Malwarebytes Experiences Major Security Flaws
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Malwarebytes Experiences Major Security Flaws
One of our "recommended" apps is on the blink!!
Malwarebytes Experiences Major Security Flaws
What does this mean?
Should I avoid using MalwareBytes until the flaw is fixed?
Can I continue using it and trust that it will be fixed speedily?
Should I look for another reputed (free) anti malware app for now? (If so, any recommendations?)
TX
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
If - like me - you have the free version, it might be best to avoid using Malwarebytes Anti-Malware until the flaw has been fixed.
The recommended "Self-protection" setting is only available in the paid Pro version.
I find it rather disappointing that they didn't take steps until the flaw was made public, three months after they had been informed of it confidentially...
The recommended "Self-protection" setting is only available in the paid Pro version.
I find it rather disappointing that they didn't take steps until the flaw was made public, three months after they had been informed of it confidentially...
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
Many years ago, I relied on Spybot. I abandoned it when it became ever more clunky and slow over time, and I don't know how it fares nowadays, but I might give it a try again.
Best wishes,
Hans
Hans
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malwarebytes Experiences Major Security Flaws
I did a bit of digging and it seems that Spybot comes up trumps as the best free malware remover.
See here: http://www.techsupportalert.com/best-fr ... emover.htm
And here: http://lifehacker.com/5227896/five-best ... oval-tools
I'm going to have a look at Spybot (Windows, Freeware) and give it a try (while MalwareBytes gets well.)
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
Hmmm - I installed Spybot. It's still clunky and slow, and I keep getting errors while updating its definitions. Not a good start...
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2072
- Joined: 25 Jan 2010, 02:12
Re: Malwarebytes Experiences Major Security Flaws
From what I read there is no real explanation about how this could be exploited. It would seem from the limited description that a bad guy would have to know the exact time you are checking for definition updates to get in between you and Malwarebytes. Malwarebytes said they mitigated some issues on their server side.
As I said though there is no real explanation and if anyone feels uncomfortable using MBAM until the next release by all means leave it be.
Joe
As I said though there is no real explanation and if anyone feels uncomfortable using MBAM until the next release by all means leave it be.
Joe
Joe
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malwarebytes Experiences Major Security Flaws
TX Joe.
I have also installed Spybot and I got an initial error on the updating of definitions. I closed it and a little while after reopened and ran an update again and it went through without error. The paid for version is probably better, but as Hans mentions....its a bit of a stutter start to this product esp. as I'm familiar with the silkiness of MalwareBytes.
I have also installed Spybot and I got an initial error on the updating of definitions. I closed it and a little while after reopened and ran an update again and it went through without error. The paid for version is probably better, but as Hans mentions....its a bit of a stutter start to this product esp. as I'm familiar with the silkiness of MalwareBytes.
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
Also, Spybot signals a lot of "problems" that aren't problems at all; it would be very difficult for a non-technical user to distinguish between serious problems and superfluous warnings.
I still don't like this program, I'm uninstalling it again.
I still don't like this program, I'm uninstalling it again.
Best wishes,
Hans
Hans
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malwarebytes Experiences Major Security Flaws
The scan report was very complicated. It reported that I had 47 issues, many of them made no sense to me.
I'm also going to run it through Revo pretty soon!
I'm also going to run it through Revo pretty soon!
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
Aargh - after uninstalling it, I had to reboot my PC. On reboot, Spybot tried to reinstall itself again. What a load of rubbish!
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
Oh, and although I had only installed the free version (anti-spyware but not anti-virus), it disabled my anti-virus program and deleted the nightly scan it had set up. I strongly advise against installing Spybot, regardless of the glowing reviews it gets!
Best wishes,
Hans
Hans
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malwarebytes Experiences Major Security Flaws
Hmmm...I hope my experience is a bit less disruptive!
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malwarebytes Experiences Major Security Flaws
Some reaction a few days after the discovered flaw in MBAB...
Has anyone heard any more news about this product?
Is it "safe" to use again...or are there still doubts about the flaw and patchwork on this product?
TX
Has anyone heard any more news about this product?
Is it "safe" to use again...or are there still doubts about the flaw and patchwork on this product?
TX
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
Nothing new, although it's a month later now.
Although that is disappointing, I don't think the flaw poses a serious risk. As JoeP pointed out above, the thread mentions
Although that is disappointing, I don't think the flaw poses a serious risk. As JoeP pointed out above, the thread mentions
2. Research shows that this flaw can only be exploited on a machine by machine basis. Malicious code cannot be injected that effects everyone who runs MBAM. It can only be accomplished by specifically targeting a specific machine and then the perpetrator would have to interrupt the update in order to inject their code. It sounds to me like it would take a "man in the middle" setup to pull it off.
Best wishes,
Hans
Hans
-
- 5StarLounger
- Posts: 1108
- Joined: 21 Jan 2011, 16:51
- Location: Florida
Re: Malwarebytes Experiences Major Security Flaws
This is a very small risk for the free version as that version does not automatically update the software. Manual updates of the free version are unlikely to get malicious code injected if the user is aware enough to keep from being in a location where a man-in-the-middle attack is possible (open Wi-fi, etc.).
Tempest in a teapot...
Tempest in a teapot...
PJ in (usually sunny) FL
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malwarebytes Experiences Major Security Flaws
TX Hans and PJ...
I just wanted to bounce it off users here before I jumped at using it again.
The report in my link (and your feedback) is "encouraging" since I used it regularly before the report.
Cheers
I just wanted to bounce it off users here before I jumped at using it again.
The report in my link (and your feedback) is "encouraging" since I used it regularly before the report.
Cheers
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Lounger
- Posts: 46
- Joined: 10 Feb 2010, 14:27
Re: Malwarebytes Experiences Major Security Flaws
I use AdwCleaner occasionally. I did again after reading this post here. Any thoughts?
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Malwarebytes Experiences Major Security Flaws
I haven't used AdwCleaner. I can't seem to find the website of its publisher, only generic download sites (which I try to avoid if possible).
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2072
- Joined: 25 Jan 2010, 02:12
Re: Malwarebytes Experiences Major Security Flaws
A link from the author's name on MajorGeeks takes you to https://toolslib.net/downloads/" onclick="window.open(this.href);return false;. Another reliable source for AdwCleaner is http://www.bleepingcomputer.com/download/adwcleaner/" onclick="window.open(this.href);return false; (along with several other specialized malware utilities).
Joe
Joe
Joe
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: Malwarebytes Experiences Major Security Flaws
Joe beat me to it, listing bleeping computer as a good site for DL it.HansV wrote:I haven't used AdwCleaner. I can't seem to find the website of its publisher, only generic download sites (which I try to avoid if possible).
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.