Clarification of a few points.

[Jenn]

Dustin wrote:
> "Jenn" <nope@nowayatno.howanyday> wrote in
> news:iv5ef0$kla$1@dont-email.me:
>
>> Is it possible for a malware cleaner program to put it's own
>> 'root-kit' hidden somewhere and then say the system is clean?
>
> Sure, but then, that malware cleaner wouldn't last very long. It's
> subject to constant peer review and 3rd party independent analysis.

.... just curious .. who's the 3rd party independent analysis done by?


>> thread off and on. Why get insulted that someone wants to put
>> Malwarebytes to the ultimate analysis? If nothing is wrong and it
>> isn't doing anything wrong, then the question should just be
>> answered with a, "NO ... Malwarebytes doesn't do that and here is
>> the proof".......


> I'm not insulted that someone wanted to put malwarebytes to some sort
> of test; As I said, it's already been peer reviewed, and is constantly
> under scrutiny; as all apps of it's nature are.
>
> If something was amiss, they wouldn't be able to hide it for very
> long. I already answered BD's question and my proof was that I
> disassembled the executable. BD in his slimey fashion won't accept

Well... I don't know if you've ever seen the movie, "The Net", or not...(one
of my all time favorites), but in that movie there was a company that
provided a security program to some high level companies. It was supposed
to be the premier program to protect any business and keep it secure up to
and including governments. The thing is, a back door was written into the
program so the people who knew about the back door could gain access to
systems using the software. Good movie ...

That's why I asked about this ....

>> it, but I'm not into analyzing malware and such things either. It's
>> a business... aren't they used to being put to the test?


> They always are, Jenn. They aren't malicious and you only display more
> astounding ignorance carrying on like this. Computers seem to be
> magical to you and BD.. I just don't get that.

The thing is ... I grew up when there wasn't any such thing as a home pc.
Computers didn't start being a normal thing in the home 'til I already had 3
kids... We learned about computers together as they grew up, so for me
computers are a bit magical because they turned my world from being just a
local experience into being a world wide experience. I love meeting people
all over the world who I'd never have had the chance to meet otherwise.

--
Jenn (from Oklahoma)

[~BD~]

On 08/07/2011 00:01, Aardvark wrote:
> On Thu, 07 Jul 2011 22:47:47 +0000, Dustin wrote:
>
>> BD wrote:
>
>>> I've asked if such a cleaning programme *could* do something nasty.
>>
>> all the while, specifically naming malwarebytes for your "example". I
>> doubt it was just a coincidence.
>
> Of course not. He refuses to accept responsibility for getting himself
> booted from their forum, and instead made up some criminality on the part
> of MBAM as an excuse to try to get back at them.
>
> It's basically- I'm pissed off that you booted me and to get back at you
> I'll slimily diss your product in the hope I can punish you financially.
>

Absolutely *wrong* Aardvark - to the point of what you say being a
downright lie. I posted a copy of the apology I sent to Marcin by PM.

Usenet is the *last* place I'd use to 'diss' any product - do you not
appreciate how very few folk read here? <shakes head>

[~BD~]

On 08/07/2011 01:20, Jenn wrote:
> Dustin wrote:
>> "Jenn"<nope@nowayatno.howanyday> wrote in
>> news:iv5ef0$kla$1@dont-email.me:
>>
>>> Is it possible for a malware cleaner program to put it's own
>>> 'root-kit' hidden somewhere and then say the system is clean?
>>
>> Sure, but then, that malware cleaner wouldn't last very long. It's
>> subject to constant peer review and 3rd party independent analysis.
>
> ... just curious .. who's the 3rd party independent analysis done by?
>
>
>>> thread off and on. Why get insulted that someone wants to put
>>> Malwarebytes to the ultimate analysis? If nothing is wrong and it
>>> isn't doing anything wrong, then the question should just be
>>> answered with a, "NO ... Malwarebytes doesn't do that and here is
>>> the proof".......
>
>
>> I'm not insulted that someone wanted to put malwarebytes to some sort
>> of test; As I said, it's already been peer reviewed, and is constantly
>> under scrutiny; as all apps of it's nature are.
>>
>> If something was amiss, they wouldn't be able to hide it for very
>> long. I already answered BD's question and my proof was that I
>> disassembled the executable. BD in his slimey fashion won't accept
>
> Well... I don't know if you've ever seen the movie, "The Net", or not...(one
> of my all time favorites), but in that movie there was a company that
> provided a security program to some high level companies. It was supposed
> to be the premier program to protect any business and keep it secure up to
> and including governments. The thing is, a back door was written into the
> program so the people who knew about the back door could gain access to
> systems using the software. Good movie ...
>
> That's why I asked about this ....

