MBAM IP-BLOCK

[Dennis]

My mother's PC's MBAM is reporting...

2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
incoming)
2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
outgoing)

It looks like MBAM is doing its job, but I am a little bit concerned
about this. 'whois' reports that this is a server in the Ukraine, which
raises red flags. Does anyone have any suggestions on what to do to
track this down? Is there a way to see which program is making this
request?

Thanks,

--

Dennis

[David H. Lipman]

From: "Dennis" <nob...@nowhere.invalid>

What anti virus application is used in conjunction with MBAM ?


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[David W. Hodgins]

On Sun, 05 Feb 2012 12:22:21 -0500, Dennis <nob...@nowhere.invalid> wrote:

> My mother's PC's MBAM is reporting...
>
> 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
> incoming)
> 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
> outgoing)
>
> It looks like MBAM is doing its job, but I am a little bit concerned
> about this. 'whois' reports that this is a server in the Ukraine, which
> raises red flags. Does anyone have any suggestions on what to do to

$ host 194.54.81.86
86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com

Have you installed teamviewer on that system?

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[Dustin]

"David W. Hodgins" <dwho...@nomail.afraid.org> wrote in
news:op.v87whtl...@hodgins.homeip.net:

> On Sun, 05 Feb 2012 12:22:21 -0500, Dennis <nob...@nowhere.invalid>
> wrote:
>
>> My mother's PC's MBAM is reporting...
>>
>> 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK
>> 194.54.81.86 (Type: incoming)
>> 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK
>> 194.54.81.86 (Type: outgoing)
>>
>> It looks like MBAM is doing its job, but I am a little bit concerned
>> about this. 'whois' reports that this is a server in the Ukraine,
>> which raises red flags. Does anyone have any suggestions on what to
>> do to
>
> $ host 194.54.81.86
> 86.81.54.194.in-addr.arpa domain name pointer
> server9301.teamviewer.com
>
> Have you installed teamviewer on that system?
>
> Regards, Dave Hodgins
>

*sigh*. Probably should report that to them. teamviewer shouldnt be
blocked by default...


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

[Dennis]

On Sun, 5 Feb 2012 14:28:27 -0500, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Dennis" <nob...@nowhere.invalid>
>
>| My mother's PC's MBAM is reporting...
>|
>| 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
>| incoming)
>| 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
>| outgoing)
>|
>| It looks like MBAM is doing its job, but I am a little bit concerned
>| about this. 'whois' reports that this is a server in the Ukraine, which
>| raises red flags. Does anyone have any suggestions on what to do to
>| track this down? Is there a way to see which program is making this
>| request?
>|
>| Thanks,
>
>What anti virus application is used in conjunction with MBAM ?

Avira free. I am running scans right now. I googled around for more info
on the MBAM IP-BLOCK and found some sample logs. Those MBAM logs showed
the process name somewhere after incoming/outgoing. I am wondering why I
didn't get that.

When my scans are complete I plan on shutting everything down and then
bringing the system back up without opening any other programs. Then I
will watch for the IP-BLOCKs. It seems like I saw them fairly quickly
after I first logged in to her PC, but they stopped happening within a
minute or so.

--

Dennis

[Dennis]

On Sun, 05 Feb 2012 13:04:31 -0500, "David W. Hodgins"
<dwho...@nomail.afraid.org> wrote:

>On Sun, 05 Feb 2012 12:22:21 -0500, Dennis <nob...@nowhere.invalid> wrote:
>
>> My mother's PC's MBAM is reporting...
>>
>> 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
>> incoming)
>> 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
>> outgoing)
>>
>> It looks like MBAM is doing its job, but I am a little bit concerned
>> about this. 'whois' reports that this is a server in the Ukraine, which
>> raises red flags. Does anyone have any suggestions on what to do to
>
>$ host 194.54.81.86
>86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com
>
>Have you installed teamviewer on that system?

