Register    Login    Search    Articles & downloads     Who We Are    Donate    Jaylach Free Sites

Board index » Technical Forums » Security




Post new topic Reply to topic  [ 22 posts ] 
Author Message
 Post Posted: Mon Mar 23, 2015 4:56 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 300
For several years, I've been running Malwarebytes Premium (the paid version), always on in the BG. Yesterday I could not install any apps from the Windows Store in 8.1 and could not sign in to my Store account to see why. I called Microsoft for help. After two hours and 26 minutes of the tech's work, nothing changed, so I asked for level 2. That fellow spent over four hours running diagnostics, which included a full scan by the trial version of SuperAntiSpyware that took a good part of that four hours. It found six instances of three Trojans: Trojan.Agent/Gen-Rogue, Trojan.Agent/Gen-Backdoor and Trojan.Agent/Gen-Dropper which Malwarebytes failed to find in its daily scans. This was disappointing to say the least. It also found some adware tracking cookies.

I used to run both programs on my computer, but I stopped paying $19.95 each year for SuperAntiSpyware Professional a couple of years ago. Three years ago Malwarebytes charged me $22.45 for their premium service and haven't asked for more. I like that, but after this experience, I have plunked down the $19.95 to renew my subscription to SuperAntiSpyware Professional. I see now that Malwarebytes is charging $24.95 per year, but for three computers.

However, removing the Trojans has not solved the problem. My tech was going off shift, so he is going to call me back this afternoon to continue searching for whatever is preventing Store from functioning properly.
Gerry

_________________
Gerry


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Mar 23, 2015 6:40 am 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2946
Location: New Jersey
Removing tracking cookies is more smoke and mirrors than anything else. Cookies would need to be blocked, using privacy settings in the browser, to prevent them from arriving to begin with.
Without reviewing the logs, I can only suspect that the Trojans removed by SAS were dormant or leftover bits. The Daily scans you refer to are not complete scans of the entire drive(s), but scans of the likely locations for malware. Your real time protections should be preventing active malware.
Both MBAM and SAS are good programs. The choice is yours, but I can pretty much guarantee that a future run of MBAM will reveal bits that were apparently missed by SAS. :-)
As for the Store issue, do other apps that use sign-in work?
-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Mar 23, 2015 12:32 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Have to agree with Steve here. Tracking cookies are just an annoyance, not a real security threat although scanner programs will try to impress you with their removal, as Steve said, your browser should be able to block them from ever landing on your system.

Again agreeing, both MBAM and SAS are good programs but scanners, even the best of them, will miss stuff even though what they miss may just be remnants and left overs of the main villain already removed.

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Mar 23, 2015 1:23 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
I think SAS has gone down hill a bit, have no real feelings about MBAM. Last time I helped some clean up a computer a combination of EIS/EAM and Hitman Pro cleaned out everything.

Also once you get cleaned up, you should be imaging that way a simple restore would have solved the problem. You might want to look at the new Macrium 6. It has totally raised the bar for other imaging programs to strive for.

Pete


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Mar 24, 2015 2:18 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 300
To answer Steve's question: No, the other apps in the store did not install either and I could not get into my account. I should have mentioned that besides MBAM and SAS, I also keep SpywareBlaster active and updated on my computer.

The level 2 guy called me back yesterday, but in the meantime I had gone to the Store earlier yesterday and found it working; I could get into my account and I installed some apps. It was not working the night before so I am clueless why it was working yesterday and today. I reported that to him and we closed my case with Microsoft.

Now the level 2 guy insists that MBAM and SAS are anti-virus programs and will interfere with each other and with Windows Defender. He said the latter will not run if the others are installed on the computer. I suggested that is not the case, but he would have none of it. So -- please correct me if I am wrong -- I understand that both MBAM and SAS are anti-malware, not anti-virus, and that both can be installed and active without compromising the anti-virus protection provided by Defender; further, that MBAM and SAS are compatible with each other and do not cause problems running on the same computer. SpywareBlaster protects my browsers from accepting "bad stuff." Am I right?

