MBAM blocking - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: MBAM blocking


Quoted text here. Click to load it
 

Your right, I sometimes assume the person I'm corresponding with has a
bit of functional common sense. Obviously in your case, I was wrong.


--
If today was your last day... and tomorrow was too late...
could you say goodbye to yesterday?

Re: MBAM blocking

Dustin wrote:

Quoted text here. Click to load it

Common sense still requires background knowledge on which it is based.
Again, please show where the web site ever mentions the IP blacklist
function.  Oh, you thought users should be expected to install a product
and then find out what it is, or to go digging in forums to become aware
of a feature that isn't described by the web site, or have to ask other
users how the product works before installing because there is no decent
documentation available.  That you know what is contained in a product
after long use of it is irrelevant to the lack of description or detail
at the web site to describe the product.

Re: MBAM blocking


Quoted text here. Click to load it

While the site (for reasons unknown to me) doesn't seperate the two
modules for description; it clearly states the pro version has a
resident module and the free version doesn't. Now, common sense, being
what it is, should tell you that if the IP blocker isn't resident; it's
not going to do alot of good. This really isn't rocket science here.

I'm not trying to insult you or otherwise come across as a wiseass; But
you're being overly nitpicky about a relatively small issue.

Quoted text here. Click to load it
 
I didn't write the docs, I didn't create the website. I was ONLY
responsible for malware research. The issues you seem to have have
nothing to do with my former job responsibilities there and again, you
should take that up with the webmaster.



--
If today was your last day... and tomorrow was too late...
could you say goodbye to yesterday?

Re: MBAM blocking

Dustin wrote:

Quoted text here. Click to load it

Yes, I understand the requirement to be resident to be effective;
however, I had to guess that an IP blacklist was incorporate to their
"Protection Module" rather than just read about it.  Remember that in
this discussion that I had to guess that an IP blacklist was part of
their nebulously described Protection Module.  It wasn't like I could
look at their web site or get the docs and see it described.  Tough to
be an educated user when a product is presented as a blackbox.  

Quoted text here. Click to load it

I think them having downloads of the docs would really help if they
don't want to put the details on their web site.  Devoid of a detailed
comparison at their web site (that actually means something to someone
not intimate with the product), they should have the docs available so
the user can compile their own comparison.  

Re: MBAM blocking


Quoted text here. Click to load it

I'm unsure what you mean by presented as a blackbox? I don't disagree
that the description could use some work. Perhaps you could writeup
something useful from an end user point of view? I'd be happy to try
and submit it to the higher ups for you; I've still got the ear of a
good researcher or two. I can atleast get someone to look at it and
ensure it falls into the right persons hands.

Quoted text here. Click to load it

Again, If you feel upto the task; write up something and feel free to
email it along to me. My address in the header is valid. I'll pass it
along to them. FWIW, I'm not in any way affiliated with the company and
haven't been since 2010.
 



--
If today was your last day... and tomorrow was too late...
could you say goodbye to yesterday?

Re: MBAM blocking

Dustin wrote:

Quoted text here. Click to load it

The problem there is that I would have to buy the payware version to get
intimately acquianted with it.  I have been offered free payware in the
past but I feel this smacks of both bribery and coercion by both
parties: they give me something for free in return for a favorable
review and I get something free if I do something they favor.  I don't
want a free payware version because I feel that guilty bias may creep
into any review or analysis (i.e., I got it free so I may be biased to
reciprocate in kind).

From seeing many web sites promoting their security wares, I find it odd
that something as well-known as MBAM has such a dearth of info on their
web site.

After my vacation, I may get their trial version which hopefully is the
full payware version with limited usage time and no crippling.  However,
I don't recall they have downloads of trial full versions.  A trial of a
full version would let me investigate the product while knowing that I'm
not getting it for free.  I've seen way too many products pushed onto
"reviewers" to generate reviews or reference a product on their web
sites to get larger search results and a flood of good reviews.  I find
such reviews are suspect because it seems so obvious a bias exists in a
reviewer coercing a product vendor to get a free version while the
product vendor is bribing the reviewer for a good review.

