Better than slapstick

Discussion in 'other anti-malware software' started by Kees1958, Jan 5, 2010.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    After the nice Matt of malware etc started to publish his videos on the web, it seems it has taken of seriously now.

    It is so funny to see someone judging an application based on harmelss remnants of stopped infections. Sometimes even the most ridiculeous regsitry settings are taken for granted as succesfull intrusions.

    They also seem to use MBAM as a reference. MBAM is good but it has a tendency to qualify every anomoly as an intrusion, f.i. when I disallow a user to change restrictions of IE8, according to MBAM I have an infection. Now this would not be a problem (MBAM correctly reports an anomoly only is a little to harsh in qualifying it as a RED ALERT intrusion), when the testers had the knowledge to 'read' the MBAM report.

    Hail to the security programs which show they are working (especially against killer cookies), they must be top class. :cool:
    What strikes me is that after the publication of a video, I directly (less than a minute after publishing) repeated the test just for fun. GUESS WHAT 7 out of the 9 links were stopped by IE8. This tells me something about the way they collect malware. :D



    Regards Kees
     
  2. Dr who

    Dr who Registered Member

    Joined:
    Jun 6, 2009
    Posts:
    46
    "qualifying it as a RED ALERT intrusion"

    Please a screenshot or log of that alert or detection:thumb:

    Or are you just being harsh with words?
     
  3. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    It seems to me that this anonymous crowd of malware writers are not so inconspicuous after all. Recently the leader of a very peace oriented country has announced proudly how their export of "Defense equipment" has doubled in recent years. By all means I'm not suggesting that Matt has malware writers friends, but somehow they all know where to get the stuff, a bit like informants work for the police force.
     
  4. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Keep in mind that there are many help forums that use MBAM and they need us to reverse systems back as close to default functionality as possible . It cuts down on the help steps if we fix most of it . I think most people know that virtually all of our staff is or was a forum helper at one point , we are just staying true to our roots .

    On the IE8 block issue , FF would likely also block a lot of those URLs . The problem is that in the real world FF and IE are almost never getting the files as the bad guys know how to avoid this easy block .

    We also don't have any official ties to anyone that puts stuff up on youtube about MBAM .

    EDIT :

    I know you did not directly say we do this but I do want to make it clear that 3 years ago we asked many forums around the web and many regular users about cookies . They did not want them detected so we did not add this functionality and we have no plans to add it .
     
    Last edited: Jan 5, 2010
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i dont think its bad of reviewers to use MBAM as well to check, but they need to go into more detail about what its REALLY alerting about, not just taking every red piece of text as an infection of its own.

    also, if theyre going to be doing actual test reviews, they need to be a bit more knowledgable and delve a bit deeper into whats going on with the system to see if its really infected (at the moment, all i see them do is open task manager, see if thers anything with strange numbered name or w/e, then check MBAM and done) thats not very detailed...

    and finally, they ALL use the exact same source for their malware links... i think AV companies as well as malware authors have realized this source by now... (MDL)
     
  6. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Recently a Matt clone performed a really funny "test".
    He tested the FortKnox Firewall, but thought this must be something like CIS, OA or OP, as it's named "Firewall".

    He was unwilling to accept that it is just a Firewall, as a Firewall in his opinion was of course a Firewall/HIPS combo.
    (In the literature this is known as Matousec victim syndrome.)

    So he ended up with his MBAM 80+ detection result and heavily complaining - this is not a Firewall, this is just a network monitor.

    I don't want to expose this person, so you have to search the remove-malware forum to find this video.

    But it's just a bizarre exaggeration of most of these Matt copycats.
    They start a VM, install a program and throw links on it.
    But they have no clue how the tested program works or what the executed Malware is doing.
    I think most wouldn't even realize if the tested program is out of order after the first infection.

    All these videos make me want to run a mile.

