If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#121
|
|||
|
|||
Malwarebytes warning
"Gene Wirchenko" wrote in message
... On Tue, 1 Dec 2015 18:05:51 -0700, "Buffalo" wrote: [snip] So, why are you bashing MBAM when you have almost NO experience with it or other anti-malware programs' actions or other anti-virus programs' actions or deficiencies? One general reason would be that a program is awkward or difficult to use effectively. A program that is awkward or difficult to use does make it difficult to get experience with it. I believe that any anti-virus or anti-malware program might delete things (or programs or registry keys) if you set them on automatic. don't you? Mayayana has been discussing the impact on people who do not know much about such programs. Why expect such people to be aware of how such programs work? So, if you agree, why not say that instead of dissing MBAM (that's MalwareBytesAnti-Malware, MBAM, and not MalwareBytesAnti-Exploit, MBAE or another MB prodict? Programs can be made easier to use. Sincerely, Gene Wirchenko Like I tried to get across earlier, MBAM is not unique among the top anti-virus and top anti-malware programs that might delete useful stuff when left on automatic. The 'easiest' way to use those programs is to let them do 'everything' automatically, isn't it? Is that the 'best' way, not in my opinion. -- Buffalo |
Ads |
#122
|
|||
|
|||
Malwarebytes warning
"Gene Wirchenko" wrote in message
... On Tue, 1 Dec 2015 13:04:05 -0700, "Buffalo" wrote: "Gene Wirchenko" wrote in message . .. [snip] I am not against it. I am against the abuse. If I can avoid using MBAM, I will. (That is currently the case, and may it stay so.) If I had to, then I would, but as a last resort. If you used it and had a problem with it and posted what the problem was, you would most likely get good help. Not like the other person who did nothing but bash the program. Still, it is your choice. He did not. He pointed out shortcomings of it. As a systems analyst, I might do much the same asking what a particular message meant, and complaining that it was rather unclear. I have run into all too many situations where the error messages and documentation were unclear (or even absent). The consequent waste of time is, obviously, a waste of time. You may like the taste of MBAM Kool-Aid, but some of us do not. Not so long ago, I had a program give me an unclear error message. Since it was my own program, I corrected the error. Sincerely, Gene Wirchenko Too bad you didn't trust the program you wrote enough to let it automatically correct the problem. -- Buffalo |
#123
|
|||
|
|||
Malwarebytes warning
In message , masonc
writes: [] On the other hand, and just for the record, MB(premium I bought) found 100plus doubts and a couple of serious [Ooh, apparently you're not allowed to call it just MB (-:!] threats. Tired of seeing all these, I googled a few and learned they were baddies. Tired of googling, I let MP remove them ALL I'm perfectly clean now, no harm, but maybe I'll come back and say my umpty-dump doesn't work any more -- we'll see. But, of course, that might be after sufficient time that you don't connect your umpty-dump not working with having run "MB". Now, where have I read that sort of thing before? Ah yes, people writing about the evils of registry cleaners. Tend to be the same people who reach for MBAM (see, I know what to call it) for everything ... (Just stirring ...) -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf offensive speech is something to be protected, not celebrated. - "yoni", 2015-8-5 |
#124
|
|||
|
|||
Malwarebytes warning
"Diesel" wrote in message ... "Ophelia" Tue, 01 Dec 2015 10:14:23 GMT in alt.windows7.general, wrote: "Diesel" wrote in message ... "Ophelia" Mon, 30 Nov 2015 11:34:17 GMT in alt.windows7.general, wrote: Now, on a positive note ... I ventured into the settings and looked at the times it turns itself on. I have taken out the one 'start MB with windows' which has made a huge difference to boot up times. Do you have the paid version or are you running the trial copy? Paid version! You don't see the icon in your tray anymore then? If this is indeed the case, please be sure you open the program manually and ensure the resident protection module IS enabled and running. If not, you aren't getting the benefits that you paid for. I do have the icon in my tray! I put it there myself after it disappeared -- http://www.helpforheroes.org.uk/shop/ |
#125
|
|||
|
|||
Malwarebytes warning
"Mayayana"
Wed, 02 Dec 2015 04:19:38 GMT in alt.windows7.general, wrote: | MBAM has no way of knowing if those values are correct or not as | it applies to your machine. It only knows that they are not | default values and it's letting you know about that. That's a bit misleading. First, it's not letting you that you have non-default settings. It's just telling you that you have yellow alert malware in the Registry. With regard to the security center notification keys not being default, I didn't mislead you or anyone else in the least little bit. I do not disagree with you concerning that the phrasing could be rewritten to better explain what's been detected and why it matters to the user. I believe it would also help to stop labeling everything as an infection too. We both know a registry key alone isn't an infection. [g] It's also worth noting, as I previously stated, contacting them about false alarms is not a bad thing. It helps you and it helps them. If you're affected by a false