Is MBAM now an AV?

While this is not true it does bring up an interesting point. If you were to limit ALL AV DBs to live in the last year a lot of people actually still believe that this would somehow hurt detection. There are only two things that would change:

1. the AVs would get faster
2. the AVs would fail all tests based on fictional situations

What itman is likely referring to is that we do not spend a lot of resources processing malware that we know is more than a few weeks old. We will still process the sample but we wont treat it like a 0Access that we just pulled from a live exploit. Between the tests I did on our forum and what MRG is doing it should be obvious by now that even 12 hours might as well be 5 years ago when it comes to what a valid sample is.

 

I did see the results of Flash tests by MRG and MBAM does seem to doing excellent,i have no qualms about replacing my current av with MBAM pro.

The only area where MBAM does seem to lack a bit is USB protection, as you never know how old the malware signature in a USB might be.

 

Glad MBAM clarified this.

I wasn't blowing smoke here. I did see a posting on their forum a while back where one of their mods stated their detection DB is limited in size. I guess the above statement is a "politically correct" way of stating their emphasis is on 0 day threats.

For those that insist on running MBAM stand alone at least use one of the free standalone scanners like the free version of Emsisoft's Anti-Malware.

Again, I have used MBAM Pro for a year and a half and it has found zip realtime malware. It does block blacklisted IPs on occassion. I do use Norton AV 2012 and it is possible Norton is intercepting realtime malware prior to MBAM.

 

This only matters if you get infected. If MBAM does not block anything and you don't get infected then you were just being safer than the average user.

We keep in a range and use real world statistics to remove defs that have no real world hits for a very long time. Certain more powerful defs are retained forever, just in case. If a relatively weak def hits nothing for 3 years, its not helping anyone by remaining in the database. Keep in mind that this will make us do poorly in fictional testing, we just don't care about those 'tests' as they have nothing to do with protecting you from live, real world malware.

What I think you are referring to was actually me posting on our forums about database optimization. I have made 2 of these posts so far alongside a database update that trims the obsolete definitions. We are not hiding anything or trying to be politically correct.

 

We are told not to run MBAM without an AV, but most AVs offer poor zero day protection. What sense does that make? Are Avs providing protection against scenarios that will never happen in the real world?

 

MBAM blocks viruses but does not fix patched files patched by viruses, AVs do.

MBAM does not target exploit scripts, AVs do.

MBAM also handles web blocking with an IP list instead of heuristics or domain based blocking like some AVs use.

We did not want to reinvent the wheel, we just wanted to target what the AVs are not great with or completely neglect.

 

So people should have AVs for blocking malicious scripts
and fixing files damaged by malware.
Doesn't seem logical to me considering these two items
have historically been weak points of many AVs.

 

You have to think of the layers of protection involved in stopping an infection if you have AV and MBAM installed. An exploit attack could be stopped at any of the following points:

Blocking the initial site outright : MBAM or AV
script on initial site : AV
Remote IP that exploit pulls payload from : MBAM
payload : MBAM or AV

That is very good layered protection assuming that you are using a decent AV.


You also have to remember that MBAM + AV gives you backup in case an attack is successful and kills of them off.

 

AV plus MBAM

Some years ago a member, Firefighter, made some tests on the protection of various AVs when combined with an AT. The addition of the AT improved the penetration prevention by several percentage points.

In the title I used MBAM as that is my favorite, but I am wondering if there have been any recent tests that use AVs plus some additional anti-malware to determine the additional and total protection when using AV plus anti-malware applications?

I suppose it would be too difficult for someone such as AV-C to do it. I am not sure who could.

Regards,
Jerry

 

If one considers zero day testing to be the test that most accurately portrays
real life conditions, one wonders how effective adding an AV as a layer is considering most AVs are performing at less than 80%. You can look at past AV-Comparatives On Demand Testing to see how effective AVs are at stopping malicious scripts.

 

Hit the nail right on the head!

