New MBR rootkit goes undetected

Discussion in 'other anti-virus software' started by MAOS, Apr 13, 2009.

Thread Status:
Not open for further replies.
  1. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    If you are able to understand and use a sandbox or you're able to rightly answer to Comodo questions, I feel happy for you and you're a level upper average users.

    My mother, lot of people working in offices, and I could quote much more people, do not even know what does "malware" mean and they often do not want to know it. They just want something that is able to protect them while they are working, without any kind of trouble.

    False positives is a problem for every security software, and it's more a problem concerning who really use advanced heuristic technology. Luckily enough, most part of our customers are happy and they do not have any kind of trouble with false positives. Moreover, if you had tried it, you would have seen that our technical support is quite fast in fixing false positives if you report them. We take care of every false positive reported and we try to fix it as soon as we can.

    A customer support which reply to your questions, a technical support that clean your PC by remote if Prevx has not been able to clean an infection, and much more. I don't think "rogue app" is the best definition for us.

    Whatever, I can't forcedly change your mind, so just think what you want :)
     
  2. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    As much as I'd like things to be, not every program is free. ;)

    Without taking this off topic, Prevx is a smaller company, not as well known as the Norton's and Kaspersky's of the world (Kaspersky, which I think is A+), so they might not be able to provide a trial as their program works on checking files with their server/database, as opposed to an AV which pushes out a small definition. So prevx, I can see, could be abused by users installing for free.

    But on the other hand, sometimes it's the larger companies which offer restrictions. I know the Kaspersky AVP tool exists, but on the Kaspersky website, their online scanner is detect only - finds infections but won't remove them. Whereas Emsisoft (a-squared) and ESET, provide detection and removal with their online scanners - allowing users to completely clean their systems.

    Just the way things go. Anyway, disregard my post, back on topic! :p
     
    Last edited: Apr 16, 2009
  3. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Respect

    You surely must be passionate about your product. What a nuanced reply on a awkard "rogue app" definition.

    Newby
     
  4. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    With their policy they will always stay small company, every but every (ok almost, not sure 100%) security company have 30 or less/more dayz free full functional trial... they haven't as every but every (ok almost, not sure 100%) rogue soft.

    For their cleaning response time, it is necessary for them to have fast one (which is not case in this occasion), if not their whole concept of unlimited trial/not real time blocking in trialing mode goes down the drain,
     
    Last edited: Apr 16, 2009
  5. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
     
  6. gates

    gates Registered Member

    Joined:
    Sep 2, 2005
    Posts:
    59
    Couldn't agree more with this one. If company X is good at something, it has all the rights to be proud of it's work.

    The main thing is: If company can avoid thousands of infected computers with it's promotion, then it is more than welcome. Remember, the "promotion" which prevx has been doing, has already saved many computer users, and we are not talking only prevx users...

    Someone takes always credit, if company A doesn't want it, company B sure does...
     
  7. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    even more prosaic, you could lose wow account or your entire my documents folder could be encrypted, there is many more, am I mentioned killdisk where you could lose your entire windows installation :rolleyes: while using prevx in trialing mode...
    and yes almost everything is voluntarily... nobody forced you to download rogue AV or anything
     
    Last edited: Apr 16, 2009
  8. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I've mentioned it previously, as prevx keep upgrading and updating their versions, maybe a seven-day trial might be on the horizon, where the program then reverts after seven days to detect only.

    Or that might never be on the agenda.

    Whatever the outcome, eraser and prevxhelp know their stuff. Even if I didn't like their product, I'd still learn a thing or two, by reading their explanations and feedback. Makes for a better forum, having them, Ilya, Stefan, Inspector Clouseau etc.
     