alarm, there's a good chance someone else is as well. It's entirely possible this issue will be caught quickly and corrected with another definitions update. In the meantime, if you know these are okay keys and no changes of any kind need to be made to them, you can tell MBAM not to touch them and ignore those exact keys in the future; So you don't have to wait for Malwarebytes to correct the definitions and you don't continue to have to tell the program not to do anything to those keys. No, it's not a perfect solution, I agree, but, it is a possible temporary fix for your issue that won't present an unnecessary risk to your system/software configuration. Please, understand, NO app of this kind is going to be 100% false positive free. It's just not possible due to the way the technologies work and the way software is written. A large majority of malware these days is written in an HLL language, identical to the ones you or someone else might be using. VB, and/or Visual C++ for example. As a result, some of the malware and your legit programs share some common code. Sometimes, this code can be found in both programs in the same place (either virtually and/or physically) If this section of code was thought to have been unique to the malware and wasn't expected to be seen in legit programs, it's entirely possible the AV/AM software is going to falsely assume it's the malware sample. Your program might due to the way the compiler decided to treat the code you wrote; (sometimes, your programs flow isn't what it looks like it should be to you in the source code when the final product is produced. You lose a lot of control when using an HLL) appear to be calling routines/functions and doing other things the same way a known malware sample would. More advanced AV/AM technologies are likely to false hit this program as a result. IE: your programs actual behavior when executing matches that of a known bad guy. You didn't do this on purpose, but, because you didn't know what your code is really converted to or how the compiler actually works, this is the result you sometimes get. Sometimes, the process is as simple as physically moving the location of some support routines and recompiling. You won't always have to make changes directly to the code to support what you've done, depending on the language used. You can literally cut/paste (simplification again) some subroutines and switch their positions in your source code. This may cause the compiler, for code optimization sake, to reconsider how it builds the final executable. As a result of the different internal structure, the AV/AM is more likely not to falsely consider it malware. I'm over simplifying the process so that you can better understand how this happens sometimes. None of this includes the actual human error side; where a bad/poorly researched definition is sometimes created. Sadly, that can happen too. With any company and any program. Considering the sheer amount of HLL based malware samples and the millions of lines of definitions (probably trillions if you include all AV/AM), it's not mathematically realistic to expect you can avoid an HLL legit program from an HLL malware program 100% of the time. It's just not feasable. So you take a calculated risk when running any of these programs. Hopefully the protection gains outweigh the risk of your system having legit software that's confused for malware. That's the game your playing in this case. To decrease your odds of losing, it's best not to let the program do everything automatically, do make use of quarantine option, do research things the program claims to have detected before you make potentially hasty decisions due to panic. And by program, I mean any AV/AM program. In the event you allow it to kill/remove/disable something it shouldn't have, as long as quarantine works and you used it previously, you *should* be able to 'undo' the effects and bring the legit program back to working order. At the end of the day, I think it's a bit premature of you to decide never to use the program again because of this single experience with it. It does tend to do well and protects many users machines from otherwise harmful software. -- Error: Creative signature file missing |
#126
|
|||
|
|||
Malwarebytes warning
Gene Wirchenko
Wed, 02 Dec 2015 23:19:42 GMT in alt.windows7.general, wrote: I'm sorry, but, I disagree with you. One could claim to be correcting the registry by resetting those keys to default simply by turning the notifications back on in the security center. Is the user now a registry repair program? The end result in this example is the same. I used this example because it also applies to MBAM regarding the warnings concerning some keys not being at default settings. That you have to strain so much indicates that your point is not nearly as good as you think it is. I know what a program is, and I think that you do, too. None of your above scenario offers any reason why the user should be considered a program. I'm not straining Gene. I was specifically talking about those keys because MBAM has 'alerted' on them for years and these discussions have come up concerning it numerous times on various forums (including their own) as well as usenet. The user obviously isn't a program. I used it, (as I explained) as an example. As MBAM in that case would be doing the same thing the user *could* do with the security center. As far as notification settings. Fact is, MBAM resetting them to defaults is (under the hood