MRG Rogue Software Test

Discussion in 'other anti-malware software' started by LoneWolf, Aug 16, 2009.

Thread Status:
Not open for further replies.
  1. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    I restored an image with a2 from August 10. :p
    In fact I run this test today, but that doesn't matter as long as the program and the signatures are from August 10.

    Cheers
     
  2. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    378
    Yes you are right, hopefully with time these AV companies will improve their products and users will become more conscious about security as well.
     
    Last edited: Aug 22, 2009
  3. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    378
    On the other hand, if I purchase a security prodct but I cannot expect it to protect me, then why should I buy such a product in the first instance.
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Ah smart man!
     
  5. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Hi Mike,

    Im still waiting for a response on this issue.
     
  6. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Related to OA.

    There is only one file in the RegGenie installer which is trusted at OASIS, the RegGenieSetup.tmp.

    This file is the Setup/Uninstall component from Inno Setup and used by a vast number of programs, like you can see here at the matching OASIS site (huge list, maybe slow loading):
    http://www.tallemu.com/oasis2/file_hash/52950AC9E2B481453082F096120E355A

    But... NO other file from Reg Genie was trusted because of this RegGenieSetup.tmp and therefore had a chance to run as trusted program.
    So it's downright ridiculous to state OA++ was bypassed or has failed the test because of this file.

    Again, either these MRG guys are completely clueless or fake their "tests" with intent.

    Cheers
     
  7. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    If the RegGenieSetup.tmp is the setup file, wouldn't OA(Online Armor) just auto switch to "Installer Mode" when it sees the file, and defeat any purposes on whether or not OA trusts the other components?
    Though the premium may give you the option to not do "Installer Mode", in the "free" version there is no choice to not to (this may/may not be the case anymore; I haven't used the latest version of OA free).
     
    Last edited: Aug 24, 2009
  8. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    As said before, no other component is trusted. Is this difficult to understand. o_O

    RegGenieSetup.tmp is not "the" setup file, "the" setup file is RegGenieSetup.exe.
    RegGenieSetup.tmp is just "a" part of Inno Setup, which is deleted after the installation.

    If you just click allow at all OA prompts during installation, you will end up like this.

    OARegGenie4.png

    All Reg Genie components present on the system have the Trust Level "Unknown", which means they will monitored for potentially malicious behavior.

    What's was the goal of this MRG "test"?
    To click allow on every HIPS prompt and if the installation is finished the tested program has failed. o_O

    Cheers
     
  9. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Are you using OA(Online Armor) "free" or OA "premium" (or above), there?
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Id actually like to see what prompts OA showed when one attempted to install reggenie without entering learning mode, prior to whatever changes Mike Nash may have made the team do (EDIT:) as a result of this test.
     
  11. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    OA Premium/OA ++.
    But if you test with OA ++ now, you have to avoid the signature detection, which was introduced after the MRG test.

    OARegGenie1.png OARegGenie2.png
    OARegGenie3.png

    Cheers
     
  12. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks for this Subset! I see what you are saying, since you need to press allow twice. However, imo the big green trusted installer pop-up is still a breach of OAs defences. Imagine if someone doesnt know what reggenie is and they decide to allow the install to see what kind of pop-ups OA throws up. The trusted installer pop-up may deceive them into thinking reggenie is a safe app.
     
  13. danny9

    danny9 Departed Friend

    Joined:
    Feb 18, 2004
    Posts:
    678
    Location:
    Clinton Twp. Mi
    Yes, thanks Subset for the explanation and graphics.
    Very well done! :thumb:

    Dregg Heda,
    If someone doesn't know what a program is and still tries to install it, well they will suffer the consequences.

    Why in the world would anyone allow the install to see what pop ups OA throws out? Some Common sense would be nice.
    Perhaps only a tester and they take the precautions just in case.

    A regular user should have no reason to do this.
    And if they do, the old cliche still holds true:
    If you wanna play, you're gonna pay.
    :cool:
     
  14. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Hi danny,

    You've got a point there. I guess Im just unhappy that the OA whitelist has RegGenie listed as a trusted installer when its a rogue. Hopefully Oa have this issue resolved.
     
  15. thathagat

    thathagat Guest

    well these OA popups leave a bit desired.....
    1.At no point there is an option to check the online OASIS database
    2.OA pop up reads if there are pop ups about keyylogging/autorun/explore addins then the risk is higher...no such pop ups follow...so
    3.OA identified it as reggenie with the first pop up and eventually trusts it and that is the flaw...or the bug that mike mentioned.
    4. online armor firewall web page states...
    now if one inadvertently installs this how can one remove it as per OA quote
     
  16. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    May someone (or did anyone) test with OA(Online Armor) "free"?
    If the so called "advanced" users weren't 100% on if this program was true Rogueware, until the later parts of this thread; how would a "regular" user of known? Virus-total had zero detection of the program. An OA(Online Armor) user would of saw the trusted pop-up, blindly trust it, and would of been burned.

    Interesting enough, if it wasn't for this MRG test which in turn spawned this thread, how long would of this OA "bug" of gone unnoticed? But I think the better question is, whether or not one can really trust OA's white-list, again (meaning, how many other "bad-wares" are on the white-list, that shouldn't be, and if so, why are they even on there in the first place)?
     
    Last edited: Aug 25, 2009
  17. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Applesauce, just click "More" at the prompts.
    Go to Programs and block the related files, this will also end the running processes, if there are any.
    Then you can remove the files manually.

    Sounds like you have been recently assimilated. :ninja:

    OA didn't trust the Reg Genie installer digitally signed by this very dubious "Comodo Time Stamping Signer". ;)
    It just trusted a part of Inno Setup, which more than 8100 other installers from the OASIS list also contain.

    Cheers
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,600
    Location:
    Hawaii
    As far as I can tell -- when "shills" try their deceptions in this forum, they don't last very long.

    The Mods & Admins here do a superb job of "weeding the garden" -- often with very little thanks. I'm not kissing up -- the Mods do piss me off at times :p -- but I fully recognize that this place would be a jungle without them.
     
  19. Dr who

    Dr who Registered Member

    Joined:
    Jun 6, 2009
    Posts:
    46
    Oh this just keeps more dubious,this is appertaining to information that has come to light very recently.

    Why discuss test models or cling to results generated when the testers themselves have been proven to use somewhat questionable if not unethical practices as they claimed to be independent.

    Earliar in this topic Sveta announced that there was no connection what so ever between SSupdater and MRG.

    The following data is to prove once and for all that was a blatent lie :gack:

    https://www.wilderssecurity.com/showpost.php?p=1535671&postcount=18

    So finally can we put MRG like SSupdater to bed as rogue testing outfit who's tests/results are as likely to be trustworthy as a rogue review site :mad:
     
Loading...
Similar Threads
  1. Peter2150
    Replies:
    41
    Views:
    3,446
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.