AH-HA! Yes. I looked at the Windows firewall and noted that TeamViewer
was listed under 'exceptions'. But apparently not in MBAM. That explains
a lot.

Thanks,

--

Dennis

[Dennis]

On Sun, 05 Feb 2012 19:44:31 GMT, Dustin <bughunte...@gmail.com>
wrote:

>"David W. Hodgins" <dwho...@nomail.afraid.org> wrote in
>news:op.v87whtl...@hodgins.homeip.net:
>
>> On Sun, 05 Feb 2012 12:22:21 -0500, Dennis <nob...@nowhere.invalid>
>> wrote:
>>
>>> My mother's PC's MBAM is reporting...
>>>
>>> 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK
>>> 194.54.81.86 (Type: incoming)
>>> 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK
>>> 194.54.81.86 (Type: outgoing)
>>>
>>> It looks like MBAM is doing its job, but I am a little bit concerned
>>> about this. 'whois' reports that this is a server in the Ukraine,
>>> which raises red flags. Does anyone have any suggestions on what to
>>> do to
>>
>> $ host 194.54.81.86
>> 86.81.54.194.in-addr.arpa domain name pointer
>> server9301.teamviewer.com
>>
>> Have you installed teamviewer on that system?
>>
>> Regards, Dave Hodgins
>>
>
>*sigh*. Probably should report that to them. teamviewer shouldnt be
>blocked by default...

Report to MBAM?

--

Dennis

[Dustin]

Dennis <nob...@nowhere.invalid> wrote in
news:ghoti71hf4dumsvhu...@4ax.com:

yep.

[Dennis]

On Sun, 05 Feb 2012 22:02:08 GMT, Dustin <bughunte...@gmail.com>
wrote:

Done.

Thanks for your help. I believe I can manually mark that IP as an
exception, but if it only pops up when I remotely connect to her PC than
I am not going to bother. I'll let MBAM handle it.

--

Dennis

[David W. Hodgins]

On Sun, 05 Feb 2012 17:02:08 -0500, Dustin <bughunte...@gmail.com> wrote:

> Dennis <nob...@nowhere.invalid> wrote in
> news:ghoti71hf4dumsvhu...@4ax.com:

>>> *sigh*. Probably should report that to them. teamviewer shouldnt be
>>> blocked by default...

>> Report to MBAM?

> yep.

Depends on who installed teamviewer. If it's been intentionally
installed by the owner of the system, then it can be ignored. If
not, then the owner does need to be made aware that it has been
installed. In my opinion, it's a potentially un-wanted program.

[Caesar Romano]

On Sun, 05 Feb 2012 13:04:31 -0500, "David W. Hodgins"
<dwho...@nomail.afraid.org> wrote Re Re: MBAM IP-BLOCK:

>$ host 194.54.81.86
>86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com

Say, that's a nice program. May I ask where you got it?
--
Work is the curse of the drinking class.

[Shadow]

On Mon, 06 Feb 2012 07:44:06 -0600, Caesar Romano <Sp...@uce.gov>
wrote:

>On Sun, 05 Feb 2012 13:04:31 -0500, "David W. Hodgins"
><dwho...@nomail.afraid.org> wrote Re Re: MBAM IP-BLOCK:
>
>>$ host 194.54.81.86
>>86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com
>
>Say, that's a nice program. May I ask where you got it?

It's linux, and very expensive. There is a free trial here:

http://centralops.net/co/DomainDossier.aspx

;)

[]'s

[G. Morgan]

David W. Hodgins wrote:

>On Sun, 05 Feb 2012 17:02:08 -0500, Dustin <bughunte...@gmail.com> wrote:
>
>> Dennis <nob...@nowhere.invalid> wrote in
>> news:ghoti71hf4dumsvhu...@4ax.com:
>>>> *sigh*. Probably should report that to them. teamviewer shouldnt be
>>>> blocked by default...
>
>>> Report to MBAM?
>
>> yep.
>
>Depends on who installed teamviewer. If it's been intentionally
>installed by the owner of the system, then it can be ignored. If
>not, then the owner does need to be made aware that it has been
>installed. In my opinion, it's a potentially un-wanted program.
>
>Regards, Dave Hodgins

Then why do they ignore commercial key loggers that corporations use?