now, not the GUI) no different than you doing it via security center. For those who like to do their own reg mods, they likely just fire up their favorite registry editor (MBAM isn't one of those either) and perform the changes themselves. But, to say that a program is 'repairing' the registry because it reset some already existing keys values back to their original configuration isn't the right thing to be stating. It's not technically correct. The registry wasn't broken; even if a key doesn't have the values you or another program thinks it should. OTH, if you or the program couldn't access the key to read that value due to an actual issue with the registry (think system missing error sometimes found on earlier NT systems without an easy remedy); that actually is registry damage and the fix might require a reinstall of the OS and installed apps that aren't portable in nature. Unless, you have a way of going back to a former working registry hive AND/OR the registry damage isn't severe enough that you can't boot off another media and use regedit to mount it to effect repairs. Or another app, via booting off of external media again. As under that scenario, the installed OS isn't booting; safe mode or otherwise. It actually does have a real registry problem; it cannot properly access one of the files which consist of the registry. ERUNT was developed so the reinstall wouldn't be necessary nearly as often. As long as you actually used it properly. You could boot from external media, copy the saved hive files over the ones on the installed OS, reboot. Walla. I do not disagree that they should rewrite some 'alert' messages to better explain what is actually going on and why it should be of any interest to the user. A batch file that resets certain registry values to known values would be a simple registry repair program. If after that, a program that did not work now works, how was the action of the batch file not a repair? It would be a batch file calling out to another program to alter keys in the registry. I wouldn't call it a registry repair program and I don't know many serious coders who would, either. Sure, the batch file appears to be 'repairing' your registry, but, you're using the wrong terminology in so far as repairing goes when it concerns the registry. The example you provided and variations of it are used often in the corporate world to effect settings for custom software with roaming user profiles. I remember doing something similar in the days of novell/win3x/dos to effect certain changes which would be reversed when the next user logged in. I wasn't necessarily reconfiguring the registry (although windows3x sort of had one) but, I was performing manual reconfiguration changes on installed software, depending on the user account accessing the system. I fully understand that I'd be laughed at (and rightfully so) if I claimed I had a registry repair utility and it was a batch file resetting some keys back to default configuration by various people I know from all walks of IT life. In your example, I'd call it a reset utility (that's what you're doing by your own description of what it does. It's not like it's literally reading the registry hive and 'rebuilding' anything concerning them. Either with direct file IO or windows API. It's changing the values for some already existing registry keys and that's all it's doing. While the result might infact repair/fix an issue with a computer, you didn't perform a 'registry repair' in the stricter sense of the meaning. Maybe you like to be very loose with the definition of registry repair? Evidently, the people I'm used to being around as well as myself are a bit more anal with the definition. We prefer more... precision? And without the explanation, not very many will have the opportunity to find out. I hate such programs. It's been my experience that when you start providing technical explanations for what was detected on the typical users machine, they (a) don't care (b) really don't understand what they're reading and (c) would just like to have whatever it is, gone. Er, without destroying (what they think is destroying anyway) the computer with it. In many cases these days, it's essentially, just save my pics and my music. I don't care about the rest style attitude. MBAM has no way of knowing if those values are correct or not as it applies to your machine. It only knows that they are not default values and it's letting you know about that. As, if you didn't change them, you might like to know something else did--That's usually not a good thing when those settings are changed without your knowledge. If you did change them, telling MBAM to ignore them will do just that. It won't bother you about them again. Simple fix yes? If you know what those settings are and know how to configure MBAM as you state. Back to better messages being a good idea. Better messages won't excuse lazyness. The typical user seems to know how to reach google and facebook. Is it really too much for them to use the search engine and search for the words mbam is displaying on the screen? Nobody wants to research anymore? You've got the worlds greatest library card sitting in front of you. Maybe it's because I grew up prior to a computer in every home and the www, etc. I *appreciate* what the internet really is and what I can learn while on it. Computers weren't like they are today when I was first getting started. They didn't do much networking.. they were mostly, you and the computer...BBSes