Discussion in 'other anti-malware software' started by Malcontent, Aug 19, 2010.
Can be circumvented pretty easily, malware just has to make some random change to each copy, say load a random value into a register, and this will result in different hashes for each copy..
This is even worse than an AV, which already can't cope with the sheer quantity of malware today. Terrible idea.
Just see the screenshoot, I think a command line version will be better and comfortable for the advanced users.
It is released
Great news... Run a scan and I am quite happy at its performance...
I wonder what have been your experiences with it so far?
Cannot remove threats, so I didn't keep it.
Well, that's not its intent. It's a detection tool, not a tool to block/remove malware.
Its a worthless tool. Its pretty obvious even to a novice PC user that their computer is infected. Why run one more tool to tell you whats already obvious through pop ups, slow downs, errors, etc.
Not all infection are visible...
And most novice users I know of wouldn't know they're infected most of the times...
Yup and your point is? This tool will never be as effective as an AV software already on the market. They are years and years behind, it doesnt have behavioral detection, and its only limited to the samples they can get. What about polymorphic infections? Useless against those as well.
Not everyone knows malware exists. Sad reality, but very much real. Not to mention, as user safeguy well mentioned, not every infection is visible. In fact, unless the malware creator has specific intentions to make it visible, like ransomware or rogue security software, I'd say they want to keep a low profile, wouldn't you say so?
I have people such as those as safeguy mentioned. I'm working on a relative's laptop, which previously had Windows XP running in an administrator account, and this relative didn't even notice the antivirus was disabled! The system was heavily infected and just erased it with DBAN.
Now, I installed Windows 7, after I advise it, because it makes usage of standard user accounts way easier (have in mind that tools that are available to make use of Windows XP limited accounts may not be provided in native language), and security improvements.
I was just wondering if anyone would have installed WinMHR to relatives/friends just as one extra detection tool, if they can't bother themselves with tools like Sandboxie, etc.
I know people who consider having autorun disabled, and having to open Windows Explorer to access a usb flash drive contents, a total waste of time!
Note that I'm not seeing it as a replacement; rather as an auxiliary help for such people.
Installed it some time back and it was not bad for occasional on-demand scan.
My point is to counter-argue your 2nd statement in your prior post where it seems to me you made it sound like malware is visible almost all the time. That's all.
Now, the concept/purpose of this tool is simple - specifically to scan your PC against known badness (if they include behavioral detection, they might as well compete with other AVs but that's not the aim). It doesn't replace AV. Period.
Here's a quote of what the service does for you:
The appeal factor comes from the features/benefits it claims to provide such as "free for both non-commercial and commercial use", "no files or any file contents are sent across the network", and that "results aggregated by over 30 AV engines", etc etc.
Check homepage here: http://www.team-cymru.org/Services/MHR/WinMHR/
Perhaps, this may be useful to those enterprises that needs to check their PCs with no cost and within legal means. Or it may be useful to privacy-oriented folks. Who knows?
If you still see no value in it, let me quote this for you:
You see? Seems like there's a target market after all and that not all is lost.
Simply said, the value or worthiness of something is only to those who are capable of having use for it. Beauty is in the eye of the beholder if I want to get linguistic here.
Some thoughts on WinMHR:
Would be nice to see when the program calls out and to where.
Default screen size is too large, 640x480 or 800x600 would be better.
Would be nice to see "unknowns/could not check" included in the list below detections in a different color (yellow).
I can't shift>click to highlight multiple entries>copy to Clipboard>All columns for sharing.
I would prefer to export the screen contents as is ordered within the program, WYSIWYExport.
Where it says "Modules loaded by this process" I would like to see a number of how many modules were loaded.
I would like to see a list of "OhSnap" deletions while the scan took place.
I would like to see Tasks Scheduled in an understandable format.
I would like to see internet connection log for interruptions with what scan procedures were running when the disconnection occurred.
I would like to see a WinMHR Youtube video, I don't have Quicktime installed and probably won't install it.
Would like to see kernel space processes verified.
File detections included false positives, 3(4) suspects out of 12 total detections.
FP's include Kernel Detective .rar and .exe, bsa.rar, OTS.exe, Superscan4 .zip and .exe, OSAM auto run manager 5.0 portable.rar, TFC.exe, L3m0nz Exploit Package.zip (<= ).
It worked well, no conflicts with my software firewall.
You may express those wishes to them at feedbackatwinmhr.com
Who knows what comes out.
Separate names with a comma.