Pete, I don't know Macrium 6; I'm a long time Acronis True Image user, but I'll certainly checkout the Macrium and try their free download to see how it works. Thanks for the recommendation.
Gerry

_________________
Gerry


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Mar 24, 2015 8:38 pm 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2946
Location: New Jersey
The issue of MBAM and SAS (paid versions) co-existing with antivirus/antispyware protection such as Defender on Windows 8 is an interesting topic.
MBAM and SAS both insist that they will co-exist -- and many will attest that they do -- with Defender and other antivirus software. However, more is not always better. Microsoft does not recommend running multiple real time protection products along with Defender (or Microsoft Security Essentials on Windows 7). In my experience, there is usually not a problem. However, I've encountered cases where it impacted system performance and in a few rare cases, appeared to be a contributing factor in system stability. When two or more processes are after the same memory space or file, you can encounter a lock or race condition which can cause problems. In practice, if malware were encountered and one of the processes caught it and acted on it, the other might alert, but when it got its turn to act on the detection, it would throw an erroneous error message.

The terms antimalware, anti-spyware, and anti-virus are often used interchangeably -- and incorrectly. Malware is any malicious code. That would include viruses, trojans, etc. Spyware tends to be limited to adware/spyware, but spyware activity can be spawned from a virus. Confused yet?

The bottom line is that Windows Defender on Windows 8 is an anti-virus/anti-malware/anti-spyware program. It may not be as aggressive as some other products, but that's usually due to two reasons. Aggressive detection and cleaning can result in false positives -- that is detections that are incorrect. In the worst case a false positive will break a legitimate program and result in a poor user experience. The other primary reason is that Microsoft treads carefully regarding the topic of adware/spyware. MBAM and SAS are both more aggressive and they tend to flag and remove much more of the "PUPS" -- potentially unwanted programs -- that are typically delivered along with a shareware/freeware download. These "junk" programs pay for your ability to obtain free software.

My personal recommendation for most people is to stick with Windows Defender and to download and run the "free" versions of MBAM and/or SAS when they want to be sure that nothing slipped past or if they have reason to believe something did. I have not recommended or used SpywareBlaster in years, though it does continue to get good reviews from some. Most infections occur because the user allowed the infection. I am more inclined to educate users on safe computing practices than to bog the PC down with security software that is either going to confuse them or lull them into a false sense of security -- the bad guys work hard to get past the defenses and the security software writers are constantly playing catch-up.

-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Mar 25, 2015 12:43 am 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9438
Location: The state of confusion; I just use Wyoming for mail.
I have heard of rare cases where running Security Essentials/Defender with MBAM Pro has caused issues. For myself I run MBAM Pro on Win 7 with Security Essentials, 2 instances of MBAM Pro with Defender in Win 8.1 and MBAM Pro with Defender in Win 10. I will say that I have never experienced any issues. I must also say that just because I have not seen any issues on my machines, nor have seen any on other peoples personally, this does not mean the potential is not there.

Bottom line... In most cases running MBAM Pro with Defender or Security Essentials will probably not cause an issue but there is no guarantee.

Below is just added personal experience.

The main reason that I like to run MBAM Pro is its defense against 'drive by' attacks from malicious sites. It parses code coming from web sites and automatically blocks that which is malicious. Of course this MUST slow down page loads but I've tried with and without MBAM active and can't see any difference. Still, if it is parsing the code from the site it is an absolute that the load has to be slower as there is an added step. The way I see it is if I can't see the difference I don't care about that difference.

To be honest I don't know what I'd do if MBAM Pro did not play nice on my systems with Defender and Security Essentials. I probably would not but I'd be very tempted to turn off Security Essentials/Defender and run just MBAM Pro. I practice pretty safe email and site handling and can honestly say that I have never had an infection that disabled my systems. As Steve implied, the most important security feature of any computer system is sitting in a chair. Education as to how to properly use a computer just might stop more infections than the best software defenses.

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Mar 25, 2015 6:58 am 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
jaylach wrote:
As Steve implied, the most important security feature of any computer system is sitting in a chair.

Heh, I've heard it put like this and I believe I have stated this before at the Haven: The weakest link in your computer's security chain is the piece of fleshware that sits between the chair and the keyboard.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Mar 25, 2015 8:47 am 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
gmfry wrote:

Pete, I don't know Macrium 6; I'm a long time Acronis True Image user, but I'll certainly checkout the Macrium and try their free download to see how it works. Thanks for the recommendation.
Gerry



Hi Gerry

Don't download the free version, it is still version 5. Download the trial for v6. The only limitation if it still exists, is you can't boot the recovery environment in the boot manager. This thing is truly awesome.