  9. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    If their wanna to, their could do many times before, they send me already 7 dayz trial license... So more pressure is only thing (i think) they can understand...
    hey why anybody else haven't our license policy? we will not give even pinch of our technology for free even our potential customers need to suffer from heavy infections, we are small company :rolleyes:
     
  10. chaos

    chaos Registered Member

    Joined:
    Jan 19, 2006
    Posts:
    97
    Location:
    Greece
    Prevx is NOT a rogue AV or rogue antimalware solution just because it doesnt provide free cleaning services.
    A rogue AV ON PURPOSE produces false messages and bullies users into buying their software that does nothing and may in fact actually infect a pc.
    It's just their policy to offer free detection but not free removal.
    If you don't want it don't use it and go trial another software.But calling prevx rogue is utterly stupid to say the least.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
     
  12. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Anyway, without steering this ship into an iceberg, if prevx decide to offer a detection/cleanup trial again, I think it would actually be more in their favor (displaying its effectiveness in cleaning up infections).

    If this was offered (and I have zero say in this), maybe users sign up for a trial license through an email system, like avast! has, to prevent abuse. There are a lot of freeloaders out there that want free program and A+ support for $0, and that's unfair.

    If people are really keen on the product, the least they can do is go to the effort of providing a few details (email, describe 'what problems they've experienced', 'what they hope prevx will do' - gives prevx valuable market research information).

    Ok, back to topic, 'full steam ahead captain!'. ;)
     
  13. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
     
  14. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Exactly what I was trying to explain before :)
     
    Last edited: Apr 16, 2009
  15. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    By the way, apologies for the quote tag not working. That quote eraser and I are referring to is yours trjam.
     
  16. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Comodo for instance have exactly the same as you have, red alerts for blocking and it is free (differences is: probably mbr infector - prevx or direct disk access - Comodo), it will actually block and there is no trial, so why would anybody helplessly watch their PCs get infected
     
  17. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Edited my post :D Thank you for the notification :)
     
  18. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Me and you know that prevx is not rogue....but how is a person bitten by AV360-esque rogues supposed to distinguish?

    Both display warnings of some kind of infection on the computers and both want payment for removal (not in the case of this mbr thing, but generally). In the users eye's that is completely the same, no?

    I'm not trying to crap on prevx but I am just thinking from a newbie perspective.
     
  19. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    No, it is rogue because it does not provide free blocking service and free cleaning service in trialing time and with many FPs its try to lure uzers for purchasing, cumulative it is rogue behavior...
    Not to mention there is no clearly visible warning that this software must be uzed with another real time antimalware software while in trialing time, because our silly licensing or whatever policy...
     
    Last edited: Apr 16, 2009
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You're contradicting yourself here. On one hand, you say that "i hardly imagine lots of non security folks ever even heard of Prevx.". On the other hand, you say "Heres what i think are Px's main userbase: Wilders Security folks + friends/family/colleguescompanies, PXs staff + friends/family and IT companies."

    Where do we stand? First, how many users are registered in the forum? According to the latest statistics
    Let's multiply 90,573 people with 90,573 friends... Already gives a significant number... Now, let's take that number and multiply by the same number of people. Plus family members, family members's friends, so on...

    Well, you know the rest... So, the number of people using Prevx may not be that small... I truly don't know, as I don't have the numbers, but, according to the number of friends, etc, it would be a start to start guessing... Or not ...

    Anyway, folks, I'm no one at this forum, but a member who tries to learn more with other more knowledgeable people, and I'm not learning nothing for the last... and it's just a guess ... perhaps more than 18 posts... I didn't count them...

    This sure doesn't give a great look to this forum to first visitors... I think I'm repeating my self allover again, since it's not the first time alike threads end up. By the end of it, I don't remember what I read before.

    Should PrevX allow removal during trial? Yes, because that's what I call a trial. Even for the 30-day (normal trial period, some offer 15-day, other a 90-day OEM license, etc), more than likely there will happen no infection, but should it happen, then the user should know whether or not the product they're trialing before buying is effective or not.
    I'm aware that's not a sign that a product is effective, but, I guess that's what most people want to see...

