Is MBAM safe?

Discussion in 'other anti-malware software' started by avboy, Feb 21, 2012.

Thread Status:
Not open for further replies.
  1. avboy
    Offline

    avboy Registered Member

    My query stems from the following:

    1. No downloading of free version from the site, download is from CNET. There's a thread on why many Avast AV users do not want to download from CNET. Won't the same apply here?

    2. The digital signature iis countersigned with Comodo Time Stamper (COMOD has led to lot of debates on Wilders).

    3. When I try to update data in banking mode from domains *.mbamupdates.com or data-cdn.mbamupdates.com, OA Premium reports suspected DNS poisoning.

    I am looking for specific replies to the above issues. Thanks.
  2. Hungry Man
    Offline

    Hungry Man Registered Member

    Yes. Yes it is.
  3. Rompin Raider
    Online

    Rompin Raider Registered Member

  4. ams963
    Offline

    ams963 Registered Member

    from your description of the current situation......I say you find a smooth linen cloth.......fold it.......slowly and quietly put it in front of your frightened soul..be careful not to make a sudden move or there could be trouble waiting for you.....then with a lightning change of position.....blindfold yourself........finally go ahead and use mbam.......
  5. avboy
    Offline

    avboy Registered Member

  6. avboy
    Offline

    avboy Registered Member


    Ha ha..you can't blindfold a blind man (w.r.t security). But ya, no offence meant, but even with my eyes shut, I would love to see some replies, particularly to point 3 about updates and why it says DNS poisoning, from someone in the know of this.
  7. Rompin Raider
    Online

    Rompin Raider Registered Member

  8. ams963
    Offline

    ams963 Registered Member

    it's probably a fp........to be sure you can scan the mbam installer that you downloaded with your av and hitman pro and upload it to virustotal.......
    Last edited: Feb 21, 2012
  9. nikanthpromod
    Offline

    nikanthpromod Registered Member

    MBAM installer from CNET have no crapware;)
    just download update and use .. u are safe:thumb:
  10. sg09
    Offline

    sg09 Registered Member

    Direct link for present version:
    -http://data-cdn.mbamupdates.com/v0/program/data/mbam-setup-1.60.1.1000.exe-
  11. Mongol
    Offline

    Mongol Registered Member

  12. cruelsister
    Offline

    cruelsister Registered Member

    AVboy- I'm probably overreacting, but I'm concerned about the DNS poisoning message that you are getting when trying to connect to a security site. You may or may not have heard about the current DNSChanger Trojans. This type of malware has both been released on its own as well as being coded into other forms of malware recently. What it does- in some forms it will alter the your computer’s Internet settings to hijack search results and to block you from visiting security sites.

    The biggie in this field affects over 4 million machines and was detected in November. When the botnet servers were shut down they were replaced with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. If you have this version you may not be able to get online at all after this date.

    For your (my) piece of mind I suggest checking things out by going to either of 2 places:

    1). Manual checking- http://dcwg.org/checkup.html

    2). Avira check tool: http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199


    Your issue is no doubt some FP, but one never knows...
  13. avboy
    Offline

    avboy Registered Member

    This is just not for me I guess.

    First MBAM redirects to bleepingcomputer or download.com for free and pro version. I finally used the direct link provided above.

    Now while updating it takes more than 15 mins on a broadband. It stops in between and starts again at least 3 times. The IP of updating is 68.232.45.119 and on lookup I cant find any details about the same. Can anyone confirm if this is indeed the IP of MBAM?

    Thanks for the links Cruelsister. I am very happy that you did "overreact". i'd better be safe than connect to some scamster and hand over everything on a platter. I am going to check now.
  14. Barthez
    Offline

    Barthez Registered Member

    Both free and paid versions are downloaded through http://www.malwarebytes.org/mbam-download.php which will randomly choose a download site for you from MBAM's link database. There was a post somewhere on Wilders regarding this issue where someone from MBAM explained it. They refer to it as a download rotator I believe. Just paste link I gave you to different browser tabs, to see what I mean. Alternatively go to http://www.malwarebytes.org/products choose product and hit Download.

    From what I know Comodo is still a valid Certificate authority, so there is nothing strange here. To be honest I know little about digitally signing programs, but I assume in it's principal it's not that different then certificating a website: Only valid CAs can do it.

    I suspect that Comodo just provided best offer and was choose because of it. But those are pure speculations.

    NOTE: I'm not a big fan of COMODO and would rather choose different signer myself, but I see nothing malicious about some company choosing this CA.

    From what I remember, OA DNS checking works by comparing their results of a DNS query with one you got. If they are different it could mean that something is bad.

    Problem is, that some websites use different servers for same address to speed things up: users from USA -for example- get content from USA servers instead of those in Poland, and vice-versa. I remember I had similar problems with steam site (store.steampowered.com) some servers delivering content (pictures, videos) was different for my location and location of OA.

    That doesn't mean it's 100% safe, but it could be the cause.

    HTH
    Last edited: Feb 21, 2012
  15. cruelsister
    Offline

    cruelsister Registered Member

    Odd- When I update MB I am connected to their servers in Amsterdam (also registrant unknown). 68.232.45.119 is an EdgeCast Networks ServerFarm from Engelwood, California. But as Malwarebytes is based in San Jose they may use the servers there also.
    Last edited: Feb 21, 2012
  16. avboy
    Offline

    avboy Registered Member

    I have used the links provided by Cruelsister, no DNS changer on my PC. In case ISP's was compromised, I used Norton DNS, same slow/failed updates.

    I'd be glad if someone else from the US can check the IP of MBAM's update server.

    BTW I am referring to the free edition, not Pro.
  17. Noob
    Offline

    Noob Registered Member

    I would say, just go ahead and try it, you will not regret it. ;)
    Last edited: Feb 22, 2012
  18. cruelsister
    Offline

    cruelsister Registered Member

    AVboy- Just received a response from Malwarebytes- they are using the California servers that you were connecting to for updates, so everything is fine.
  19. Daveski17
    Offline

    Daveski17 Registered Member

    In my experience MBAM isn't immune to false-positives, I'd check their forum.
  20. avboy
    Offline

    avboy Registered Member

    Thanks a lot everyone for replying, particularly Cruelsister for contacting MBAM, which I should have done. I have started using MBAM. Updates are fine early morning, erratic by afternoon, almost impossible by evening. So I guess its the load on their servers.
Thread Status:
Not open for further replies.