Anti-Malware software that are meant to be used live(eg MBAM)? Strategies?

Discussion in 'other anti-malware software' started by wearetheborg, Aug 29, 2010.

Thread Status:
Not open for further replies.
  1. wearetheborg

    wearetheborg Registered Member

    Nov 14, 2009
    I always assumed that AM software would be most effective if run "non-live" eg from a boot CD, then I found this for MBAM:


    Are there other AM that are meant to be used live?
    Are there AM that are more effective if used non-live?
    Are there AM that are equally effective in both usages?

    For live scenario, is there anything that can increase or decrease effectiveness (other then renaming the exe to make it execute)?
    Eg, say I am in a LUA, and I run MBAM with root privileges from the LUA account. How does that compare to running MBAM directly from admin account?
    Last edited: Aug 29, 2010
  2. Boyfriend

    Boyfriend Registered Member

    Jun 7, 2010
    Actually, MBAM currently do not support packed files (.rar, .zip, .7zip, etc.). Extract all the malwares and put them in a folder. Then run a scan and it will detect them. In future version, they are planning to include common packers support. Others questions can be better answered by some other expert.
  3. MrBrian

    MrBrian Registered Member

    Feb 24, 2008
    Anti-malware products that rely on detecting suspicious behavior for their effectiveness are probably best run on a live system in normal mode, where the suspicious behavior may be exhibited. Hitman Pro would likely also fall in this category.

    Anti-malware products that don't rely on detecting suspicious behavior for their effectiveness are probably best run from an alternate operating system, or at least safe mode, where rootkits are less likely to hinder detection.

    If in doubt, check the vendor's guidelines for usage.
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Dec 22, 2009
    Outer space
    Both Hitman Pro and Prevx are a lot better on a live system because of their behaviour techniques. I think for more traditional AV products it depends on the malware. Their new versions with new behaviour detection can maybe detect some malware only on a live system, but on the other hand, their older techniques might only detect some other malware when scanning offline. Maybe it's better to use scan with them both on- and offline, though that would be quite time-consuming when professionally/regularly cleaning computers :p
  5. Brummelchen

    Brummelchen Registered Member

    Jan 3, 2009
    eh yo man - me again :D

    same cite, another text - but the topic is same:
    - you cite an answer to the topic how usefull MBAM works from a PE-build drive
    - MBAM author and admin wrote that answer - MBAM is more effectiv on the
    real system than on any PE-build due its strategy.

    next - i dont get your real question - first you asked for alternatives to MBAM,
    now you ask how to compare apples and peaches.

    each am/av has its own strategy, some more, some less effective.
    if you need a rescue disk get one from eset, avira, kaspersky - seem more effective
    than using mbam that way - read your cite again!

    concerning mbam - why dont you ask in the mbam forum if mbam elevates to
    admin rights when used under lua? (sorry, i cant answer you that)
    at first i would say that mbam dont elevate... which is according to the user
    rights within windows - you have to scan with admin power in other profiles.

    my advice for a second opinion is still mbam, in most cases its ok.
    if someone cant install mbam for any reason he should think in general about a
    fresh install of windows - there is something more damaged than only security.

    if not mbam - then

    TheCleaner Portable (Demo is sufficient)

    SuperAntiSpyware Portable

Thread Status:
Not open for further replies.