Malwarebytes
Stan Brown
Is this a virus *and* spyware scanner, or just a spyware scanner?
They say "malware" over and over, and to em that implies both, but
they never actually said what they mean as far as i could see.
I raise the point because a friend claims that Malwarebytes Anti-
malware does spyware scanning only, not virus scanning
--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com
Shikata ga nai...
JD
> I've checked on the Web page but can't find a clear answer:
>
> Is this a virus *and* spyware scanner, or just a spyware scanner?
> They say "malware" over and over, and to em that implies both, but
> they never actually said what they mean as far as i could see.
>
> I raise the point because a friend claims that Malwarebytes Anti-
> malware does spyware scanning only, not virus scanning
>
>
Malware, short for malicious software, is software designed to
infiltrate a computer system without the owner's informed consent.
http://www.ask.com/wiki/Malware
That said, no one program will catch it all. I routinely run: a-squared
Free, Avast! antivirus, MBAM, Spybot Search & Destroy, SpywareBlaster
and SuperAntiSpyware Free.
To answer your question, I never thought that MBAM was a virus scanner.
Not that I know much.
--
JD..
David H. Lipman
From: "Stan Brown" <the_sta...@fastmail.fm>
| I've checked on the Web page but can't find a clear answer:
| Is this a virus *and* spyware scanner, or just a spyware scanner?
| They say "malware" over and over, and to em that implies both, but
| they never actually said what they mean as far as i could see.
| I raise the point because a friend claims that Malwarebytes Anti-
| malware does spyware scanning only, not virus scanning
Why are you asking HERE and NOT in a virus or anti spyware related news group such as;
microsoft.public.security.virus ?
Additionally, you could have created an account on their forum and asked.
MBAM is not an anti virus application and is geared towards non-viral malware. It may
block a virus but it will not remove a virus once the files are infected. For example, it
may block a Virut or Parite infection but once infected with either, you will need to
remove it with an anti virus application.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Ken Blake, MVP
> I've checked on the Web page but can't find a clear answer:
>
> Is this a virus *and* spyware scanner, or just a spyware scanner?
> They say "malware" over and over, and to em that implies both, but
> they never actually said what they mean as far as i could see.
>
> I raise the point because a friend claims that Malwarebytes Anti-
> malware does spyware scanning only, not virus scanning
Your friend is essentially right. Good a product as it is, they use
the word "malware" improperly, to mean just spyware, not all malware,
including viruses.
>
> --
> Stan Brown, Oak Road Systems, Tompkins County, New York, USA
> http://OakRoadSystems.com
> Shikata ga nai...
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
David H. Lipman
From: "Ken Blake, MVP" <kbl...@this.is.an.invalid.domain>
| On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown
| <the_sta...@fastmail.fm> wrote:
>> I've checked on the Web page but can't find a clear answer:
>> Is this a virus *and* spyware scanner, or just a spyware scanner?
>> They say "malware" over and over, and to em that implies both, but
>> they never actually said what they mean as far as i could see.
>> I raise the point because a friend claims that Malwarebytes Anti-
>> malware does spyware scanning only, not virus scanning
| Your friend is essentially right. Good a product as it is, they use
| the word "malware" improperly, to mean just spyware, not all malware,
| including viruses.
That's not true either.
MBAM doesn't just target "spyware", a form of non-viral malware in the trojan class.
MBAM targets other forms of non-viral malware in the trojan class such as; adware, BHOS,
Dialers, keyloggers, banker/bancos, various C2 bots, trojan rootkits, trojans agents, etc.
But it doesn't target exploit codes.
David H. Lipman
From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
| That's not true either.
| MBAM doesn't just target "spyware", a form of non-viral malware in the trojan class.
| MBAM targets other forms of non-viral malware in the trojan class such as; adware,
| BHOS,
| Dialers, keyloggers, banker/bancos, various C2 bots, trojan rootkits, trojans agents,
| etc.
| But it doesn't target exploit codes.
I should modify that as Keyloggers are a sub-class of spyware.
Virus Guy
> | Is this a virus *and* spyware scanner, or just a spyware scanner?
> MBAM is not an anti virus application and is geared towards non-viral
> malware. It may block a virus but it will not remove a virus once
> the files are infected.
I don't know why Dave is being evasive about this.
I've used MBAM exactly once so far, and that was on a drive where the
user downloaded and ran one of those fake AV scanners because they
panicked during a web-surfing session.
I removed the infected hard drive and attached it as a slave to a
good/trusted system and ran several AV scanners against the drive.
MBAM did detect several files that were remnants of a zbot infection.
So I'd have to say that MBAM does have *some* ability to ID files that
are viral / trojan in nature.
Will MBAM function as a resident application or service and perform
real-time scanning of incoming files or data? I don't know. Probably
not.
Will MBAM remove viral files (both running in memory and on the file
system) and undo all viral registry entries? I don't know. Probably
some-what. Not many apps that actually call themselves "Anti-Virus" do
a good job of that.
Is MBAM a virus scanner as well as a spyware scanner?
The answer is absolutely yes, but I don't really know how large it's
viral/trojan definition database is.