    Cheers
     
  7. dcrowe0050

    dcrowe0050 Registered Member

    Joined:
    Sep 1, 2009
    Posts:
    378
    Location:
    NC
    According to the website Fort Knox Firewall does have an integrated HIPS component. It has been a long time since I tried it out but I thought that it did not have one when I used it. Maybe its something new. anyway Im looking for the review you spoke of now. Wow just watched it. This guy admits at the beginning of the review that he really has no idea how this program works. Thats whats wrong with most of these reviews. People think they can evaluate products when they do not even understand what they do. Throw a link at it and click out of the notifications as fast as possible without telling what the program is communicating. Most of these reviews demonstrate the usefulness of using MBAM to clean infections rather than testing the AV/Firewall.
     
    Last edited: Jan 5, 2010
  8. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    From the help file:
    "Intrusion prevention system – analyze packet streams for suspicious activity."
    FortKnox is basically a clone of Sygate.

    Cheers
     
  9. dcrowe0050

    dcrowe0050 Registered Member

    Joined:
    Sep 1, 2009
    Posts:
    378
    Location:
    NC
    I was thinking it didn't have it when I used it thats why I checked the website.
     
  10. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    well i was banned from their forums so i cannot check for myself, any chance u can post the link to the vid?

    (anyone whos curious i was banned for confronting certain people on their forums about how little they know for reasons similar to what uve described)
     
  11. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    http://www.pimpmyip.org/ :cool:
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    o wow... i just watched that review and im just in awe of how terrible that test was, its almost unbelievable to be honest... the guy doesnt even know what a firewall is LMAO, looks like subset is right about the Matousec victim thing :D
     
  13. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    If you ppl think this is bad .... Just wait a few months. Some fool will surely start doing a 140 character review using Twitter. Complete with Paris Hilton approved rating scheme : "Its Hot" or "Eeeww".
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Bruce I hope, that by explicitely mentioning MBAM as a good program and telling it correctly detects the anomoly, I was addressing the testers, not MBAM.

    That is exactly the point I am making with 'the way they gather their samples', their test do not really addres qualitive insight, only numbers. A program blocking 8 harmeless intrusions is rated as awesome, a program protecting against the only real bad staged trojan attack in the test set is rated a failure.

    I am not implying that either, as longh as you keep MBAM a good prouct (so besides psuedo experts, insiders will advise positively on MBA) it is free publicity

    I should have mentioned explicitely it was not MBAM, apologise for that.
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    :thumb: IPS, NIPS, HIPS they all share the same characters in the abbreviation so they must be the same.

    What about this (me being a pseudo star researcher coming from the Netherlands)

    Well, the moon is round, the moon is yellow and looking at its size it must be some sort of Gouda cheese.

    Subset, Innerpeace: Thanks for the sample video, I enjoyed it
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    :thumb: :argh:
     
  17. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    @Kees1958 I know what you were getting at and that it was not directed at us , I just wanted to make sure no one less knowledgeable would read that and assume that we were associated with any of the youtube reviewers .
     
  18. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    415
    Location:
    Belgium
    What really strikes me about this "Professional Malware Remover" and his "reviews" is the fact that he concludes that some security app have completely cleaned/safeguarded a system from his tested malware based only on the fact 1) that he doesn't see any weird icons in the notification bar and 2) no weird entries in the Task Manager.....

    I think it takes a lot more than that to be sure malware has been blocked correctly, and is not hiding in a little corner only to take over a couple of hours/days/months later.
     
  19. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    o my god, today i have read something that is just unbelievable, what is going on anymore... nobody seems to understand what a firewall is anymore, the matousec syndrome really has taken over, here are some quotes from MOD "xyz" from forum "xyz" (dont wanna post names so that my post doesnt get deleted)

    these are just one of many quotes of utter stupidity going around said forums, but its also the same forum that spawns 99% of these testers u see with the 10 links on youtube, if that isnt enuff of a hint to what forum im speaking of.

    and keep in mind, those quotes are from supposedly knowledgeable MODS :rolleyes:

    and PS. those quotes wer about Fort Knox Firewall. from the same thread that encouraged that fuzzybanana go to do his idiotic test on it without even knowing what he was testing LOL.
     
Thread Status:
Not open for further replies.