[David H. Lipman]

From: "Shadow" <S...@dow.br>

LOL
ping -a 194.54.81.86

Pinging server9301.teamviewer.com [194.54.81.86] with 32 bytes of data:

[David W. Hodgins]

Lol! :-) Didn't occur to me that Caesar was referring to the
host command. I also assumed he was referring to the teamviewer
program.

In windows, you can use the nslookup command, as in ...
C:\>nslookup 194.54.81.86
*** Can't find server name for address 192.168.20.101: No response from server
Server: ns1.ody.ca
Address: 216.240.0.1

Name: server9301.teamviewer.com
Address: 194.54.81.86

I'm using the Mageia distribution of linux, which you can get from
http://www.mageia.org/en/downloads/

[FromTheRafters]

IMO, such a program loses all of its claim to legitimacy if it offers a
way to install it surreptitiously. Both keyloggers and RATs are
legitimate programs when installed with the administrators blessing.

[G. Morgan]

FromTheRafters wrote:

>> Then why do they ignore commercial key loggers that corporations use?
>>
>IMO, such a program loses all of its claim to legitimacy if it offers a
>way to install it surreptitiously. Both keyloggers and RATs are
>legitimate programs when installed with the administrators blessing.

I agree, but I also would like to know about it in the scan.

[David H. Lipman]

From: "FromTheRafters" <err...@nomail.afraid.org>

>> Then why do they ignore commercial key loggers that corporations use?
>>
| IMO, such a program loses all of its claim to legitimacy if it offers a
| way to install it surreptitiously. Both keyloggers and RATs are
| legitimate programs when installed with the administrators blessing.

And the EULA defines its capabilities properly.

[G. Morgan]

David H. Lipman wrote:

>From: "FromTheRafters" <err...@nomail.afraid.org>
>
>
>>> Then why do they ignore commercial key loggers that corporations use?
>>>
>| IMO, such a program loses all of its claim to legitimacy if it offers a
>| way to install it surreptitiously. Both keyloggers and RATs are
>| legitimate programs when installed with the administrators blessing.
>
>And the EULA defines its capabilities properly.

What this? Standard CYA,stuff. Where does it get specific?

Warranties and Damages

16. Malwarebytes makes no warranty about the quality of the Software or
its ability to eliminate any specific malware threats.
17. Malwarebytes makes no warranty as to the completeness of the
Database or protection modules.
18. Malwarebytes makes no warranty concerning the comparison of the
Software to any similar software or any industry standard.
19. Malwarebytes makes no warranty about the compatibility of the
Software with any other software or hardware.
20. Malwarebytes does not give any warranty in relation to
non-infringement of intellectual property rights.
21. Malwarebytes makes no warranty about the availability of its
customer service representatives or their ability to solve any malware
or other computer issues.

[Caesar Romano]

On Mon, 6 Feb 2012 14:44:58 -0500, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote Re Re: MBAM IP-BLOCK:

>LOL
>ping -a 194.54.81.86
>
>Pinging server9301.teamviewer.com [194.54.81.86] with 32 bytes of data:

Well gee, I don't get the hostname resolution from my ping.

[Caesar Romano]

On Mon, 06 Feb 2012 15:50:51 -0500, "David W. Hodgins"

<dwho...@nomail.afraid.org> wrote Re Re: MBAM IP-BLOCK:

>Lol! :-) Didn't occur to me that Caesar was referring to the
>host command. I also assumed he was referring to the teamviewer
>program.
>
>In windows, you can use the nslookup command, as in ...
>C:\>nslookup 194.54.81.86

Yes, I was referring to "host". Sorry for not being more specific.

Thanks for clueing me in about nslookup. It works well.

