MBAM IP-BLOCK

[FromTheRafters]

There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that
covers the actions it takes then it is not malwware.

IIRC the Friendgreet worm was classified as malware despite the
Essentially Useless License Agreement laying out the actions it takes.

I know, it's not the same thing. )

 

[FromTheRafters]

There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that
covers the actions it takes then it is not malwware.

Kind of awkward if my son or his buddies plant a "legitimate
Keylogger" on my PC when I'm out. (Thank goodness, he does not have
the capabilities, he's in his last year at Computer Science at
University, and seems to think software installing is something techs
should study kkkkkkkkkkkkkk)

Companies in all fairness should inform employees that
keyloggers are planted for security reasons.
Malwarebytes should have a "Keylogger" section, with warnings
that if the Keylogger is detected, it should not be removed, unless
the user has legal rights to do so on that computer. But the user
should be allowed to know.
IMHO
[]'s

Yeah, I can agree with that as part of a business model. However,
investigators may need to install a keylogger to catch a crime in
progress. Kinda defeats the purpose if warnings are given to the suspects.

 

[FromTheRafters]

From: "FromTheRafters" <[email protected]>


|>>>> IMO, such a program loses all of its claim to legitimacy if it
offers a
|>>>> way to install it surreptitiously. Both keyloggers and RATs are
|>>>> legitimate programs when installed with the administrators blessing.
|
| IIRC the Friendgreet worm was classified as malware despite the
| Essentially Useless License Agreement laying out the actions it takes.
|
| I know, it's not the same thing. )


What I wrote was piss poor.

There are legitimate keyloggers. If the product does not surreptitiously
install and it has a EULA that covers the actions it takes then it is
not malwware.

Would have been better.

Sure, but I knew what you meant anyway.

 

[G. Morgan]

Malwarebytes should have a "Keylogger" section, with warnings
that if the Keylogger is detected, it should not be removed, unless
the user has legal rights to do so on that computer. But the user
should be allowed to know.

Exactly. And as a technician, right now, the only way to be 100% sure
is to flatten and rebuild. If I can't trust the tool to tell me what's
going on (with admin rights), why bother?

 

[G. Morgan]

Yeah, I can agree with that as part of a business model. However,
investigators may need to install a keylogger to catch a crime in
progress. Kinda defeats the purpose if warnings are given to the suspects.

So who does MBAM work for, LEO or the people who buy it? That is not a
valid argument. Its akin to making security companies make "back doors"
for LEO, a fight they lost with PGP.

 

[G. Morgan]

There are legitimate keyloggers. If the product does not surreptitiously
install and it has a EULA that covers the actions it takes then it is not
malwware.

What a wonderful way to explain the piss-poor performance of MBAM and
key loggers. So, if a user is tricked into clicking-thru a ELUA it's
just fine by them?

I'm not talking about in a corporate environment, they have internal
techs. I'm talking about the girlfriend/boyfriend buying something like
Spector to spy. How can I be sure it does not have it loaded? I can't
if no company has the balls to detect it.

 

[G. Morgan]

Agreed, especially since a miscreant could conceivably install
legitimate software surreptitiously if he or she had the access and
sufficient privileges.

The thing is, how to make it so the target being legitimately under
surveillance (or remote administration/control) doesn't see the *warning*.

If I'm hired to clean it, it would be by the owner. If they had key
loggers I would know.

 

[FromTheRafters]

So who does MBAM work for, LEO or the people who buy it? That is not a
valid argument. Its akin to making security companies make "back doors"
for LEO, a fight they lost with PGP.

I wasn't talking about MBAM in particular, just that the developers of
legit software that depends upon stealth probably have a claim against
programs that malign their software by detecting it as *malware*.

It's not Big Brother, it's just commercialism and our legal system at work.

I'm still waiting for fights about how some antimalware software
installation programs convince the user that other software has to be
removed even though there might not even be any actual conflict issues
warranting their removal.

