Malwarebytes warning

"Gene Wirchenko" wrote in message
...

On Tue, 1 Dec 2015 18:05:51 -0700, "Buffalo"
wrote:

[snip]

So, why are you bashing MBAM when you have almost NO experience with it or
other anti-malware programs' actions or other anti-virus programs' actions
or deficiencies?

One general reason would be that a program is awkward or
difficult to use effectively. A program that is awkward or difficult
to use does make it difficult to get experience with it.

I believe that any anti-virus or anti-malware program might delete things
(or programs or registry keys) if you set them on automatic. don't you?

Mayayana has been discussing the impact on people who do not know
much about such programs. Why expect such people to be aware of how
such programs work?

So, if you agree, why not say that instead of dissing MBAM (that's
MalwareBytesAnti-Malware, MBAM, and not MalwareBytesAnti-Exploit, MBAE or
another MB prodict?

Programs can be made easier to use.

Sincerely,

Gene Wirchenko

Like I tried to get across earlier, MBAM is not unique among the top
anti-virus and top anti-malware programs that might delete useful stuff when
left on automatic.
The 'easiest' way to use those programs is to let them do 'everything'
automatically, isn't it? Is that the 'best' way, not in my opinion.
--
Buffalo

"Gene Wirchenko" wrote in message
...

On Tue, 1 Dec 2015 13:04:05 -0700, "Buffalo"
wrote:

"Gene Wirchenko" wrote in message
. ..

[snip]

I am not against it. I am against the abuse. If I can avoid
using MBAM, I will. (That is currently the case, and may it stay so.)
If I had to, then I would, but as a last resort.

If you used it and had a problem with it and posted what the problem was,
you would most likely get good help.
Not like the other person who did nothing but bash the program.
Still, it is your choice.

He did not. He pointed out shortcomings of it. As a systems
analyst, I might do much the same asking what a particular message
meant, and complaining that it was rather unclear. I have run into
all too many situations where the error messages and documentation
were unclear (or even absent). The consequent waste of time is,
obviously, a waste of time. You may like the taste of MBAM Kool-Aid,
but some of us do not.

Not so long ago, I had a program give me an unclear error
message. Since it was my own program, I corrected the error.

Sincerely,

Gene Wirchenko

Too bad you didn't trust the program you wrote enough to let it
automatically correct the problem.
--
Buffalo

In message , masonc
writes:
[]
On the other hand, and just for the record,

MB(premium I bought) found 100plus doubts and a couple of serious

[Ooh, apparently you're not allowed to call it just MB (-:!]

threats. Tired of seeing all these, I googled a few and learned they
were baddies. Tired of googling, I let MP remove them ALL
I'm perfectly clean now, no harm, but maybe I'll come back and say my
umpty-dump doesn't work any more -- we'll see.

But, of course, that might be after sufficient time that you don't
connect your umpty-dump not working with having run "MB".

Now, where have I read that sort of thing before? Ah yes, people writing
about the evils of registry cleaners. Tend to be the same people who
reach for MBAM (see, I know what to call it) for everything ...

(Just stirring ...)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

offensive speech is something to be protected, not celebrated.
- "yoni", 2015-8-5

"Diesel" wrote in message
...
"Ophelia"
Tue, 01 Dec 2015 10:14:23 GMT in alt.windows7.general, wrote:

"Diesel" wrote in message
...
"Ophelia"
Mon, 30 Nov 2015 11:34:17 GMT
in alt.windows7.general, wrote:

Now, on a positive note ... I ventured into the settings and
looked at the times it turns itself on.

I have taken out the one 'start MB with windows' which has made a
huge difference to boot up times.

Do you have the paid version or are you running the trial copy?

Paid version!

You don't see the icon in your tray anymore then? If this is indeed the
case, please be sure you open the program manually and ensure the
resident protection module IS enabled and running. If not, you aren't
getting the benefits that you paid for.


I do have the icon in my tray! I put it there myself after it disappeared


--
http://www.helpforheroes.org.uk/shop/

"Mayayana"
Wed, 02 Dec 2015 04:19:38 GMT in alt.windows7.general, wrote:

| MBAM has no way of knowing if those values are correct or not as
| it applies to your machine. It only knows that they are not
| default values and it's letting you know about that.

That's a bit misleading. First, it's not letting you
that you have non-default settings. It's just telling
you that you have yellow alert malware in the Registry.