Re: MBAM blocking

On 4/8/2011 12:01 AM, VanguardLH wrote:

snip

Quoted text here. Click to load it

MBAM has no trial versions.

Re: MBAM blocking


Quoted text here. Click to load it

I'm not defending this nor should it be seen as an excuse, but evidently;
Caesar is running XP or possibly Vista. I've been told that MBAM doesn't
record the process on XP and down. It does on Windows 7.


--
If today was your last day... and tomorrow was too late...
could you say goodbye to yesterday?

Re: MBAM blocking

Dustin wrote:

Quoted text here. Click to load it

Which, if true, means Caesar needs to add a 3rd party firewall into his
mix of security software so he can monitor and authorize outbound
connections from processes that load on his computer.

Re: MBAM blocking

Re: MBAM blocking:

Quoted text here. Click to load it

Yes, that is correct.  I'm running MBAM on XP.

Quoted text here. Click to load it

Any suggestions for such a 3rd party (freeware) firewall?
--
Work is the curse of the drinking class.

Re: MBAM blocking

Caesar Romano wrote:

Quoted text here. Click to load it

The 3 that I've used, in order of preference (but not in features),
are: Online Armor, Comodo, and PC Tools.  The problem that I ran into
with all trialed firewalls is that eventually they get in my way.  For
example, one program to capture video streams dynamically loads a
driver but the program won't work with a firewall loaded even if I
enable all privileges allowed by the firewall on the process.  With OA,
I could tell it to *completely* disable itself on booting into Windows
safe mode and the video capture would work but what a hassle.  Firewall
also fail which interferes or blocks network access.  The forums are
full of posts by users where they have problems or suddenly lost all
network use due to the firewall.  They've all seem to become a bit too
fragile for my taste.  You could use them (enabled) at the times you
wanted to throttle or monitor your processes to see which were making
connections you don't want; however, when they fail, disabling them
won't necessarily return network connectivity.  I've even had network
problems after uninstalling a firewall and it took days to figure out
how to repair the damage.

Before installing a firewall, I would suggest saving a backup image of
your OS partition.  Use something like InstallWatch to monitor the
installation so you can clean up any remnants left behind if you decide
to uninstall the software.  Then test every program you have that makes
a network connection.

A firewall that prompts that a process as yet unauthorized wants to make
a network connection gives you control over whether it gets the
connection or not; however, that's not a useful logging function to see
how often the process wants to connect unless the firewall lets you add
a logging option to an app rule.  SysInternals' TCPview lets you see
which processes have network connections but it has no logging feature,
and a process that makes a one-time connection to spew a small amount of
traffic won't be displayed very long or not at all in TCPview.
Nirsoft's CurrPorts has logging.  If all you want is to see what is
making a connection then just use a network monitoring utility as a
firewall could be quite overkill for your needs.

Re: MBAM blocking

Re: MBAM blocking:

Quoted text here. Click to load it
snip

Thanks for that very informative post.   I think I'll give Nirsoft's
CurrPorts a try.
--
Work is the curse of the drinking class.

Re: MBAM blocking

Hello, Caesar!

1j41p6hiq1ovq2v15vj4l9csvfovlaurfn@4ax.com
On Mon, 28 Mar 2011 08:54:57 -0500:


Quoted text here. Click to load it

There is lots  of utilities around to do this. I use "IPNetInfo"  Find all
available information about an IP address: The owner of the IP address, the
country/state name, IP
http://www.nirsoft.net /

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: MBAM blocking

wrote:

Quoted text here. Click to load it
    Dunno
Quoted text here. Click to load it
    http://centralops.net/co/DomainDossier.aspx
    Click all the boxes.
    []'s
Quoted text here. Click to load it
    YW

Site Timeline