[David H. Lipman]

From: "Caesar Romano" <Sp...@uce.gov>

> On Mon, 6 Feb 2012 14:44:58 -0500, "David H. Lipman"
> <DLipman~nospam~@Verizon.Net> wrote Re Re: MBAM IP-BLOCK:
>
>> LOL
>> ping -a 194.54.81.86
>>
>> Pinging server9301.teamviewer.com [194.54.81.86] with 32 bytes of data:
>
> Well gee, I don't get the hostname resolution from my ping.

ping -a IP_address

[David H. Lipman]

From: "G. Morgan" <seal...@osama-is-dead.net>

There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that
covers the actions it takes then it is not malwware.

Any questions, post on the Malwarebytes forum and ask .

[Shadow]

On Tue, 7 Feb 2012 07:14:23 -0500, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>
>There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that
>covers the actions it takes then it is not malwware.

Kind of awkward if my son or his buddies plant a "legitimate
Keylogger" on my PC when I'm out. (Thank goodness, he does not have
the capabilities, he's in his last year at Computer Science at
University, and seems to think software installing is something techs
should study kkkkkkkkkkkkkk)

Companies in all fairness should inform employees that
keyloggers are planted for security reasons.
Malwarebytes should have a "Keylogger" section, with warnings
that if the Keylogger is detected, it should not be removed, unless
the user has legal rights to do so on that computer. But the user
should be allowed to know.
IMHO
[]'s

[FromTheRafters]

Agreed, especially since a miscreant could conceivably install
legitimate software surreptitiously if he or she had the access and
sufficient privileges.

The thing is, how to make it so the target being legitimately under
surveillance (or remote administration/control) doesn't see the *warning*.

[FromTheRafters]

IIRC the Friendgreet worm was classified as malware despite the
Essentially Useless License Agreement laying out the actions it takes.

I know, it's not the same thing. :o)

[FromTheRafters]

Yeah, I can agree with that as part of a business model. However,
investigators may need to install a keylogger to catch a crime in
progress. Kinda defeats the purpose if warnings are given to the suspects.

[David H. Lipman]

From: "FromTheRafters" <err...@nomail.afraid.org>

What I wrote was piss poor.

There are legitimate keyloggers. If the product does not surreptitiously
install and it has a EULA that covers the actions it takes then it is not
malwware.

Would have been better.

[FromTheRafters]

Sure, but I knew what you meant anyway.

[G. Morgan]

Shadow wrote:

>Malwarebytes should have a "Keylogger" section, with warnings
>that if the Keylogger is detected, it should not be removed, unless
>the user has legal rights to do so on that computer. But the user
>should be allowed to know.

Exactly. And as a technician, right now, the only way to be 100% sure
is to flatten and rebuild. If I can't trust the tool to tell me what's
going on (with admin rights), why bother?

[G. Morgan]

FromTheRafters wrote:

>Yeah, I can agree with that as part of a business model. However,
>investigators may need to install a keylogger to catch a crime in
>progress. Kinda defeats the purpose if warnings are given to the suspects.

So who does MBAM work for, LEO or the people who buy it? That is not a
valid argument. Its akin to making security companies make "back doors"
for LEO, a fight they lost with PGP.

[G. Morgan]

David H. Lipman wrote:

>There are legitimate keyloggers. If the product does not surreptitiously
>install and it has a EULA that covers the actions it takes then it is not
>malwware.

What a wonderful way to explain the piss-poor performance of MBAM and
key loggers. So, if a user is tricked into clicking-thru a ELUA it's
just fine by them?

I'm not talking about in a corporate environment, they have internal
techs. I'm talking about the girlfriend/boyfriend buying something like
Spector to spy. How can I be sure it does not have it loaded? I can't
if no company has the balls to detect it.

[G. Morgan]

If I'm hired to clean it, it would be by the owner. If they had key
loggers I would know.