helped significantly, but, the internet.. man, it's something else entirely. So much information, for free, all you have to do is want to know it. It boggles my mind why anybody wouldn't take advantage of what this offers them. So, no, MBAM is NOT damaging the registry by changing the values of those keys. It would be causing damage in that case. If a program will no longer run correctly because of something that MBAM did, then MBAM caused damage. The registry might still be perfectly readable, but with wrong values, there is damage of a sort. Just to be clear, I'm specifically talking about the security center notifications keys as this tends to bring up a lot of threads like this one. I agree with you and the other poster, the wording *should be* rewritten to better explain instead of unnecessarily causing the user to panic. Not everything detected is harmful nor is it malware. With the wrong values, there is a configuration issue in some way. There is no actual registry damage in this case. It's no different than an .ini file of the days long gone by with bad settings inside. Unless you or the OS or the app cannot read all of that file and/or write to it (if it needs to do so), the file isn't damaged. Fix the settings, enjoy your day. OTH, if chkdsk (or whatever you preferred) indicated an actual issue with the file (bad sectors where some of that file was living), then yes, you have damage here and it might be a bit of a problem for you. You'll be recreating that file in another set of sectors, hopefully being able to rebuild it to the point of the program functioning again. If the program is especially well written, it will notice some things are missing and happily fill in the blanks in the .ini file. Am I being clear at this point in what I consider 'registry' damage to actually be? I really don't know of a better example than what I've written here... I'm well aware of that. I did my time with the company. What I meant by the statement is that I'm a former employee of their company. I have certain.. programming related skills which allow me to really take a close look at various types of software. My job was to research live 0day (much of the time) malware samples and teach the product how to scan for it, and remove it, without harming the host in the process. Which means, I reverse engineered thousands (I'm not kidding) of executables and wrote custom definitions or detection rules, whatever you prefer to call them - that allowed the software to offer prevention/detection and cleanup of that particular malware varient. I'm not what you'd call an end user or even a power user. I apologize if I may have mislead you into thinking I was some n00b and/or possible regular joe concerning these machines. I'm not. I'm not writing to defend Malwarebytes. It's your choice or not to use their product. I have nothing to gain or lose by attempting to answer questions and better explain what's actually going on. I have no 'dog in it' as they say here. I saw some bad advice/inaccurate information concerning the program and I explained what it's doing (atleast with respect to the annoying false alarm if you will of the security center defaults). Had the information not be what I'd consider to be 'taking a shot in the dark' by people who aren't knowledgeable concerning the subject, I would have passed the thread on by. I'm posting to correct the inaccurate thoughts/impressions of the program for the benefit of other readers who aren't knowledgeable in this field either, but, need sound advice concerning it. Elsethread, I mention getting a bad error message from a program that I wrote. I corrected the error. That's great. I tend to do the same. I don't like confusing the user. It causes unnecessary technical support. If the program can explain things well on it's own, they don't need to reach out to me. When I supported BugHunter, I made every effort to reduce the need for the user to have to contact me. Nobody who has to use a program of that nature wants to spend their time waiting for a fix to get it running. Or, an explanation they'll understand to make use of it to try and fix the issue they're having. I do understand customer support and good relations. I dropped an AV because after I reported it false-alarming on one of my files (my editor's start-up executable), they dealt with the matter but then undid this with the next file update. Since their software had no option to not quarantine files, I was out my editor. I removed the AV software. I don't blame you in that case. Some AV software QC controls are better/worse than others. Had it an ignore and/or quarantine option and was reliable for detection, I would have reached out to them again to try and resolve the issue. incidently, I had this problem initially with BugHunter. Many AV's wrongly detected it as an actual virus. It took a bit of work on my part to fix that issue. But, that's part of being a coder and supporting your work, too. If that's not something you're willing to do, then, you shouldn't release your program to the public. It's not ready for prime time. You haven't done the QC work on your end. Part of that is ensuring your program will play well with others. AV included. -- Error: Creative signature file missing |
#127
|
|||
|
|||
Malwarebytes warning
masonc
