Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Brawdy14

Suspended
Original poster
Feb 1, 2018
169
22
Devon, England
Pondus response to BDonTJ.jpeg
 
Right, so - Malware generally wants to do something malicious, hence the naming. This could be encrypting your drive for a ransom, deleting important files, messing up your system in various ways, sending your private details to a server without your permission etc. Because malware generally does one or more of a set of somewhat well defined possibilities of malicious activities we at least have something to screen for. This could lead to false positives - for instance, looking at which programs encrypt your data could lead to a valid encryption tool being flagged as malware, but you'd likely know it's good since you asked for it yourself.

Thus, there are things that we can look for to detect malware. But if the software is really clever, it can do a lot to throw us off. For instance, if it's sending your private data to a server, it could send a few kb every few days or hours. This is such small amount and not really unrealistic of a process to do , so we might never notice.

Security generally is a very, very complex issue. We've got a lot of really clever people working hard on both sides of the war. In theory there could be malware on every single device in the world, hidden from sight and anybody's knowledge aside from the select few, who gather details on us all... Sorry, did I blow your secret NSA?
Anyways, the point is that it's theoretically possible, but security is a cat-and-mouse game, and it's super hard to hide for long because there are really smart people whose job it is to find you, discover your patterns and get rid of you.

The most primitive anti-malware method is just to screen for known malicious executable file names, but obviously you can hide from that just by changing your file name. There are then also those that save an MD5 hash of the executable content, but then you could use the same method as before but write it slightly differently and that detection method would fail too. And you could also screen for behaviour as mentioned earlier. Many options.

The short version is theoretically, yes, but I'd say it likely wouldn't take too long for the security teams to catch up. Though we certainly have seen long periods of uncaught malware in the past.
 
  • Like
Reactions: artfossil
Right, so - Malware generally wants to do something malicious, hence the naming.

The short version is theoretically, yes, but I'd say it likely wouldn't take too long for the security teams to catch up. Though we certainly have seen long periods of uncaught malware in the past.

Thank you for your comprehensive response. :)

I do not dispute anything you have said.

Can you still see the original post listed here? https://forums.malwarebytes.com/profile/189623-bdontj/content/

Do you think a nerve may possibly have been touched?
 
I see

Phil (Malwarebytes Support) said to me .........

Aug 27, 11:13 PDT

Thank you for your feedback. To get definitive answers to your questions, it would be best to address them to the developers. The Developers and our Malware experts respond more frequently to the Malwarebytes Community Forums. If you would like to discuss how "Clever" malware can mask itself or if another software allows introduction of malware to your system, you can discuss it on our community forums.


=

Is there malware which is virtually undiscoverable? (especially if one deliberately invites same by downloading and installing 'rogue', un-tested, software on to one's machine!)

Please discuss.
 

Would YOU be tempted to download the Free Trial from here? https://www.clamxav.com

M
y friend Jon has been banned from the Malwarebytes forums for asking about ClamXAV.

No explanation was given to him. :(

He's also tried to 'talk' to Clam here but without success:- https://www.facebook.com/clamxav

He won't use the software now.

Neither Jon nor I have been able to make a visitor post here:- https://www.facebook.com/pg/clamxav/posts/?ref=page_internal

C
an anyone reading here make a 'Visitor Post' at that link?
 
Last edited:
Would YOU be tempted to download the Free Trial from here? https://www.clamxav.com

M
y friend Jon has been banned from the Malwarebytes forums for asking about ClamXAV.

No explanation was given to him. :(

He's also tried to 'talk' to Clam here but without success:- https://www.facebook.com/clamxav

He won't use the software now.

Neither Jon nor I have been able to make a visitor post here:- https://www.facebook.com/pg/clamxav/posts/?ref=page_internal

C
an anyone reading here make a 'Visitor Post' at that link?


If you have no suspicion of malicious activity, I wouldn't worry about anti-malware. macOS has good security and XProtect built-in already, and unless you invite malicious software to run with root priviledges, you're unlikely to have any malware.
 
If you have no suspicion of malicious activity, I wouldn't worry about anti-malware. macOS has good security and XProtect built-in already, and unless you invite malicious software to run with root priviledges, you're unlikely to have any malware.

You are absolutely correct, of that I have no doubt! :rolleyes:

https://forums.malwarebytes.com/top...-unmask-clever-malware-which-hides-from-view/

So, the question remains, WHY was Davoud1945's post removed?

This is what he asked:


Screen Shot 2018-09-01 at 19.44.47.png
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.