[David H. Lipman]

From: "G. Morgan" <seal...@osama-is-dead.net>

Take it up with Malwarebytes.

[FromTheRafters]

I wasn't talking about MBAM in particular, just that the developers of
legit software that depends upon stealth probably have a claim against
programs that malign their software by detecting it as *malware*.

It's not Big Brother, it's just commercialism and our legal system at work.

I'm still waiting for fights about how some antimalware software
installation programs convince the user that other software has to be
removed even though there might not even be any actual conflict issues
warranting their removal.

As a technician, maybe they could give you a definition set not meant
for public consumption. ISTR an AV vendor that had a completely
different set of definitions for PUPs for those requiring them.

[Dustin]

G. Morgan <seal...@osama-is-dead.net> wrote in
news:l8f3j7h8r2kf3kknk...@Osama-is-dead.net:

Ask malwarebytes. Continuing down this path so publically is going to
ruffle some feathers. :)


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

[Dustin]

G. Morgan <seal...@osama-is-dead.net> wrote in

news:7df3j7hmr9dkttbdi...@Osama-is-dead.net:

> David H. Lipman wrote:
>
>>There are legitimate keyloggers. If the product does not
>>surreptitiously install and it has a EULA that covers the actions it
>>takes then it is not malwware.
>
> What a wonderful way to explain the piss-poor performance of MBAM and
> key loggers. So, if a user is tricked into clicking-thru a ELUA it's
> just fine by them?

Depends on the person(s) writing the defs at the time.

> I'm not talking about in a corporate environment, they have internal
> techs. I'm talking about the girlfriend/boyfriend buying something
> like Spector to spy. How can I be sure it does not have it loaded?
> I can't if no company has the balls to detect it.

This is an easy one, lol. Fact is, you cant be sure. Commercial keylogging
detection is frowned upon.

You should ask malwarebytes themselves tho; instead of being so American
and asking in public. Companies really don't like that.

[David H. Lipman]

From: "ASCII" <f...@l.se>

| Dustin wrote:
>> G. Morgan <seal...@osama-is-dead.net> wrote in
>> news:7df3j7hmr9dkttbdi...@Osama-is-dead.net:
>>
>>> David H. Lipman wrote:
>>>
>>>> There are legitimate keyloggers. If the product does not
>>>> surreptitiously install and it has a EULA that covers the actions it
>>>> takes then it is not malwware.
>>>
>>> What a wonderful way to explain the piss-poor performance of MBAM and
>>> key loggers. So, if a user is tricked into clicking-thru a ELUA it's
>>> just fine by them?
>>
>> Depends on the person(s) writing the defs at the time.
>>
>>> I'm not talking about in a corporate environment, they have internal
>>> techs. I'm talking about the girlfriend/boyfriend buying something
>>> like Spector to spy. How can I be sure it does not have it loaded?
>>> I can't if no company has the balls to detect it.
>>
>> This is an easy one, lol. Fact is, you cant be sure. Commercial
>> keylogging
>> detection is frowned upon.
>>
>> You should ask malwarebytes themselves tho; instead of being so American
>> and asking in public. Companies really don't like that.
|

| Companies that can't stand public scrutiny need to go out of business.

Definitely!

[G. Morgan]

Dustin wrote:

>G. Morgan <seal...@osama-is-dead.net> wrote in
>news:l8f3j7h8r2kf3kknk...@Osama-is-dead.net:
>
>> FromTheRafters wrote:
>>
>>>Yeah, I can agree with that as part of a business model. However,
>>>investigators may need to install a keylogger to catch a crime in
>>>progress. Kinda defeats the purpose if warnings are given to the
>>>suspects.
>>
>> So who does MBAM work for, LEO or the people who buy it? That is not
>> a valid argument. Its akin to making security companies make "back
>> doors" for LEO, a fight they lost with PGP.
>>
>
>Ask malwarebytes. Continuing down this path so publically is going to
>ruffle some feathers. :)

Good. Let's call them out and ask why they 'sell out' to bigger
pockets.