Wed, 02 Dec 2015 23:05:04 GMT in alt.windows7.general, wrote: MB(premium I bought) found 100plus doubts and a couple of serious threats. Tired of seeing all these, I googled a few and learned they were baddies. Tired of googling, I let MP remove them ALL I'm perfectly clean now, no harm, but maybe I'll come back and say my umpty-dump doesn't work any more -- we'll see. Wasn't hard to google what Malwarebytes thought it found and see for yourself if it was a problem or not, right? -- Error: Creative signature file missing |
#128
|
|||
|
|||
Malwarebytes warning
On Fri, 4 Dec 2015 06:04:45 -0000 (UTC), Diesel
wrote: Gene Wirchenko Wed, 02 Dec 2015 23:19:42 GMT in alt.windows7.general, wrote: I'm sorry, but, I disagree with you. One could claim to be correcting the registry by resetting those keys to default simply by turning the notifications back on in the security center. Is the user now a registry repair program? The end result in this example is the same. I used this example because it also applies to MBAM regarding the warnings concerning some keys not being at default settings. That you have to strain so much indicates that your point is not nearly as good as you think it is. I know what a program is, and I think that you do, too. None of your above scenario offers any reason why the user should be considered a program. I'm not straining Gene. I was specifically talking about those keys When you asked whether the user is now a type of program, you were straining. because MBAM has 'alerted' on them for years and these discussions have come up concerning it numerous times on various forums (including their own) as well as usenet. The user obviously isn't a program. I used it, (as I explained) as an example. As MBAM in that case would be doing the same thing the user *could* do with the security center. As far as notification settings. Fact is, MBAM resetting them to defaults is (under the hood now, not the GUI) no different than you doing it via security center. For those who like to do their own reg mods, they likely just fire up their favorite registry editor (MBAM isn't one of those either) and perform the changes themselves. But, to say that a program is 'repairing' the registry because it reset some already existing keys values back to their original configuration isn't the right thing to be stating. It's not technically correct. The registry wasn't broken; even if a key doesn't have the values you or another program thinks it should. If the computer was not performing as wanted, and after the change, it was, the change is a repair. OTH, if you or the program couldn't access the key to read that value due to an actual issue with the registry (think system missing error sometimes found on earlier NT systems without an easy remedy); that actually is registry damage and the fix might require a reinstall of the OS and installed apps that aren't portable in nature. That is another type of problem. It would require a different type of repair. Unless, you have a way of going back to a former working registry hive AND/OR the registry damage isn't severe enough that you can't boot off another media and use regedit to mount it to effect repairs. Or another app, via booting off of external media again. As under that scenario, the installed OS isn't booting; safe mode or otherwise. It actually does have a real registry problem; it cannot properly access one of the files which consist of the registry. ERUNT was developed so the reinstall wouldn't be necessary nearly as often. As long as you actually used it properly. You could boot from external media, copy the saved hive files over the ones on the installed OS, reboot. Walla. I do not disagree that they should rewrite some 'alert' messages to better explain what is actually going on and why it should be of any interest to the user. How about "*I agree that* they should ..."? A batch file that resets certain registry values to known values would be a simple registry repair program. If after that, a program that did not work now works, how was the action of the batch file not a repair? It would be a batch file calling out to another program to alter keys in the registry. I wouldn't call it a registry repair program and I don't know many serious coders who would, either. Sure, the batch That is the implementation of the repair, yes. file appears to be 'repairing' your registry, but, you're using the wrong terminology in so far as repairing goes when it concerns the registry. Nope. The example you provided and variations of it are used often in the corporate world to effect settings for custom software with roaming user profiles. I remember doing something similar in the days of novell/win3x/dos to effect certain changes which would be reversed when the next user logged in. I wasn't necessarily reconfiguring the registry (although windows3x sort of had one) but, I was performing manual reconfiguration changes on installed software, depending on the user account accessing the system. I fully understand that I'd be laughed at (and rightfully so) if I claimed I had a registry repair utility and it was a batch file resetting some keys back to default configuration by various people I know from all walks of IT life. If you claimed it handled all registry repair, yes, but please note that I have not done that. I simply claim that any program that makes repairs is a repair program. In your example, I'd call it a reset utility (that's what you're doing by your own description of what it does. It's not like it's literally reading the registry hive and 'rebuilding' anything concerning them. Either with direct file IO or windows API. It's changing the values for