With regard to the security center notification keys not being
default, I didn't mislead you or anyone else in the least little
bit. I do not disagree with you concerning that the phrasing could
be rewritten to better explain what's been detected and why it
matters to the user. I believe it would also help to stop labeling
everything as an infection too. We both know a registry key alone
isn't an infection. [g]

It's also worth noting, as I previously stated, contacting them
about false alarms is not a bad thing. It helps you and it helps
them. If you're affected by a false alarm, there's a good chance
someone else is as well. It's entirely possible this issue will be
caught quickly and corrected with another definitions update.

In the meantime, if you know these are okay keys and no changes of
any kind need to be made to them, you can tell MBAM not to touch
them and ignore those exact keys in the future; So you don't have to
wait for Malwarebytes to correct the definitions and you don't
continue to have to tell the program not to do anything to those
keys.

No, it's not a perfect solution, I agree, but, it is a possible
temporary fix for your issue that won't present an unnecessary risk
to your system/software configuration.

Please, understand, NO app of this kind is going to be 100% false
positive free. It's just not possible due to the way the
technologies work and the way software is written.

A large majority of malware these days is written in an HLL
language, identical to the ones you or someone else might be using.
VB, and/or Visual C++ for example. As a result, some of the malware
and your legit programs share some common code. Sometimes, this code
can be found in both programs in the same place (either virtually
and/or physically)

If this section of code was thought to have been unique to the
malware and wasn't expected to be seen in legit programs, it's
entirely possible the AV/AM software is going to falsely assume it's
the malware sample.

Your program might due to the way the compiler decided to treat the
code you wrote; (sometimes, your programs flow isn't what it looks
like it should be to you in the source code when the final product
is produced. You lose a lot of control when using an HLL) appear to
be calling routines/functions and doing other things the same way a
known malware sample would.

More advanced AV/AM technologies are likely to false hit this program
as a result. IE: your programs actual behavior when executing matches
that of a known bad guy. You didn't do this on purpose, but, because
you didn't know what your code is really converted to or how the
compiler actually works, this is the result you sometimes get.

Sometimes, the process is as simple as physically moving the
location of some support routines and recompiling. You won't always
have to make changes directly to the code to support what you've
done, depending on the language used.

You can literally cut/paste (simplification again) some subroutines
and switch their positions in your source code. This may cause the
compiler, for code optimization sake, to reconsider how it builds the
final executable. As a result of the different internal structure,
the AV/AM is more likely not to falsely consider it malware.

I'm over simplifying the process so that you can better understand
how this happens sometimes. None of this includes the actual human
error side; where a bad/poorly researched definition is sometimes
created. Sadly, that can happen too. With any company and any
program.

Considering the sheer amount of HLL based malware samples and the
millions of lines of definitions (probably trillions if you include
all AV/AM), it's not mathematically realistic to expect you can
avoid an HLL legit program from an HLL malware program 100% of the
time. It's just not feasable.

So you take a calculated risk when running any of these programs.
Hopefully the protection gains outweigh the risk of your system
having legit software that's confused for malware. That's the game
your playing in this case.

To decrease your odds of losing, it's best not to let the program do
everything automatically, do make use of quarantine option, do
research things the program claims to have detected before you make
potentially hasty decisions due to panic. And by program, I mean
any AV/AM program.

In the event you allow it to kill/remove/disable something it
shouldn't have, as long as quarantine works and you used it
previously, you *should* be able to 'undo' the effects and bring the
legit program back to working order.

At the end of the day, I think it's a bit premature of you to decide
never to use the program again because of this single experience
with it. It does tend to do well and protects many users machines
from otherwise harmful software.

--
Error: Creative signature file missing

Gene Wirchenko
Wed, 02 Dec 2015
23:19:42 GMT in alt.windows7.general, wrote:

I'm sorry, but, I disagree with you. One could claim to be
correcting the registry by resetting those keys to default simply
by turning the notifications back on in the security center. Is
the user now a registry repair program? The end result in this
example is the same. I used this example because it also applies
to MBAM regarding the warnings concerning some keys not being at
default settings.

That you have to strain so much indicates that your point is
not nearly as good as you think it is. I know what a program is,
and I think that you do, too. None of your above scenario offers
any reason why the user should be considered a program.

I'm not straining Gene. I was specifically talking about those keys
because MBAM has 'alerted' on them for years and these discussions
have come up concerning it numerous times on various forums
(including their own) as well as usenet. The user obviously isn't a
program. I used it, (as I explained) as an example. As MBAM in that
case would be doing the same thing the user *could* do with the
security center. As far as notification settings.

