Jump to content

warwagon

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

5,048 profile views
  1. This is a bug that seriously needs to be fixed. As a computer repair technician i've already seen this issue after installing malwarebytes to do a scan. It's so bad I hold my breath when i'm done using it hoping it uninstalls correctly.
  2. Hard drives have Mechanical Parts, and so LOTS of virus scans could potentially over time wear out the hard drive head which goes back and forth. SSD's, on the other hand, have a write limit but no read limit. so LOTS of virus scans on an SSD's is harmless as the drive is mostly reading the files and not writing to the drive. Someone also said, why do a virus scan if you have an on-demand scanner? Antiviruses rely heavily on virus definition files, so it's feasible that an AV lets in a virus due to the lack of a proper virus definition file. But once infect it may get a definition file which allows it to detect the virus on a quickscan.
  3. The recent Panda AV catastrophe got me thinking. Why aren’t safeguards in place to prevent bad definition updates from flagging and deleting core system files? In the case of Panda, I read of some companies that had 1,400 systems which were broken by the bad update. So how can we fix / prevent this from happening? Some AV companies might be doing what I’m about to suggest below. If some are, it would be nice to have a list of the ones doing this and ones that are not. 1st Some critical system files in Windows are signed by Microsoft. If 1 bit is changed, the certificate is invalidated. AV companies should be checking the status of the system file(s) certificate (if it has one) before it carelessly deleting it. 2nd Create hashes of all of the Windows system files. This would be done not on the users system but either on the AV Company’s server or maybe Microsoft could host a server to the public that has API’s anyone can use. It would work like this: The database would include hashes of every version of every file which has ever been included in or added to Windows by Microsoft. Scenario: A bad definition file gets pushed out to a user’s machine. The AV gets the signal from the bad update saying “delete these infected Windows system files!!!” … the AV responds by saying “Umm. Ok, but these are critical windows system files, hold on one second while I hash the files in question and compare them to the hash database. I want to double check that we aren’t making a mistake.” It then checks the hash. “Oh crap… these system files are the real deal, not bad in anyway” … it then aborts the file deletion. Thoughts?
  4. Sounds to me like a drive by download via an Exploit. Make sure your system is patched with the latest versions (if you have them installed) of Adobe Reader, Flash and Java (if you need it, if you don't uninstall it if you have it)
  5. I'm sorry, but it's not their fault you lost your photo's, music, ect., yes they may have crashed the system but they didn't lose the data. The data was still on that computer up until you did a format and reinstall (and even after that via recovery software). It really depends how valuable that data was to you. As a computer technician I can tell you it's trivial to backup data before you nuke the system from orbit. For future reference you may want to start backing your data up. You do know hard drives die without warning sometimes?
  6. I’m self-employed and have been operating my own computer repair business for the past 9 years. I run Malwarebytes Pro on all 5 computers in my house. For some reason I was not affected by the false positive on any of those my machines, although I did have 1 customer that was affected. It was very unfortunate that this happened. Everyone, please use this catastrophe as a reminder that, things you can’t control will happen. Hard drives die without warning and other unforeseen things can bring your systems to it's knees. So please remember to keep yourself backed up. There are 4 things I would recommend everyone do. Keep a current backup of your files Keep a current drive image of your boot drive on a hard drive that is not connected to the machine. This will give you the option to restore it if your boot drive becomes unbootable, or in this case it would allow you to restore system files from it. Keeping it disconnected from the machine means a false positive can’t accidently delete the drive image from the drive. Keep off site backups / or at a bare minimum keep a copy of your data out side your computer. This way if this sort of thing ever happens again, you will have a copy of your important data outside your machine that an application cannot accidently delete. If uptime is important to you, buy another hard drive and clone your boot drive on to it. Just this week (The day before the false positive), I ordered 4 250GB 2.5 inch 7200rpm Sata hard drives. Each hard drive will contain a clone of a systems boot drive. In the event something like this does hit which makes my system unbootable, I will simply be able to put the coinciding clone into the machine and be back on my feet. Remember to plan for the unexpected. Back up your data not for the reasons you can think of but for the ones you can’t.
  7. I was thinking about what sort of feature could prevent the false positive situation you just encountered. What if you implemented something in malwarebytes that if it starts deleting (or detecting) more than X (maybe 4 or 5) files in a row out of the system32 directory to stop and prompt the user for action. Then display to the user how many other files it is detecting. For instance if this was in place the users hit wth the false possitive would have seen a box that would have said something along the lines of "We have detected 2,506 infected files in the system32 directory. This many files indictates a a possible false postive. Procceed with caution".
  8. Are all malwarebytes definitions scanned in a test envorment agains supported operating systems (all the combinations of service pack levels, localizations, CPU architectures) as well as popular applications (Microsoft, Adobe, Google, et cetera) before releasing them to ensure a hit on a false positive doesn't reach their customers?
  9. I have the paid version and after I upgraded to 1.65.1400 and restarting I noticed I no longer have a malwarebytes icon next to my clock. Then someone on my contact list said he had the exact same issue after updating.
  10. Check for Program update first,then definition updates I've been waiting for this to get fixed in every new release, but it never does. So I thought I would make a thread about. Maybe nobody notices. The way Malwarebytes checks for updates upon startup seems a little backwards to me. Let me Explain. If there is a new version of Malwarebytes .... 1st it downloads the new definitions file x number of Megs. 2nd Then it downloads the new version of Malwarebytes Then it installs the new version 3)When opening up Malwarebytes after the install it downloads the a new definition file all over again because the new version replaced the one it just installed. I think that needs to be flipped around. When opening Malwarebytes it should first check for a new version THEN check for a new definition file. I just get annoyed when it downloads a 7 meg file only to download that same file all over again once the program update is complete.
  11. How can I edit my first post, I can't seem to find an edit button. These are the correct links part 3 http://www.youtube.com/watch?v=duJksZnTK5o #1 http://www.youtube.com/watch?v=JoRc7iGc4Io
  12. For the past 6 years I have been self employed running my own computer repair business. Like most of you I come across, malware, rouge, Trojans and all sorts of nasty stuff on customers computers. They always tell me they have no idea how they became infected. They just turned on their computer one day and all of sudden the infection was there. So I thought I would create some videos to help better inform them on ways they can become infected on the internet. Out of the 3 videos I created this one is one of the more interesting and scary. This one deals with exploits. It show just show easily you can get become infected if you do not install your Windows updates or updates to Internet explorer. It doesn't cover 3rd party vulnerabilities but the outcome would be the same. It is a 3 part video but the 1st part is by far the most interesting. Enjoy. Part 1 (how easy it is to infect with no updates) http://www.youtube.com/watch?v=TJpZlzBkiro Part 2 (What happens when you have all your updates) http://www.youtube.com/watch?v=0zcmD-RhQRc Part 3 (How well do AV's detect Exploits before they infect you) http://www.youtube.com/watch?v=duJks...eature=related For those of you who want to see the other 2 videos I made for my customers they can be found below #1 - Ways To Infect Your Computer - Fake Anti-viruses http://www.youtube.com/watch?v=JoRc7...eature=related #2 - Ways To Infect Your Computer - Running Executable files that appear out of nowhere http://www.youtube.com/watch?v=nHR_6zzbh_0
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.