some already existing registry keys and that's all it's doing. While the result might infact repair/fix an issue with a computer, you didn't perform a 'registry repair' in the stricter sense of the meaning. Yes, in that case, I most definitely would have repaired the registry. Small repairs are still repairs. Replacing a flat tire on a car is a car repair although it is not nearly as big a job as replacing the engine. Maybe you like to be very loose with the definition of registry repair? Evidently, the people I'm used to being around as well as myself are a bit more anal with the definition. We prefer more... precision? No, I like to be more precise. Rather than peevishly limiting the use of a word to far less than what its definition covers, I prefer to use the full gamut of a word's meaning. And without the explanation, not very many will have the opportunity to find out. I hate such programs. It's been my experience that when you start providing technical explanations for what was detected on the typical users machine, they (a) don't care (b) really don't understand what they're reading and (c) would just like to have whatever it is, gone. Er, without destroying (what they think is destroying anyway) the computer with it. In many cases these days, it's essentially, just save my pics and my music. I don't care about the rest style attitude. Or (d) appreciate the information. You make (d) nearly impossible and then complain the users only want (a), (b), and (c). Make the information available for those who want it. MBAM has no way of knowing if those values are correct or not as it applies to your machine. It only knows that they are not default values and it's letting you know about that. As, if you didn't change them, you might like to know something else did--That's usually not a good thing when those settings are changed without your knowledge. If you did change them, telling MBAM to ignore them will do just that. It won't bother you about them again. Simple fix yes? If you know what those settings are and know how to configure MBAM as you state. Back to better messages being a good idea. Better messages won't excuse lazyness. The typical user seems to know how to reach google and facebook. Is it really too much for them to use the search engine and search for the words mbam is displaying on the screen? Let us reverse that and put the onus on the programmers. In case you forgot, they are the supposed experts provding a product to help others. The little bit of time saved by the programmers won't excuse lazyness. The typical programmer seems to know how to think and type. Is it really too much for them to use these skills to write better error messages? Nobody wants to research anymore? You've got the worlds greatest library card sitting in front of you. Maybe it's because I grew up prior to a computer in every home and the www, etc. I *appreciate* what the internet really is and what I can learn while on it. No, but when knows very little in an area, it can be very difficult to do research. Not knowing the terminology of a field makes Web searches rather difficult. Computers weren't like they are today when I was first getting started. They didn't do much networking.. they were mostly, you and the computer...BBSes helped significantly, but, the internet.. man, it's something else entirely. So much information, for free, all you have to do is want to know it. It boggles my mind why anybody wouldn't take advantage of what this offers them. Being unable to find it. I have occasionally had some horrible frustrations trying to dig out information; what I was looking for was not esoteric either. Are you familiar with this quote? "Usenet is like a herd of performing elephants with diarrhea- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind boggling amounts of excrement when you least expect it." -- Gene Spafford So, no, MBAM is NOT damaging the registry by changing the values of those keys. It would be causing damage in that case. If a program will no longer run correctly because of something that MBAM did, then MBAM caused damage. The registry might still be perfectly readable, but with wrong values, there is damage of a sort. Just to be clear, I'm specifically talking about the security center notifications keys as this tends to bring up a lot of threads like this one. I agree with you and the other poster, the wording *should be* rewritten to better explain instead of unnecessarily causing the user to panic. Not everything detected is harmful nor is it malware. Exactly. With the wrong values, there is a configuration issue in some way. There is no actual registry damage in this case. It's no different than an .ini file of the days long gone by with bad settings inside. Unless you or the OS or the app cannot read all of that file and/or write to it (if it needs to do so), the file isn't damaged. Fix the settings, enjoy your day. Which is a repair. Whether the repair is at the physical level or at the logical level of the registry or at the even higher logical level of a system working as needed, it is a repair. OTH, if chkdsk (or whatever you preferred) indicated an actual issue with the file (bad sectors where some of that file was living), then yes, you have damage here and it might be a bit of a problem for you. That is another level that repair can be done at. See my previous paragraph. You'll be recreating that file in another set of sectors, hopefully being able to rebuild it to the point of the program