Malwarebytes or CounterSpy v3 ?

Discussion in 'other anti-malware software' started by Jean Marc, Jan 7, 2009.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    TO Max Zorin: if your are still reading this thread:

    I would like to believe what you have said and revealed so far, you seem to know a lot of untold story, arousing my interests.

    Would you possibly reveal the background of what you are. Many here do not know you that well due to the fact that you have not been around long enough.

    If what you have said are to be proven as truth nothing but truth, then, members here, including me , will have to consume
    more than few shots of brandy to calm our surprises.

    Can you ?
     
  2. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Please learn how to differentiate between a vendor and a single detection. Otherwise we'll be forced to meeting you with a view to a kill.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This will just be an opinion based on the fact I used to use CounterSpy previous version, for the trial period, that is.

    Using the defense I use, I never got an infection. But, well, just because our preventive and detection measures won't show nothing, that won't mean, for itself, that the system is clean. So, why not give CS a ride? I installed it and it found nothing that my preventive and detection tools wouldn't. Meaning, found nothing.

    Bottom line: CounterSpy is a great antispyware tool, but if you make use of great preventive measures (mostly), then detection will be a secondary issue. For that, there are better alternatives than CounterSpy. So, my bet would be MM (on-demand).

    Now, if you wish to use CounterSpy for it's overall features, then it would be worthier than MM, IMHO. MM real time protection is not that great. Why? Malware will need to be active, for it to detect it, while CS offers preventive measures. It is a matter of you know how to answer to the alerts and if you don't, if you're willing to learn.

    Choose the one that will fit your needs.
     
  4. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103
    Matey, I am the Managing Director and majority shareholder of an international business process outsourcing / solution provider.

    My company works with multinational corporations such as Sony Europe, Sony Music, Hitachi Europe, Hitachi GST, Hitachi Capital, Motorola, Xyratex, General Dynamics, Raytheon, ARM, Siemens, Renesas, Symbian, Huawei, France Telecom, Serco, Nortel, Tata etc and provide outsourced vendor & resource management services – with each solution ranging from €250K to €19M – I think I know what a “vendor” is.

    I will help you out and make a simple example for you so you won’t forget again - Microsoft is a “vendor”. Word which is made by Microsoft is an application. Word V1, V2, V3, V4, V5 etc are all versions of the same application. A vendor makes and vends applications /software / code. The application / software / code is NOT the vendor.

    Hope this helps :cautious:

    MZ
     
  5. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    as to stay on topic I think for real-time counterspy would be preferred and for scanning malwarebytes anti-malware would be preferred,

    and as of for mbam having bad detection well I believe that the number on their site is real since it went up now it's at 1471 but that's just the vendors for each vendor there are multiple malwares if you prefer the higher the number the better then ignore that number and pay attention to the other one that reads 568,231,251, :rolleyes:

    besides if mbam had such poor detection then why do so many malware removal specialist (the people that are trained to check HJT logs) use mbam to detect and remove malware,

    and after mbam detects and removes so much malware on so many people's computer and their computer starts to run much better I suppose it's all in their head?
     
    Last edited: Jan 9, 2009
  6. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103
    Perman - If you look at this, other forums, the vendors website etc, you can gather the info together. The list of malware MBAM detects is on the vendors website, the author has stated in this forum that it is him and one part time person who code the application and update signatures.

    Im not here to make a dig at anyone for no reason, but it seems too many members here keep putting MBAM forward as the best AM scanner - when it is not. It is just flavour of the month.

    MBAM is almost certanly great at removing the thousand or so rogue apps and a few other thins listed on the vendors site, but it does not have the width of detection of other AMs out there - unless they adopt a third party engine, they cant compete with the large vendors as they dont have the resources required to analyse all the threats out there, uptade signature database etc.

    SSM, Sandboxie etc are all possibly one man bands, but they dont rely on signature updates in order to work. i have an old copy of Processguard somewhere - old as the hills, but it will still work, whereas my old copy of TDS will be on no use at all.

    Some members here keep saying they dont care about tests etc as they prove nothing, but instead rely on their own experience and cite examples of how MBAM has removed this or that from a PC they have worked on. It is not true that tests prove nothing. Removing malware from your own PC is a test.

