Jump to content
Posted 10 November 2006 - 10:19 AM
Posted 10 November 2006 - 10:55 AM
Posted 10 November 2006 - 12:52 PM
The orginal source. Through the program, people will just update their database. That won't be manual work.
Who is going to keep the database updated?
Again, the information the program presents will come from the sources where the database(s) are managed.
Who is goingto cull erroneous data?
How will you know if your scanner is accurate?
This is not a scanner, according to your point of view. It's a log analyzer. It ONLY reads from the HJT log files, then accesses the databases that are used to perform the manual tasks, and reads for specific lines that start a certain way, then checks the original sources database(s) for the results of the search. The results of the whole logs are recreated to make an exact duplicate of the original log, but with a different name to it,,, having the results of the programs findings. That's all. It's simply a faster and easier way to read the logs.
What if your scanner causes someone to damage their computer?
I agree with you 100%. But the point you may not understand is that when you have available resources to help you do what is a tedious job, you tend to get it done, and done with great spirit. If you took a survey and ask, "What do you prefer,,, A GUI program or would you do it by Command Line?" I can assure you that the majority WILL say GUI. Why?.. Because it's easier and it's faster. Instead of typing in commands, you can just click a button, and it does that command. That may not be learning to some people, but it's a way for people to do something they don't want to do anyway. If everything on the Internet was Command Line usage, the Internet would have at least 80%- (less) users on it.
You may want to do a search for arguments against automated log readers. One of the first is that they are innacurate. There are times when they flag the wrong things as bad. We don't want novice users to rely on them, otherwise they don't learn anything other than how to rely on an automated tool. That means they won't know when the scanner is wrong.
I'm definitely not going to let you or anyone discourage me. I'm much stronger than that. That's just how I am. If I believe in something... that's my belief. If I feel something will work, I'm willing to go forward with it. That's why there are millions, if not billions of software out there. Those people, companies, or whatever believed in themselves, and many had support to back them up. Look at Bram Cohn,,, the one who created the BitTorrent/client. Look where it's at now. That's what I'm talking about, to all that believed in themselves and didn't let the skeptics stop them. That is what I call a powerful mind.
If you really think you can do a better job, then definately don't let me discourage you. Just don't be surprised at the reception you get when you roll it out. Automated readers are nothing new. They are helpful from time to time, but only for those who already know what they are looking for anyway.
Edited by Walkman, 10 November 2006 - 01:05 PM.
Posted 10 November 2006 - 01:29 PM
Posted 10 November 2006 - 01:54 PM
The BHO lists and the start-up lists are all human curated by experts in the field.
And what I was trying to tell you is that there have been analyzers around for a long time already. I showed examples of three, but there are probably half a dozen more. Most of them are run by people well known in the malware removal group. When we train helpers, we specifically do not allow the use of automated readers. We have practice logs specifically designed to frustrate automated readers.
I was suggesting that it might not be a bad idea to research your project first to see what has already been done, and identify the problems. If instead you can solve the problems with current automated readers, then you would have something. But the problem domain is such that simple database matching can only make suggestions, it can not rationalize context, and is by convention always behind. HJT and similar tools are for infections that automated responses have not yet caught up with.
Posted 10 November 2006 - 02:47 PM
Posted 12 November 2006 - 03:15 PM
Posted 26 November 2006 - 03:02 PM
Posted 26 November 2006 - 04:58 PM
Posted 28 November 2006 - 03:40 AM
0 members, 0 guests, 0 anonymous users