Mabye an example will help. Avast 6 had major issues with rogues. People using it were getting nailed constantly by whatever the latest AV xxxx was. Here MBAM Pro would be excellent compliment to realtime protection. If fact, I was using Avast 6 at the time and this rogue issue was the primary reason I purchased MBAM Pro.

Only the other hand, many of the top tier AVs. Norton, Kapersky, and Bit-Defender to name a few have excellent protection against rouges and most 0 day threats for that matter.

So I would recommend if you have a free AV except MSE on WIN 7, get MBAM Pro. MSE running on WIN 7 has pretty good 0 day malware detection stats. In fact its 0 day protection is probably better than its overall AV protection.

If you are using a top tier AV/IS, use of MBAM Pro may be redundant. All depends on your system resources and malware paranoid level. Also a factor is your OS. WIN XP is much more vulnerable than WIN 7. Getting infected by a rootkit in WIN 7 x64 is a rare occurance. DEP(Data Execution Protection) actually works in WIN 7 x64.

 

I have a friend who was using a top AV, but got infected by a rogue. It would not let him download, and kept the spam up.
I put MBAM on a disk, put it on his computer, ran a quick scan, and it found and removed the rogue.

Another friend had a similar problem and MBAM found and removed it when installed.

Some years ago a member, Firefighter, ran a series of tests wherein he tested various AVs with and without an anti-malware (AT) running also.
The results showed a definite improvement in security when the AT was also running. Of course any AV detecting 99+% did not improve much, but others did.

I wish there would be such a test conducted, but I know it would be too much effort to do.

Jerry

 

perfect example why i don't run any of this
i just want a way to know if i am infected then a re-image is the cure

 

Malwarebytes is good at catching the kind of malware that people using common AVs like Mcafee, Avira, Norton, and MSE seem very prone to. I've never had to help anyone with Kaspersky or Eset (other than pirated copies).

TBH for these kinds of people always getting infected, I'd probably trust MBAM Pro over their AV if I had to choose. It does however nicely complement a layered security approach in the ways already described by nosirrah.

Once people learn about the vectors for infection, then you realise you don't need to rely on any AV/AM at all. If an exploit can't run at a priveleged level or find a vulnerability, a payload can't execute, and you are sensible in what you choose to run - then how does one get infected?

 

Personally I do believe MBAM Pro can be used in place of an AV, at least it would do a better job than the usual suspects.

I also have found that with a hardware firewall, reduced attack surface, and sandboxie properly configured - I've not been able to infect an AV-less machine despite trying very hard

Other than deliberately running a file outside of sandboxie, the only real threat outside of silly stuff theoretically for a home user would have to be another infected machine on the LAN - with a network worm of some sort. Even USB threats can be blocked or contained by sandboxie.

 

Tell me about MBAM (& for that matter Emsisoft AM free.)

I've felt like a change so I've had a cleanup & installed DefenseWall Hips & FW. DW is said to be top shelf protection. And I've read here & there one should run an AV as a sweeper to clean up any dead malware as DW is a 'killer' not a housemaid.

So does MBAM free have enough 'grunt' for the job or do I need to pick something with 'av' after its name?

 

It is if you note the following:

1. DW must be installed on an absolutely clean PC.

2. DW is designed to keep everything out of your PC.

3. If your infected when you install DW, your SOL. DW will not remove malware.

 

That's what I've heard hence the question will a freebie like MBAM handle the role of "maître d'hôtel" and keep my PC clean of the gremlins DW neutralizes?

 

Yes aaLF very good idea. MBAM + Defensewall = good protection

 

Reason I asked is because MBAM & Emsisoft AM are being listed & counted in the AV polls Wilders run.

 

If the poll was about pure AV only the list would be empty imo.

 

MBAM free would be OK.

I would also recommend a stand alone "AV" scanner. I use the free ver. of Emisosft Anti-Malware. Just make sure you disable all the "real time" protection after you install it. The ver. you download is a "full version" during the first 30 day trial period. It then auto disables the real time functionality. Only problem with this free ver. is you have to download the full definitions database each time you update so hopefully your on a fast broadband connection.