    My issue is that I feel it is bad advice to keep telling new / novice members that they should use MBAM as theit AM scanner of choice, when nearly all the others detect more. Given it is a fact that MBAM detects so few things, it is best used as a free malware removal tool in the unlikley event that someone with a decent setup gets infected.

    Apps like A2 or Prevx Edge detect many more things and have several other levels of protection (HIPS, web etc) - so clearly, if you were to have just one aditional AM scanner to support an AV, you would be better off with one of these as you would be less likley to become infected in the first place.

    Use MBAM if you want - but dont try to argue it offers protection in support of an AV as well as that provided by most of the main AMs - as it does not.

    MZ
     
  7. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103
    Please see my post above to understand what a vendor is. 1471 is the number of nasties it detects - thats it. MBAM use the term vendor incorectly - Rogue Antivirus 2008 is NOT a vendor - ita an application which is a fake AV. It is itself made by a vendor.

    568,231,251 - refers to the number of individual objects (infections) MBAM has removed so far in the world - not the number of nasties it detects! read what it says on the vendors website.

    MZ
     
  8. Judge Dee

    Judge Dee Guest

    Maybe, MZ, people would listen more if you would learn to be more gracious in your speech. We're here to learn, not to be looked down upon.

    Regards,
    Scotcov
     
  9. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    well by vendor I assume he means family,

    by family I mean the many many different variations of antivirus 2008 there is not just one there's a whole family of antivirus 2008's,

    which is why you can never go by the number of detections in an anti-anything because each detection detects many variants of a malware,

    some anti-malware companies list each variant as a detection if they did this for mbam the number would probably be much higher.

    edit - number went up to 1472 :p
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Max, below is a sample of four key gens and six morphed fake codecs that aren't listed in Malwarebyte's online database.

    Detect.jpg
     
  11. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
  12. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    Guys don't feed the troll.Really it's not worthing.

    Hy.There is nothing to listen.It's one man opinion based on what it seen /read on the internet.
    Is as futile as this:
     

    Attached Files:

  13. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103
  14. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103
    Yes, perhaps I have been a bit harsh - but then, when I made simple observations have a look at the arrogant and rude coments some members made - unprovoked. Wilders is famous for this.

    There is a prime example of this above. A "security expert" has posted a hilarious cartoon - oh, my aching sides.
     
  15. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    MZ,

    You are very much misinformed and subsequently your thinking is faulted.

    Defintions aside MBAM(like SAS) are utilizing proprietry technology that others do not pocesss as of yet.Hence why they both often have the capability to kill what they detect instead of the all too familliar Detection>>>Reboot>>>**** its back again scenario:eek:

    FYI SAS was first Botkiller to use raw disk read and DKOM function to target certain RK's that bypassed tradition API reads IIRC they were also the first to use MZ header splitting and so now is MBAM and don't forget their DOR driver:D

    Both softwares can track back from targeted DLL into the registry and rip associated infection values....very neat trick for botkillers.

    Thats just a few tricks listed but if your as knowlegedable on this subject as you wish people to think then please provide some examples of where other "3rd party engines" have better technology then MBAM(or SAS).

    So anyway they do compete and and actually outperform larger business's.Why else do you think the likes of MBAM(&SAS) are some of the first tools called for when traditional brand favourites have failed at protecting someones computer and they turn up at computer shops or help forums looking for a solution.

    So tell me why on earth MBAM needs a 3rd party engine when they have one of the better ones availableo_O

    Looking forward to your informed answers:)

    ps Disclaimer there are defo more folks on the books at MBAM right now,i had declined the offer to jump ship from SAS to MBAM but know more about the MBAM setup then you obviously do.

    pss there's an old saying if the cap fits then wear it but in your case try not to choke while ingesting your hat:p
     
    Last edited: Jan 9, 2009
  16. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    100
    If you were to re-read a majority of the posts here, many specifically say Counterspy would be better for protection, while MBAM is great at disinfecting. I am not sure I understand what you are trying to argue, when it seems you are in agreement, although with much more disdain towards MBAM then seems necessary.

    Regardless of what position you have or think you have, I would think someone of your "stature" would understand the value of real world performance over the obviously flawed vacuum testing that perpetrates the industry. You should also know that the # of signatures is also a flawed view of the effectiveness of any product, and most vendors promote signature numbers to impress those that aren't "in the know".

