Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by marvinm

  1. Please search our old forum and you will find quite a few discussions

    I did search this forum with no relative results - I hadn't realized there was an 'old forum' - OK, this link will tie it together for the next guy... Good read by the way! Very on-topic - thanks!

    But, I do take issue with a couple of arguments being presented... bear with me:

    1st Anti-Malware and Mamutu will flag keylogers.

    The main thing is that many tests are completely incorrect.

    There are certain and strict conditions to be met so the behaviour can be and should be flagged as keyloger (there is a lot of information out there to read about , so I will restrain myself from reposting)

    Looking up Emsisoft's definition for keylogger (http://www.emsisoft.com/en/kb/articles/tec080424/): Keyloggers are small programs invisibly installed on a computer that record all keyboard input. An attacker can use this to (e.g.) record passwords....

    The real-world definition is not limited to 'invisibly' ( http://www.antispywarecoalition.org/documents/GlossaryJune292006.htm , http://www.parliament.vic.gov.au/SARC/E-Democracy/Final_Report/Glossary.htm - google it!)

    Using the broader (in my opinion, more accurate) definition, it seems the test program does clearly capture the keyboard input, but doesn't necessarily (1) store it and/or (2) transmit it. Does this mean A-Squared is just 'smarter' than those other programs? Hmmm.... I'll come back to this...

    You have deliberately and voluntarily installed the Software with the interface and what is going on in the background now are legit normal operations.

    For some reason the word Trojan comes to mind... I may very well have deliberately and voluntarily installed the software & even personally executed it... but that doesn't mean everything it wants to do after that is automatically 'legit normal operations', right?

    There is no difference between Zemana's Clipboard Test window and say firing up two Notepad windows and copy/pasting between them. What is wrong illegal & malicious with that?

    There's nothing 'wrong, illegal & malicious' about copy/paste between two windows applications - it is built into the operating system and clearly 'normal operations' - I might add, it is also fully user controlled. However, what Zemana's test window is doing is quite different - it is capturing & recording (albeit only to the screen) keystrokes being entered in any unrelated window when it does not have focus. That's clearly 'monitoring' keyboard activity.

    So, I asked before... Are we to just believe A-Squared is just plain 'smarter' than those other guys 'cause it knows it was only a test program & so ignored it'?

    Seems were being asked to put considerable faith in the artificial intelligence of the program, when it would be so much easier (and safer) to simply notify the user that something unusual is taking place - and, yes - one application capturing keyboard input when i'm in a different application IS unusual.

    ...Operating system watching my keyboard - pretty normal.

    ...Word when I'm in Word - pretty normal

    ...Excel when I'm in Excel - pretty normal

    ...My photo editor when I'm in Quickbooks... not usual!

    ...My screen saver when I'm in Internet Explorer... not usual!!

    ...In fact, anything that doesn't have focus but is still capturing the keyboard should be suspect. It may be legit, but how in the heck can A-Squared be sure they have covered every possible way someone may store & transmit data? (embeded in graphics or MP3's that are 'compressed' locally & stored on a remote 'free' facility?)

    Finally (yes, there is an end!): IF, in the end, I am to understand that A-Squared DOES do serious keylogger monitoring, but ONLY if I'm running in 'paranoid mode' (not if I'm only using the 'standard setup'), then we have a new problem... Under this scenario, folks are loading this thing thinking they're being protected, when they are not. I'm thinking the 'features list' and other docs need to be very clear exactly what is, or is not fully active from a default setup, or A-Squared's reputation will very quickly & inevitably take a hit it may never fully recover from.

    Remember, one 'oh crap' wipes out a ton of 'atta-boys' - especially in this game!

    NOW, I want to be CLEAR - I am NOT attacking this program or anyone related to it - so far, I love it! But if I'm going to rely on it, I want to be certain I know where the lines are being drawn, and if possible, help you guys stay on top of the game!

    All is meant with best intentions, OK?

    btw... Happy New Year!

    Kind regards, marv

  2. This site: http://www.zemana.com/keylogger_test.aspx provides a Keylogger Simulation Test for the purpose of testing a system's protection level against Keyloggers. (ok, really, it's to encourage you to buy their anti-keylogger program!)

    Running A-Squared Anti-Malware 30day trial, all functions active, the Keylogger Simulation does demonstrate the capture of my keystrokes, but A-Squared has raised no alarms.

    Is A-Squared (and Mamutu) watching applications that may be keyloggers? I really thought I'd seen it raise the issue before on certain of my macro recording tools...

    Either way, I thought it may be something you'd want to look into...

  3. Sleep! Ha! It's overrated, you know... (I did catch about a 3hr nap, but had work to do...).

    OK, I updated a-squared Free on both systems & ran a deep scan - neither detected the questionable registry entries. I then re-ran the MalAware (it updated) & have the same sypmtoms as before. Here are logs:

    One thing I did notice... a-squared Free log file shows Heuristics scanning is "Off". I didn't remember an option for that, but poking around, I find it under 'Custom Scan'... is it only available if I setup a custom scan?

    I can't see MalAware having time to do much in the way of Heuristics... but could that be the difference?

    I've downloaded the 30day trial & installed it. With heuristics on, I've left it running another deep scan. We'll see in the morning...