Fact is, MBAM resetting them to defaults is (under the hood now, not
the GUI) no different than you doing it via security center. For
those who like to do their own reg mods, they likely just fire up
their favorite registry editor (MBAM isn't one of those either) and
perform the changes themselves.

But, to say that a program is 'repairing' the registry because it
reset some already existing keys values back to their original
configuration isn't the right thing to be stating. It's not
technically correct. The registry wasn't broken; even if a key
doesn't have the values you or another program thinks it should.

OTH, if you or the program couldn't access the key to read that value
due to an actual issue with the registry (think system missing error
sometimes found on earlier NT systems without an easy remedy); that
actually is registry damage and the fix might require a reinstall of
the OS and installed apps that aren't portable in nature.

Unless, you have a way of going back to a former working registry
hive AND/OR the registry damage isn't severe enough that you can't
boot off another media and use regedit to mount it to effect repairs.
Or another app, via booting off of external media again. As under
that scenario, the installed OS isn't booting; safe mode or
otherwise. It actually does have a real registry problem; it cannot
properly access one of the files which consist of the registry.

ERUNT was developed so the reinstall wouldn't be necessary nearly as
often. As long as you actually used it properly. You could boot from
external media, copy the saved hive files over the ones on the
installed OS, reboot. Walla.

I do not disagree that they should rewrite some 'alert' messages to
better explain what is actually going on and why it should be of any
interest to the user.

A batch file that resets certain registry values to known
values would be a simple registry repair program. If after that,
a program that did not work now works, how was the action of the
batch file not a repair?

It would be a batch file calling out to another program to alter keys
in the registry. I wouldn't call it a registry repair program and I
don't know many serious coders who would, either. Sure, the batch
file appears to be 'repairing' your registry, but, you're using the
wrong terminology in so far as repairing goes when it concerns the
registry.

The example you provided and variations of it are used often in the
corporate world to effect settings for custom software with roaming
user profiles.

I remember doing something similar in the days of novell/win3x/dos to
effect certain changes which would be reversed when the next user
logged in. I wasn't necessarily reconfiguring the registry (although
windows3x sort of had one) but, I was performing manual
reconfiguration changes on installed software, depending on the user
account accessing the system.

I fully understand that I'd be laughed at (and rightfully so) if I
claimed I had a registry repair utility and it was a batch file
resetting some keys back to default configuration by various people I
know from all walks of IT life.


In your example, I'd call it a reset utility (that's what you're
doing by your own description of what it does. It's not like it's
literally reading the registry hive and 'rebuilding' anything
concerning them. Either with direct file IO or windows API. It's
changing the values for some already existing registry keys and
that's all it's doing. While the result might infact repair/fix an
issue with a computer, you didn't perform a 'registry repair' in the
stricter sense of the meaning.

Maybe you like to be very loose with the definition of registry
repair? Evidently, the people I'm used to being around as well as
myself are a bit more anal with the definition. We prefer more...
precision?



And without the explanation, not very many will have the
opportunity to find out. I hate such programs.

It's been my experience that when you start providing technical
explanations for what was detected on the typical users machine, they
(a) don't care (b) really don't understand what they're reading and
(c) would just like to have whatever it is, gone. Er, without
destroying (what they think is destroying anyway) the computer with
it. In many cases these days, it's essentially, just save my pics and
my music. I don't care about the rest style attitude.


MBAM has no way of knowing if those values are correct or not as
it applies to your machine. It only knows that they are not
default values and it's letting you know about that. As, if you
didn't change them, you might like to know something else
did--That's usually not a good thing when those settings are
changed without your knowledge.

If you did change them, telling MBAM to ignore them will do just
that. It won't bother you about them again. Simple fix yes?

If you know what those settings are and know how to configure
MBAM as you state. Back to better messages being a good idea.

Better messages won't excuse lazyness. The typical user seems to know
how to reach google and facebook. Is it really too much for them to
use the search engine and search for the words mbam is displaying on
the screen?

Nobody wants to research anymore? You've got the worlds greatest
library card sitting in front of you. Maybe it's because I grew up
prior to a computer in every home and the www, etc. I *appreciate*
what the internet really is and what I can learn while on it.

