Battle MBAM Pro or MSE..........

Status
Not open for further replies.

D Bone

New Member
Thread author
May 28, 2011
89
You have one choice, and one choice only.:cool: Would you use MBAM Pro or MSE as your ONLY real time malware protection?
 

Gnosis

Level 5
Apr 26, 2011
2,779
MBAM catches many worms, and obviously catches most trojans, rootkits, bootkits, etc., but I suppose it will not catch viruses like MSE will. The big questioin is, when choosing between MBAM and MSE; "What do I fear most? The extremely rare virus that MBAM might catch anyway, or the plethora of malicious rootkits and trojans that MSE will fail miserably at trying to detect when compared with MBAM Pro? MBAM Pro will also be much better at removal, after the fact, imho.
 

Nikos

New Member
Jul 19, 2012
357
You said MBAM catches many worms, and obviously catches most trojans.

Well yes.....all that you mentioned above are malware.

Viruses ara malware too, so why not MBAM catch them also?
 

Gnosis

Level 5
Apr 26, 2011
2,779
I found w32.Sality on my girlfriend's sister old desktop computer, MBAM & MBAR failed

Back when Alureon was a major threat, MBAM would not even detect it. I used HitMan Pro to find it. Though I used neither program to remove it.
 

Nikos

New Member
Jul 19, 2012
357
What about a Rootkit'ed Bootkit?

EVEN MBAM cannot help you with that kind of malware because its hardware targeted.

Bootkit flashes the BIOS by embedding its own malicious code and then loads the rootkit's driver "prior" or "in parallel" of Windows boot.

Even UEFI'ed the bootkit will disable SecureBoot featurethus allowing the unsigned rootkit driver to load along with windows 8, and then rootkit will also self-protect itself.

So, what happens then?
 

Fiery

Level 1
Jan 11, 2011
2,007
MBAM isn't too effective in dealing with hardcore rootkits, that's why there is MBAR :p

MBAM is good at dealing with rogues and trojans in my opinion. Not too effective on TDSS or ZA rootkit but hopefully MBAR will supplement MBAM.

W32.Sality was a file infector, MBAM & MBAR doesn't "cure" or "clean" files, only quarantine and delete them. Hence, they can't detect viruses, which by definition infects files and can't be a standalone malware, but we use terms like malware, viruses, trojans so interchangeably nowadays

If you noticed, Malwarebtyes's product description doesn't say it can remove "viruses" :p
 

Nikos

New Member
Jul 19, 2012
357
HOW many products exactly do we need to have installed to "Feel" protected? :)

Whats the best arsenal of defense?

The only think i can think of is running a VirtualBox within a Live System and the don't have to care about new "stealthed" viruses.

But thats not a practical solution too.....
 

Fiery

Level 1
Jan 11, 2011
2,007
Nikos said:
HOW many products exactly do we need to have installed to "Feel" protected? :)

Whats the best arsenal of defense?

The only think i can think of is running a VirtualBox within a Live System and the don't have to care about new "stealthed" viruses.

But thats not a practical solution too.....

How many products? 1
What product is that and the best arsenal of defense? Common sense
:D
 

Nikos

New Member
Jul 19, 2012
357
Sometimes you get yourself infectd by NOT even downloading anything over the net.....

Running VirtualBox or DeepFreeze it's unpractical too.
 
D

Deleted member 178

you have only 3 vectors of infection:

1- Internet
2- Removable devices
3- Hardwares infected during their production (yes, it happened)

the first and second can be prevented by softwares coupled with safe behaviors.
 

Nikos

New Member
Jul 19, 2012
357
And what can prevent a Rootkit'ed Bootkit being executed?

Which if you get infected of one of those, it's near impossible to detect and remove.

You need to PREVENT it.

HIPS perhaps?!
 

Nikos

New Member
Jul 19, 2012
357
Reflashing the BIOS would help erase the bootkit since a bootkit is in fact a BIOS firmware re-flash, thus a hardware target attack.

But you also need to format Windows to get rid of the rootkit too.

BUT prior of those removing actions you need to DETECT if you are already infected by a Rootkit'ed Bootkit.

HOW would you know such a thing since the Rootkit hides:

a) even its own existance
b) the bootkit that has come bundled with
 
D

Deleted member 178

Nikos said:
BUT prior of those removing actions you need to DETECT if you are already infected by a Rootkit'ed Bootkit.

HOW would you know such a thing since the Rootkit hides:

skills and knoweldge
 

Gnosis

Level 5
Apr 26, 2011
2,779
HOW would you know such a thing since the Rootkit hides:

Comodo Killswitch and HIPS can help dramatically when searching for symptoms of cloaked malware. XueTr too. HitMan Pro will usually expose key components of rootkits, and usually will remove them via "forced breach mode". If all else fails, boot your favorite malware killer with baby Linux.

In all fairness to your question; There are rootkits out there that are so sophisticated that even the best of us cannot find their components hiding unless we have a system snapshot to see if the OS is lying. Those are rare though, and usually used in police/FBI investigations and government/corporate espionage projects.

All the more reason to at least have a behavior blocker, and maybe even HIPS if you do not mind the tediousness of HIPS.
 

Nikos

New Member
Jul 19, 2012
357
1) System Snapshot = CLEAN system image exactly after install time?

Check initial snapshot against current system snapshot == identify digital signatures of trusted DLLs against malware tampered DLLs?

Is this what you mean?

2) HIPS will alert the user for ANY system activity, thus asking him to act upon positevely or negatively. The user would know WHAT to answer. Too technical to decide.

As for a Behavior Blocker this will not bug the user with questions but this is also prone to error, because many legit apps and at the same time many malicious apps use the same components(Distributed Dynamic Libraries) for to function properly, hence the BB will be confused in the respect of IF it is to leave the requested app to use that shared component or not.
 

Ramblin

Level 3
May 14, 2011
1,014
All of you worrying about Sality, rootkits and all that kind of stuff, Do you want to stop worrying about it? Do you want to feel safe or actually be safe? If you really want to be safe, use Sandboxie. That's what SBIE is for, I don't worry about this things.

Some of you guys use a whole bunch of stuff and are always wondering, Am I infected or not? Myself, I dont ever wonder about this things and I don't use nothing but Sandboxie. Think about it.

Bo
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
I agree with Bo but I still use a security suite and some on demand scanners but SBIE is a great program and your chances are greatly reduced if you run things sandboxed. It doesnt have to be that complicated.Like Bo said think about it, if you browse and run everything in sandboxie not much to worry about.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top