How BugHunter Works; for those interested.

[Dustin Cook]

kurt wismer <kurtw@sympatico.ca> wrote in news:f97g06$8m5$3@aioe.org:

> Andy Walker wrote:
>> Dustin Cook wrote:
>>
>>> BugHunter is not the only program which can be defeated using the
>>> tricks Andy specified.
>>
>> And there are many programs that aren't as easy to defeat. I don't
>> need a lesson from any of you on how to defeat anti-malware programs.
>
> you seem to have an agenda here... the weakness you pointed out is
> shared by most anti-malware programs... only behaviour-based detectors
> would be resistant to it...

His agenda was targetting me. It had nothing to do with BugHunter. If
you'll continue reading the thread, he's already re-killfiled me for
answering his questions, "arrogance" style I guess.

>> I was just asking the question because you seemed to want to discuss
>> your programs capabilities, which are not all that impressive.
>
> compared to those that have tens or hundreds of thousands of man-hours
> worth of development in them, i suppose not...

Which capabilities is it either of you seem to think BugHunter is
missing? aside from resident protection... It scans, it can rename, it
can delete, it can be told to do nothing but scan. What feature(s) am I
not including that everyone else is then?

>> That
>> said, I'm sure some people can use your program to help them clean
>> their system. I just don't see a commercial use for it in its
>> present state of development.
>
> then it's a good thing it's free...

Commercial interest has never been what drives me. And as far as someones
opinion of commercial quality; I personally wouldn't have thought
hijackthis or cwssearch were commercial quality but guess what? They're
both commercial now.




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[kurt wismer]

Dustin Cook wrote:
> kurt wismer <kurtw@sympatico.ca> wrote in news:f97g06$8m5$3@aioe.org:
>> Andy Walker wrote:
[snip]
>>> I was just asking the question because you seemed to want to discuss
>>> your programs capabilities, which are not all that impressive.
>> compared to those that have tens or hundreds of thousands of man-hours
>> worth of development in them, i suppose not...
>
> Which capabilities is it either of you seem to think BugHunter is
> missing? aside from resident protection... It scans, it can rename, it
> can delete, it can be told to do nothing but scan. What feature(s) am I
> not including that everyone else is then?

there are all sorts of more generic detection techniques out there that
you don't try to implement but more commercial products do - but as i
said, those products have a lot more time/effort/money behind them...

[snip]
> Commercial interest has never been what drives me. And as far as someones
> opinion of commercial quality; I personally wouldn't have thought
> hijackthis or cwssearch were commercial quality but guess what? They're
> both commercial now.

and one of them is now being called spyware...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

[Dustin Cook]

kurt wismer <kurtw@sympatico.ca> wrote in news:f99lcd$d94$2@aioe.org:

> Dustin Cook wrote:
>> kurt wismer <kurtw@sympatico.ca> wrote in news:f97g06$8m5$3@aioe.org:
>>> Andy Walker wrote:
> [snip]
>>>> I was just asking the question because you seemed to want to
>>>> discuss your programs capabilities, which are not all that
>>>> impressive.
>>> compared to those that have tens or hundreds of thousands of
>>> man-hours worth of development in them, i suppose not...
>>
>> Which capabilities is it either of you seem to think BugHunter is
>> missing? aside from resident protection... It scans, it can rename,
>> it can delete, it can be told to do nothing but scan. What feature(s)
>> am I not including that everyone else is then?
>
> there are all sorts of more generic detection techniques out there
> that you don't try to implement but more commercial products do - but
> as i said, those products have a lot more time/effort/money behind
> them...

Hueristics etc? No, I don't implement them. Many of the generic detection
methods that worked great for viruses don't work so well for trojans.
Behavior blocking etc works for everything, but that would require
BugHunter to remain resident, and it's really not designed for that.
I certainly do understand your point. Thanks for speaking up.

I didn't intend to confuse anyone by trying to say BugHunter is a
replacement for what you already use. It's not a replacement, it's an
addition to what you already use in the fight against malware. No single
program, commercial or not is going to get them all. It's somewhat unique
in the aspect that it can be executed even when windows is down for the
count.

>> Commercial interest has never been what drives me. And as far as
>> someones opinion of commercial quality; I personally wouldn't have
>> thought hijackthis or cwssearch were commercial quality but guess
>> what? They're both commercial now.
>
> and one of them is now being called spyware...

Yes, saddened to see this. I quit using cwssearch years ago, but I'm
still an avid fan of the older HiJackthis utility.





--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[kurt wismer]

Dustin Cook wrote:
> kurt wismer <kurtw@sympatico.ca> wrote in news:f99lcd$d94$2@aioe.org:
>> Dustin Cook wrote:
>> [snip]
>>> Which capabilities is it either of you seem to think BugHunter is
>>> missing? aside from resident protection... It scans, it can rename,
>>> it can delete, it can be told to do nothing but scan. What feature(s)
>>> am I not including that everyone else is then?
>> there are all sorts of more generic detection techniques out there
>> that you don't try to implement but more commercial products do - but
>> as i said, those products have a lot more time/effort/money behind
>> them...
>
> Hueristics etc? No, I don't implement them. Many of the generic detection
> methods that worked great for viruses don't work so well for trojans.

i know, i wasn't thinking of generic *virus* detection techniques, just
generic techniques...

> Behavior blocking etc works for everything, but that would require
> BugHunter to remain resident, and it's really not designed for that.
> I certainly do understand your point. Thanks for speaking up.

there are other generic techniques that wouldn't necessarily require
residency... cross-view diffs, for example, or change detection
(especially for those areas involved in startup)...

i've also seen some generic manual malware removal instructions on the
net which say things like look in process explorer/autoruns for things
that don't have a publisher - probably qualifies as a heuristic, actually...

and of course it's easy enough to use a whitelist in a non-resident
manner and say if it's not on the whitelist then it's suspicious and the
user might want to investigate it further or send it in for analysis...
not sure that qualifies as generic, however...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"