Computers weren't like they are today when I was first getting
started. They didn't do much networking.. they were mostly, you and
the computer...BBSes helped significantly, but, the internet.. man,
it's something else entirely. So much information, for free, all
you have to do is want to know it. It boggles my mind why anybody
wouldn't take advantage of what this offers them.

So, no, MBAM is NOT damaging the registry by changing the values
of those keys.

It would be causing damage in that case. If a program will
no
longer run correctly because of something that MBAM did, then MBAM
caused damage. The registry might still be perfectly readable,
but with wrong values, there is damage of a sort.

Just to be clear, I'm specifically talking about the security center
notifications keys as this tends to bring up a lot of threads like
this one. I agree with you and the other poster, the wording
*should be* rewritten to better explain instead of unnecessarily
causing the user to panic. Not everything detected is harmful nor is
it malware.

With the wrong values, there is a configuration issue in some way.
There is no actual registry damage in this case. It's no different
than an .ini file of the days long gone by with bad settings inside.
Unless you or the OS or the app cannot read all of that file and/or
write to it (if it needs to do so), the file isn't damaged. Fix the
settings, enjoy your day.

OTH, if chkdsk (or whatever you preferred) indicated an actual issue
with the file (bad sectors where some of that file was living), then
yes, you have damage here and it might be a bit of a problem for you.

You'll be recreating that file in another set of sectors, hopefully
being able to rebuild it to the point of the program functioning
again. If the program is especially well written, it will notice some
things are missing and happily fill in the blanks in the .ini file.

Am I being clear at this point in what I consider 'registry' damage
to actually be? I really don't know of a better example than what
I've written here...

I'm well aware of that. I did my time with the company.

What I meant by the statement is that I'm a former employee of their
company. I have certain.. programming related skills which allow me
to really take a close look at various types of software. My job was
to research live 0day (much of the time) malware samples and teach
the product how to scan for it, and remove it, without harming the
host in the process. Which means, I reverse engineered thousands (I'm
not kidding) of executables and wrote custom definitions or detection
rules, whatever you prefer to call them - that allowed the software
to offer prevention/detection and cleanup of that particular malware
varient.

I'm not what you'd call an end user or even a power user. I apologize
if I may have mislead you into thinking I was some n00b and/or
possible regular joe concerning these machines. I'm not.

I'm not writing to defend Malwarebytes. It's your choice or not to
use their product. I have nothing to gain or lose by attempting to
answer questions and better explain what's actually going on. I have
no 'dog in it' as they say here.

I saw some bad advice/inaccurate information concerning the program
and I explained what it's doing (atleast with respect to the annoying
false alarm if you will of the security center defaults). Had the
information not be what I'd consider to be 'taking a shot in the
dark' by people who aren't knowledgeable concerning the subject, I
would have passed the thread on by. I'm posting to correct the
inaccurate thoughts/impressions of the program for the benefit of
other readers who aren't knowledgeable in this field either, but,
need sound advice concerning it.

Elsethread, I mention getting a bad error message from a
program that I wrote. I corrected the error.

That's great. I tend to do the same. I don't like confusing the user.
It causes unnecessary technical support. If the program can
explain things well on it's own, they don't need to reach out to me.

When I supported BugHunter, I made every effort to reduce the need
for the user to have to contact me. Nobody who has to use a program
of that nature wants to spend their time waiting for a fix to get it
running. Or, an explanation they'll understand to make use of it to
try and fix the issue they're having. I do understand customer
support and good relations.

I dropped an AV because after I reported it false-alarming on
one of my files (my editor's start-up executable), they dealt
with the matter but then undid this with the next file update.
Since their software had no option to not quarantine files, I was
out my editor. I removed the AV software.

I don't blame you in that case. Some AV software QC controls are
better/worse than others. Had it an ignore and/or quarantine option
and was reliable for detection, I would have reached out to them
again to try and resolve the issue.

incidently, I had this problem initially with BugHunter. Many AV's
wrongly detected it as an actual virus. It took a bit of work on my
part to fix that issue. But, that's part of being a coder and
supporting your work, too.

If that's not something you're willing to do, then, you shouldn't
release your program to the public. It's not ready for prime time.
You haven't done the QC work on your end. Part of that is ensuring
your program will play well with others. AV included.


--
Error: Creative signature file missing

masonc
Wed, 02 Dec 2015
23:05:04 GMT in alt.windows7.general, wrote:

MB(premium I bought) found 100plus doubts and a couple of serious
threats. Tired of seeing all these, I googled a few and learned
they were baddies. Tired of googling, I let MP remove them ALL
I'm perfectly clean now, no harm, but maybe I'll come back and say
my umpty-dump doesn't work any more -- we'll see.

