Jump to content

MBAM scanning is a lot faster

Recommended Posts

Here's some good references that'll give you a good general understanding of it:





Many times with programs like MBAM, they seem to look for certain patterns, for example, older Vundo/Virtumonde variants (and some current as well) often employed a tactic of naming their trojan dll's with random 8 character alphanumeric names and have a key in a certain place in the registry to tell it to execute containing the same random filename, if you understood enough about the details of these infection patterns, you could create a highly accurate heuristic algorithm to detect new variants as long as they followed this same pattern of behaviour without needing to know the names of every dll out there related to Vundo/Virtumonde.

This also means MBAM can detect it with a quick scan vs a full scan because it knows where to look, and it also means smaller definitions and quicker overall scanning because it doesn't need specific file signatures for precise filenames and MD5 checksums like most AV's employ.

Link to post
Share on other sites

Honestly, I would have no problems with that. Sometimes, I just feel like I can't suck this information up fast enough. Like I am so much behind the curve. I am really starting to have a strong interest in computer security though. I always thought I was more of a hardware guy... But computer security has really caught my eye.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.