The slam on EMCO Malware Bouncer - fair?

For the past 10 days I have been trying the free anti-spy program (from Iceland) called Malware Bouncer. I am delighted with it. It has a database of over 5500 signatures. Updates frequently. Very user-friendly interface. Stable. Fast. Excellent help files. I like it.

The *slam* is that this program is listed on Howes' rogue list. The reason given is False Positives. I have had no FP's. Neither have my clients. I do hope Mr. Howes will re-test this free, superbly designed program one of these days soon.

I have appended a screenshot of the top part of the program's initial GUI.

I would be interested in comments from any others who have tried this program.

aloha..... bellgamin

 

I too am looking closely at this product - I understand it has been prone to a number of false positives, although I'm not sure if that is still the case - however, I am VERY impressed at the super fast scanning - which may make it a very useful "first pass" tool - at least in a "detect and clean later" manner...

The fact that the software has a detect and remove later option goes a long way to dispelling any initial worries about false positives.

I still have to do some testing on a live infested machine - I'm leaning towards the opinion that this could be a very useful little detector.

What I'm REALLY after is a selective remover now - so I can detect using one system, and remove using another - unless the freeware malware bouncer handles post-scan removal in a nice and easy manner - ie, like ad-aware does - right click-select for removal.

 

Here is some further info based upon my continuing use of Malware Bouncer (MB)...
In its present stage of development I consider MB to be a useful *additional* tool for detection of malware.

MB's signatures are updated fairly often. For example (date in 2005-total signatures): 4/25-6138, 5/10-6342, 5/17-6420, 5/25-6508

Downloads of MB's signature updates are large, and they are NOT incremental. If you are on dial-up they can be painful.

Also, MB has a huge database of detailed removal algorithms which it automatically uses (if you tell it to do so) when it detects a nasty. You can find out the number of removal alogrithms in MB's data base by clicking on MB's "Tools" button. If you do so, be prepared for a long wait while MB does the count. Why? Because the file is large (33,350 algorithms on 5/31/2005) and MB's counting routine is slow (or so it seems to me).

By the way, don't ask me why MB has more removal algorithms than it has signatures. Perhaps someone else can explain it.

MB's large removal database (on top of MB's signature database) is another reason why MB's non-incremental downloads are so big. By the way, MB's scan engine & databases are basically identical to EMCO's commercial product. I assume, therefore, that download size is not a *major* issue with commercial outfits since they will usually be on a T1 line or a high-speed DSL.

MB sometimes generates a false positive. In my case, it has done so rarely. MB provides good tools for finding out the location on your computer whereat the alleged nasty is located. Also, MB has a quarantine area for storing questionable hits, so I feel quite comfortable in using MB even though I am far from being a computer/security expert. By the way, Google is a superb tool for researching files that I am unsure about. So also is Process Library at...
http://www.processlibrary.com/

MB scans really fast. Its GUI, however, is slow because it always wants to display the full list of its signatures before doing anything else.

By the way, when you want to update, be sure to use the "Live Update" button which is located second from the left. The "Check Updates Now!" link in the right upper corner is crap. It takes you to EMCO's site for no apparent good reason.

All in all, I presently class MB as a "why not?" tool for an added layer of protection.

aloha... bellgamin

 

I just downloaded and scanned my comp with MB, it found two malware,
NMC.KIPIS.L (worm) and NMC.COOLWEBSEARCH.ALFASEARCH (adware).
I would like to think that these are FP's because I have spywareblaster installed and run spybot and adaware 1.06 which shows nothing along with DrWeb w/ malware signatures.
Google returned a hit in japanese for the NMC.KIPIS.L, I could not read it but did could make out a reference to MB.
Nothing on NMC.COOLWEBSEARCH.ALFASEARCH.
I have quarantined until I can get more information.

Upon further investigation,NMC.COOLWEBSEARCH.ALFASEARCH appears to be a text file from a downloaded dll file at download dll-files.com (framedyn) was the file I downloaded.

The NMC.KIPIS.L is an empty folder named 1049 in system32. Show hidden files was enabled still nothing in folder showed up.

Ran blacklight and unhackme, no flags.
Also scanned with kav. no flags.

UPDATE: Issues above have been resolved.

I like the way the quarantine maps out the file location and MB overall, bellgamin is correct that it is one to watch.

 

I already tried this program and like it because is very fast and easy to use, but after I saw it in the Rogue list and uninstall it...

I think that it's time to to try it again and maybe the author of the Roghu list can test it again and see the improvements...

The download link on the website is down...

 

This program is no longer free...

 

The last free version ( you still can get the definitions update

http://www.klitetools.com/comments.php?catid=44&shownews=1077

 

Thanks Paul2

The problem is that the newest version should have improvements, but I don't know if we can trust on this program...

 

I hear that EMCO will add monitoring feature for the professional program very soon. Then it can monitor file system for malware files along with registry keys.

Greg #1$

 

I thought I'd try this one out, so I installed the last freeware version, updated the program and signatures and then carried out a scan. There were 32 items detected, of types trojan, adware, spyware and worm. On checking the details for each, I could find none of the directories, files or registry entries that the program was telling me should exist for each respective hit. This is on a PC which has Spybot, Ad-Aware, Pest Patrol, MS AntiSpyware, MWAV... and is reported clean by all those apps.

I can only conclude that the detection methods are definitely suspect and I wouldn't want to allow it to delete anything on any PC that I wanted to function properly. If Eric Howes has listed it as a rogue anti-spyware app due to these false positives, then I can only endorse his decision and warn people not to trust this app.

That's my opinion, although I am of course willing to hear any other views which can convince me that it's a reliable and trustworthy app. - along with supporting evidence, of course.

 

This program was already deleted from my PC...

 

This program is fantastic!, remember it will scan more than other programs out there for WORMS,TROJANS and SPYWARE and always the latest ones. Signatures is updated very frequently... about 60. new malware signatures each week! It has worked great for me and never result with a false positives. Adaware will not scan so many worms,trojans than E-MB does, but of course they supports more adware then Emco MB, but this is a future product and i know they will improve it a lot in the future!.

Homer.

 

Could be a good program, but doesn't have the free version anymore...

If they make like ewido, that have a free version without on-access scanner and special updates, would be very nice...

 

Greg Manner/Michael R - using different guest names to bump a thread and/or promote a product is misleading and gives your post li'l credibility. Please refrain from doing so, and stay with one name in a discussion.

Regards,

snap

 

As a freebie, MB warranted a degree of support and encouragement. Overnight they changed it to a NON-freebie. It's certainly EMCO's right to earn a living from their programming efforts. However, I must now ask myself: "Does it make sense to pay $30 for MB when I can get Spysweeper for the same price, and Counterspy for $10 less?"

IMHO, the clear answer to the preceding question is a resounding "No." At its present stage, MB simply is not in the same league with Spysweeper, Counterspy, or several other programs in the $30 price range.

Regretfully, I will now proceed to uninstall Malware Bouncer.

 

The great feature of MB is the very fast scanner...

With this money you can buy the ewido that is an excellent anti-malware and are growing very well...