Wasn't hard to google what Malwarebytes thought it found and see for
yourself if it was a problem or not, right?





--
Error: Creative signature file missing

On Fri, 4 Dec 2015 06:04:45 -0000 (UTC), Diesel
wrote:

Gene Wirchenko
Wed, 02 Dec 2015
23:19:42 GMT in alt.windows7.general, wrote:

I'm sorry, but, I disagree with you. One could claim to be
correcting the registry by resetting those keys to default simply
by turning the notifications back on in the security center. Is
the user now a registry repair program? The end result in this
example is the same. I used this example because it also applies
to MBAM regarding the warnings concerning some keys not being at
default settings.

That you have to strain so much indicates that your point is
not nearly as good as you think it is. I know what a program is,
and I think that you do, too. None of your above scenario offers
any reason why the user should be considered a program.

I'm not straining Gene. I was specifically talking about those keys

When you asked whether the user is now a type of program, you
were straining.

because MBAM has 'alerted' on them for years and these discussions
have come up concerning it numerous times on various forums
(including their own) as well as usenet. The user obviously isn't a
program. I used it, (as I explained) as an example. As MBAM in that
case would be doing the same thing the user *could* do with the
security center. As far as notification settings.

Fact is, MBAM resetting them to defaults is (under the hood now, not
the GUI) no different than you doing it via security center. For
those who like to do their own reg mods, they likely just fire up
their favorite registry editor (MBAM isn't one of those either) and
perform the changes themselves.

But, to say that a program is 'repairing' the registry because it
reset some already existing keys values back to their original
configuration isn't the right thing to be stating. It's not
technically correct. The registry wasn't broken; even if a key
doesn't have the values you or another program thinks it should.

If the computer was not performing as wanted, and after the
change, it was, the change is a repair.

OTH, if you or the program couldn't access the key to read that value
due to an actual issue with the registry (think system missing error
sometimes found on earlier NT systems without an easy remedy); that
actually is registry damage and the fix might require a reinstall of
the OS and installed apps that aren't portable in nature.

That is another type of problem. It would require a different
type of repair.

Unless, you have a way of going back to a former working registry
hive AND/OR the registry damage isn't severe enough that you can't
boot off another media and use regedit to mount it to effect repairs.
Or another app, via booting off of external media again. As under
that scenario, the installed OS isn't booting; safe mode or
otherwise. It actually does have a real registry problem; it cannot
properly access one of the files which consist of the registry.

ERUNT was developed so the reinstall wouldn't be necessary nearly as
often. As long as you actually used it properly. You could boot from
external media, copy the saved hive files over the ones on the
installed OS, reboot. Walla.

I do not disagree that they should rewrite some 'alert' messages to
better explain what is actually going on and why it should be of any
interest to the user.

How about "*I agree that* they should ..."?

A batch file that resets certain registry values to known
values would be a simple registry repair program. If after that,
a program that did not work now works, how was the action of the
batch file not a repair?

It would be a batch file calling out to another program to alter keys
in the registry. I wouldn't call it a registry repair program and I
don't know many serious coders who would, either. Sure, the batch

That is the implementation of the repair, yes.

file appears to be 'repairing' your registry, but, you're using the
wrong terminology in so far as repairing goes when it concerns the
registry.

Nope.

The example you provided and variations of it are used often in the
corporate world to effect settings for custom software with roaming
user profiles.

I remember doing something similar in the days of novell/win3x/dos to
effect certain changes which would be reversed when the next user
logged in. I wasn't necessarily reconfiguring the registry (although
windows3x sort of had one) but, I was performing manual
reconfiguration changes on installed software, depending on the user
account accessing the system.

I fully understand that I'd be laughed at (and rightfully so) if I
claimed I had a registry repair utility and it was a batch file
resetting some keys back to default configuration by various people I
know from all walks of IT life.

If you claimed it handled all registry repair, yes, but please
note that I have not done that. I simply claim that any program that
makes repairs is a repair program.

In your example, I'd call it a reset utility (that's what you're
doing by your own description of what it does. It's not like it's
literally reading the registry hive and 'rebuilding' anything
concerning them. Either with direct file IO or windows API. It's
changing the values for some already existing registry keys and
that's all it's doing. While the result might infact repair/fix an
issue with a computer, you didn't perform a 'registry repair' in the
stricter sense of the meaning.