Dave can answer that - I don't know why he's being evasive about it.
David H. Lipman
| "David H. Lipman" wrote:
There is always some overlap between various anti malware applications. Anti virus with
non-viral malware and non-viral trageting products getting viruses.
However to be a "true" anti virus application the product must be able to deal with file
infecting viruses. That is a virus that will append, prepend or insert code on a given
executable. The anti virus application would then have remove the added code and make the
executable to be back at its original condition. [NOTE: The condition may be restored
but the binary may have a different MD5 checksum].
Likewise you would have to deal with boot sector infectors.
MBAM does NOT perform these erradications and thus can not be called an anti virus
application.
I am one who will call worms a sub-class of virus and MBAM does target various worms such
as AutoRun and some Internet. However the consequences of these kinds of malware is more
trojan like in the effect that files being infected and thus code has to be removed from
the binary. Trojans don't get cleaned, then get deleted. This is also the case of many
worms.
Another gray area is concerning trojanized files. In this case malware will infect a
given binary and append, prepend or insert code. However that infected bianry can not, in
turn, infect other bianries like a virus can. In the case of trojanized files you can
simply delete the file like an ordinary trojan because the file is legitimate,m and needed
for the OS, but the added code does the bidding of the malware author's intention. An
anti virus application may be able to clean the file. MBAM does not. It has to REPLACE
the file.
Ken Blake, MVP
<DLipman~nospam~@Verizon.Net> wrote:
> From: "Ken Blake, MVP" <kbl...@this.is.an.invalid.domain>
>
> | On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown
> | <the_sta...@fastmail.fm> wrote:
>
> >> I've checked on the Web page but can't find a clear answer:
>
> >> Is this a virus *and* spyware scanner, or just a spyware scanner?
> >> They say "malware" over and over, and to em that implies both, but
> >> they never actually said what they mean as far as i could see.
>
> >> I raise the point because a friend claims that Malwarebytes Anti-
> >> malware does spyware scanning only, not virus scanning
>
>
> | Your friend is essentially right. Good a product as it is, they use
> | the word "malware" improperly, to mean just spyware, not all malware,
> | including viruses.
>
> That's not true either.
>
> MBAM doesn't just target "spyware", a form of non-viral malware in the trojan class.
OK, if you want to use the terms very precisely. I meant it more
generally. All anti-virus programs target more than just viruses too.
> MBAM targets other forms of non-viral malware in the trojan class such as; adware, BHOS,
> Dialers, keyloggers, banker/bancos, various C2 bots, trojan rootkits, trojans agents, etc.
>
> But it doesn't target exploit codes.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
--
Stan Brown
<kbl...@this.is.an.invalid.domain>:
>
> On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown
> <the_sta...@fastmail.fm> wrote:
>
> > I've checked on the Web page but can't find a clear answer:
> >
> > Is this a virus *and* spyware scanner, or just a spyware scanner?
> > They say "malware" over and over, and to em that implies both, but
> > they never actually said what they mean as far as i could see.
> >
> > I raise the point because a friend claims that Malwarebytes Anti-
> > malware does spyware scanning only, not virus scanning
>
>
> Your friend is essentially right. Good a product as it is, they use
> the word "malware" improperly, to mean just spyware, not all malware,
> including viruses.
Thank you -- that's very clear. It doesn't exactly build confidence
that they misuse such a crucial word in the description of their
product!
David H. Lipman
| Sun, 21 Feb 2010 07:53:18 -0700 from Ken Blake, MVP
| <kbl...@this.is.an.invalid.domain>:
>> On Sun, 21 Feb 2010 08:07:11 -0500, Stan Brown
>> <the_sta...@fastmail.fm> wrote:
>> > I've checked on the Web page but can't find a clear answer:
>> >
>> > Is this a virus *and* spyware scanner, or just a spyware scanner?
>> > They say "malware" over and over, and to em that implies both, but
>> > they never actually said what they mean as far as i could see.
>> >
>> > I raise the point because a friend claims that Malwarebytes Anti-
>> > malware does spyware scanning only, not virus scanning
>> Your friend is essentially right. Good a product as it is, they use
>> the word "malware" improperly, to mean just spyware, not all malware,
>> including viruses.
| Thank you -- that's very clear. It doesn't exactly build confidence
| that they misuse such a crucial word in the description of their
| product!
Actually it is NOT a misuse of the word.
Read the whole thread. You will see that this discussion has mentioned the concept of
some overlap.
As I wrote, because it can't remove coide injected into binaries it can NOT be called an
anti virus product while it does tearget non-file infecting viruses. The name
Malwarebytes' Anti Malware is both appropraite and apropos.
Twayne
Virus Guy <Vi...@Guy.com> typed:
Wow; Dave was a lot more correct than you are on this one. That is NOT an AV
program, nor does it claim to be. I pity the person who depends on it as
their source of AV protection, because that it is not. It seems to be an OK
program too, but not as a major AV protector.
HTH,
Twayne
--
--
Life is the only real counselor; wisdom unfiltered
through personal experience does not become a
part of the moral tissue.
