Re: Is MBAM is a 100% safe application?

Discussion in 'Virus Information' started by FromTheRafters, Apr 30, 2010.

  1. It must be a very simple application indeed to be 100% safe.

    I would say that the programmers are probably 100% well intentioned.

    (is McAfee 100% safe?)
    FromTheRafters, Apr 30, 2010
    1. Advertisements

  2. From: "FromTheRafters" <>

    | It must be a very simple application indeed to be 100% safe.

    | I would say that the programmers are probably 100% well intentioned.

    | (is McAfee 100% safe?)

    I truly think that logic would be above his capability.
    David H. Lipman, Apr 30, 2010
    1. Advertisements

  3. Maybe, but I believe he is not stupid - just annoying as all hell. :eek:D

    Even well intentioned programmers can introduce unsafe implementations
    of ... say ... decompression algorithms, into a scanner, making zip
    files or rar files into DoS trojans or worse. It has been seen before as
    you know.

    That 100% gets tossed around so much that one would think that it is the
    "new math" that makes 100 the same as less than 100. :eek:)
    FromTheRafters, Apr 30, 2010
  4. From: "~BD~" <>

    FUD post !

    There is NO malware that infects are resides within the; BIOS, Motherboard or Video-card
    David H. Lipman, Apr 30, 2010
  5. From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

    | From: "~BD~" <>

    | FUD post !

    | There is NO malware that infects are resides within the; BIOS, Motherboard or
    | Video-card
    | EEPROM.

    That should have been...
    "...that infects or resides within..."
    David H. Lipman, Apr 30, 2010
  6. FromTheRafters

    Dustin Cook Guest

    If the article claims an infection in the bios or eeprom vs corruption;
    then the article is indeed, wrong. BD.
    Google bios and eeproms David. You might find it somewhat enlightening.
    By doing their own research into the matter?
    See above. Google really is your friend.
    behind, possibly; active.. no.
    If it does sector overwrites (and I believe it can be configured to do
    so) yes.
    FDISK is a partitioning tool. it doesn't address sectors marked as bad.
    If the system disc is clean and initializes the bootsector with clean
    code, bye bye rootkit. Assuming it was an MBR based one.
    Dustin Cook, Apr 30, 2010
  7. From: "~BD~" <>

    | So now we are in a situation where someone (drdos) has posted
    | information on a well known technical forum saying one thing ....... and
    | Mr David H Lipman (whoever he may *really* be!) making a post on Usenet
    | groups claiming that the original poster is wrong.

    | Take a step outside the box, David.

    | How could anyone simply 'visiting' these groups have any notion of who
    | is actually telling the truth?

    | I am /inclined/ to believe what *you* say - but there is no supporting
    | evidence to that effect - is there?

    | Is it reasonable for readers to accept that, as you have made no
    | disparaging comment to the contrary, that "Most wiping, erasing,
    | formatting, and partitioning tools will not overwrite logical bad
    | sectors on the Disk, leaving the Rootkits and their accompanying payload
    | of malware behind and still active."?

    | If so, what action would one recommend one takes before reinstalling an
    | operating system on a previously used disk - Darik's Boot and Nuke?

    | Or, maybe FDISK will do?

    | Or does one simply assume that one's disk is Rootkit free and simply use
    | a Windows set-up disk and the in-built formatting facility?

    | --
    | Dave

    Show us *any* malware in the wild that; infects or resides within the; BIOS, Motherboard
    or Video-card.
    **And I do not mean some engineer in lab environment who found he could introduce malware
    into the BIOS, Motherboard or Video-card.

    There is not taking a step outside the box. This is the reality.
    There is NO malware that infects or resides within the; BIOS, Motherboard or Video-card.
    David H. Lipman, Apr 30, 2010
  8. 1) Introducing your personal vendetta against PF whenever it suits you.
    2) Needlessly crossposting your posts, even when from within another's
    thread and transplanting posts from other places and posting off topic
    and getting too obsessed with having other people's personal information
    and practically *demanding* that others assuage any personal "hinky
    feeling" you may have and ... well ... that's enough for number two.
    Incompatible with what?

    Had this person posted here, there would have been opposing viewpoints
    voiced, I haven't visited that forum, so I don't know what went on
    There are user mode and kernel mode rootkits - how is that considered
    "outside" the OS?

    I might agree with *some* rootkits work from outside the OS (VM or
    hypervisor based perhaps?)
    There are many places to hide stuff, that doesn't mean it is code that
    can be invoked or otherwise executed.
    Usually, such tactics render the malware "headless" and as such it is
    not *active*.

    Rootkit's used to be a collection of programs that an attacker could use
    to replace tools with trojanized versions - once having obtained root
    privileges. Now they are mostly just filter drivers to filter out
    information that is being made available to such tools.
    Why infect programs when you can install malware in a stealthed
    (filtered) condition?

    When you have the system as host, there is little reason to also use a
    program to host code.

    There is room for "bad code" in those places. There may even be enough
    room for enough code to actually function as a starting point for the
    implementation of a rootkit (or other malicious functions). Having
    *only* a starting point is not enough to qualify it as a rootkit.
    A rootkit might also cease doing the cloaking if it detects that a
    rootkit detector is executing.