Yes, in that case, I most definitely would have repaired the
registry. Small repairs are still repairs. Replacing a flat tire on
a car is a car repair although it is not nearly as big a job as
replacing the engine.

Maybe you like to be very loose with the definition of registry
repair? Evidently, the people I'm used to being around as well as
myself are a bit more anal with the definition. We prefer more...
precision?

No, I like to be more precise. Rather than peevishly limiting
the use of a word to far less than what its definition covers, I
prefer to use the full gamut of a word's meaning.

And without the explanation, not very many will have the
opportunity to find out. I hate such programs.

It's been my experience that when you start providing technical
explanations for what was detected on the typical users machine, they
(a) don't care (b) really don't understand what they're reading and
(c) would just like to have whatever it is, gone. Er, without
destroying (what they think is destroying anyway) the computer with
it. In many cases these days, it's essentially, just save my pics and
my music. I don't care about the rest style attitude.

Or (d) appreciate the information. You make (d) nearly
impossible and then complain the users only want (a), (b), and (c).
Make the information available for those who want it.

MBAM has no way of knowing if those values are correct or not as
it applies to your machine. It only knows that they are not
default values and it's letting you know about that. As, if you
didn't change them, you might like to know something else
did--That's usually not a good thing when those settings are
changed without your knowledge.

If you did change them, telling MBAM to ignore them will do just
that. It won't bother you about them again. Simple fix yes?

If you know what those settings are and know how to configure
MBAM as you state. Back to better messages being a good idea.

Better messages won't excuse lazyness. The typical user seems to know
how to reach google and facebook. Is it really too much for them to
use the search engine and search for the words mbam is displaying on
the screen?

Let us reverse that and put the onus on the programmers. In case
you forgot, they are the supposed experts provding a product to help
others.

The little bit of time saved by the programmers won't excuse
lazyness. The typical programmer seems to know how to think and type.
Is it really too much for them to use these skills to write better
error messages?

Nobody wants to research anymore? You've got the worlds greatest
library card sitting in front of you. Maybe it's because I grew up
prior to a computer in every home and the www, etc. I *appreciate*
what the internet really is and what I can learn while on it.

No, but when knows very little in an area, it can be very
difficult to do research. Not knowing the terminology of a field
makes Web searches rather difficult.

Computers weren't like they are today when I was first getting
started. They didn't do much networking.. they were mostly, you and
the computer...BBSes helped significantly, but, the internet.. man,
it's something else entirely. So much information, for free, all
you have to do is want to know it. It boggles my mind why anybody
wouldn't take advantage of what this offers them.

Being unable to find it. I have occasionally had some horrible
frustrations trying to dig out information; what I was looking for was
not esoteric either.

Are you familiar with this quote? "Usenet is like a herd of
performing elephants with diarrhea- massive, difficult to redirect,
awe-inspiring, entertaining, and a source of mind boggling amounts of
excrement when you least expect it." -- Gene Spafford

So, no, MBAM is NOT damaging the registry by changing the values
of those keys.

It would be causing damage in that case. If a program will
no
longer run correctly because of something that MBAM did, then MBAM
caused damage. The registry might still be perfectly readable,
but with wrong values, there is damage of a sort.

Just to be clear, I'm specifically talking about the security center
notifications keys as this tends to bring up a lot of threads like
this one. I agree with you and the other poster, the wording
*should be* rewritten to better explain instead of unnecessarily
causing the user to panic. Not everything detected is harmful nor is
it malware.

Exactly.

With the wrong values, there is a configuration issue in some way.
There is no actual registry damage in this case. It's no different
than an .ini file of the days long gone by with bad settings inside.
Unless you or the OS or the app cannot read all of that file and/or
write to it (if it needs to do so), the file isn't damaged. Fix the
settings, enjoy your day.

Which is a repair. Whether the repair is at the physical level
or at the logical level of the registry or at the even higher logical
level of a system working as needed, it is a repair.

OTH, if chkdsk (or whatever you preferred) indicated an actual issue
with the file (bad sectors where some of that file was living), then
yes, you have damage here and it might be a bit of a problem for you.

That is another level that repair can be done at. See my
previous paragraph.

You'll be recreating that file in another set of sectors, hopefully
being able to rebuild it to the point of the program functioning
again. If the program is especially well written, it will notice some
things are missing and happily fill in the blanks in the .ini file.

