I'm one of the people who's responsible for various technologies it's using to keep suckers (like you I suppose) safer. They had no string system prior to me, it's technology I straight up taught them in a meeting. The engine was modified by Marcin himself to accomodate it. Along with the quick scantimes; that was accomplished by teaching them how to look for exe files specifically by looking for the magic bytes in the front of the file. Prior to that, they were md5sum hashing every single file on your hard disk and comparing it to the list stored in the database. When I was hired on, I quickly learned the program under the hood was hardly complex, or even capable of much on it's own without some serious help. That's where I came in. I wasn't just doing Malware research. I was head of the antipiracy dept, outright, too. So, enough with the bull**** claim of yours and your sorry ass defense of having made it. When you claim Malwarebytes is an antivirus, you are writing straight from your arsehole. -- The invasion has been postponed. Yes! Definitely postponed! |
Thread Tools | |
Display Modes | Rate This Thread |
|
|