functioning again. If the program is especially well written, it will notice some things are missing and happily fill in the blanks in the .ini file. Am I being clear at this point in what I consider 'registry' damage to actually be? I really don't know of a better example than what I've written here... You are quite clear about what you consider repair to be. You are also mistaken. There are other actions that also qualify as repair. I'm well aware of that. I did my time with the company. What I meant by the statement is that I'm a former employee of their company. I have certain.. programming related skills which allow me to really take a close look at various types of software. My job was to research live 0day (much of the time) malware samples and teach the product how to scan for it, and remove it, without harming the host in the process. Which means, I reverse engineered thousands (I'm not kidding) of executables and wrote custom definitions or detection rules, whatever you prefer to call them - that allowed the software to offer prevention/detection and cleanup of that particular malware varient. I'm not what you'd call an end user or even a power user. I apologize if I may have mislead you into thinking I was some n00b and/or possible regular joe concerning these machines. I'm not. You have not. I'm not writing to defend Malwarebytes. It's your choice or not to use their product. I have nothing to gain or lose by attempting to answer questions and better explain what's actually going on. I have no 'dog in it' as they say here. Of course. I would simply prefer a much less antagonistic environment for those who need help. Redefining terms like "repair" is one. It immediately creates a disconnect between the user and the support people. I saw some bad advice/inaccurate information concerning the program and I explained what it's doing (atleast with respect to the annoying false alarm if you will of the security center defaults). Had the information not be what I'd consider to be 'taking a shot in the dark' by people who aren't knowledgeable concerning the subject, I would have passed the thread on by. I'm posting to correct the inaccurate thoughts/impressions of the program for the benefit of other readers who aren't knowledgeable in this field either, but, need sound advice concerning it. It appears that Mayayana had it quite right, and several people have jumped him for that. Imaghine how this thread would have gone if some had replied like "I like MBAM and find it very useful, but yes, some of those messages are rather uninformative." Elsethread, I mention getting a bad error message from a program that I wrote. I corrected the error. That's great. I tend to do the same. I don't like confusing the user. It causes unnecessary technical support. If the program can explain things well on it's own, they don't need to reach out to me. When I supported BugHunter, I made every effort to reduce the need for the user to have to contact me. Nobody who has to use a program of that nature wants to spend their time waiting for a fix to get it running. Or, an explanation they'll understand to make use of it to try and fix the issue they're having. I do understand customer support and good relations. Add to that saving the user from having to research what your program just told him in order to be able to understand it. Write to your audience. I dropped an AV because after I reported it false-alarming on one of my files (my editor's start-up executable), they dealt with the matter but then undid this with the next file update. Since their software had no option to not quarantine files, I was out my editor. I removed the AV software. I don't blame you in that case. Some AV software QC controls are better/worse than others. Had it an ignore and/or quarantine option and was reliable for detection, I would have reached out to them again to try and resolve the issue. My work was critically affected, and I did not know that removing the AV would work. Fortunately, it did. Additionally, the company had not gotten back to me. I had no assurance that the matter would be dealt with. (If someone goes to the trouble of submitting something to you, an E-mail acknowledging and stating what will happen is basic courtesy.) incidently, I had this problem initially with BugHunter. Many AV's wrongly detected it as an actual virus. It took a bit of work on my part to fix that issue. But, that's part of being a coder and supporting your work, too. If that's not something you're willing to do, then, you shouldn't release your program to the public. It's not ready for prime time. Blame the victim much? Maybe, the AV software is not ready for prime time. You haven't done the QC work on your end. Part of that is ensuring your program will play well with others. AV included. Does this apply to AV software? Considering that, by its nature, AV software deals with a lot of programs, it should and even more so. Sincerely, Gene Wirchenko |
#129
|
|||
|
|||
Malwarebytes warning
On Fri, 4 Dec 2015 06:04:46 -0000 (UTC), Diesel
wrote: masonc Wed, 02 Dec 2015 23:05:04 GMT in alt.windows7.general, wrote: MB(premium I bought) found 100plus doubts and a couple of serious threats. Tired of seeing all these, I googled a few and learned they were baddies. Tired of googling, I let MP remove them ALL I'm perfectly clean now, no harm, but maybe I'll come back and say my umpty-dump doesn't work any more -- we'll see. Wasn't hard to google what Malwarebytes thought it found and see for yourself if it was a problem or not, right? RIGHT, but tedious task if they've been allowed to accumulate. Doing it routinely should be no problem -- and instructive. |