Am I being clear at this point in what I consider 'registry' damage
to actually be? I really don't know of a better example than what
I've written here...

You are quite clear about what you consider repair to be. You
are also mistaken. There are other actions that also qualify as
repair.

I'm well aware of that. I did my time with the company.

What I meant by the statement is that I'm a former employee of their
company. I have certain.. programming related skills which allow me
to really take a close look at various types of software. My job was
to research live 0day (much of the time) malware samples and teach
the product how to scan for it, and remove it, without harming the
host in the process. Which means, I reverse engineered thousands (I'm
not kidding) of executables and wrote custom definitions or detection
rules, whatever you prefer to call them - that allowed the software
to offer prevention/detection and cleanup of that particular malware
varient.

I'm not what you'd call an end user or even a power user. I apologize
if I may have mislead you into thinking I was some n00b and/or
possible regular joe concerning these machines. I'm not.

You have not.

I'm not writing to defend Malwarebytes. It's your choice or not to
use their product. I have nothing to gain or lose by attempting to
answer questions and better explain what's actually going on. I have
no 'dog in it' as they say here.

Of course. I would simply prefer a much less antagonistic
environment for those who need help. Redefining terms like "repair"
is one. It immediately creates a disconnect between the user and the
support people.

I saw some bad advice/inaccurate information concerning the program
and I explained what it's doing (atleast with respect to the annoying
false alarm if you will of the security center defaults). Had the
information not be what I'd consider to be 'taking a shot in the
dark' by people who aren't knowledgeable concerning the subject, I
would have passed the thread on by. I'm posting to correct the
inaccurate thoughts/impressions of the program for the benefit of
other readers who aren't knowledgeable in this field either, but,
need sound advice concerning it.

It appears that Mayayana had it quite right, and several people
have jumped him for that. Imaghine how this thread would have gone if
some had replied like "I like MBAM and find it very useful, but yes,
some of those messages are rather uninformative."

Elsethread, I mention getting a bad error message from a
program that I wrote. I corrected the error.

That's great. I tend to do the same. I don't like confusing the user.
It causes unnecessary technical support. If the program can
explain things well on it's own, they don't need to reach out to me.

When I supported BugHunter, I made every effort to reduce the need
for the user to have to contact me. Nobody who has to use a program
of that nature wants to spend their time waiting for a fix to get it
running. Or, an explanation they'll understand to make use of it to
try and fix the issue they're having. I do understand customer
support and good relations.

Add to that saving the user from having to research what your
program just told him in order to be able to understand it. Write to
your audience.

I dropped an AV because after I reported it false-alarming on
one of my files (my editor's start-up executable), they dealt
with the matter but then undid this with the next file update.
Since their software had no option to not quarantine files, I was
out my editor. I removed the AV software.

I don't blame you in that case. Some AV software QC controls are
better/worse than others. Had it an ignore and/or quarantine option
and was reliable for detection, I would have reached out to them
again to try and resolve the issue.

My work was critically affected, and I did not know that removing
the AV would work. Fortunately, it did. Additionally, the company
had not gotten back to me. I had no assurance that the matter would
be dealt with. (If someone goes to the trouble of submitting
something to you, an E-mail acknowledging and stating what will happen
is basic courtesy.)

incidently, I had this problem initially with BugHunter. Many AV's
wrongly detected it as an actual virus. It took a bit of work on my
part to fix that issue. But, that's part of being a coder and
supporting your work, too.

If that's not something you're willing to do, then, you shouldn't
release your program to the public. It's not ready for prime time.

Blame the victim much? Maybe, the AV software is not ready for
prime time.

You haven't done the QC work on your end. Part of that is ensuring
your program will play well with others. AV included.

Does this apply to AV software? Considering that, by its nature,
AV software deals with a lot of programs, it should and even more so.

Sincerely,

Gene Wirchenko

On Fri, 4 Dec 2015 06:04:46 -0000 (UTC), Diesel
wrote:

masonc
Wed, 02 Dec 2015
23:05:04 GMT in alt.windows7.general, wrote:

MB(premium I bought) found 100plus doubts and a couple of serious
threats. Tired of seeing all these, I googled a few and learned
they were baddies. Tired of googling, I let MP remove them ALL
I'm perfectly clean now, no harm, but maybe I'll come back and say
my umpty-dump doesn't work any more -- we'll see.