Others may suspect that I've coerced you to support me on this Jenn.
As you know, I have not! (But thanks anyway <smile>)

>>> it, but I'm not into analyzing malware and such things either. It's
>>> a business... aren't they used to being put to the test?
>
>
>> They always are, Jenn. They aren't malicious and you only display more
>> astounding ignorance carrying on like this. Computers seem to be
>> magical to you and BD.. I just don't get that.
>
> The thing is ... I grew up when there wasn't any such thing as a home pc.
> Computers didn't start being a normal thing in the home 'til I already had 3
> kids... We learned about computers together as they grew up, so for me
> computers are a bit magical because they turned my world from being just a
> local experience into being a world wide experience. I love meeting people
> all over the world who I'd never have had the chance to meet otherwise.

I think you are similar in many ways to the vast majority of your
generation - without being in any way nasty, when using a computer at
home I suspect you could realistically be described as a nomal/average
user! :-)

[Jenn]

~BD~ wrote:
> On 08/07/2011 01:20, Jenn wrote:

>> Well... I don't know if you've ever seen the movie, "The Net", or
>> not...(one of my all time favorites), but in that movie there was a
>> company that provided a security program to some high level
>> companies. It was supposed to be the premier program to protect any
>> business and keep it secure up to and including governments. The
>> thing is, a back door was written into the program so the people who
>> knew about the back door could gain access to systems using the
>> software. Good movie ...

>> That's why I asked about this ....

> Others may suspect that I've coerced you to support me on this Jenn.
> As you know, I have not! (But thanks anyway <smile>)

naaaaaaa You didn't ask me to say anything. You didn't ask Graham to say
anything, either. I've been reading the thread off and on and was just
wondering about it myself ... so I asked.

>> The thing is ... I grew up when there wasn't any such thing as a
>> home pc. Computers didn't start being a normal thing in the home
>> 'til I already had 3 kids... We learned about computers together as
>> they grew up, so for me computers are a bit magical because they
>> turned my world from being just a local experience into being a
>> world wide experience. I love meeting people all over the world who
>> I'd never have had the chance to meet otherwise.

> I think you are similar in many ways to the vast majority of your
> generation - without being in any way nasty, when using a computer at
> home I suspect you could realistically be described as a nomal/average
> user! :-)

mmmm maybe ... I probably do more on a computer than the average person in
my age group does, tho...

--
Jenn (from Oklahoma)

[Dustin]

"Jenn" <nope@nowayatno.howanyday> wrote in
news:iv5ig4$9qd$1@dont-email.me:

> ... just curious .. who's the 3rd party independent analysis done
> by?


I'm not going to play semantics. What I said stands.

> Well... I don't know if you've ever seen the movie, "The Net", or
> not...(one of my all time favorites), but in that movie there was a
> company that provided a security program to some high level

I've seen it. As with other "hacker" movies, it's loosly based in
reality.


> companies. It was supposed to be the premier program to protect any
> business and keep it secure up to and including governments. The
> thing is, a back door was written into the program so the people who
> knew about the back door could gain access to systems using the
> software. Good movie ...

Well the thing is, Jenn, it made for a good movie, but wouldn't work in
real life.

> That's why I asked about this ....

Which is fine, but I've already dissassembled it; and as I worked for
them, I've seen it in raw form. no backdoors.

>> They always are, Jenn. They aren't malicious and you only display
>> more astounding ignorance carrying on like this. Computers seem to
>> be magical to you and BD.. I just don't get that.
>
> The thing is ... I grew up when there wasn't any such thing as a
> home pc. Computers didn't start being a normal thing in the home
> 'til I already had 3 kids... We learned about computers together as

They weren't normal when I was little either, Jenn. You aren't an
exception here and it doesn't matter.



