MRG Rogue Software Test

I restored an image with a2 from August 10.
In fact I run this test today, but that doesn't matter as long as the program and the signatures are from August 10.

Cheers

 

Yes you are right, hopefully with time these AV companies will improve their products and users will become more conscious about security as well.

 

On the other hand, if I purchase a security prodct but I cannot expect it to protect me, then why should I buy such a product in the first instance.

 

Ah smart man!

 

Hi Mike,

Im still waiting for a response on this issue.

 

Related to OA.

There is only one file in the RegGenie installer which is trusted at OASIS, the RegGenieSetup.tmp.

This file is the Setup/Uninstall component from Inno Setup and used by a vast number of programs, like you can see here at the matching OASIS site (huge list, maybe slow loading):
http://www.tallemu.com/oasis2/file_hash/52950AC9E2B481453082F096120E355A

But... NO other file from Reg Genie was trusted because of this RegGenieSetup.tmp and therefore had a chance to run as trusted program.
So it's downright ridiculous to state OA++ was bypassed or has failed the test because of this file.

Again, either these MRG guys are completely clueless or fake their "tests" with intent.

Cheers

 

If the RegGenieSetup.tmp is the setup file, wouldn't OA(Online Armor) just auto switch to "Installer Mode" when it sees the file, and defeat any purposes on whether or not OA trusts the other components?
Though the premium may give you the option to not do "Installer Mode", in the "free" version there is no choice to not to (this may/may not be the case anymore; I haven't used the latest version of OA free).

 

As said before, no other component is trusted. Is this difficult to understand.

RegGenieSetup.tmp is not "the" setup file, "the" setup file is RegGenieSetup.exe.
RegGenieSetup.tmp is just "a" part of Inno Setup, which is deleted after the installation.

If you just click allow at all OA prompts during installation, you will end up like this.



All Reg Genie components present on the system have the Trust Level "Unknown", which means they will monitored for potentially malicious behavior.

What's was the goal of this MRG "test"?
To click allow on every HIPS prompt and if the installation is finished the tested program has failed.

Cheers

 

Are you using OA(Online Armor) "free" or OA "premium" (or above), there?

 

Id actually like to see what prompts OA showed when one attempted to install reggenie without entering learning mode, prior to whatever changes Mike Nash may have made the team do (EDIT as a result of this test.

 

OA Premium/OA ++.
But if you test with OA ++ now, you have to avoid the signature detection, which was introduced after the MRG test.

Cheers

 

Thanks for this Subset! I see what you are saying, since you need to press allow twice. However, imo the big green trusted installer pop-up is still a breach of OAs defences. Imagine if someone doesnt know what reggenie is and they decide to allow the install to see what kind of pop-ups OA throws up. The trusted installer pop-up may deceive them into thinking reggenie is a safe app.

 

Yes, thanks Subset for the explanation and graphics.
Very well done!

Dregg Heda,
If someone doesn't know what a program is and still tries to install it, well they will suffer the consequences.

Why in the world would anyone allow the install to see what pop ups OA throws out? Some Common sense would be nice.
Perhaps only a tester and they take the precautions just in case.

A regular user should have no reason to do this.
And if they do, the old cliche still holds true:
If you wanna play, you're gonna pay.

 

Hi danny,

You've got a point there. I guess Im just unhappy that the OA whitelist has RegGenie listed as a trusted installer when its a rogue. Hopefully Oa have this issue resolved.

 

well these OA popups leave a bit desired.....
1.At no point there is an option to check the online OASIS database
2.OA pop up reads if there are pop ups about keyylogging/autorun/explore addins then the risk is higher...no such pop ups follow...so
3.OA identified it as reggenie with the first pop up and eventually trusts it and that is the flaw...or the bug that mike mentioned.
4. online armor firewall web page states...

now if one inadvertently installs this how can one remove it as per OA quote

 

May someone (or did anyone) test with OA(Online Armor) "free"?

If the so called "advanced" users weren't 100% on if this program was true Rogueware, until the later parts of this thread; how would a "regular" user of known? Virus-total had zero detection of the program. An OA(Online Armor) user would of saw the trusted pop-up, blindly trust it, and would of been burned.

Interesting enough, if it wasn't for this MRG test which in turn spawned this thread, how long would of this OA "bug" of gone unnoticed? But I think the better question is, whether or not one can really trust OA's white-list, again (meaning, how many other "bad-wares" are on the white-list, that shouldn't be, and if so, why are they even on there in the first place)?

 

Applesauce, just click "More" at the prompts.

Go to Programs and block the related files, this will also end the running processes, if there are any.
Then you can remove the files manually.

Sounds like you have been recently assimilated.

OA didn't trust the Reg Genie installer digitally signed by this very dubious "Comodo Time Stamping Signer".
It just trusted a part of Inno Setup, which more than 8100 other installers from the OASIS list also contain.

Cheers

 

As far as I can tell -- when "shills" try their deceptions in this forum, they don't last very long.

The Mods & Admins here do a superb job of "weeding the garden" -- often with very little thanks. I'm not kissing up -- the Mods do piss me off at times -- but I fully recognize that this place would be a jungle without them.

 

Oh this just keeps more dubious,this is appertaining to information that has come to light very recently.

Why discuss test models or cling to results generated when the testers themselves have been proven to use somewhat questionable if not unethical practices as they claimed to be independent.

Earliar in this topic Sveta announced that there was no connection what so ever between SSupdater and MRG.

The following data is to prove once and for all that was a blatent lie

https://www.wilderssecurity.com/showpost.php?p=1535671&postcount=18

So finally can we put MRG like SSupdater to bed as rogue testing outfit who's tests/results are as likely to be trustworthy as a rogue review site