David H. Lipman
From: "Twayne" <nob...@spamcop.net>
| Wow; Dave was a lot more correct than you are on this one. That is NOT an AV
| program, nor does it claim to be. I pity the person who depends on it as
| their source of AV protection, because that it is not. It seems to be an OK
| program too, but not as a major AV protector.
| HTH,
| Twayne
Anybody on the MBAM Team will tell 'ya MBAM is an adjunct and not a anti virus application
replacement.
Jose
Why don't you ask in the MBAM forum?
The MBAM experts are very helpful along with other "regular" folks.
http://forums.malwarebytes.org/index.php?
I just think of the free version as a good detection and removal tool
- it does not prevent your system from getting infected, and it not
supposed to prevent.
Their home page says "When your computer becomes infected..."
Virus Guy
> > Is MBAM a virus scanner as well as a spyware scanner?
> >
> > The answer is absolutely yes, but I don't really know how
> > large it's viral/trojan definition database is.
> >
> > Dave can answer that - I don't know why he's being evasive
> > about it.
>
> Wow; Dave was a lot more correct than you are on this one.
Not really.
What Dave did was spend a lot of time explaining the dictionary
definition of a virus as it pertains to computers.
I said that MBAM is a type of AV program, simply because I have seen it
detect files that were viral/trojan in nature. I didn't say that MBAM
was a good AV program, or that it does everything that an AV program is
supposed to do, or that it can function as the sole or only AV program
on a given system.
For most people, there are two kinds of malware:
a) programs or program-initiated system settings that cause them to be
exposed to more advertizing than they'd like to be, or expect to be, or
that cause their browser to bring up web-content that again exposes the
user to advertizing during the course of normal browsing, or cause them
to hit certain web pages for the purpose of driving up traffic. If the
malware only does these things, and does not install or facilitate the
installation of software that performs more invasive functions (remote
control, key logging, external communication, etc) then it's ad-ware or
nuisance-ware.
b) programs, code-fragments, exploit code, etc, that do any or all of
the following without the knowledge or permission of the computer's
owner:
- search the computer for information, files, data, gather information
via key-logging, and communicate that information to an external host
- install or act as back-door access for external command and control
purposes
- enrole the system into a botnet
- act as a spam relay or zombie
- act as DoS agent
- act as a DNS server or file server for various purposes
- encrypt user files for the purpose of extortion
- probe the local lan or the wider wan for exploitable systems
- spread copies of itself or cause other systems to acquire it by
some means either directly or indirectly
Malware that does any of the above is what most lay-people would
classify as viral in nature. Whether a given example is strictly a
virus, a trojan, or a worm is completely irrelavent to the end user, as
all three types have a universal goal of extracting some benefit by
residing and operating on the user's PC while incurring a cost to the
user.
Twayne
Virus Guy <Vi...@Guy.com> typed:
> Full-Quoter Twayne wrote:
>
>>> Is MBAM a virus scanner as well as a spyware scanner?
>>>
>>> The answer is absolutely yes, but I don't really know how
>>> large it's viral/trojan definition database is.
>>>
>>> Dave can answer that - I don't know why he's being evasive
>>> about it.
>>
>> Wow; Dave was a lot more correct than you are on this one.
>
drivel removed
The question was posed as:
>>> Is MBAM a virus scanner as well as a spyware scanner?
>>>
And self-answered as:
>>> The answer is absolutely yes, but I don't really know how
>>> large it's viral/trojan definition database is.
Which is an immediate contradiction: It is, but it might not be very good at
it. It isn't and doesn't claim to be usable for AV protection. A legitimate
AV program is required for that.
And regardless of your take on definitions, semantics and syntax, and any
way you wish to spin them, MBAM is not a virus scanner as well as a spyware
scanner in the context of the question that was posed. The fact that there
may be overlaps as there often is with any malware detector, is irrelevant
and a bonus to the product, but not anything to depend on. The fact that it
might detect a hundred viruses is a moot point when it has to recognize and
reach to hundreds of thousands of them.
The fact that a virus may have portions of code that could be found while
looking for spyware is a by-product, not a statement of any kind that the
product protects against viruses.
If your intent is to support AMB then it's failed because all you've
accomplished is creating a thread that talks about what it CAN NOT do (be
used for AV) as opposed to properly defining what it CAN do (catch malware).
HTH,
Twayne
Virus Guy
Twayne wrote:
> The question was posed as:
> >>> Is MBAM a virus scanner as well as a spyware scanner?
> And self-answered as:
> >>> The answer is absolutely yes, but I don't really know how
> >>> large it's viral/trojan definition database is.
> Which is an immediate contradiction: It is, but it might not
> be very good at it.
If you've ever submitted a few (or a few dozen, or a few hundred)
suspect files to Virus Total, you'd see that these so-called
"Anti-Virus" programs have a highly variable rate of successful
detection.
So you latching on to my admission that "I don't know how large MBAM's
virus definition list is" hardly constitutes any form of proof that MBAM
is not as compentent as anything that happens to call itself an AV
program.