    I'll just accept that as a fact, no need to go there.
    I'll agree that subversive code could hide in there, but that's a long
    way from saying a rootkit or virus could launch from there.

    FromTheRafters, May 1, 2010
  9. From: "~BD~" <>

    | I cannot do that ...... and you know it!

    | However - that does *not* mean that it *doesn't* happen!

    You can't becuase there are none!

    While there are none, you are pushing FUD.
    David H. Lipman, May 1, 2010
  10. From: "~BD~" <>

    | To whom do you consider that I'm "pushing" Fear, Uncertainty and Doubt?

    | All I've *ever* been doing is asking questions!

    To all the readers of the x-posted news groups and all the http front-ends that access

    As for ...
    "In particular, do you agree that "Rootkits can also hide in the Firmware
    of Hardware Components, in the BIOS, Motherboard, Video-card EEPROM or
    Alternate Data Streams....." ?

    The part about Rootkits hiding in the Firmware of Hardware Components, in the BIOS,
    Motherboard, Video-card EEPROM has already been answered. You brought it up before, a few
    times, and you were told that it is incorrect. By you re-incarnating the subject matter
    you are introducing FUD as if what you had been previously told was not factual.

    As for ADS that is a whole different concept and is a way of hding a RootKit.

    There is a kind of RootKit methodology that has been used, that was NOT even mentioned,
    and was used by the Gromozon malware family (which also used ADS) and was described quite
    well by Marco Guiliani of Prevx.

    Find that information and report back what that methodology is. That's worth discussing,
    not "In particular, do you agree that "Rootkits can also hide in the Firmware
    of Hardware Components, in the BIOS, Motherboard, Video-card EEPROM" shit.
    David H. Lipman, May 1, 2010
  11. From: "~BD~" <>

    | Let's deal with this part of your response first.

    | I have no personal vendetta against anyone.

    Person -- Robear Dyer
    Place -- and its members like Robera and Randy.
    David H. Lipman, May 1, 2010
  12. From: "Ant" <>

    | The link to vmyths (for more about FAS) on that page is out of date.
    | Use this: which redirects to a PDF written by
    | Rob Rosenberger. It's a bit dated now, talking about old msdos viruses
    | and bulletin boards, but the wisdom is still sound.

    < snip >

    You don't see Robin on Usenet as much lately. For a short while he was posting malware

    I was communicating with him offline not too long ago and I was pleasingly surprised that
    Robin and I have something in common.
    David H. Lipman, May 1, 2010

  13. So ask specific questions based on your research, if you post links to
    where the information was obtained folks can look at the original material.

    Many folks have told you that in their opinion, and experience this
    behavior has not been observed in the wild.

    If you don't want the opinion of folks in the newgroup why would you
    continue to ask for it?

    John Mason Jr, May 1, 2010
  14. [...]
    Bad sectors (or sectors *marked* as bad) in this case might be
    considered "outside" any partition.

    Warning - - an analogy follows:

    Some vaguely described monster has finally been *killed* by the monster
    hunter and you have an uneasy feeling that the monster can rise from the
    blood at the scene of the killing. Well, it ain't gonna happen, but when
    you asked an expert if an entity like that could be resurrected from its
    blood - he said yes and told you about DNA and sheep, cats, etc...

    The thing is, the expert wasn't asked if the entity could self-resurrect
    from the blood left behind after the killing of the monster.
    FromTheRafters, May 1, 2010
  15. Yes! :eek:D
    Did you really expect it to?
    FromTheRafters, May 1, 2010
  16. FromTheRafters

    Dustin Cook Guest

    Wouldn't this be more appropriate in another newsgroup? This one, and the
    ones I see you've set as followup don't really apply...
    Dustin Cook, May 2, 2010
  17. FromTheRafters

    Dustin Cook Guest

    I started to read the link posted. when I saw the dates and your comments
    concerning pcbutts, I stopped. :)

    I know that mbam isn't 100% safe anymore so than my hand sanitizer kills
    100% of all germs. (it claims 99.?% instead). It's proven math on these.

    Not by fault of either product, it's just not a mathematically correct
    (nor legally really) thing to say.
    BD, it's usenet.. You can even set google to monitor posts and phrases
    for you, and email when it sees something. Technology for you. :)

    I lurked for a few days myself before I actually posted the first time. I
    have read most of the threads I found on the server here (I use the
    server provided by my ISP; old habits die hard) but haven't posted to
    many of them.
    Could be any number of reasons. Not everything is a conspiracy, ya
    Dustin Cook, May 2, 2010
  18. FromTheRafters

    Dustin Cook Guest

    Dustin Cook, May 2, 2010
  19. FromTheRafters

    Max Wachtel Guest

    alt.usenet.kooks -you'll find some real charmers in there.
    This post was created using Opera@USB:
    Virus Removal Instructions
    Max's Favorite Freeware
    Max Wachtel, May 2, 2010
  20. FromTheRafters

    Dustin Cook Guest

    And evidently, has some sort of universal translator for the code
    differences found between them all. :)
    I would prefer it further if said engineer was able to demostrate
    operational code instead of a storage site for potentially malicious code
    which will never get run control; and thus, remain quite... harmless.
    Only few malware samples which would make an effort to corrupt the BIOS;
    and it required very specific hardware in order to do it's deed. One size
    doesn't fit all.
    Dustin Cook, May 4, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.