First speed. My c: drive is 125gb, and I am imaging to another internal drive. Full image time is only 14 minutes. Time for incrementals and differentials averages between 50 seconds to 1 minute 20 seconds. Average full restore time is 20 minutes, but with the new Rapid Delta Recovery it is only 6 minutes. During the testing of the pre release version, some of us at Wilders put it through a brutal wringer. Normally when imaging it doesn't hurt to help VSS by leaving the system idle. I let Macrium V6 take some incrementals while another imaging program run. It took a bit longer but the imaging was successful as was the restore.

Curious how many restores have you done with Acronis?

Pete


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Mar 25, 2015 8:53 am 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1916
Location: Pembrokeshire, South Wales, UK
I have the native Windows protection and also run MalwareBytes Pro in real time and I've not had any problems so far. I also have SpywareBlaster running as well.

I have that set up on my Windows 7 machine and also on this Windows 8.1 machine, I have the free version installed on the VM running Windows 10.

As others have said the biggest threat is between the chair and the computer.

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Mar 25, 2015 10:48 am 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2946
Location: New Jersey
Just to clarify, since my prior response was quite lengthy --

You should typically not experience any issues running MBAM and/or SAS with Defender on Windows 8 (or MSE on Windows 7). I would *not* run both MBAM and SAS.

Spywareblaster does not have "real time" components that run to scan or protect. It loads, runs to check for updates, check/modify browser settings, then shuts down.

-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Mar 26, 2015 5:28 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 300
Well, I guess that I did open up an interesting topic, one that has given me some good information. I appreciate all the suggestions from Steve, Jay, Joan and Pete.

Steve, I did not know that Windows Defender was more than an anti-virus program. If I had looked at Help/About, I would have seen that there is an "antivirus definition, an antispyware definition and an antimalware client" listed. Running that program alone would seem to be all that is needed, like you say; however, having just plunked down $19.95 for another year of SAS, I'm going to run it as well and see how it goes. I will stop MBAM from running automatically and manually do an MBAM scan every so often; it did not find my three Trojans (nor did Defender) whereas SAS did. As for SpywareBlaster, I think I will keep using it since they still state "...reduce or greatly eliminate spyware-related problems, as well as problems related to other potentially unwanted software..." I use the free version and update it manually.

Jay, I also have had no definitive problems attributable to running MBAM Pro and Defender together. I also follow common sense computer practices, and except for the recent Trojan findings, have never had an issue with malware/spyware or viruses (knock on wood).

Pete, I have done only one restore from Acronis True Image in the ten years or so that I've been using it. It did the job, but I forget how long it took. I usually keep two images of each of my partitions on two external hard drives, deleting the oldest before making a new one. I do full images each time because I seem unable to grasp the difference between differential and incremental backups; the explanations sound the same to me. Which to you recommend? I did download and install version 5 of Macrium; I'll go back and see if I can get version 6 as you recommend. The price is more than Acronis -- $80 for the home version, but maybe its worth it.
Gerry

_________________
Gerry


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Mar 26, 2015 5:38 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 300
Pete, I've just been to the Macrium Website again and the only trial download offered is the file that I have: reflecDL.exe. That installs version 5.3. Do you have a path to a version 6 trial download?
Gerry

_________________
Gerry


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Mar 27, 2015 9:05 am 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Hi Gerry

I'll check on the trial and get back.

Couple of comments on the rest.

For me, 1 restore doesn't convince me. When I started playing with the pre release of Macrium v6, I had already decided to upgrade by release. Several of on Wilders had used and abused it and it never failed. By that I mean successful restores. I bet I did at least 100 hundred restores before buying it. That way I know it will work.

Okay difference between an Incremental and Differential image. Both of them are images just containing changes from the last image. Big difference is an Incremental is just the changes from the last image, whereas a differential is always the changes from the last full image. Ramifications:

Incrementals will always be smaller, but if you have a chain of say 10 incrementals, if you lose say incremental no. 3. then 1 and 2 are the only good ones all the rest are lost, because the chain is broken.

Differentials on the other hand don't have that dependency. You could delete no. 3 and the others would be fine. Differentials also will tend to get bigger with time.

Convention has it that you should probably not let an incremental chain get to big, like may 10-12 incrementals. I have tested Macrium v6 with 45 incrementals and not only did it work fine, it actually didn't take any longer.


As another aside the biggest advantage of Macrium V6 is speed and scheduling. Speed is unbelievable. A full image on my machine averages 15 minutes. Incrementals with all other imaging programs is about the same. My incrementals with Macrium take about 1 minute. Restores: the average of all the other programs is 25 minutes. With Macrium it's 6 minutes.

