Is MBAM is a 100% safe application?

[FromTheRafters]

"~BD~" <BoaterDave@hot.mail.co.uk> wrote in message
news:RbSdnY3dLah7CUfWnZ2dnUVZ8nSdnZ2d@bt.com...
> FromTheRafters wrote:
>
>>
>> Maybe, but I believe he is not stupid
>
> That's good to know!
>
>> - just annoying as all hell. D
>
> Name two things which I do which you find annoying - if necessary,
> please explain why so. I *may* change what I do!

1) Introducing your personal vendetta against PF whenever it suits you.
2) Needlessly crossposting your posts, even when from within another's
thread and transplanting posts from other places and posting off topic
and getting too obsessed with having other people's personal information
and practically *demanding* that others assuage any personal "hinky
feeling" you may have and ... well ... that's enough for number two.

> Now .......
>
> Here's an item for you to get your teeth into, FTR!
>
> It's an extract from a thread I once started here:-
>
> http://forum.kaspersky.com/index.php...ic=50275&st=40
>
> (this is post No 46)

> Performing a standard Disk Format and Reinstall of the Operating
> System
> will render common infections incompatible,

Incompatible with what?

> but not all Rootkits and its accompanying payload of malware.....

???

Had this person posted here, there would have been opposing viewpoints
voiced, I haven't visited that forum, so I don't know what went on
there.

> Rootkits work from outside the Operating System

There are user mode and kernel mode rootkits - how is that considered
"outside" the OS?

I might agree with *some* rootkits work from outside the OS (VM or
hypervisor based perhaps?)

> and can hide in Bad Sectors of the Hard Disk thus have places to hide
> on the Hard Disk that are essentially outside the Operating Systems
> environment, untouchable by it, yet still at hand.

There are many places to hide stuff, that doesn't mean it is code that
can be invoked or otherwise executed.

> Most wiping, erasing, formatting, and partitioning tools will not
> overwrite logical bad sectors on the Disk, leaving the Rootkits and
> their accompanying payload of malware behind and still active.

Usually, such tactics render the malware "headless" and as such it is
not *active*.

[...]

> Rootkits reside in the Root of things, thus the name 'Root' that
> service as an protective container for the accompanying payload of
> malware, or on the bright side, the accompanying payload of Software
> Code with productive, safe intentions, together they are a
> 'KIT'.....thus the name 'ROOTKIT'.....and Rootkits are not a joke.

Rootkit's used to be a collection of programs that an attacker could use
to replace tools with trojanized versions - once having obtained root
privileges. Now they are mostly just filter drivers to filter out
information that is being made available to such tools.

> Once the Computer is compromised by an Rootkit with its accompanying
> payload of malware, all files in the System can not be trusted and are
> likely infected.....

Why infect programs when you can install malware in a stealthed
(filtered) condition?

When you have the system as host, there is little reason to also use a
program to host code.

[...]

> Rootkits can also hide in the Firmware of Hardware Components, in the
> BIOS, Motherboard, Video-card EEPROM or Alternate Data Streams.....

There is room for "bad code" in those places. There may even be enough
room for enough code to actually function as a starting point for the
implementation of a rootkit (or other malicious functions). Having
*only* a starting point is not enough to qualify it as a rootkit.

> Rootkits hide their processes, files, and folders by using
> sophisticated hooking and filtering techniques. As a result,
> traditional methods of viewing the system state typically return no
> indication of foul play.....the Rootkit makes sure of that.

A rootkit might also cease doing the cloaking if it detects that a
rootkit detector is executing.

[...]

> *************
>
> I'd be most interested to discuss these comments of drdos further -
> you will note that the thread was closed by the moderator shortly
> after we reached this stage!

I'll just accept that as a fact, no need to go there.

> In particular, do you agree that "Rootkits can also hide in the
> Firmware of Hardware Components, in the BIOS, Motherboard, Video-card
> EEPROM or Alternate Data Streams....." ?

I'll agree that subversive code could hide in there, but that's a long
way from saying a rootkit or virus could launch from there.

[...]