Smokey's Security Weblog

veritas odium parit

ANNOUNCEMENT: Change Siteowner- & Leadership Smokey’s Security Forums

IMPORTANT ANNOUNCEMENT REGARDING SMOKEY’S SECURITY FORUMS

Smokey’s was founded and launched by me August, 2006. Eleven years after forums establishement it was about time for my full retirement hence transferred ownership domain smokey-services.eu and site leadership as well to Mr. Pete Kendell, on internet better known as Starbuck.

I have all confidence in Pete that he will continue Smokey’s in the demanded straight and reliable way the site is known for, past years he already was my substitute and is very capable and fully qualified to run the site. Current policies and rules will not be changed by him, important too : site name Smokey’s Security Foums  will never be changed.

Pete is a man dedicated to all facets of computer security, he is the best successor I can wish. With him the very high site standards will be unaltered continued.

Dave Mook aka Smokey

Retired Owner Smokey’s

May 7, 2017 Posted by | Alerts | , , | Leave a comment

Webroot SecureAnywhere…. just an over-Inflated Bubble?

Isn’t it amazing how at once there is a superb anti-virus, smashing all competitors, established vendors included? The Anti-Virus Holy Grail so to speak, doing a fantastic job of keeping customers PC’s free of malware, this in contradiction of these competitors? At the same time an AV with great support, prepared to listen to customers and helping them in an adequate way, and also being realistic when it regards shortcomings (however see this as a joke… an AV Holy Grail that doesn’t have any shortcomings).

Don’t look any further, don’t try any other anti-virus…. but be smart and buy NOW the 2012 Super AV: Webroot SecureAnywhere.
Competitors are selling crap,anyway, this is Webroot’s opinion, so don’t hesitate and only be satisfied with the Best of the Best: WSA (Webroot SecureAnywhere).

Of course it is true what they say about other AV vendors, please don’t call this bashing, it’s just business, okay?! Yells like “Takes up 96% less space than Kaspersky”, “Uses 97% less memory than McAfee”, “Scans more than 3x faster than Kaspersky”, “Takes up 99% less space than McAfee”, “Uses 92% less memory than Norton”, “Installs 131x faster than McAfee”, “Scans nearly 4 times faster than Norton”. The Webroot website is overwhelmed with such yells, there is hardly room left to tell the customer some (true) facts about WSA. Personally I really like this Webroot yell: “Webroot vs.Symantec is like David vs. Goliath. Only this David has a much faster, lighter, easier-to-manage slingshot”. This all is dramatic pure for sure, a climax that can’t be beaten by anyone.

I can hardly imagine that there are people believing the Webroot PR yells, after all yelling is Webroot’s trademark. OTOH they are true masters of it…. hence making it very convincing.

It starts at the very bottom with a Webroot Support Forum Helper, a PR expert on his own and also a master in repeating what Webroot employees are saying, then continues with Webroot Support/Quality Assurance Staff yelling to customers they must believe whatever the helper say, (after all, customers are stupid and clearly show their stupidity!!), subsequently we then have Webroot Support Team Staff yelling what a great product WSA is…. and finally we have the Webroot website and Support Forums, the absolute Masters of the Yell.

I admit that WSA is really small in size and fast just like WSA yells at us, however there is also a downside: it does not have the (high) detection rates that several other AV’s have. This is not just a yell from me, AV Testing Organization AV-Comparatives proved it very well: in their Protection-Test March-June 2012 AV Webroot SecureAnywhere 2012 gained the lowest protection rate of just a very disappointing 90,9%. In the test participated by 21 AV vendors/products WSA reached rank 21.

AV-Test.org, also an AV Testing Organisation, have tested WSA too. Talking again about detection rates, products like e.g. AVG’s Anti-Virus Free Edition 2012, AVG’s Internet Security 2012, BitDefenders Internet Security 2012, BullGuard’s Internet Security 12.0, F-Secure’s Internet Security 2012, G Data’s Internet Security 2012 and Kaspersky’s Internet Security 2012 were scoring better than WSA.

There is also issues false positives:

WSA gained the worst score according to AV-Comparatives False-Alarm-Test March 2012. We all know that false positives can really hurt your PC so FP’s can be dangerous just like malware is. When I have to choose between speed/used space and malware detection rates/amount FP’s ….I will choose the latter for sure.

Like I admitted before, WSA is really fast….. but regrettably not when regarding a full scan on demand, for example. Despite following Webroot’s promise: “After initial scan, full system scans typically take two minutes or less”. What Webroot don’t tell us is that a full scan will factually take hours. Furthermore, in my opinion they shouldn’t offer a ‘Full scan’ possibility at all to the customer if they are opinion it’s an unnecessary tool. After all their official POV is:

An actual full scan of the computer will both take hours in most cases and is also completely unnecessary for protecting the computer with WSA.

I clearly see here snake oil tactic of Webroot, with the aim to retain the claim of whopping fast scanning and at the same time putting other anti-virus vendors in a bad spotlight.

Webroot Inc. is also a damned well organised merchandising machine…. That they are heavily promoting their products on the Webroot (Prevx) support forums is fine, nothing wrong with that. The trick is to do the same on other forums without being provided with the spam label.