> It isn't and doesn't claim to be usable for AV protection.
All I've stated here is that I have personally seen MBAM detect zbot
files. I would not call zbot as being in the adware class of malware.
I'm not an MBAM defender or fan (it doesn't run on win-98 so I have very
little experience with it).
> A legitimate AV program is required for that.
Like I just said, I've seen first-hand how many so-called AV programs
actually do a poor job of detecting threats.
> MBAM is not a virus scanner as well as a spyware scanner in
> the context of the question that was posed.
What context?
It was asked in a straight-forward way: Is MBAM a form of AV software?
I said yes, because I've seen it detect viral or trojan malware
(depending on how you define zbot).
> The fact that it might detect a hundred viruses is a moot point
> when it has to recognize and reach to hundreds of thousands of
> them.
Neither you nor I know how many viruses it can detect, and it's a fools
game to speculate just what that number has to be to be considered an AV
product.
> If your intent is to support MBAM then it's failed
I have no interest in supporting MBAM, especially since it doesn't run
on win-98
> because all you've accomplished is creating a thread that
> talks about what it CAN NOT do (be used for AV)
What kind of fool are you?
I've observed MBAM detecting viral files as part of it's functionality.
How can that possibly constitute some form of negative proof of AV
functionality?
Twayne
In news:4B86FE25...@Guy.com,
Virus Guy <Vi...@Guy.com> typed:
> Why are you not able to format your replies correctly?
You mean: Why don't I format them as you think they should be formatted?
Well, mostly because I can and my method is known as in-line posting. Sorry
if that's too complicated for you. Perhaps it's the tool you've using for a
news client?
Anyway, it looks like I've stepped on your toes by daring to discuss cons of
the program and you take great umbrage to that. Sorry about that, but the
simple fact is, it is not capable of being the only malware protection one
needs. Maybe it will be someday, but it's not there yet.
There is good reason why no single entity can yet claim to discover every
spyware in existance or that will exist. Each have their own strengths and
weaknesses and it's no secret that it's still a great idea to have at least
three such programs available plus a reliable AV program.
The product claims it can run in concert with other malware detectors.
Taken lterally, that's true. Taken to include AV, it's not true. Their own
documentation includes comments about it not being compatible with some
other AV programs and recommend turning the AV off, which to my mind is a
dis-service to its users since it's not true.
It sounds like it might surprise you to find that I use this program on
my own machine. I paid for the first version since it's a reasonable price,
but got my money back when I discovered it couldn't co-exist with my
real-time AV program. As a result, I do consider it good enough to use their
freebie version however, on all four machines in this room. I will not
depend on a product that isn't an AV product to protect me in real time
against viruses, no matter how good it may be in other areas.
Right now, in my environment, it's running a close second to Adaware's
latest version. Which, BTW, also has picked up a virus or two in the past.
One in particular it removed partially, and it took my AV program to get the
whole thing removed. I am purposely not naming my AV program so I can't be
accused of fronting for it. In a different environment it could well come
up with completely different results.
AntimalwareBytes is a good program; but it still has its shortcomings.
So on that note, I'll move to more inline commenting:
>
> Twayne wrote:
>
>> The question was posed as:
>
>>>>> Is MBAM a virus scanner as well as a spyware scanner?
>
>> And self-answered as:
>
>>>>> The answer is absolutely yes, but I don't really know how
>>>>> large it's viral/trojan definition database is.
>
>> Which is an immediate contradiction: It is, but it might not
>> be very good at it.
>
> If you've ever submitted a few (or a few dozen, or a few hundred)
> suspect files to Virus Total, you'd see that these so-called
> "Anti-Virus" programs have a highly variable rate of successful
> detection.
No, I haven't submitted a lot of mails to VirusTotal. In fact, I would
question the capabilities of any who submitted a post such as this one and
also tried to imply they have submitted "a few hundred" suspect files. It
would seem your ability to determine whether something is new or not might
be sub-standard. And if you're getting hundreds of them a day, well ... .
A good netizen will check before submitting something that's
"questionable", just so the other end doesn't have to waste time on it for
no good reason.
>
> So you latching on to my admission that "I don't know how large MBAM's
> virus definition list is" hardly constitutes any form of proof that
> MBAM is not as compentent as anything that happens to call itself an
> AV program.
The point is, it doesn't HAVE a virus definition database that I can locate.
Everything at their sites calls it a "malware" detector, and it has a
malware database, but not a viral database. Would you care to expand on
that and tell me where such is stored? I don't debate the fact that it
catches some viruses - just that it's not effective as a major dependency
for virus protection. It's not intended to catch all viruses and thus is not
called an AV program.
For any program that could honestly check each individual file on the
computer for viruses, trojans, worms and other malware 100% the program
would take hours to run. There are a couple that stop looking for certain
malware after it hasn't been seen for so many months, only to be surprised
to see it suddenly come back again and not be detected until they put it
back into their signature lists, etc..
>
>> It isn't and doesn't claim to be usable for AV protection.
>
> All I've stated here is that I have personally seen MBAM detect zbot
> files. I would not call zbot as being in the adware class of malware.
> I'm not an MBAM defender or fan (it doesn't run on win-98 so I have
> very little experience with it).
No, what you claimed, and apparently snipped, was that one could get rid of
the other AV ware they had and only use this one program you're so fond of.
>
>> A legitimate AV program is required for that.
>
> Like I just said, I've seen first-hand how many so-called AV programs
> actually do a poor job of detecting threats.
And the same goes for "malware" detectors which antimalwarebytes calls
itself. One has to know and research to be sure they're looking at
workable, reliable and functional ware that does what it says it does and
has a reputation to support it all.
>
>> MBAM is not a virus scanner as well as a spyware scanner in
>> the context of the question that was posed.
>
> What context?
Lol! Sorry, I don't teach English. The context of your post.
>
> It was asked in a straight-forward way: Is MBAM a form of AV
> software?
>
> I said yes, because I've seen it detect viral or trojan malware
> (depending on how you define zbot).
>
>> The fact that it might detect a hundred viruses is a moot point
>> when it has to recognize and reach to hundreds of thousands of
>> them.
>
> Neither you nor I know how many viruses it can detect, and it's a
> fools game to speculate just what that number has to be to be
> considered an AV product.
No, I'm afraid that's just plain not the case. I don't need to know "how
many" in any way except that the program's purpose and reputation states
that it catches nearly all the AV they can design for. AMB is simply a
lightweight in that area and makes no claims to be an AV replacement that
I've ever seen. You seem to be of the opinion that because a program can
catch a few viruses that it can catch them all, or at least equal and beat
an application whose major purpose in life is to catch the virus.
My AV and others also claim to find and delete "malware" too, but they
don't claim to be all that's needed to do so. It's like saying McAfee AV
doesn't have to be accompanied by other spyware detectors because it catches
spyware and I saw it do it a few times; it just makes no sense. And no, i
don't use McAfee.
>
>> If your intent is to support MBAM then it's failed
>
> I have no interest in supporting MBAM, especially since it doesn't run
> on win-98
M BAM is reported to be functional for:
Operating System: Win98, Win2k Pro, XP Pro, XP Home
>
>> because all you've accomplished is creating a thread that
>> talks about what it CAN NOT do (be used for AV)
>
> What kind of fool are you?
>
> I've observed MBAM detecting viral files as part of it's
> functionality.
No, you've "observed" it detecting parts of a virus that conform to malware.
It'll remove the parts that it's aware of, but possibly NOT the entire virus
payload; you cannot tell. The virus may well return eventually in a lot of
cases.
>
> How can that possibly constitute some form of negative proof of AV
> functionality?
I guess you need some assistance with reading comprehension: I never said
that; you did. I simply said that your comment about not needing anything
else was in error. If you can't remember, go back and look at the first
post I replied to.
In addition, your comments smell a bit trollish so I am unlkely to bother
reading anything else you have to say.
Twayne
glee
news:OtA4rnnt...@TK2MSFTNGP05.phx.gbl...
> In news:4B86FE25...@Guy.com,
> Virus Guy, also known as 98 Guy and numerous other aliases, typed a
> lot of word-playing rubbish
> snip
> In addition, your comments smell a bit trollish so I am unlkely to
> bother reading anything else you have to say.
Ahh, now you are catching on: namely, don't feed the trolls!
Virus Guy
> > Why are you not able to format your replies correctly?
>
> You mean: Why don't I format them as you think they should be
> formatted? Well, mostly because I can and my method is known
> as in-line posting. Sorry if that's too complicated for you.
I know that you use in-line posting (that is the correct way to post to
usenet, and you should have noticed that I do the same). The formatting
problem that I raised was that you don't leave a blank line between the
quoted part and the response part.
> Perhaps it's the tool you've using for a news client?
Again, I'm surprised that you are embarrasing yourself by not making the
simple observation that I also perform inline quoting and therefore must
know and understand the concept.
> Anyway, it looks like I've stepped on your toes by daring to
> discuss cons of the program and you take great umbrage to
> that.
No, you're not stepping on any toes. If you want to argue your pov,
then so will I. Is there anything wrong with that?
> Sorry about that, but the simple fact is, it is not capable of
> being the only malware protection one needs.
That wasn't what the OP asked.
It was asked if MBAM can or does perform as a virus scanner. I said it
does, and I also said I don't know how well it does it. People are
always asking (in the anti-malware newsgroups) how various AM
(anti-malware) products compare against each other. You seem to think
that as long as a piece of software claims itself to be "Anti-Virus"
that that's the end of the discussion - that all AV products are
comparable just because they call themselves AV.
> There is good reason why no single entity can yet claim to
> discover every spyware in existance or that will exist.
That's an irrelavent point. If, hypothetically, MBAM has a virus
detection rate that is *on-par* with the average detection rates (or
even the *worst* detection rates) of programs that actually call
themselves AV programs, then MBAM can be legitamately called an AV
product.
> The product claims it can run in concert with other malware
> detectors. Taken lterally, that's true. Taken to include AV,
> it's not true. Their own documentation includes comments about
> it not being compatible with some other AV programs and recommend
> turning the AV off, which to my mind is a dis-service to its users
> since it's not true.
