Malwarebytes Anti-Rootkit BETA

Discussion in 'other anti-malware software' started by Cudni, Nov 10, 2012.

  1. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Good to see they're continuing to develop this. I wonder how close they are to going "final" and does anyone know if they plan any integration with MBAM?
     
  3. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Started off OK, but seems to have stopped scanning...

    ScreenShot_Mbar13_v1.7.0.1007_08.gif

    ScreenShot_Mbar_scanning_stuck_01.gif

    ScreenShot_Mbar_scanning_stuck_02.gif
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Trying to cancel, but that appears to not be responsive, also. Will have to forcibly terminate...

    ScreenShot_Mbar13_v1.7.0.1007_14.gif

    ScreenShot_Mbar13_v1.7.0.1007_15.gif
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Can't forcibly terminate, either...

    ScreenShot_Mbar13_v1.7.0.1007_16.gif

    ScreenShot_Mbar13_v1.7.0.1007_17.gif
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Stuck between a rock and hard place. ;)
     
  8. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Is this going to be in beta forever?
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Finally, some movement...

    ScreenShot_Mbar13_v1.7.0.1007_18.gif

    ScreenShot_Mbar13_v1.7.0.1007_19.gif

    So, did the scan really complete?
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Good question. :)
     
  11. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
    Does it matter?
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Back atcha...Does it matter? :D
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Back atcha...both of you:D does it matter?:)
     
  14. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    It may matter with regard to the license and support - typically beta products are "use at your own risk". Coming out of beta and declaring a product "gold" or "final" usually implies greater confidence in the software's safety and effectiveness. They could start charging for it too.
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    exactly:)
     
  16. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    It matters cause many people will not use a beta product.
    More bugs/incompatibities/improvements are less likely to be found and eliminated.
    And the product does not gain better reputation cause it appears to be unfinished for a long time.

    Just my 2 cents...
     
  17. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Maybe:
     
  18. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Thanks, BMW!
     
  19. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    I just tried it a few hours ago, and it managed to detect the fact that I have my logoff menu displayed as a "potentially unwanted modification". The same warning was given because I disabled Windows automatic updates. IMO, this is bad behaviour from an anti-rootkit software. :thumbd:
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    No problem :)
    Why? Rootkits can disable Windows updates etc if they like. IMO, an anti-rootkit tool should not only delete the rootkit, but also it's traces, restore modifications etc. It's also labeled as potentially unwanted modification. So they don't label it as malicious, not even unwanted, but potentially unwanted, what's the problem?
     
  21. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    As long as no actual rootkit infection was found, I see no reason for such "leftover" detection.

    Because both of the modifications were selected at the end, and a click on the "Next" would have reset them, even though they are not malicious. I am experienced enough to know what "potentially unwanted" means and to investigate further, but I'm not sure everyone knows how to do that.
     
  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    That's precisely why these things need to be detected and restored, since most users are not experienced enough to know if their Windows Update is disabled or not. You as an experienced user might not want Windows Update, but for sure non-experienced users should be alerted about that as a potential problem.
     
  23. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    It seems that you have a certain view about what is and what isn't a threat, and I don't agree with that view. You will continue along this path, and I will continue not to use your software, and so everybody will be happy!
     
  24. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Actually it's not referred to as a "threat" but as a "potentially unwanted modification". It's actually quite clear and easy to recognize the difference.

    I fail to see how this is even an issue. It's not even specific to Malwarebytes Anti-Rootkit as the entire AV/AM/Security industry uses the term "potentially unwanted" and more and more security products and malware cleaners nowadays restore OS modifications typically made by malware.
     
  25. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    I'll try to explain it in more detail, maybe it helps...

    MBAR.jpg

    What is wrong with this picture? (red underline is mine)

    1. Two malware items detected! Configuring my Windows XP in a different way than the default one qualifies as malware? I guess not.
    2. PUM.Hijack.StartMenu is misleading. First, there is no mention inside this window about the fact that PUM means "potentially unwanted modification"; I had to look that up on the internet. Second, Hijack implies that something took control of my Start Menu, which is again not true; it is just a setting I made.
    3. PUM.Disabled.SecurityCenter refers to a registry key that disables update notifications, which also can hardly be qualified as malware.

    In conclusion, an anti-rootkit tool should detect and clean rootkits and not some user made configuration changes. While I agree that some malware/rootkits can modify those setting, if there is no other information about a potential infection on the system, it is stupid to report them to me as malware.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.