--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[~BD~]

Dustin wrote:
> "Jenn"<nope@nowayatno.howanyday> wrote in
> news:iv5ig4$9qd$1@dont-email.me:
>
>> ... just curious .. who's the 3rd party independent analysis done
>> by?
>
>
> I'm not going to play semantics. What I said stands.


It's not a question of semantics.

You stated that there had been 3rd party independent analysis.

Who by, Dustin - and when?

Or were you lying - something you say you do not do?

[Beauregard T. Shagnasty]

~BD~ wrote:

> Dustin wrote:
>> "Jenn" wrote:
>>> ... just curious .. who's the 3rd party independent analysis done
>>> by?
>>
>> I'm not going to play semantics. What I said stands.
>
> It's not a question of semantics.
> You stated that there had been 3rd party independent analysis.

If we tell you, then we'll have to kill you.

> Who by, Dustin - and when?

It's by the NSA. (Now we'll have to kill you.)

> Or were you lying - something you say you do not do?

No, that's something you do.

--
-bts
-May the fleas of a thousand camels infest your narrowboat
-and sink it in the deepest canal in all of England

[Jenn]

Dustin wrote:
> "Jenn" <nope@nowayatno.howanyday> wrote in
> news:iv5ig4$9qd$1@dont-email.me:
>
>> ... just curious .. who's the 3rd party independent analysis done
>> by?


> I'm not going to play semantics. What I said stands.

You said it .. I was just asking who you were talking about... don't you
know?



--
Jenn (from Oklahoma)

[Jenn]

Dustin wrote:
> "Jenn" <nope@nowayatno.howanyday> wrote in
> news:iv8bdg$41n$1@dont-email.me:
>
>> Dustin wrote:
>>> "Jenn" <nope@nowayatno.howanyday> wrote in
>>> news:iv5ig4$9qd$1@dont-email.me:
>>>
>>>> ... just curious .. who's the 3rd party independent analysis done
>>>> by?
>>
>>
>>> I'm not going to play semantics. What I said stands.
>>
>> You said it .. I was just asking who you were talking about...
>> don't you know?


> Yep. I know. Jenn, the malwarebytes software is routinely tested by
> virus scanners when people submit the executable; Like you did with
> David Lipmans program. That is independent, 3rd party. [g] A clean
> bill of health is always provided.

I'm glad to hear that because I like using malwarebytes, myself. I just
wonder if "The Net" scenario could actually happen.

--
Jenn (from Oklahoma)

[~BD~]

Dustin Cook wrote:
> "Jenn"<nope@nowayatno.howanyday> wrote in
> news:iv8bdg$41n$1@dont-email.me:
>
>> Dustin wrote:
>>> "Jenn"<nope@nowayatno.howanyday> wrote in
>>> news:iv5ig4$9qd$1@dont-email.me:
>>>
>>>> ... just curious .. who's the 3rd party independent analysis done
>>>> by?
>>
>>
>>> I'm not going to play semantics. What I said stands.
>>
>> You said it .. I was just asking who you were talking about...
>> don't you know?
>
> Yep. I know. Jenn, the Malwarebytes software is routinely tested by virus
> scanners when people submit the executable; Like you did with David
> Lipmans program. That is independent, 3rd party. [g] A clean bill of
> health is always provided.


That answer is inadequate and does not answer the original question.

<q/p>

Rootkit detection is difficult because a rootkit may be able to subvert
the software that is intended to find it. Detection methods include
using an alternate, trusted operating system; behavioral-based methods;
signature scanning; difference scanning; and memory dump analysis.
Removal can be complicated or practically impossible, especially in
cases where the rootkit resides in the kernel; reinstallation of the
operating system may be the only alternative.

<q>

http://en.wikipedia.org/wiki/Rootkit

Do you dispute this, Dustin?

So, I repeat my question. Which independent body has actually checked
the software in the manner I suggested earlier? i.e. Downloaded the
software onto a known clean computer and then forensically examined said
machine.