Then there is scheduling. Limited only by the imagination. But the coolest thing is if I want to manually take an incremental all I have to do is double click on a special icon on my desktop. That's it.

Any way I will see what I can find out about the trial.

Pete


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Mar 27, 2015 1:09 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Gerry

You are correct, the trial say V6, but downloads 5. Give them a bit of time.

Pete


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Mar 27, 2015 2:00 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
sboots wrote:
...
Spywareblaster does not have "real time" components that run to scan or protect. It loads, runs to check for updates, check/modify browser settings, then shuts down.
-steve

It has been years since I used SB. It indeed does not run in "real time" but it does not need to, unless they've changed it since I last used it. When you run SB it makes changes in your browser's settings (when I last used it only IE and Firefox could be changed) and perhaps other changes to your system, I don't remember, in the registry??
But those changes remain permanent unless you go back into SB and remove them, so even though SB is not actively running, those changes remain. Those changes originally where created to prevent ActiveX, cookies (not a real threat), and other changes to your system. Great program for its time and free, but MS has come a long way in correcting that ActiveX crap, which it was in my opinion, crap: ActiveX could give a hacker complete control of your computer, as if he/she were at the keyboard. As for cookies, heck, your browser correctly setup can take care of them and they are not a real threat anyway.

I have always admired the SpywareBlaster folks for creating such a program in its time and for free, but that was in the early days. Today I just don't know if it is needed however I must admit this: using SB probably is not going to hurt or affect anything, just remember that you made those changes to your system.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Apr 22, 2015 6:02 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 300
Peter2150 wrote:
Gerry

You are correct, the trial say V6, but downloads 5. Give them a bit of time.

Pete

Pete, I just wanted to bring you up to date. I found that I can download version 6 as a trial, not a free download, so I have done so and am now in my 30-day trial. I like it much better than the 2015 Acronis True Image interface, and that program has been giving me some problems lately by throwing in error messages saying the path to my USB backup HD was not found when it had been working just fine for months. I'm experimenting with Macrium and so far have found everything easier than with True Image 2015. If it continues, I probably will buy it at the end of my 30 days.
Gerry

_________________
Gerry


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Apr 22, 2015 7:04 am 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1916
Location: Pembrokeshire, South Wales, UK
I've got the free version of Macrium Gerry but like you found it to be a lot easier to use than Acronis. I'd been using Acronis since 2008 and upgraded every year, at present I have version 2014. I'm just not going to do another upgrade as I don't see anything much different each year to warrant the cost.

I've got Acronis on my Windows 7 desktop and that is set to do the image every Friday teatime to external harddrives. On this Notebook I've got Acronis and Macrium and use them manually plus Windows File History, all to external drives weekly.

I've got Windows security and MalwareBytes Pro alongside SpywareBlaster all running happily on here and so far never had any problems. :-)

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Apr 22, 2015 2:32 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
The huge difference v6 brings is time. My hardrive has 130gb in use. My base image takes 14 minutes. After that incrementals run an average of 1 minute. One my last tests was to test Adobe Acrobat Pro DC. It is the upgrade to Acrobat Pro XI which I use. The trial uninstalled the older version be fore installing so that was a 1gb swap out. I didn't like the trial so I just restored the image prior to the swap. The restore time: 1 minute This makes this program a snapshot program also.

Pete


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Apr 23, 2015 5:40 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 6:56 pm
Posts: 300
Joan, you are wise to retain Acronis True Image 2014; I wish that I had. I was dazzled by the new interface of version 2015, but the longer I used it, the more problems I had with it, problems that I never had using their previous products for at least the last ten years. For some reason, if you uninstall 2015, you can't re-install 2014, so just keep what you have. Meantime, I am impressed with Macrium and may purchase it, chalking my purchase of 2015 Acronis up to experience.
Gerry

_________________
Gerry


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Apr 23, 2015 6:59 am 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
I have used MANY imaging program thru the years, nothing even gets remotely close to Macrium, not even my former favorite ShadowProtect. Occasionally you find a company that does everything right.

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Apr 23, 2015 8:52 am 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Yep and it's about to get way more exciting, with what they are up to. Don't know about the general usefulness, but basically you will be able to instantaneously create a working VM from an image. I am going to beta test it. We'll see.

Pete


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 22 posts ] 

Board index » Technical Forums » Security


Who is online

Registered users: No registered users

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Similar topics


Jump to: