Malaware Immunizer

Discussion in 'other anti-malware software' started by chaos16, Feb 14, 2007.

Thread Status:
Not open for further replies.
  1. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    Malaware Immunizer is a security program.

    I found it here http://malware.vze.com/

    Is it any good? is it like Spywareblaster? and work together with it?

    I noticed its still worked on.

    I see that it has a lot of rewards and good reviews from other site look at the bottom of the site.?

    Anyone cares to try it? and let me know.
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,123
    Location:
    Pennsylvania.
    *Shifts monocle* Seems interesting, SiteAdvisor says its clean.
     
  3. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Trying it out.

    I was curious about this, so just installed it.
    I'm not a knowledgeable user.
    It seems to be a pretty well designed program, fairly intuitive interface, immunization against known threats (against an update-able database) analogous to Spybot's or SpywareBlaster's immunity, but the operation is quite different, appearing analogous to a drug that blocks receptors on a cell. You'd have to look at the product page, but basically, it seems the behaviour of many malwares have been analysed, and dummy, harmless entries placed as hidden files where their first point of infestation would occur. If the malware "sees" these, it can't install itself, unless it's evolved enough to choose a different name/folder/path. Since MI clearly isn't a widespread/popular program, it's debatable if any of the listed malwares could do this.
    What I don't know, and have just asked, is if it is needed to have the program open after immunizing. SpywareBlaster has a useful popup to advise about this, it's not clear in MI. But I think, based on its' MO, no.
    Otherwise, the EULA is harmless, the install file clean, the help section quite good, the "info on each item" in the database just commands a Google search of same, which I used as a guide in the "unknown" list, prior to immunizing. It doesn't run at startup, and is listed in active tasks only when running.
    Re "isn't widespread/popular", had a look at the forums. Not much activity, the developer clearly could do with some help or encouragement (or money!)
    Definitely interested in seeing some more opinions by folk who know a thing or two.I'm not expecting to see results; I'm fairly protected anyway, and haven't seen malware on this computer for ages.
    I think generally it could be very useful.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    As far as understand this ap, it creates file names of commenly known malware. When the malware wants to create this file it gets an error of the OS, that it is already there. Because malware operates silently most malware makers do not take this into account (according the claim of the authors) and therefore the implant fails. Although this looks like a dumb approach it is a clever approach. I do not know how on demand scanners will react on the existence of malware file names. Also a false positve would be harder to distinguish with all the self implanted fake malware.

    Regards Kees
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Good point. I've a number of demand scanners. I'll try them out.
     
  6. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    Re: Trying it out.

    It sounds interesting but it may not be a very effective approach. I have read that some malwares will generate random filenames to do their deeds.

     
  7. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Without being overly thorough, I've run quick scans or selected folder scans with AVG AS, Avast, AdAware, Asquared,Bazooka,Cureit, Spybot, SAS, and SpywareTerminator.
    Bazooka, and AVG found several traces, Asquared 1 trace, the others none. Most resided in system32, though some others were elsewhere. All were txt documents in folders named after the malware they were immunizing against, and (upon further examination), false positives. (But understandably.) I don't for a second think that SAS scans (for example) are inferior to AVG's or Bazooka's, which makes me think that some demand scanners actually do a bit more analysis of the file found, rather than just registering/identifying the name of it. Sound about right?

    Have to think about whether this is a deal breaker or not. On one hand, I haven't had any malware on the system for yonks, periodic scans come up clean and therefore (almost) amount to a waste of time. On the other, I don't want to waste more time by double checking every supposed false positive after routine scans and becoming complacent, thereby missing the real nasty should it install.
    And I don't know if I can (a) configure all scanners to ignore these files, (b) be bothered to go through it all again evey time there is a database update.
    Might ask at the MI forums if there's an easy way round this.
     
  8. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    So is this program worth to use?

    I have Spywareblaster would this program give me extra protection? or its not really needed?
     
  9. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    chaos 16, I'm not a knowledgeable user, so don't know for sure.
    Firstly I think it depends on what security applications and approach (ie user configuration/surfer habits) you use.
    I can tell you that it's not conflicting with anything I'm running, and uses no resource after installation, much like SpywareBlaster.

    Since my last post I ran a full scan with SAS and it detected many (about 34 I think) instances of malware. The few I looked at confirmed they were false positives. I've posted a question about this at the MI forum, no answer yet.

    I don't know if it's at all reasonable to expect the "mainstream" malware scanners to acknowledge and ignore these "false positives".

    I think this approach is likely to offer protection from known malware.
    But I also think it's the unknown malware, which MI has no info/updates on, that will be more of a problem, and since the developer/writer is obviously short on resource/time to keep track of it all, can't see that this should be something you should rely on. And as said above, the number of false positives generated during routine scans could make it a deal breaker for me.

    Any knowledgeable user comment welcome!
     
  10. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Re: Scan "FP's" solved.

    And the answer from the developer is:

    (Quote from the MI forum) Hi Tarq57,
    You can remove the immunized items from MI before doing a scan with anti-malware programs and re-immunize them after the scan is completed. This will solve the described problem entirely.

    So simple.
    Keeping, though it probably isn't necessary. It's zero resource, and another layer, in the same manner as SpywareBlaster.
     
  11. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    591
    Location:
    Canada
    There was a thread about croatian antivirus that detect viruses by detecting file names commonly used by malware.

    So if we use malware immunizer and than scan with that "antivirus" it would bring us funny results :)
     
  12. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    You could expect false positives from most scanners, unless taking the step recommended above. Tried it, takes a few seconds, solves the issue.
     
Thread Status:
Not open for further replies.