MBAM / AV?

Discussion in 'other anti-malware software' started by rottenbanana, Feb 16, 2011.

Thread Status:
Not open for further replies.
  1. rottenbanana

    rottenbanana Registered Member

    Joined:
    Jul 25, 2008
    Posts:
    51
    Location:
    -30?C
    First off, apologies for being both rather illiterate and uneducated, but could someone provide a real-world example of a threat caught by "regular" (enter-your-favorite-vendor-here) anti-virus software but missed by MBAM Pro? I keep reading how MBAM is not an antivirus program, and i'm having a hard time figuring the differences between viruses and trojans and malware classifications in general. So what *exactly* does MBAM Pro (i have a license) protect against that an AV scanner does not? And vice versa.

    Thanks in advance!
     
  2. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Here is how MBAM pro and standalone AVs break down:

    Code:
    MBAM pro : standalone AV
    
    Executable malware         Yes : Yes
    Malicious script           No  : Yes
    Malicious IP               Yes : No
    Patched system file fixed  No  : Yes
    The second difference is that research and technology within MBAM is weighted heavier towards malware that traditional AV software is not as good against.
     
  3. rottenbanana

    rottenbanana Registered Member

    Joined:
    Jul 25, 2008
    Posts:
    51
    Location:
    -30?C
    Thanks for your response! By "executable malware" you mean viruses, trojans, keyloggers, rootkits etc? I'm looking for a solid example on how one needs a traditional AV scanner in addition to MBAM Pro, since that's a statement i keep coming across. Is there a large possibility (there's always a small one with any software) of missing something with MBAM as resident and, for example, Hitman Pro as on-demand for a second opinion, just like it seems to be designed to do?

    We have two computers protected by Prevx most of the time, but my old laptop feels nice with MBAM and i'm hesitant to add more drag to it.

    What about scripts, where does one possibly come across malicious scripts? I myself have enough common sense to avoid opening most strange files or websites, but i can't say the same for everyone living here. :cautious:
     
  4. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Exploits for the most part and they can be hacked into legit sites or exist within ad streams on legit sites so "safe surfing" is not a perfect shield here. The way it usually works is like this:

    Exploit site on host site -> executes malware from remote site with no prompt.

    AV has 2 shots to kill these (exploit and malware) and MBAM has 3 (IP of host site, IP of remote site and malware). Combined there 4 places where the infection can be stopped, 5 if you count the double shot at the malware itself.

    What you are saying brings up the same point I make frequently, what are you trying to protect. The danger your system is in and your relative computer knowledge factors in huge here. Not that we recommend it but a singe user system that is kept up to date, has no critical data changing hands, has no irreplaceable data in storage and will be kept on safe sites would in theory be better protected by MBAM pro alone than a system with both high risk data and high risk usage with both MBAM pro and a standalone AV. Protection is between risk and what is at risk so without knowing the other 2 parts of the equation there is no real way to answer the question.

    For the vast majority of people this is a reasonable setup that is both safe enough and provides a way to recover from a disaster:

    Windows 7 64 with UAC and windows firewall on
    OS and all web facing apps kept up to date
    Limited user account used whenever an admin account is not required
    Drive imaging software and a second hard drive
    Standalone AV of your choice
    Standalone backup/AV complement of your choice
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Just an example -http://threatpost.com/en_us/blogs/bbc-sites-serving-malware-021611
     
  6. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Not only not a perfect shield, but the pendulum has now swung the other way...
    Burning Question Wired February 2011
     
  7. rottenbanana

    rottenbanana Registered Member

    Joined:
    Jul 25, 2008
    Posts:
    51
    Location:
    -30?C
    Some food for thought there. I've seen one legit site serve hacked ads, i wasn't running any AV at the time so i was alerted only by Look n Stop about allowing Java to connect. The site had never used Java before, so i blocked it and didn't get infected. A lot of the site's users did. Taught me a lesson though.

    Nice read, it explained what i was confused about so thanks for all replies. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.