Malwarebytes Anti-Malware 2 released

We need your help to prioritize bug fixes and new developments. Let us know what should be improved in MBAM and how:

Bugs -> https://forums.malwarebytes.org/index.php?/topic/177735-we-want-your-feedback-bugfixes/

New features -> https://forums.malwarebytes.org/ind...-your-feedback-new-features-and-improvements/

Thanks!

 

Unfortunately your Support Team are unable to reproduce the bug I mentioned here - https://www.wilderssecurity.com/thre...alware-2-released.361805/page-33#post-2557596

 

I believe some other users have mentioned it. So pointing it out in the feedback thread will definitely help us prioritize it.

 

Sorry pbust, I've had a run in with one of the forum Admin' and was told I have "a long history of lack of cooperation, arguments, and rudeness to other forum members..." so I'm not interested in posting on your forums.

Thanks,
Dave

 

LOL, I was not aware of that. Well that explains your avatar, which is awesome btw

Seriously, I'll take your feedback directly from here and add it to the backend results. Thanks for sharing!

 

Vunerability disclosure.

From Marcin Kleczynski 2/1/16 :

https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure

 

Hi all

Kritische Lücken in Malwarebytes veröffentlicht

http://www.computerbase.de/2016-02/anti-malware-kritische-luecken-in-malwarebytes-veroeffentlicht/


With best Regards
Mops21

 

The Google Security Research team Project Zero has found vulnerabilities in an Anti-Malware. This time Malwarebytes is concerned. In November, the company had Malwarebytes four vulnerabilities in its software informs Tavis Ormandy from Project Zero. Now these were published in a report.

After ninety days published waiting time, the report , which contains some blackened points out that the client company malware signature updates downloading over an unencrypted HTTP connection which easily via a man-in-the-middle attack is to compromise.

The signatures and associated data are encrypted, but explained Ormandy how easy it is to decipher this with few OpenSSL commands and changed again to encrypt. Here lacked a signature of the developer to prevent such manipulations. In addition, use Malwarebytes along with two other gaps also incorrect Access Control List entries (ACL), which attackers do that Extending privileges cinch.

Marcin Kleczynski, founder and CEO of Malwarebytes said it would take three to four weeks until the gaps were finally patched. The vulnerabilities affect both the free consumer version and the Enterprise version. Kleczynski pointed out that the customer paid version could activate the switch self-protection in the settings to mitigate the gaps until its closure. He also praised from a Bughunter program that promises up to $ 1,000 per found gap. Only two weeks ago Malwarebytes had announced the completion of its second financing round of 50 million US dollars and reported in 2015 was the software on 250 million devices have been installed worldwide.

Project Zero had already discovered in the past serious vulnerabilities by manufacturers of anti-virus and -Malware software. Of which were affected manufacturers like AVG, ESET, FireEye, Kaspersky, Sophos and Trend Micro.

 

Thanks for posting the translation. In particular it's good to know about turning on the self-protection.

 

It was advised a while ago to turn off self protection because it slowed down start up ALOT. Not sure if that has changed of not.

 

https://www.wilderssecurity.com/threads/security-flaw-fixed-in-malwarebytes-antivirus.382183/

 

I enabled it after reading the blog and have noticed no difference.

 

https://www.wilderssecurity.com/thre...arebytes-antivirus.382183/page-2#post-2561373

 

Yesterday at 11:36 AM

Mops, the bearer of old news..... as always.

Tuesday, Feb 2, 2016:
Tuesday at 6:57 PM
https://www.wilderssecurity.com/thre...arebytes-antivirus.382183/page-2#post-2561335

Tuesday at 8:34 PM
https://www.wilderssecurity.com/thre...arebytes-antivirus.382183/page-2#post-2561367

 

people here fall in panic now - booo - malwarebytes unsecure, dont use, uninstall and such BS.
any other known products have or had same issues and were under review - now its mbam turn and it do not concern premium users, afair only free and business.
but - if mbam free fails - guess what already has failed!?!?

 

Ya, Einstein, it do.
https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
"Consumers using the Premium version of Malwarebytes Anti-Malware should enable self-protection under settings to mitigate all of the reported vulnerabilities." -MARCIN KLECZYNSKI

 

yo sherlock - as i wrote premium users are not affected when

i dont need to point it out from the blog - not my bad if they dont read it.

 

I think the point is the self-protection feature is not available in the free version. You are also correct though that self-protection is not enabled by default and premium users must enable it in advanced settings:

https://www.malwarebytes.org/support/guides/mbam/AdvancedSettings.html

 

No you didn't. The words "enable self-protection" do not appear in your post #840. I'll quote it here in its entirety...

And no one here has expressed anything close to "people here fall in panic now - booo - malwarebytes unsecure, dont use, uninstall and such BS." The only BS here is yours.

-Haakon, aka Teh Sherlock.

 

Yep.

Another point is that since its inception, MBAM's self-protection is not enabled by default and issues when enabled involved significant start-up delays (even with early-start disabled) and with changing settings under non-admin accounts. I distinctly recall the popular opinion was to leave it disabled.

To my recollection, none of the changelogs since indicated this module was improved upon. I stand to be corrected on that.

Enabling it now just prevents (as it is claimed) any vulnerability from occurring from now on until the next version is released.

Consider the scope of the vulnerabilities that have been in place for years...
https://code.google.com/p/google-security-research/issues/detail?id=714

There's some pretty elementary Security 101 don't-do-that involved.

I don't have time to dig around in forum archives, but the use of port 80 (to put it simply) for db updates was challenged a long time ago and dismissed by Malwarebytes. It might have been in their own forum.

Yet another point, while everyone else has failed they never marketed their solutions as the one to catch the stuff others have missed. Could very well be it's been Bitdefender IS that's been providing the "MBAM have missed" protection.

Not to mention pointing out some one else's faults is no excuse. Malwarebytes' corporate apology is accepted, of course. With the caveat they get a move on it, the fix ASAP.

Finally, as far as I can tell, Malwarebytes has not provided a means by which paying customers can determine if their systems' MBAM Premium installs have been subject to the vulnerabilities. i.e. an exe to run to check the targeted files/processes? Like one of those mbam-hyphen.exe's they've got??

 

Everyone is bashing on Malwarebytes and in the meantime everyone still uses other software that has not been audited by Ormandy...
Be realistic, users are still mainly infected because they use old software or because they infect themselves.

If you don't want to deal with vulnerabilities use a typewriter instead. ( Or also start auditing MBAM under the bug bounty )

 

If the system isn't compromised is it a problem? I think not.

 

BTW, is it normal that MBAM will use 25% of the CPU during scanning? My system temp always goes up to almost 50C degrees.

 

System load will always increase during a scan, no matter which anti-virus solution you're using.

50C is nothing, my old pc did 75-80C when idle and 115+ under load.

 

The "safe" limit is around 72 ºC although the CPU's can handle more.
http://www.buildcomputers.net/cpu-temperature.html