    If I have an infected family/friend PC to fix, I will take MBAM over Counterspy to do that job every day of the week. Once it is disinfected, then maybe Counterspy has a place.
     
  17. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    Max - slightly off topic

    As a wheeler-dealer, what do you know about IdentIT Inc http://www.identit.ca/clients.html

    You will note that they have NO clients listed (unlike you!) and that there is an error on the page (in Firefox and Google Chrome - where you will note the dark grey bar towards the bottom of the page is in the 'wrong' place).

    They seemed not to care when I raise matters with 'The Management'

    Tkanks in anticipation of a response.

    Dave
     
  18. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    There are 3 or 4 people involved. But yes, a very small team.
    However, they seem quite talented in what they do.

    True, but that is how they have chosen to work. See my post # 10: they don't put energy in killing malware that other AM/AS companies already detect; they concentrate on what the others don't detect. As a consequence they will not have the width of detection of other AMs, but are in the frontline with detecting/removing the most recent malware.

    This sounds familiar to me :D
    You can look at it this way, but it is a test in the real world and not a labte$t.

    I think the most safe way in the AS/AM department is not to rely on 1 scanner. I'm trialing counterspy on the moment and I'm pleasantly surprised. I agree with partipants who suggested a combi of counterspy and MBAM.
     
  19. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103

    I am NOT misinformed.

    1) Nobody - including me made any comment on their detection technology - so why are you introducing it in to the discussion and trying to show your technical expertiese by describing it in detail?

    2) Nobody here said other 3rd party engines had better technology. Why are you saying they have? If you actually take time to read what I wrote, you will see I was stating that it would not be possible for them to cover the same wide spectrum of malware as they have fewer resources and not enough manpower to gather all the nasties / create a signature base in the same way the larger vendors do. I stated the only way a small outfit could do this (drastically widen the malware detected) was by using a third party engine. This is true - so do not try to miss quote me or twist what I say.

    3) In terms of there being more people at MBAM now - quite possible. About 6 months back there was 1.5 - so what, if there are 20 there now, they will still have the same resource issues.

    The original poster asked what would complement his AV best - CS or MBAM - I stated that I would not use MBAM as it does not detect as many nasties as others. This is a fact. I dont care that it can remove a few fake AVs etc. The original poster or anyone will be better protected using A2, CS or Prevx etc as a support RT scanner.

    I have said, use MBAM as a free malware removal tool if you are unlucky to get infected with one of the things it detects and nothing else will help - but dont rely on it as your realtime scanner.

    It does not help the discussion with members miss using basic terminology - such as "vendor" let alone you saying people have said things they have not.

    MZ
     
  20. RubbeR DuckY

    RubbeR DuckY Developer

    Joined:
    Jul 7, 2006
    Posts:
    228
    With all due respect, I have proof that you have no idea what you are talking about. Malwarebytes has 8 employees and has solid technology and resources behind it. We release updates nearly every two weeks.
     
  21. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
  22. RubbeR DuckY

    RubbeR DuckY Developer

    Joined:
    Jul 7, 2006
    Posts:
    228
    I'll make sure I take a look at it.

    Now that I read some more of Max's posts allow me to clarify more. Malwarebytes has 8 FULL time employees, as in they do not do any outside work other than work on Malwarebytes' Anti-Malware. We also have 3 work for hire guys (so let's call it part time).

    Next, just because we say we detect 1500 families, that does not mean it limits the detections. We do not name our families Trojan.A and Trojan.B, we create a generic name such as Trojan.Downloader which is itself 500 other families. The number is exponential but it saves space in the database instead of adding text that is unnecessary and confuses the readers.

    Finally, we currently have under 70,000 fingerprints. That is only about 25% of the actual detections we have. The rest is heuristics and install pattern detections.

    So, you had certain facts skewed, I hope I cleared some of them up. If you still think our product is crap, feel free to test it against the CURRENT malware that is around.
     
  23. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thx rubber for clearing some stuff up, was hoping a dev would come on to straighten things out :D gotta say, MBAM does wonders for me as a scanner.
     
  24. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Yes, please. Never worked since I started using MBAM the summer of last year.
     
  25. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294

    Thanks for clearin the misinformation up :thumb:

    I wish people wouldnt start BS,but what do ya expect on a message forum.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.