Why should I trust this Forum?

[Baringo]

A forum search for 'PUP.Optional.ASK.A' found the topic called:

 

chrome preferences PUP file

 in Resolved HijackThis Logs 

 

After reading this topic, concerning the handling of a Potential Threat detected by Malwarebytes, I downloaded the Farbar Recovery Scan Tool (FRST64.exe).

 

This was immediately removed from my system by Norton Internet Security.

 

If the recovery tool is regarded as a threat by Norton, why should I trust any advice offered in this Forum?

[TwinHeadedEagle]

Not all security vendors have employees that are willing to listen and to remove detections regarding security tools. It is an ongoing battle everyday.

This Forum and people that help here are security experts that have spent years and decades in malware removal and they can be trusted. 

 

All tools we use here are perfectly clean and safe to use, including mentioned FRST. If you need our assistance, please attach both reports FRST produced.

[David H. Lipman]

Baringo:
 
That is a good question.
 
Education - The vast majority of people who use the Internet just don't understand what threats there are and how to deal with them.
 
Perception - The average person thinks anything malicious is a "virus"
 
Misunderstanding - When it comes to anti malware solutions they don't understand all the classifications.
 
Everything points to education.  Faux perceptions and misunderstandings can be overcome by education.
 
The first thing to realize is that while all viruses are malware, not all malware are viruses.  The terminology of malware is based upon MALicious softWARE and there are multiple types and multiple levels.
 
There are three major types of malware and one minor type.
 
The three major types...
 
*  Viruses - Malicious software that self replicates.  That is a piece of code that can autonomously spread from file to file, computer to computer or from computer to media.  There may be a payload involved or not.  The payload could simply be the fact it spreads and infects or it could be an objective sought by the author such as calendar event function.
 
*  Trojans - A trojan can not self replicate.  It needs assistance to spread.  This is often done by types of vulnerabilities.  The two most common types are Social Engineering which is a Human Exploitation and there are software bug exploiations.
 
*  Exploit code - This is code that when used in a certain way will cause a bug in a system, utility or application in a particular successful action to cause a trojan or virus to "sneak into" one's computer.
 
The minor type has different names but "hacktool" is most often used.  This is a piece of software or a utility that in itself is not malicious.  However in the hands of a malicious actor it can be used maliciously.
 
Greed is nothing new.  It has always been there and it exhibits itself in many ways.  Lately on the Internet this is exampled by software authors or software distributers.  Many people, groups, companies and organizations will put out freeware but may pay a third party a very small sum of money (pittance) to get their freeware installed on people's computers.  Based upon how this is done the free software or the free software distribution utility may be flagged as a Potentially Unwanted Program (PUP).  Some vendors may not use the "hacktool" declaration but may use "PUP" declaration instead.
 
So here we are in this thread where someone with a lack of education of what the threats are or what they mean and he/she is concerned over how a utility is being flagged.
 
Therefore let me provide some information about "hacktools" and "PUPs".
 
PUPs are not malware.  They are mostly Junkware, Crapware, Snakeoil and others.
 
Hacktools can do things like enumerate system components, capture and display passwords, probe internet systems or modify other programs or code.
 
Take the utilities by Nir Sofer on his web site http://www.nirsoft.net .
This Internet personality has created a toolbox of utilities.  They are helpful to me as a Computer Administrator and as a Computer Technician.  I may have an employee, user or client who may have forgotten a password to a given web site but they may have indicated to their Browser to store the logon "credentials" of a site.  I can use a Nirsoft utility and capture the Name of the Account used for a given site and the Password used by that Account.  As a trusted Computer Administrator or Computer Technician this is a valuable asset to keep in my toolbox.  However that same tool can be used by someone with Malicious Intent.  The people who act out a Malicious Intent we call "Malicious Actors".  In the hands of a Malicious Actor that tool can be used AGAINST a person and not "for" or "on behalf" the person whose PC it is used on.
 
Anti malware applications can not determine "intent" so they will flag a piece of code or utility.  Not because they are malicious but but because they can be used maliciously.  That is the case of Farbar Recovery Scan Tool.  It is not a case of it being a malicious utility but, it can be used maliciously.  To help enumerate a given computer, which is a System of Systems, Forum Helpers will ask those who post with a problem to use this enumeration tool to help them, not to harm them.  Not unlike when I pull a Nirsoft Password Recovery Tool from my tool box and give that forgotten password back to the user.
 
When I go to a user's desk and pull out such a tool they "trust" me to to do the right thing, on their behalf.
How does one gain "trust" by acting in an ethical manner with a track record of acting ethically.
 
This forum has a record of personnel acting ethically and prudently and has shown compassion to its members and thus gains the public's trust. The track record over the years provides an ethical history for new members to have "trust".  The members oft this Forum who assist the infected or those who believe they are infected have been vetted. That is they have a set of credentials or training that allows the Forum Owners to apply to some members a particular "group" status.  To keep the public's trust, the Forum sets rules on WHOM can assist the infected or those who believe they are infected and only those members can provide that needed assistance.  TwinHeadedEagle is in "Trusted Advisors" and I am in "Experts"  which are two of the highest levels of group membership that are allowed to assist forum members.

 

Reference:
https://forums.malwarebytes.org/index.php?/topic/98097-is-mbam-a-complete-antivirus-solution/?p=487311#entry487311

[AdvancedSetup]

Are you still with us?

This topic will be closed soon if we do not hear back from you.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!