Eicar Test

[mecanicogolf]

Hello everyone!.

 

I have a question to throw out to anyone on the forumÑ

I have uninstalled Microsoft Security Essentials to run MB as stand alone AV. I downloaded the Eicar Test from their site and entered it and saved with Notepad.

I ran a scan with NB and no detection.Eicar.txt

Is this correct or did I save it wrong?

[David H. Lipman]

I suggest reinstalling Microsoft Security Essentials.  MBAM 3.x is still an adjunct and not an anti virus replacement.

The EICAR test file is based upon a 16bit executable which is not targeted by Malwarebytes' Anti-Malware ( MBAM ).

Additionally, MBAM does not target scripted malware files.  That means MBAM will not target; JS, JSE,  PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc.
It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.

 
 

 

[mecanicogolf]

OK. Got ya. Just reinstalled MSE and with the new MB update, everything runs fine. My PC didn´t shut down with the first MB when it came out. Now with the update, it does.

I read on MB´s website that you could do away with your AV and just use MB as your new AV. Well from what you say, you can´t.

Can you explain then why MB is saying this?

 

Richard

[David H. Lipman]

Puffery

Think about all the infomercials you have watched that tout their product as being the best, there is no better.  Later there is a new commercial where that product is New and Improved.  If that product was the best and there was no better, then why did it need to be improved ? 

How many other vendors have made claims in a similar fashion ?  Did they meet those expectations ?

Just because it is a Malwarebytes product does not mean you can check your Critical Thinking and drop all skepticism.  This is not a religion.  There is no blind faith.  Practicing Safe Hex means you have Situational Awareness, always use Critical Thought and you are always skeptical.

Scenario: 

Since MBAM doesn't target scripted malware and it is not MAPI and/or VIM compliant nor provide a POP/IMAP proxy capability it will not be able to warn the email recipient that they have received a Phishing email.

 

The MBAE component may work on Software Exploits but it will not help with Human Exploitation such as demonstrated by a Phishing email  On the other hand, a traditional anti virus application may use its MAPI, VIM or POP/IMAP proxy and scan the email and flag the email as malicious.   The fact also remains that MBAM does NOT target nor clean legitimate files that have been infected by a file infecting virus or a legitimate file that had been trojanized.

Since there are holes that MBAM v3.x can't plug, it remains an adjunct solution. 

**This is the last post I write in this topic about this.  After all, it is Malwarebytes' Forum and I am but a "guest" and I do not wish to get into a discussion nor any arguments over this.

 

[mecanicogolf]

Thanks David,

All sounds good and I have reinstalled MSE and back to where I have always been.

Why is it that I feel that my question never was answered? All I want to know is why are they advertising MB as "MAKES ANTIVIRUS OBSOLETE " and other statements I have been seeing around their website. I was so happy when I saw these statements that I went and uninstalled MSE, believing them. They had me sold!

Now I find out everything I read is false.

Your explanations are very good and I understand them, but why do they advertise it?

 

Richard

 

[mrtee]

That is probably what the copy writes want. sells more programs that way. But to me it antagonizes the AV vendors programs so why would they want to help Malwarebytes replace their program by fixing any incompatibilities? I look at it like a carnival barker trying to get the people into a side show. Do you believe everything you read, see or hear?

Edited December 25, 2016 by mrtee

[AlexSmith]

On 12/24/2016 at 5:48 PM, mecanicogolf said:

Why is it that I feel that my question never was answered? All I want to know is why are they advertising MB as "MAKES ANTIVIRUS OBSOLETE " and other statements I have been seeing around their website. I was so happy when I saw these statements that I went and uninstalled MSE, believing them. They had me sold!

Now I find out everything I read is false.

Your explanations are very good and I understand them, but why do they advertise it?

@mecanicogolf, thank you for being a valued customer and a member of our forums community. 

With that being said, I am sorry for the late follow up here. We touch on the subject of why we are a next-generation anti-virus replacement in our Malwarebytes 3.0 FAQ here: 

That should help answer your question. If not, please follow back up with what's still unclear or needing answered and I will get you the additional info that you need.

[Telos]

On 12/24/2016 at 6:48 PM, mecanicogolf said:

Thanks David,

All sounds good and I have reinstalled MSE and back to where I have always been.

Why is it that I feel that my question never was answered? All I want to know is why are they advertising MB as "MAKES ANTIVIRUS OBSOLETE " and other statements I have been seeing around their website. I was so happy when I saw these statements that I went and uninstalled MSE, believing them. They had me sold!

Now I find out everything I read is false.

Your explanations are very good and I understand them, but why do they advertise it?

 

Eicar was discussed on another thread. Suffice it to say, Eicar is not a threat and MBAM did not respond. MBAM is an alternate to AV. It is NOT AV. Nothing wrong though with running it alongside AV.