#130
|
|||
|
|||
Malwarebytes warning
Gene Wirchenko
Fri, 04 Dec 2015 17:51:25 GMT in alt.windows7.general, wrote: OTH, if you or the program couldn't access the key to read that value due to an actual issue with the registry (think system missing error sometimes found on earlier NT systems without an easy remedy); that actually is registry damage and the fix might require a reinstall of the OS and installed apps that aren't portable in nature. That is another type of problem. It would require a different type of repair. Uhh, no. It actually would require a 'registry repair'. Or (d) appreciate the information. You make (d) nearly impossible and then complain the users only want (a), (b), and (c). Make the information available for those who want it. I don't make anything nearly impossible. I don't run into many users where D would qualify. Perhaps you do. If that's the case, you should feel very lucky. many techs like myself don't have such luxuries. Nobody wants to research anymore? You've got the worlds greatest library card sitting in front of you. Maybe it's because I grew up prior to a computer in every home and the www, etc. I *appreciate* what the internet really is and what I can learn while on it. No, but when knows very little in an area, it can be very difficult to do research. Not knowing the terminology of a field makes Web searches rather difficult. you don't need to know the 'terminology' to copy/paste what you see from mbam into your favorite search engine. If you're a high school age user or older and you can't do effective research, we have a serious problem that MBAM nor any other programmer is going to be able to fix. What's the point then in providing extra detailed information for the user, if they don't get the terminology used anyway? I already covered this previously, in another post. It's a waste of the programmers time. If they can't be arsed to google what mbam displays, they damn sure aren't going to google the words in the description they don't know. So, there's no real point in having some malware 'database' that the average joe won't actually explore. Instead, they could rewrite some of the messages to better explain what's actually going on. The average joe would appreciate that. I can't even count the number of technicians who would. Are you familiar with this quote? "Usenet is like a herd of performing elephants with diarrhea- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind boggling amounts of excrement when you least expect it." -- Gene Spafford I have, but, usenet alone doesn't encompass all of the internet, either. I'd never limit my options in such a way. You'll be recreating that file in another set of sectors, hopefully being able to rebuild it to the point of the program functioning again. If the program is especially well written, it will notice some things are missing and happily fill in the blanks in the .ini file. Am I being clear at this point in what I consider 'registry' damage to actually be? I really don't know of a better example than what I've written here... You are quite clear about what you consider repair to be. You are also mistaken. There are other actions that also qualify as repair. We'll just have to agree to disagree on that point, then. I saw some bad advice/inaccurate information concerning the program and I explained what it's doing (atleast with respect to the annoying false alarm if you will of the security center defaults). Had the information not be what I'd consider to be 'taking a shot in the dark' by people who aren't knowledgeable concerning the subject, I would have passed the thread on by. I'm posting to correct the inaccurate thoughts/impressions of the program for the benefit of other readers who aren't knowledgeable in this field either, but, need sound advice concerning it. It appears that Mayayana had it quite right, and several people have jumped him for that. Imaghine how this thread would have gone if some had replied like "I like MBAM and find it very useful, but yes, some of those messages are rather uninformative." Again, we'll have to agree to disagree on this point too. I don't believe Mayayana had it quite right. I covered that in a previous post, though. incidently, I had this problem initially with BugHunter. Many AV's wrongly detected it as an actual virus. It took a bit of work on my part to fix that issue. But, that's part of being a coder and supporting your work, too. If that's not something you're willing to do, then, you shouldn't release your program to the public. It's not ready for prime time. Blame the victim much? Maybe, the AV software is not ready for prime time. I didn't blame the victim. A programmer can hardly call him/herself a victim here. It really is on them to try and ensure their program will play well with the majority of software that one might find on a typical users PC. The corporate world is another beast altogether. AV/AM software can be very complex, actually. I simplified some of the processes and their outcomes good and bad in a previous post. If you wish to read it. Granted, some are better/worse than others, but the majority are ready for prime time, despite the risk of an occasional false hit. -- Error: Creative signature file missing |
Thread Tools | |
Display Modes | Rate This Thread |
|
|