[G. Morgan]

Dustin wrote:

>This is an easy one, lol. Fact is, you cant be sure. Commercial keylogging
>detection is frowned upon.

By whom?

>You should ask malwarebytes themselves tho; instead of being so American
>and asking in public. Companies really don't like that.

Oh, I'll be American about it! Just like I posted a workaround to
C-Net's malware, months before a major AV vendor even acknowledged it
(Clueley).

Can I expect an honest answer from MBAM if asked directly?

[G. Morgan]

David H. Lipman wrote:

>|
>| Companies that can't stand public scrutiny need to go out of business.
>
>Definitely!

Then why do you keep insisting I take it up privately with the
companies?

That's what this forum is for.

[David H. Lipman]

From: "G. Morgan" <seal...@osama-is-dead.net>

Because THEY have their OWN reasons and to discuss why THEY do something you have to ask
THEM not third parties.

[G. Morgan]

David H. Lipman wrote:

>From: "G. Morgan" <seal...@osama-is-dead.net>
>
>> David H. Lipman wrote:
>>
>>|>
>>|> Companies that can't stand public scrutiny need to go out of business.
>>>
>>> Definitely!
>>
>> Then why do you keep insisting I take it up privately with the
>> companies?
>>
>> That's what this forum is for.
>
>
>Because THEY have their OWN reasons and to discuss why THEY do something you have to ask
>THEM not third parties.

You worked there! Its not just them, either.

[David H. Lipman]

I also "quit" working there ;-)

I can say it's because its considered a "grey area" and isn't black & white.

[David H. Lipman]

From: "G. Morgan" <seal...@osama-is-dead.net>

Nothing ventured, nothing gained.

I remember, and vouch for, your C/Net download workaround post.

[G. Morgan]

David H. Lipman wrote:

>From: "G. Morgan" <seal...@osama-is-dead.net>
>
>| David H. Lipman wrote:
>|
>>> From: "G. Morgan" <seal...@osama-is-dead.net>
>>>
>>>> David H. Lipman wrote:
>>>>
>>>|>> Companies that can't stand public scrutiny need to go out of business.
>>>>>
>>>>> Definitely!
>>>>
>>>> Then why do you keep insisting I take it up privately with the
>>>> companies?
>>>>
>>>> That's what this forum is for.
>>>
>>> Because THEY have their OWN reasons and to discuss why THEY do something
>>> you have to ask
>>> THEM not third parties.
>|
>| You worked there! Its not just them, either.
>
>I also "quit" working there ;-)
>
>I can say it's because its considered a "grey area" and isn't black & white.

Fair enough, that's probably all you can say. Thanks for the honesty.

[G. Morgan]

David H. Lipman wrote:

>From: "G. Morgan" <seal...@osama-is-dead.net>
>
>| Dustin wrote:
>|
>>> This is an easy one, lol. Fact is, you cant be sure. Commercial
>>> keylogging
>>> detection is frowned upon.
>|
>| By whom?
>|
>>> You should ask malwarebytes themselves tho; instead of being so American
>>> and asking in public. Companies really don't like that.
>|
>| Oh, I'll be American about it! Just like I posted a workaround to
>| C-Net's malware, months before a major AV vendor even acknowledged it
>| (Clueley).
>|
>| Can I expect an honest answer from MBAM if asked directly?
>
>Nothing ventured, nothing gained.

Well, its worth a shot.

>I remember, and vouch for, your C/Net download workaround post.

Thanks.

[David H. Lipman]

From: "G. Morgan" <seal...@osama-is-dead.net>

Please post the URL of your Malwarebytes post asking for data on this
subject matter.

[David H. Lipman]

From: "ASCII" <f...@l.se>

> David H. Lipman wrote:
>>
>> I can say it's because its considered a "grey area" and isn't black & white.
>

> Aren't 'grey areas' the murky domain of malware,
> where they can't be positively labeled good or bad?