    Perhaps, to make the leeches happy, PrevX should offer a different trialing, like PCTools does. Spyware Doctor (I do not use it, and I'm not advertising, as it would be the last thing I'd do for a product I totally dislike...) allows to, during lifetime trialling (alike PrevX), prevent new infections, but it won't clean the already exiting ones.

    If not that, then, perhaps, and is just a humble opinion, a traditional trial period?

    Now, if there's anything more to add to the REAL content of the thread, let's proceed... Otherwise, our thoughts have been shout out and now let's grab something to eat, shall we? I know I will... :)


    Regard
     
  21. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    611
    Location:
    Wallachia

    It seems that in my case that option reacts (shows some interaction options alow/block) when i install operating systems too, so it should protect theretically against MBR modifications.
    My motherboards are MSI-s with AMI BIOS.
    Maybe someone should test this MBR Rootkit in a real machine to see if this BIOS option prevents MBR modification.
     
  22. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That is why there's a place for the likes of PrevX to do the dirty work for them.;)

    Perhaps though a 7 or 30 day free cleanup trial from the time of the first infection might be a way to go with licensing? At present a user may well feel agrieved if they purchase a full cleanup licence on the basis of a FP for example.
     
    Last edited: Apr 16, 2009
  23. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello all,
    A lot of comments have been made already but I'll just make a few more notes to clear things up :)

    First, if you are questioning our trial procedure, read through this thread: https://www.wilderssecurity.com/showthread.php?t=235002 in which I've explained our logic.

    Second, our cleanup it NOT rogue, as explained above, but the big reason which sets us apart from rogue vendors is that we GUARANTEE our malware cleanup. We have to charge for it because it is a service - giving it away as a trial is just not possible: you don't expect someone who goes around as a PC repair person to do it all for free, do you? Our researchers spend countless hours helping users remotely correct any problems we don't fix automatically, and in turn, we update our removal engines to fix the problems in the future. Cleanup is not the same today as it was before and it does now require significant resources to manage. We host many many gigabytes of clean system files from every OS and language centrally in our servers which we send down to users if they have a system file which is replaced by an infection.

    Third, if you really don't want to use our cleanup, we give you all of the information about the threats, unlike many online scanners, so that you could go clean it up manually if you want, OR, if you don't feel like spending a few hours of your day hoping you can remove 12 rootkits and 30 infected system files, you can use our cleanup service :)

    From a newbie perspective it may look suspicious that Prevx is requiring payment for cleanup but when AV2009 detects 3,000 infections and we detect 5.... I think there is a bit of a difference and an obvious way to see which is rogue ;)

    Personally (and I outline it in the thread mentioned above), trying to offer a 7 day trial can really muddy the waters with clarity, and, although we care about users a lot, it would not be economically viable to try and offer a free cleanup service to the entire world for free :D

    (Also note that we DID try this before with Prevx1 - offering cleanup free for one month after the first infection - and it failed miserably, causing us to remove this model very quickly, because users would just try it, cleanup, and then toss us out as soon as they finished)
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If this does happen, we always give the user a refund or an extension on their license if they do want to continue using us - we're really not out to steal from people and for the minimal number of times that this actually happens, its not worth the hassle of generating the FPs in the first place :)
     
  25. thathagat

    thathagat Guest

    and
    prevx scan on a clean system tells that the sys is clean.......hardly rougish

    ummm prophecy or preassumption..........anyway every big name co. was small yesterday..........and every small co. can be big tommorow....yes can be ,not neccessarily will be...

    well had the big daddies been doing there job well...every 4-5th customer of theirs not scream of xpantivirus,av360........
    and the big names too call upon very efficient...but small co. owned products to cleanup the mess ,viz. mbam

    agrieved........well wilders has many threads where some freewares and paid for softwares have caused bsod with fps........
    few of the best infection cleaners are free,viz dr web Ci,sas,mbam....but won't detect threat in real time.they work on the philosophy that what we clean we can prevent..prevx free detects threat in real time but does'nt clean....the marketing philosophy....is what we detect we can clean..what's wrong with this credo....
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.