Jump to content

test conficker infection not found


Recommended Posts

With all the recent hype about conficker, I decided to do a test run and see if I could infect a test pc and let mbam could find and clean this.

I followed instructions similar to:

http://johnhsawyer.blogspot.com/2009/04/go...-conficker.html

then after I verified the infection was active, I installed mbam v 1.36. The auto update failed of course and I ran the offline updater mbam-rules.exe, file version is 1.1954.0.0.

This may not be a fair test but my virus was never detected. I'd appreciate any thoughts you can offer as to how I can do a valid test or otherwise be able to prove to my customers that this product is effective.

Yes, I know I could tell them to patch their systems with latest windows updates, run various other tools but that's not really the point. Thanks for your time.

sean

Link to post
Share on other sites

  • Staff

You're right, this isn't a fair test at all. And pointless when you consider MBAM is not an antivirus software and thusly won't be looking for these infections beyond some heuristic strings.

We do detect one version:

http://www.malwarebytes.org/malwarenet.php...jan.Conficker.H

Can't compare apples to oranges.

Link to post
Share on other sites

The majority of Conficker variants are already detected (by definitions and heuristics) by most mainstream anti-virus softwares so it most likely won't be detected by MBAM since MBAM is designed to detect and remove the threats that most anti-virus softwares fail to. It's a supplement to anti-virus to be used alongside one, not it's replacement.

Link to post
Share on other sites

You're right, this isn't a fair test at all.

I get that it may not be fair but can you explain more specifically what makes it an invalid test? How do I conduct a valid test of the software?

And pointless when you consider MBAM is not an antivirus software and thusly won't be looking for these infections beyond some heuristic strings.

A virus doesn't fall under the category of malware? It might seem like I'm arguing semantics but it's more than that. What you call yourself an anti-malware utility, then that gives people the expectation (and not an unreasonable one) that this includes viruses. This is probably a moot argument. Conficker clearly falls under the category of malware whether it's more specifically a virus or trojan or spyware or whatever isn't relevant. I may have used the wrong term in the first place by calling it a virus so it's pointless to argue whether mbam is an antivirus utility or antimalware. I can't tell customers "well, mbam isn't designed to work on this sort of infection but you should buy it anyway."

It's a supplement to anti-virus to be used alongside one, not it's replacement.

I agree, and this is true of every other utility out there because no one tool catches everything. However, this hardly helps to answer my question. Thinking more generally, substitute any other malware for conficker in my test. What should I do to make it a more valid test?

I need to give people confidence that this is a tool worth paying for.

I'm not ragging on mbam, I like the tool, bought myself a copy for personal use and convinced my boss to buy a tech license for the company. I wouldn't have done that if I hadn't already seen the prog be successful in cases where others failed.

Think of it this way, I'm a customer and have a machine that is infected with a well known piece of malware (or some close variant of it) and mbam isn't catching it, what now?

If you were the tech who convinced me to buy this software, what would you do?

Link to post
Share on other sites

  • Staff
I get that it may not be fair but can you explain more specifically what makes it an invalid test? How do I conduct a valid test of the software?

A virus doesn't fall under the category of malware? It might seem like I'm arguing semantics but it's more than that. What you call yourself an anti-malware utility, then that gives people the expectation (and not an unreasonable one) that this includes viruses. This is probably a moot argument. Conficker clearly falls under the category of malware whether it's more specifically a virus or trojan or spyware or whatever isn't relevant. I may have used the wrong term in the first place by calling it a virus so it's pointless to argue whether mbam is an antivirus utility or antimalware. I can't tell customers "well, mbam isn't designed to work on this sort of infection but you should buy it anyway."

Just because it happens to fall under a category does not make it just that one thing. In fact, only recently has viruses and worms come to be on the borderline of malicious.

And it must be made clear that we're not an antivirus and that users must have an antivirus software application, so no, it's not pointless.

I agree, and this is true of every other utility out there because no one tool catches everything. However, this hardly helps to answer my question. Thinking more generally, substitute any other malware for conficker in my test. What should I do to make it a more valid test?

I need to give people confidence that this is a tool worth paying for.

You just need to compare apples to apples is all, pretty simple, but I get where the uninformed would be confused.
I'm not ragging on mbam, I like the tool, bought myself a copy for personal use and convinced my boss to buy a tech license for the company. I wouldn't have done that if I hadn't already seen the prog be successful in cases where others failed.

Think of it this way, I'm a customer and have a machine that is infected with a well known piece of malware (or some close variant of it) and mbam isn't catching it, what now?

If you were the tech who convinced me to buy this software, what would you do?

I don't convince anyone to buy our product, I tell them to go out and compare similar products, read on the Net what they find and decide for themselves.
Link to post
Share on other sites

A good testbed for Malwarebytes' would be a grouping of ACTIVE infections on a system, such as rootkits, rogues and trojans that anti-virus utilities are currently either not detecting or failing to remove or both (Vundo/Antispyware2009 etc come to mind) and then see how MBAM does. To compare it to anti-virus doesn't work and the closest utilities as far as what they detect etc to Malwarebytes' would be SUPERAntiSpyware and ASquared Anti-Malware. Tools like MBAM used to be known as antispyware and/or anti-adware, but given the current state of modern infections that go well beyond how one would define a virus or spyware or adware, an accurate name is hard to come by and anti-malware is about as close as one could get to defining it. It is an anti-malware program, just not a catch-all, or indeed even a program trying to be a catch-all. It is specifically made to target current active threats that av companies miss or can't remove. To truly test MBAM you would need a live test system with active infections. A good reference for what Malwarebytes' detects can be found here. But please also keep in mind that a massive amount of what Malwarebytes' is capable of catching is based on heuristics, not specific definitions, so much of what it can detect and remove won't even be on that list.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.