Re: DetectX ?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: DetectX ?

Al Varnell
On Tue, Nov 28, 2017 at 04:44 PM, gastropod wrote:
Has anyone used the DetectX utility, or anything else from Squarq??

Yes, I have used everything else from Sqwarq, pretty much since they were first introduced. The Swift version that's in beta testing right now, is faster and better with additional functionality as shown here <https://sqwarq.files.wordpress.com/2017/09/overview.pdf>. He's looking for commercial sponsorship in order to keep it free for home use, but not having much luck yet.

https://sqwarq.com/detectx/

It scans for adware, known keyloggers, apps using an old insecure
Sparkle framework, and some other potentially troublesome things, and
can remove some kinds of stuff. One nice thing it does is keep a log of
files in a smattering of important locations such as the various
autolaunch folders, and you can look through to find changes with time.
Free to use, suggests $10 registration for personal use.

I've run it on my mac, but it didn't find anything except a few old
Sparkle-using apps.  I don't have any known infected macs to test to see
if it does actually find adware and remove it correctly.

The developer is a colleague of mine and I provide him with some of the malware information used in DetectX. It uses the same sort of technique as Malwarebytes of looking only in places where malware is known to exist, rather than scanning each and every file to see if it matches a known malware signature. That's what allows it to run so quickly.

Although I haven't run it against my entire malware sample collection, I do check to make sure it detects all the new items I learn of and give him feedback. I can't say it's perfect in all respects nor has there been any independent test against other anti-malware apps that I can refer you to. 

Since MalwareBytes has become invasive (It's still free for one-off use,
but installs its full constant-watch version as a demo and then nags),
I'm hoping DetectX might be an adequate replacement to point users to.
But without some track record, I'm reluctant to do that.

I haven't found MalwareBytes to be at all invasive with my setup. I opted out of the Premium version (even after being offered a free subscription) so I can't say what it might be doing today, but I wasn't at all bothered during the thirty day trial and now that real-time protection has been disabled it's slightly better at detection than versions 1 and 2 were at manual scans and if you don't want RTProtection running all the time, you can easily turn it off from the menubar icon.

-Al-
-- 
Al Varnell
Mountain View, CA








____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: DetectX ?

Al Varnell
On Wed, Nov 29, 2017 at 05:00 PM, gastropod wrote:
On Tue, Nov 28, 2017, at 11:20 PM, Al Varnell wrote:
I haven't found MalwareBytes to be at all invasive with my setup.

Yeah, but...users.  Fortunately not all of them, but two so far have run
the newer version, and 30 days later been confused by the upsell, since
it didn't used to do that, and they want to know if it's a scam.  Never
mind what the software (and I) told them when they ran it the first
time...

I think there is some justification for the upsell, IMHO. Real-Time Protection was a much requested feature and I personally would rather know when I've downloaded a malware installer rather than finding out after having installed it and allowed it to do it's thing for some amount of time until I get around to doing a manual scan because my computer seems to be misbehaving. I already have access to such protection from ClamXAV and it's a bad idea to have two such scanners fighting over the same new file, so that's why I haven't updated MBAM to Premium. 

I've never found any malware that I wasn't already aware of in a couple of decades here, but I doubt that a normal Mac user can say the same these days. Most infections are harmless adware installers which can certainly frustrate, but not really threaten us. Unfortunately, there has been a small uptick in threat malware, so I don't think we can all simply ignore such protection these days.

-Al-
-- 
Al Varnell
Mountain View, CA








____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____