As a technician, maybe they could give you a definition set not meant
for public consumption. ISTR an AV vendor that had a completely
different set of definitions for PUPs for those requiring them.

 

[Dustin]

So who does MBAM work for, LEO or the people who buy it? That is not
a valid argument. Its akin to making security companies make "back
doors" for LEO, a fight they lost with PGP.

Ask malwarebytes. Continuing down this path so publically is going to
ruffle some feathers.

 

[Dustin]

What a wonderful way to explain the piss-poor performance of MBAM and
key loggers. So, if a user is tricked into clicking-thru a ELUA it's
just fine by them?

Depends on the person(s) writing the defs at the time.

I'm not talking about in a corporate environment, they have internal
techs. I'm talking about the girlfriend/boyfriend buying something
like Spector to spy. How can I be sure it does not have it loaded?
I can't if no company has the balls to detect it.

This is an easy one, lol. Fact is, you cant be sure. Commercial keylogging
detection is frowned upon.

You should ask malwarebytes themselves tho; instead of being so American
and asking in public. Companies really don't like that.

 

[ASCII]

From: "G. Morgan" <[email protected]>

| FromTheRafters wrote:
|
|
| So who does MBAM work for, LEO or the people who buy it? That is not a
| valid argument. Its akin to making security companies make "back doors"
| for LEO, a fight they lost with PGP.

Take it up with Malwarebytes.

Or take your business elsewhere!

 

[ASCII]

Depends on the person(s) writing the defs at the time.


This is an easy one, lol. Fact is, you cant be sure. Commercial keylogging
detection is frowned upon.

You should ask malwarebytes themselves tho; instead of being so American
and asking in public. Companies really don't like that.

Companies that can't stand public scrutiny need to go out of business.

 

[G. Morgan]

Ask malwarebytes. Continuing down this path so publically is going to
ruffle some feathers.

Good. Let's call them out and ask why they 'sell out' to bigger
pockets.

 

[G. Morgan]

This is an easy one, lol. Fact is, you cant be sure. Commercial keylogging
detection is frowned upon.

By whom?

You should ask malwarebytes themselves tho; instead of being so American
and asking in public. Companies really don't like that.

Oh, I'll be American about it! Just like I posted a workaround to
C-Net's malware, months before a major AV vendor even acknowledged it
(Clueley).

Can I expect an honest answer from MBAM if asked directly?

 

[G. Morgan]

|
| Companies that can't stand public scrutiny need to go out of business.

Definitely!

Then why do you keep insisting I take it up privately with the
companies?

That's what this forum is for.

 

[David H. Lipman]

David H. Lipman wrote:

|>
|> Companies that can't stand public scrutiny need to go out of business.

Then why do you keep insisting I take it up privately with the
companies?

That's what this forum is for.

Because THEY have their OWN reasons and to discuss why THEY do something you have to ask
THEM not third parties.

 

[G. Morgan]

Because THEY have their OWN reasons and to discuss why THEY do something you have to ask
THEM not third parties.

You worked there! Its not just them, either.

 

[G. Morgan]

From: "G. Morgan" <[email protected]>

| David H. Lipman wrote:
|
|
| You worked there! Its not just them, either.

I also "quit" working there ;-)

I can say it's because its considered a "grey area" and isn't black & white.

Fair enough, that's probably all you can say. Thanks for the honesty.

 

[G. Morgan]

From: "G. Morgan" <[email protected]>

| Dustin wrote:
|
|
| By whom?
|
|
| Oh, I'll be American about it! Just like I posted a workaround to
| C-Net's malware, months before a major AV vendor even acknowledged it
| (Clueley).
|
| Can I expect an honest answer from MBAM if asked directly?

Nothing ventured, nothing gained.

Well, its worth a shot.

I remember, and vouch for, your C/Net download workaround post.

Thanks.

 

[ASCII]

I can say it's because its considered a "grey area" and isn't black & white.

Aren't 'grey areas' the murky domain of malware,
where they can't be positively labeled good or bad?