You can say that.

[Bullwinkle.]

You do that and report back with the info.


"G. Morgan" <seal...@osama-is-dead.net> wrote in message
news:d348j7p882s66tj05...@Osama-is-dead.net...

[Jim Nugent]

David W. Hodgins wrote:
> On Sun, 05 Feb 2012 17:02:08 -0500, Dustin
> <bughunte...@gmail.com> wrote:
>> Dennis <nob...@nowhere.invalid> wrote in
>> news:ghoti71hf4dumsvhu...@4ax.com:
>>>> *sigh*. Probably should report that to them. teamviewer shouldnt be
>>>> blocked by default...
>
>>> Report to MBAM?
>
>> yep.
>
> Depends on who installed teamviewer. If it's been intentionally
> installed by the owner of the system, then it can be ignored. If
> not, then the owner does need to be made aware that it has been
> installed. In my opinion, it's a potentially un-wanted program.
>
> Regards, Dave Hodgins

I use TeamViewer on my home lan under free "personal use" license. I don't
believe there's a way to connect remotely to a computer that runs it without
alerting the user and giving them the option to kick the "intruder" off.
It's a help desk product, not a security product.

I will say that I haven't studied every way to configure it, or every way it
can be hacked, but I am surprised that it is flagged as a PUP unless no one
at MBAM knows much about it and their attitude is "Let the user make an
exception."
--
Jim

"Be right back!" - Godot

[Bear]

Prey project will allow you to monitor devices without announcing the
intrusion:
http://preyproject.com/

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

[David H. Lipman]

From: "Jim Nugent" <njim2k-...@yahoo.com>

Sometime a signature meant for one piece of malware is found in something
legitimate.

There is a sub-forum at Malwarebytes specifically for submitting possible
False Positive declarations.

http://forums.malwarebytes.org/index.php?showforum=42

[Jim Nugent]

We were discussing MBAM flagging/blocking TeamViewer. Prey is not
TeamViewer.

Prey looks like legitimate piece of software but it is intended to fill a
completely different need, which includes hiding itself.

[Bear]

I provided a very good program link that would "connect remotely to a
computer that ...(will) connect remotely to a computer that runs it
without alerting the user...."

Sheesh...such pedantic replies.

[Jim Nugent]

Bear wrote:
> On 2/16/2012 11:08 AM, Jim Nugent wrote:
>> Bear wrote:
>>> On 2/12/2012 11:46 AM, Jim Nugent wrote:
>>>> I use TeamViewer on my home lan under free "personal use" license.
>>>> I don't believe there's a way to connect remotely to a computer
>>>> that runs it without alerting the user and giving them the option
>>>> to kick the "intruder" off. It's a help desk product, not a
>>>> security product. I will say that I haven't studied every way to
>>>> configure it, or
>>>> every way it can be hacked, but I am surprised that it is flagged
>>>> as a PUP unless no one at MBAM knows much about it and their
>>>> attitude is "Let the user make an exception."
>>>
>>> Prey project will allow you to monitor devices without announcing
>>> the intrusion:
>>> http://preyproject.com/
>>
>> We were discussing MBAM flagging/blocking TeamViewer. Prey is not
>> TeamViewer.
>>
>> Prey looks like legitimate piece of software but it is intended to
>> fill a completely different need, which includes hiding itself.
>>
>>
> I provided a very good program link that would "connect remotely to a
> computer that ...(will) connect remotely to a computer that runs it
> without alerting the user...."
>
> Sheesh...such pedantic replies.

Bear,
Apologies. I didn't intend to come off that way. I think you were focuising
more on the first paragraph of my post "I use Teamviewer at home..." and you
were simply suggesting an alternative. I did take the time to look up Prey
and it looks like a very cool program.

The second paragraph went on to discuss why I was surprised that MBAM
blocked Teamviewer.

As I re-read my reply to you, it really does sound like I'm just blowing off
your post "We were discussing THIS."

I'm sorry.