Why Malwarebytes, SUPERAntiSpyware is popular?

Why Malwarebytes, SUPERAntiSpyware is popular?

Avira, Avg, Norton, Drweb, ... etc
already has a antispyware protection. Why need it?

 

Im in two minds about the need for a seperate AM scanner myself. Several years back, AVs did not tend to cover many types of malware, but now the majority do.

I have not sen any conclusive tests to show AMs are any better at detecting Malware than AVs.

I pretty much have them all - MBAM, SAS, SAB, A2 and Trojanhunter. I have not used TH for ages, but I sometimes have MBAM, SAS and A2 running in real time if I use F-Secure. Right now, I have KAV2009 running with everything set to max -and with the recent release of the new version of 2009, it runs faster - and I dont have any other AM apps running.

I believe people use AMs as it gives a feeling of security and may well in reality provide a level of redundancy, but as I say, at the moment, Im not convinced that any AM will improve on my KAV setup.

 

Me neither.
Nor have I seen anything conclusive to prove that having detected the malware,they are better equiped (in some cases) to clean it.
But I believe this to be the case, based mainly on the number of various forum posts around the web along the lines of "My AV told me a trojan was installed, quarantined it, but it keeps coming back..." (plus one experience of my own of this, some years ago.)
In most of these cases programs like SAS and MBAM fixed the problem.
And those two in particular are being mentioned more frequently of late in regard to some current malware.
Some time ago it was Spybot and AdAware that were the "mainstays", and often following that, the user then had to run scripts designed by the malware "helper" to finish off the clean-up.

 

Antivirus Firm is a rich and big firm.
They have 300-500 employed
They have many advanced automatic malware analizer tools
They founded a few years ago
So why do they good job like Malwarebytes,Superantispyware etc.

or are we wrong? we dont need anti-spyware?

 

Most big AV's now have AS detection. But you have to remember that no AV has a 100% detection rate. So SAS and MBAM are useful as a second opinion.
When I clean infected computers, SAS and MBAM almost always find stuff that AV misses.
So in my opinion, AS are not dead yet...

 

I agree. When I clean computers, even if they have an updated av, SAS MBAM alway picks up lots of stuff. Doen't mean they are any better, but running a few more blacklist scanners will cover more things off.

 

is emsisoft a2 better than SuperAntispyware or Malwarebytes?
their signates very huge

Number of Malware signatures:
Trojans 1000332
Dialer 52762
Worms 96780
Spyware 62336
Traces 267562
Total 1479772

 

more signitures doesnt mean better detection. you can have one signiture detecting a whole family of malware.

 

Signatures don't say anything, some companies use 1 signature for 1 piece of malware, even if multiple pieces of malware belong to the same family they will still use 1 signature for each and every separate malware strain. Other companies use 1 signature to clean up entire malware families consisting of many many strains of malware.

In short.... some companies like to advertise with very big signature numbers.

 

Well, antiviruses are very good, but obviously they can't catch 100% of the stuff. Especially spyware, which has become very very common, think of Rogues, for example. While anti-viruses can often deal with more than 99% of malware, and over 95% spyware, the remaining 5% is missed. And that little part can be detected by running another anti-virus app(which would cause conflicts) or anti spyware app(which usually doesn't make conflicts). Obviously the second one is the best choice. However there's no need to run tons of anti spywares.

About the signature count: IT doesn't really matter. For instance, Norman according to AV-comparatives detected more than 1,300,000 threats, while other avs with lower threats (for ex kaspersky at the time had 570,000 signatures and detect a lot more)
BTW SAS should detect more than 1,000,000 spyware, and ewido:

Don't know about mbam though...

 

av's are getting better at spyware detection.
back in 2003 i had windows ME on my computer and NIS2003.
6months after getting a new computer my dad's friend reccomended spysweeper back then it was a great program. i decided to install it on the old computer and it found 20 trojans and around 100bits of spyware adware etc. so spyware and trojans where the main reason that computer was so slow. the other reason was windows ME ugh....
so my new pc got a different AV plus spysweeper.
that computer has never been infected.
back then antivirus companies missed all spyware because they werent looking for them. they were looking for traditional file infecting viruses.
took them awhile to notice the new threat and help combact it.
malware free since 2003 or 2004.
people still fall for the spyware tricks to this day and the damage to the OS is getting worse.
if a friend gets infected i ask them to run a scan with superantispyware free and it always delivers the goods.

 

As great as things are now , you have not seen anything yet .

Between active protection , removing power and scanner weapons we have 4 additional tools on the way that will all dramatically improve our abilities . Speed in which MBAM improves is one of the reasons we are so popular . Another is responce time to new threats . I get far more samples in each day than any one person could ever handle so what I do is prioritize . If every AV already detects something I dont even check it a second further . If next to none do it goes right to the top of the list . In the end this makes MBAM very good at dealing with what the AVs are very bad at . I also spend alot of time working with the HJT forum helpers and doing HJT forum research because the vast majority of samples there are AV bypassing samples and gold to MBAM defs .