So how does the trick work? Almost every forum thread where a malware issue is discussed or advice is asked for on what AV to use…. will be provided with an urgent encouragement to use WSA. Surprisingly it’s almost always a Webroot Support Forum Helper encouraging the thread reader to do so. Final touch is then given by Webroot Support Team, praising the Webroot Support Forum Helper for his great advice and again encouraging the reader to use WSA. Finally the thread will end with a survey of where to obtain WSA good deals, the survey will be mostly offered by an anonymous user. I call this ordinary spam.
Common exception: if the thread is going ‘wrong direction’, Webroot Support Team is clever and don’t show up at all, instead the WSA Support Forum Helper will starting a tirade to the messenger of the ‘bad news’ and maintain the tactic to shoot the messenger by calling him e.g. a troll. This kind of ‘support’ can hardly be called decent and customer-orientated.

Summarizing:

I don’t say Webroot SecureAnyWhere is a bad product, but it need much improvement.
I don’t say PR is condemnable, I just don’t like Webroot’s business practices.

Furthermore,

I don’t like the way they provide support.
I don’t like the way the customer is treated.
I don’t like it when a product with very bad detection rates and lots of false positives is praised into AV heaven, please keep in mind there are better AV’s.
Last but not least, I don’t like spam.

July 22, 2012 Posted by | Anti-Spyware, Anti-Virus, Malware, Phishing | , , , , , , , , , | Leave a comment

AQMRB – Alliance of Qualified Malware Removal Boards™

I am really pleased to announce that a new Security Alliance is born: AQMRB – Alliance of Qualified Malware Removal Boards™.

Aim of the Alliance is, to provide the user searching for malware remove help with the best available and fully qualified services to remove malicious content from his PC, this all free of charge. Only boards that satisfy an extensive list with demanded qualifications/demands can apply for AQMRB membership, all applications will be thoroughly reviewed and evaluated, this with the aim that only fully qualified boards can join the Alliance.

About AQMRB

AQMRB is an Alliance of fully qualified Malware Removal Boards.

AQMRB main aim is to serve customers searching and asking for malware removal help in the best possible way.

AQMRB guarantee free professional malware removal help to non-commercial users.

AQMRB boards offer malware removal help solely provided by staff that are trained and graduated at acknowledged malware removal schools/universities.

AQMRB is a non-profit, volunteer network of independent Malware Removal Boards, and is not affiliated with any organisation.

General Info

More info about the Alliance can be found here: AQMRB
Boards that have the intention to join the Alliance are invited to look at the home page of AQMRB for demanded qualifications.

On behalf of AQMRB,

Smokey, Founder

July 18, 2010 Posted by | Anti-Spyware, Anti-Virus, Bundleware, Malware, News, Phishing, Recommended External Security Related Links, Toolbarware | , , , , , , , , | Leave a comment

Brief Review MBAM – Malwarebytes’ Anti-Malware

On regular base I test anti-malware programs, most recent test concerned MBAM – Malwarebytes’ Anti-Malware. About the detection capabilities I can be short: great, as claimed by the developers, many times it discovered malware like rootkits, worms, trojans, viruses, spyware and other malicious programs that weren’t detected by other anti-malware programs like anti-viruses and anti-trojans. I am even more enthousiastic about the cleaning capabilities of MBAM, all discovered malware was cleaned/removed 100%, without leaving any traces.

MBAM offer support for Windows 2000, XP, and Vista, and is free. However, the full (paid) version unlocks realtime protection, scheduled updating and scheduled scanning. If you like the program, I advice to opt for the full version. Price: a one time fee of $24.95.

Remark: MBAM was also able to detect the recent XP Antivirus 2008/2009 malware programs and removed this crap entirely.

More info about MBAM (free version and how-to buy): malwarebytes.org
Recommended review MBAM: Web Worker Daily

Update 2009-06-03: recent, extended Softpedia Review MBAM – Malwarebytes’ Anti-Malware: https://smokeys.wordpress.com/2009/06/02/profound-malwarebytes-mbam-anti-malware-scanner-review/

August 23, 2008 Posted by | Advisories, Bundleware, Downloads, Friends, Malware, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , | 13 Comments

HijackThis & OTL (formerly OTListIt2) Log Analysis and Malware Removal & Cleaning

What are HijackThis and OTL (formerly OTListIt2)

HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis creates a report, or log file, with the results of the scan.

OTL is a very sophisticated Log/Report Tool, doing the same as HijackThis and a lot more. You can see it as the successor of HJT.

IMPORTANT: HijackThis/OTL does not determine what is good or bad.
Do not make any changes to your computer settings using HijackThis and/or OTL unless instructed by a member of the HJT/OTL Analyzers/Malware Hunters group of Smokey’s Security Forums.

Procedures before submitting a HJT or OTL log to Smokey’s Security Forums

– Please register on the forum… Here, it is for free.

– Before submitting a HJT/OTL log to Smokey’s Security Forums, we ask that you follow this procedure first as described… Here.

– At the moment you have followed all instructions post your HJT or OTL log on the forum… Here. German – Deutsch customers can post here.
Then please wait for your log to be answered. Answers, help and support will be given by full qualified HJT/OTL Log Analyzers/Malware Hunters. The offered HJT/OTL services are for free also.

See ya, 😉

Starbuck
Team Leader HJT/OTL Analyzers/Malware Hunters

Update 2009-12-11: from now on, Smokey’s Security Forums will only accept OTL logs, HJT logs will not be accepted anymore.

Update 2010-14-03: Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

June 22, 2008 Posted by | Advisories, Bundleware, Friends, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , | Leave a comment