What isin't true?
Are they saying to turn off other AV programs when you perform an MBAM
scan? Why is that a dis-service?
> It sounds like it might surprise you to find that I use this
> program on my own machine.
No, I wouldn't be surprised.
> I paid for the first version since it's a reasonable price,
> but got my money back when I discovered it couldn't co-exist
> with my real-time AV program. As a result, I do consider it
> good enough to use their freebie version however, on all four
> machines in this room. I will not depend on a product that
> isn't an AV product to protect me in real time against viruses,
> no matter how good it may be in other areas.
Perhaps MBAM has no actual real-time detection ability or mechanism.
That still doesn't mean that when run as an "on-demand" scanner, that it
doesn't have virus-detection capabilities in that mode of operation.
> > If you've ever submitted a few (or a few dozen, or a few hundred)
> > suspect files to Virus Total, you'd see that these so-called
> > "Anti-Virus" programs have a highly variable rate of successful
> > detection.
>
> No, I haven't submitted a lot of mails to VirusTotal. In fact,
> I would question the capabilities of any who submitted a post
> such as this one and also tried to imply they have submitted
> "a few hundred" suspect files.
Please explain. There are those of us who go out of our way to obtain
malware samples for our own investigation, and submitting them to VT as
part of that investigation. We form our own opinions as to which AV
programs appear to react the fastest to new malware by doing that.
> It would seem your ability to determine whether something is new or
> not might be sub-standard. And if you're getting hundreds of them
> a day, well ... .
Again, you seem to have formed some faulty impressions. I'm not sure
why or where you'd get the idea that my ability to determine the vintage
of any given piece of malware is "sub-standard" based on what I've said
up to this point.
And I never claimed the _rate_ at which I obtain malware samples or
submit them for testing.
> A good netizen will check before submitting something that's
> "questionable", just so the other end doesn't have to waste
> time on it for no good reason.
That comment would not stand up or be agreed with in the virus and
anti-virus newsgroups I participate in. The VT website is designed to
handle many submissions per day, and the idea that the operators of that
site are put to a disadvantage because of having to scan non-viral files
has never been raised before - and I'm sure would be laughed at and
ridiculed.
> > So you latching on to my admission that "I don't know how large
> > MBAM's virus definition list is" hardly constitutes any form
> > of proof that MBAM is not as compentent as anything that happens
> > to call itself an AV program.
>
> The point is, it doesn't HAVE a virus definition database that I
> can locate.
Like most anti-malware programs (and viruses are generally considered a
form of malware) MBAM does download program updates. I presume those
updates are infact the definition files that it uses when it performs
it's file and registry scanning.
> Everything at their sites calls it a "malware" detector, and it has
> a malware database, but not a viral database. Would you care to
> expand on that and tell me where such is stored?
You want me to tell you that perhaps what MBAM calls a "malware
definition file" might infact contain definitions for viruses and
trojans?
> I don't debate the fact that it catches some viruses - just
> that it's not effective as a major dependency for virus
> protection.
How exactly would you know that it's "not effective as a major
dependency for virus protection" ?
You seemed to claim earlier that it (or AdAware) detected some viral
files that your un-named AV program did not (or perhaps I didn't read
that correctly).
> It's not intended to catch all viruses and thus is not
> called an AV program.
You said earlier that no application can detect all malware (or words to
that effect).
You have also just made this statement:
"It's not intended to catch all viruses and thus is not called
an AV program."
That implies that if something calls itself an AV program, then by your
definition it *is* intended to catch ALL viruses, because anything that
does not catch all viruses can not be called an AV program.
I just want to clarify that point. You believe that something that does
not catch (detect) all viruses can not be called an AV progam - is that
right? And you also believe that no application can detect all
malware? I see a contradiction or a lack of coherency when those two
statements are combined.
> For any program that could honestly check each individual file
> on the computer for viruses, trojans, worms and other malware
> 100% the program would take hours to run.
Depending on how many files a system has, yes, I have performed scans on
my systems that take several hours to run. Is that a strange concept?
> > All I've stated here is that I have personally seen MBAM
> > detect zbot files. I would not call zbot as being in the
> > adware class of malware. I'm not an MBAM defender or fan
> > (it doesn't run on win-98 so I have very little experience
> > with it).
>
> No, what you claimed, and apparently snipped, was that one
> could get rid of the other AV ware they had and only use this
> one program you're so fond of.
I never said that MBAM could or should replace other pre-existing
anti-malware (anti-viral) software on a given system. I encourage you
to go back over my posted material and quote any such comment that you
think I made.
And I never said I had any particular fondness for MBAM. In fact, I
claimed to have only used it once, and I don't use it regularly because
it doesn't run under my main OS (windows 98). So how could I possibly
have a fondness for it?
> >> MBAM is not a virus scanner as well as a spyware scanner in
> >> the context of the question that was posed.
> >
> > What context?
>
> Lol! Sorry, I don't teach English. The context of your post.