Wasn't hard to google what Malwarebytes thought it found and see for
yourself if it was a problem or not, right?


RIGHT, but tedious task if they've been allowed to accumulate.
Doing it routinely should be no problem -- and instructive.

Gene Wirchenko
Fri, 04 Dec 2015
17:51:25 GMT in alt.windows7.general, wrote:

OTH, if you or the program couldn't access the key to read that
value due to an actual issue with the registry (think system
missing error sometimes found on earlier NT systems without an
easy remedy); that actually is registry damage and the fix might
require a reinstall of the OS and installed apps that aren't
portable in nature.

That is another type of problem. It would require a
different
type of repair.

Uhh, no. It actually would require a 'registry repair'.

Or (d) appreciate the information. You make (d) nearly
impossible and then complain the users only want (a), (b), and
(c). Make the information available for those who want it.

I don't make anything nearly impossible. I don't run into many users
where D would qualify. Perhaps you do. If that's the case, you should
feel very lucky. many techs like myself don't have such luxuries.

Nobody wants to research anymore? You've got the worlds greatest
library card sitting in front of you. Maybe it's because I grew up
prior to a computer in every home and the www, etc. I *appreciate*
what the internet really is and what I can learn while on it.

No, but when knows very little in an area, it can be very
difficult to do research. Not knowing the terminology of a field
makes Web searches rather difficult.

you don't need to know the 'terminology' to copy/paste what you see
from mbam into your favorite search engine. If you're a high school
age user or older and you can't do effective research, we have a
serious problem that MBAM nor any other programmer is going to be
able to fix.

What's the point then in providing extra detailed information for the
user, if they don't get the terminology used anyway? I already
covered this previously, in another post. It's a waste of the
programmers time. If they can't be arsed to google what mbam
displays, they damn sure aren't going to google the words in the
description they don't know.

So, there's no real point in having some malware 'database' that the
average joe won't actually explore. Instead, they could rewrite some
of the messages to better explain what's actually going on. The
average joe would appreciate that. I can't even count the number of
technicians who would.

Are you familiar with this quote? "Usenet is like a herd of
performing elephants with diarrhea- massive, difficult to
redirect, awe-inspiring, entertaining, and a source of mind
boggling amounts of excrement when you least expect it." -- Gene
Spafford

I have, but, usenet alone doesn't encompass all of the internet,
either. I'd never limit my options in such a way.

You'll be recreating that file in another set of sectors,
hopefully being able to rebuild it to the point of the program
functioning again. If the program is especially well written, it
will notice some things are missing and happily fill in the blanks
in the .ini file.

Am I being clear at this point in what I consider 'registry'
damage to actually be? I really don't know of a better example
than what I've written here...

You are quite clear about what you consider repair to be.
You
are also mistaken. There are other actions that also qualify as
repair.

We'll just have to agree to disagree on that point, then.

I saw some bad advice/inaccurate information concerning the
program and I explained what it's doing (atleast with respect to
the annoying false alarm if you will of the security center
defaults). Had the information not be what I'd consider to be
'taking a shot in the dark' by people who aren't knowledgeable
concerning the subject, I would have passed the thread on by. I'm
posting to correct the inaccurate thoughts/impressions of the
program for the benefit of other readers who aren't knowledgeable
in this field either, but, need sound advice concerning it.

It appears that Mayayana had it quite right, and several
people
have jumped him for that. Imaghine how this thread would have
gone if some had replied like "I like MBAM and find it very
useful, but yes, some of those messages are rather uninformative."

Again, we'll have to agree to disagree on this point too. I don't
believe Mayayana had it quite right. I covered that in a previous
post, though.

incidently, I had this problem initially with BugHunter. Many AV's
wrongly detected it as an actual virus. It took a bit of work on
my part to fix that issue. But, that's part of being a coder and
supporting your work, too.

If that's not something you're willing to do, then, you shouldn't
release your program to the public. It's not ready for prime time.

Blame the victim much? Maybe, the AV software is not ready
for
prime time.

I didn't blame the victim. A programmer can hardly call him/herself a
victim here. It really is on them to try and ensure their program
will play well with the majority of software that one might find on a
typical users PC. The corporate world is another beast altogether.

AV/AM software can be very complex, actually. I simplified some of
the processes and their outcomes good and bad in a previous post. If
you wish to read it. Granted, some are better/worse than others, but
the majority are ready for prime time, despite the risk of an
occasional false hit.


--
Error: Creative signature file missing