Working smart like this lets us do very well with only the fraction of the employees . At this moment we have three full time employees and two part time .

I would imagine that watching the underdog win does not hurt us either .

 

I tried MBAM on some infected PCs( having rougeware) and it worked excellent. Both these PCs were having real time AV protection ON.

Now I changed my mind about AS scanners. IMO it,s necessary to have a real time AS/ AM in addition to AV for ordinary users and I think SAS and MBAM are good choices for this.

 

Hey Bruce, I've always had the question: are you the head of a (small) team working on samples and defs or is it just you?

 

I have periodically installed SuperAntiSpyWare, CounterSpy, MBAM, and, in the distant past, even SpyBot Search & Destroy.

But they never stay installed as they never find anything; for there is nothing for them to find.

Perhaps it is clean living (computing). Perhaps it is the NAT Router and the software firewall. Perhaps it is Firefox and NoScript.

In any case, I guess I am glad that there are programs out there for those who need them, and for me to use to validate the integrity of my own system.

 

From PC World article Are You Wasting Your Money Buying Antispyware Software?:

Here are the on-demand detection rates of spyware and adware by various antivirus programs on 83,054 samples. Most AVs are over 90% in the adware and spyware on-demand category.

Real-time antispyware programs that detect spyware by behavior might be useful, unless you're using a HIPS program or other abnormal behavior detection program that covers the same behavior areas.

I have recently uninstalled all dedicated antispyware programs, and instead use 3 good AV programs, including one real-time. My HIPS covers most of the behavioral areas that the antispyware programs I'm familiar with covered.

 

Defs are almost all me . I have one guy that from time to time does some strings against our link pile and another that researches the link pile to dig up further links .

Very soon we are starting another full time hunter/defs guy so its only going to get better .

My goal is to get 5 guys on this by 09 .

 

I do not read anything that mentions multiple scanners detecting 90% of samples because that is not reality . I VTed a rooter and a downloader today that both scored a perfect 0/36 and that is the reality we all face . The downloader unleashes hell and has been know of for at least 3 months by all AVs but because of the best packing I have ever seen is never detected by more than 1 or 2 AVs on VT . Malware packing that evades the packer detection of antivir is some good (bad) stuff . While FUD by VT is not common , under 50% is and that is the case for the vast majority of what I see go through it . I do not think they will ever have a major publication where the only samples allowed in are not prescreened and taken directly from live links collected by impartial and independent malware hunters . The reality of a test like that would not make anyone other than the backhats happy .

One thing that I have noticed and others have mentioned is that most AVs while great at blocking suck at removal when they screw up . MBAM is extensively used in HJT forums because it takes care of that situation by design far better than the AV that let the user down to begin with . We are adding more power to removal all the time and it is getting close to perfect .

People can say all they want about how non AV+HIPS is dead but the simple truth is that a huge chunk of people surf like fools , never update anything , click on everything and will never know that HIPS do anything other than hold up their pants . These people need an app like MBAM for the many many times their preinstalled AV fails them . $24.95 lifetime VS. multiple $200 trips to the repair shop is simple good math .

 

AV performance against malware (not just spyware and adware) collected from a honeypot is found at
Most Effective Antivirus Tools Against New Malware Binaries. The August 8 stats are based on 3169 samples.

 

The topic of this thread is Mbam, SAS, etc, and NOT Mbam versus NO protection whatsoever -- thus calling for $200 repairs (which is FUD to the extreme).

MBAM I like. Poorly disguised spam & FUD on behalf of ANY security app -- for that I have zero respect.

 

Actually, the topic is Why Malwarebytes, SUPERAntiSpyware is popular? In my opinion, nosirrah is completely on topic when he states, "$24.95 lifetime VS. multiple $200 trips to the repair shop is simple good math." That's one reason why MBAM is popular. Simple as that.

 

My computer classroom has multiple computers for several years, none of them using MBAM. We never have had "$200 trips to the repair shop" because MBAM wasn't present. Not once --much less not "multiple" times as nosirrah's FUD implies.

I use MBAM on my personal PC & like it a lot. However, my class's computers have safely used a certain AV & a certain HIPS for a very long time, with no MBAM & NO infections that required $200 repair jobs.

This thread shouldn't become a set-up for ANY vendor's representative to bash competing products.

 

Spoken like a real gent.

Of course indirectly speaking, it might do well to take that the MBAM'S statements are a basic generalization from his area of dealing with malware infested peeps and it's a sure bet he's not in a minority that's shared that's witnessed the downright shame of users left with little or no choice but to resort to dishing out more amounts of greenbacks then if their were ready alternatives available to these users.

EASTER

 

because a single product cant handle alone. so im using a combination

avg 8.0 + norton antibot

SAS for on demand scanning

Spywareblaster for add'l protection

 

From what you are saying, it seems that MBAM should only be used as a complement to full AV's as it is designed to compliment them.