malwarebytes' vs. a-squared free

[exile360]

Greetings

I've got a suggestion for a future test. Perhaps you could infect a machine with current and active malware from around the nasty parts of the web and create an image of the drive then run a scan and removal process with the tools you're comparing one at a time, restoring the image after each set of scan and reboots to test the next tool (note that most will likely need to restart and scan more than once to get all the nasties since some of the infections will be protected by components that are removed during the initial scan, so cleaning up the now unprotected ones will require a second scan after reboot). I feel this would be a great test to determine how the products stand up against current infections running live on a system. This will also allow MBAM in particular (and I'm sure many other tools as well) to have many more attack vectors for detecting the infections since they will have malicious reg entries to detect and malicious processes running in memory and rootkits hidden (should any rootkits be installed) as well. This would allow MBAM to really show off its heuristics detection capabilities, something it excels at.

[Firefox]

well put exile360

[Chris_MRG]

Hi exile360 and Firefox.

We conducted a similar test here: (see Infected System Rescue test section)

http://malwareresearchgroup.com/forum/view...?f=20&t=206

The infections were not directly from live URLs, but did make use of samples gathered from these a day or so before testing.

We will be conducting new infection prevention tests and system rescue tests over the coming weeks and months.

Best regards,

Chris

[exile360]

Ah, so you did . Very nice. I've not seen many tests anywhere around the net where such a test was done. I'm glad you guys did so and look forward to your future tests and results .

edit: correction, I just notice this

The test is conducted by performing a right click scan of the folder containing the samples and allowing the application to delete / quarantine any samples detected.*

and this

On each Cloned system the folder containing the samples of malware is placed.

I guess the infections weren't active (ie running and installed on the system vs sitting inside a samples folder). That pretty much kills MBAM's heuristics and I'm actually surprised it did as well as it did but I'm glad to see it anyway. At least you guys are getting more current samples than most sites that perform such tests.

[Chris_MRG]

Ah, so you did . Very nice. I've not seen many tests anywhere around the net where such a test was done. I'm glad you guys did so and look forward to your future tests and results .

edit: correction, I just notice this and this I guess the infections weren't active (ie running and installed on the system vs sitting inside a samples folder). That pretty much kills MBAM's heuristics and I'm actually surprised it did as well as it did but I'm glad to see it anyway. At least you guys are getting more current samples than most sites that perform such tests.

Hi exile360,

For the infected system rescue test the infections were live.

The test is in two sections. There is the On Demand Scan test AND Infected System Rescue test. The methodology for each is displayed at the start of each section (possibly a bit confusing as both tests are in the same post)

For reference, I have pasted the methodology used below:

1. Windows XP Professional Service Pack 3 is installed and updated with all important updates.

An image of the Operating System is created with internet access.

2. A clone of the Imaged system is made for each program to be used in the test.

3. An individual program is installed with default settings on each of the Cloned systems.

4. A Snapshot is taken of each cloned system.

5. Any real time protection is disabled.

6. On each Cloned system the folder containing the fifteen samples of malware is placed.

7. All the programs are fully updated.

8. Each malware sample is executed individually, with the system being rebooted after each execution, until all fifteen samples have been executed.

9. A second snapshot of the cloned system is taken, allowing us to know all changes / infections.

10. All differences between the first and second snapshots are noted.

11. Real Time protection and other default methods of detection/prevention used by the applications are turned on.

12. The test is conducted by performing a full system scan and allowing the application to perform its detection and removal activities.

13. Once the application finds no malware / reports a clean system, the cloned system is compared to the first snapshot so an assessment of cleanup effectiveness can be made.

Best regads,

Chris

[exile360]

Oh, I see, I missed #8:

8. Each malware sample is executed individually, with the system being rebooted after each execution, until all fifteen samples have been executed.

Very cool . I wish others would start using this sort of methodology in tests, even for actual AV's (like AV Comparitives etc as they seldom do ), the way modern malware is it constantly morphs and uses various techniques to alter its files with every install in order to evade regular AV hash checks.

You guys certainly get a big thumbs up from me .

[ma3oony]

hello again

sorry for nit being here lately but after i read all these info's i couldn't help but to reply and saying "thanks" is the least word can describe my gratitude for all of you

i'll be observing and trying to tell you bout all the things that can be noticed to improve Malwarebytes' Anti-Malware

regards

[noknojon]

i'll be observing and trying to tell you bout all the things that can be noticed to improve Malwarebytes' Anti-Malware

Thank you for taking the time to observe - Please note that MBAM is a specialised tool , not quite like most other Malware removal tools -

As you can see HERE It can be adapted with a bit of skill to fix many problems - As many standard "off the shelf" programs can not -

3. An individual program is installed with default settings on each of the Cloned systems.

Thank You for Observing -

[ma3oony]

Thank you for taking the time to observe - Please note that MBAM is a specialised tool , not quite like most other Malware removal tools -

As you can see HERE It can be adapted with a bit of skill to fix many problems - As many standard "off the shelf" programs can not -

Thank You for Observing -

wow

i liked the way to change the extension to fool the fake anti virus -which won let me update it-

tho my start with mbma is when some pf my friends got infected by these fake apps and with mbma i could kill that virus

thanx again for the info

regards

[noknojon]

Hi ma3oony -

I am happy we can help in any way - These options are being designed by our developers all the time - Our FAQ section and self help areas are being upgraded on a daily basis - This is one reason why MBAM is not your average "here it is" tool - Please tell your mates about our on going work here and the work that is done by our team that is rarely seen in the front lines - They shuffle keyboards all day to make these fixes -

Thank You -

PS - This is another reason that we can not be "straight" compared with some other programs -