The context of the question was not ambiguous, so no context-disclaimer
need be made.
> > Neither you nor I know how many viruses it can detect, and it's
> > a fools game to speculate just what that number has to be to be
> > considered an AV product.
>
> No, I'm afraid that's just plain not the case. I don't need to
> know "how many" in any way except that the program's purpose and
> reputation states that it catches nearly all the AV they can
> design for.
So you put more stock in the simple claim that a given piece of software
"catches nearly all the AV they can design for" versus the size or the
number of entries in their scanner's database files?
Don't you think that a quantitative metric in this case is more useful
vs a qualitative one?
> MBAM is simply a lightweight in that area and makes no claims
> to be an AV replacement that I've ever seen.
I never said MBAM claimed to be an AV program nor said it claimed to be
an AV replacement.
It was asked if MBAM is a virus/trojan detector. I said it was. I also
said I didn't know how it compared to other virus/trojan detection
programs.
There is a wide range of effectiveness and ability within the AM/AV
class of software, and I wouldn't be surprised if MBAM ranked as
eqivalent to some of them in terms of detection compentency.
> You seem to be of the opinion that because a program can
> catch a few viruses that it can catch them all,
That argument could be made equally if you or I was talking about any
so-called AV program. Which is why I would never make such an
argument. It's not true for what you consider a "real" AV program, and
it's not true for MBAM either.
> or at least equal and beat an application whose major purpose
> in life is to catch the virus.
You are speculating that MBAM's virus detection abilities ranks lower
than the worst commercial or share-ware package that labels itself as
being an anti-virus program.
Do you have anything other than a gut-feeling to support that claim?
> > I have no interest in supporting MBAM, especially since it
> > doesn't run on win-98
>
> M BAM is reported to be functional for:
> Operating System: Win98, Win2k Pro, XP Pro, XP Home
---------------------
http://www.malwarebytes.org/mbam.php
Key Features
* Support for Windows 2000, XP, Vista, and 7 (32-bit and 64-bit).
Download
* Version: 1.44
* File Size: 4.87 MB
* Operating Systems: Microsoft � Windows 2000, XP, Vista, 7.
--------------------
Where do you see compatibility with win-98?
> > I've observed MBAM detecting viral files as part of it's
> > functionality.
>
> No, you've "observed" it detecting parts of a virus that conform
> to malware.
Who says that viruses and trojans are not forms of malware?
> It'll remove the parts that it's aware of, but possibly NOT
> the entire virus payload; you cannot tell.
The same is true for many AV programs. They do a horrible job of
removing all remnants of viruses and trojans (files, registry entries,
etc).
> The virus may well return eventually in a lot of cases.
Many viruses and trojans actively interfere with proper AV operation.
The truth is that AV software does a pathetic job these days of
detecting new threats in real time.
> > How can that possibly constitute some form of negative proof
> > of AV functionality?
>
> I guess you need some assistance with reading comprehension:
> I never said that; you did.
This is what you said:
| because all you've accomplished is creating a thread that
| talks about what it CAN NOT do (be used for AV)
You said that my arguments supported the conclusion that MBAM CAN NOT be
used as an AV scanner. Which is the same as saying that what I said
about MBAM constitutes some form of negative proof of AV functionality.
> I simply said that your comment about not needing anything
> else was in error. If you can't remember, go back and look
> at the first post I replied to.
I suggest you go and look up what I said and quote it in your next
reply, just so we're both exactly sure of what you're referring to. I
continue to assert that I never said that MBAM was (or was not) suitable
as one's sole or only AM/AV software.
> In addition, your comments smell a bit trollish so I am
> unlkely to bother reading anything else you have to say.
That would be a mistake, as it would indicate that you would surrender
this conversation over to me.
It's a common tactic used by those that know they are arguing from a
weak position or POV.
Shenan Stanley
http://groups.google.com/group/microsoft.public.windowsxp.basics/browse_frm/thread/be6d208088a32627/
</entire conversation, archived>
<snipped>
Virus Guy wrote:
> I know that you use in-line posting (that is the correct way to
> post to usenet, and you should have noticed that I do the same).
<snipped>
Who says that is *the* correct way to post on the usenet and what do they
use to back up that claim?
That's like saying the correct way to communicate is using English... Just
not true, depends on many factors, etc.
How to post in usenet always has been/is/always will be (until it ceases to
exist) an opinion - and one that changes as the options change. ;-)
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
Virus Guy
> > I know that you use in-line posting (that is the correct way
> > to post to usenet, and you should have noticed that I do the
> > same)
>
> Who says that is *the* correct way to post on the usenet and
> what do they use to back up that claim?
When a conversation is sufficiently long or contains several concepts,
statements or questions, it is logical and easier to read when a replies
are posted "in-line" or immediately after the item being quoted, as I am
now doing in response to your post.
> That's like saying the correct way to communicate is using
> English... Just not true, depends on many factors, etc.
No. To use your analogy, it would be like saying that the correct way
to communicate (when communicating in english) is to use proper spelling
and grammar.
I would like to hear your argument as to why it would result in a
better, more readable reply if responses were not made in-line, but all
together in one block of text.