    By the way... the image you sent... did you notice that the results were shown as 'high risk', although it is considered only a medium risk virus in the a-squared Malware database? I guess every positive (false or true) will flag as 'high risk'... hmmm...

    Added: (per your posting rules, this should have been included much earlier... sorry.) System: Intel Core2 Due E6850, Asus PK5 MB, 4gb DDR2, XP Pro, SP2 (32bit) w/all updates - I'll go SP3 next time I have to reinstall the OS... Zonealarm Pro, AVG Free (disabled for now), Malwarebytes Anti-Malware (on demand), a-squared 30day trial (active)...

  4. It is quite late here, & I didn't remember how your software handled such things - I just wanted to be sure we could reproduce whatever occured. Since you don't an 'auto quarantine', no problem.

    I'll run the deep scan & see what happens.

    Two final points: (1) you are welcome to change the spelling error on the thread title (if allowed), and (2) please forgive me if I came across too harsh. It was simply my initial response to what felt like a manipulation. I've been in this stuff since way before most of the world knew there was an internet, and I guess that little screen just reminded me of the thousands of 'apps' I've seen take over the net over the more recent years. I'm all for you guys making money off your hard work... but hope to encourage you to do so with honor & integrity. The net is already full of those other kinds, and I've watched some really excellent companies over the years follow that path - and the end is always the same...

    Keep the bar high. It will pay in the long run.

    Kind regards, Marvin

  5. OK, I re-downloaded & re-ran MalAware. Identical symptoms. I've checked several things that I'd normally think of (other apps running, etc) & compared a little between the two systems, but find nothing useful.

    I could export my entire registry if you can handle it... it's about 3.8meg compressed (@92meg expanded).

    These keys are, of course, crosslinked throughout to other areas of the registry, so perhaps it's detecting the signature at other locations - perhaps this is just the 'main reference point' that it all ties back to? It's just a thought... I have no idea how the program is processing the registry structure...

    Equipment wise, these are quite different machines, but they have many of the same applications installed (zone alarm, AVG, etc). However, they are not necessarily running the same versions of these different programs, and each have many things installed that the other does not...

    Still, it should help that I have matching symptoms on two different systems...

    I'm not too worried about the offending registry entries (I can brute-force if needed), and I haven't even done the normal digging into exactly what put them there or what they do (or even if they are malicious)... however, I would like to at least give you guys the ability to work through this on your end...

    Any other thoughts? Shall I go ahead with the deep scan as configured per my previous message? Do you want my entire registry?

  6. Thanks guys, for the quick response. Fabian, I've sent a rar w/the 1st two keys of each positive. We're on different time zones & I'm about to shut down (3:30am), so I'll run a deep scan & forward the report when I get up.

    Also, I have two systems, with identical symptoms, down to identical keys being flagged. I will only run the deep scan on one to ensure I don't wipe out all evidence.

    I've updated the signature & have turned off everything under Configuration/Permissions except the 1st two 'start' checks, and have done this for each user in the drop-box, in hopes of preventing changes without my knowledge. You guys can let me know what I 'could have done' & if needed I can rescan in the morning.

  7. I was on your site to purchase the a-squared Anti-Malware, when I ran across your new free offereing "MalAware". I thought 'what a cool USB sized tool' and decided to run a test...

    I updated a-squared Free & ran a Quick Scan - clean (ok, a cookie... log attached) (I also later ran a Smart Scan to confirm, with same results).

    I then downloaded & ran MalAware (log attached)... it found two infections (13 objects):

    Spybouncer & Crime Catcher 3.2 (both HKEY_CLASSES_ROOT\CLSID\...\InprocServer32TrheadingModel)

    OK, so before I go further... a-squared Free does fully scan the registry in all modes, right? and a-squared Free is identical to a-squared Anti-Malware in detecting malware, right? So, we're dealing with a false-positive, right?

    OK, back to MalAware:

    Now the most interesting part to me is that MalAware is all red & ATTENTION: 2 INFECTIONS FOUND! & flagged them both as 'high risk' - yet your own Malware database lists them as 'medium risk' and 'low risk' (respectively).



    MalAware's screen layout & colors clearly indicate great danger, and of course, the immediate and pressing (and only) solution is to 'buy a-squared Anti-Malware today!'...

    Frankly, I don't know which concerns me more... that MalAware may actually be detecting a true problem that a-squared Free (and therefore a-squared Anti-Malware) will not even see, or that you have simply created a marketing tool to prey on the fears of those without knowledge or resources to determine if a threat is real or how dangerous it is... a tool that detects a false-positive, overstates its threat level and, without confirmation, pressures the user to 'buy our awesome program to make the bad things go away'... and what happens when they do... and it doesn't?

    MalAware is a cool idea - I like its size & speed, and it could do well for you, but the sense I have right now is that it takes your image as a company of integrity and a top contender in the field, and puts you squarely in the middle of all the other bottom feeders on the internet that specialize in ripping people off through malware/fearware/scamware.

    Please consider if the 'results page' of this product really represents the image you intend... it may get you sales, but if they buy to fix a false positive - that doesn't even get fixed, you will not have a happy customer, and the sale may have cost you more than you know...

    Maybe you could more clearly (and gently) invite them to your site to confirm their problem before kindly offering to relieve them of their cash...?

    ... I do hope you guys are above this...

  • Create New...