> How to post in usenet always has been/is/always will be
> (until it ceases to exist) an opinion - and one that
> changes as the options change. ;-)
If you want to believe that, then fine.
Those that believe that in-line quoting does not result in a better
(more comprehensive) reply (for the composer) and a more readable reply
(for the reader) are typically those that don't have good typing skills,
don't like to spend even the minimal effort to properly arrange their
quotes, and are also likely to be full-quoters (to drag the entirety of
a multi-quoted conversation into their reply) without doing any trimming
at all.
They are typically the same people that use the same quoting and reply
style used here in usenet as they use in e-mail conversations.
Stan Brown
<newsh...@gmail.com>:
> Who says that is *the* correct way to post on the usenet and what do they
> use to back up that claim?
http://www.xs4all.nl/~wijnands/nnq/nquote.html
http://www.netmeister.org/news/learn2quote2.html#ss2.3
and many many more.
Shenan Stanley
http://groups.google.com/group/microsoft.public.windowsxp.basics/browse_frm/thread/be6d208088a32627/
</entire conversation, archived>
<snipped>
Virus Guy wrote:
> I know that you use in-line posting (that is the correct way to
> post to usenet, and you should have noticed that I do the same).
<snipped>
Shenan Stanley wrote:
> Who says that is *the* correct way to post on the usenet and what
> do they use to back up that claim?
>
> That's like saying the correct way to communicate is using
> English... Just not true, depends on many factors, etc.
>
> How to post in usenet always has been/is/always will be (until it
> ceases to exist) an opinion - and one that changes as the options
> change. ;-)
Stan Brown wrote:
> http://www.xs4all.nl/~wijnands/nnq/nquote.html
>
> http://www.netmeister.org/news/learn2quote2.html#ss2.3
>
> and many many more.
So "opinions on a web page" - but no mandate, no universally agreed upon
standard...
I usually bottom-post - quoting most of the relevant message before
*because* it makes sense to me to follow the conversation in that manner.
However - if someone wants to top-post or in-line post - that is their
choice. There is no defined standard, no rule on general usenet. It is -
in the end - as I said - opinions.
I may - in certain cases - even go so far as to quote things the responder
chose not to - because to me - it was vital and/or would have already
answered the response had it been quoted already.
glee
news:MPG.25f1df878...@news.individual.net...
> Fri, 26 Feb 2010 10:51:25 -0600 from Shenan Stanley
> <newsh...@gmail.com>:
>> Who says that is *the* correct way to post on the usenet and what do
>> they
>> use to back up that claim?
>
> http://www.xs4all.nl/~wijnands/nnq/nquote.html
>
> http://www.netmeister.org/news/learn2quote2.html#ss2.3
>
> and many many more.
Apparently you did not read the pages you linked, as they do not provide
proof of a "correct" way, but rather of a way "preferred" in the opinion
of the person who wrote the web page.
One page states specifically:
"Please do not consider this to be a "regulatory" document ("Thou shalt
do it this way because we say so!"), but rather as an "advocacy"
document ("A lot of people think this is a good way to do it, and here's
why.")"
You second link appears to be advocating bottom posting as "preference",
not in-line posting. Regardless, there is no Rule That Must Be Followed
for posting format.
--
Glen Ventura, MS MVP Oct. 2002 - Sept. 2009
A+
http://dts-l.net/
Twayne
Shenan Stanley <newsh...@gmail.com> typed:
> <entire conversation, archived>
> http://groups.google.com/group/microsoft.public.windowsxp.basics/browse_frm/thread/be6d208088a32627/
> </entire conversation, archived>
I'm not sure I see why you posted access to the whole thread, but it does at
least show others that their words will be around for others to read for a
long time. For most of the participants of this thread, I doubt it makes a
lot of difference anyway and some might even consider it "fun" to see their
names saved that way for perpetuity, or as long as the resources continue to
carry them.
LOL; just thought of someting: There should be an equivalent to the Godwin
corrolary for mail & group postings. I wonder if anyone has come up with one
yet?
They never turn out any differently than this one and never settle
anything. The only thing that ever comes out is the opinions and ID of
several people who wish to push their own opinions onto others as factual
requirements instead of the opinions they are.
One thing interestingly absent from the discussions so far has been the
availability of advice for people to use concerning netiquette. For
newsgroups that don't have their own charters and sets of rules, FYI's and
RFC's are in place to cover those cases. So there acutally is a set of
written recommendations concerning posting on newsgroups and other places
too. I haven't looked to be sure these aren't superceded and AFAIK they are
still the most recent ones:
FYI 28: Netiquette. Based on RFC 1855, specifically section 3 covers the
one-to-many etiquette for posting to newsgroups et al. There is a section
for e-mail and other sundry methods, but 3.0 is the one that's relevant
here.
This FYI and many more RFCs are archived at: http://rfc-archive.org/ and
you can find most any subject there that would interest you.
Silly stuff these arguements, often initiated by trollish types and
fostered/prolonged by other trollish types, most of whom know better.
HTH,
Twayne
...