Malwarebytes Anti-Malware Version 1.51.1.1800

Please see your topic on the Malwarebytes' forum:

http://forums.malwarebytes.org/index.php?showtopic=90673&view=findpost&p=458348 you might require a "clean" re-install.

HTH

 

Are you sure it's not because of your ignore list? I think it's around the same, and will become worse once hpHosts gets incorporated.

 

There are no plans to incorporate a HOSTS file into our software, that is not what the hpHosts researcher is being used for.

We do have plans to split the IP list up into a default on and optional on list to allow the user greater control over what is blocked.

There is an additional plan to further increase flexibility when it comes to web blocking but that is not close enough to ready for public discussion....yet.

 

I meant combining the databases.

What does optional on mean and contain?

 

I don't have an ignore list, JL. MBAM no longer seems to block things I actually care about..so far.

 

No matter how you want to say it you are not correct, there is nothing resembling a 1:1 conversion of hphosts to MBAM, not even close.

Optional means that if you want additional more aggressive IP blocking you can turn it on but by default that list will be off. This will allow us to be a lot more flexible when it comes to dealing with things on the line.

 

So hpHosts entries won't be within MBAM? Will there even be shared findings?

 

Yes, the research for both is shared, Steven and I are in constant contact about new malware and the IPs involved. What needs to change is the addition of an optional block list where the user can opt for better protection while accepting inevitable FP IP blocks. We will be using this to both increase overall protection while reducing IP FPs on the default block list. Think of this as having the option to enable more strict heuristics in an AV product. The user will be better protected while willingly accepting greater chances of a FP.

 

Thank you for your help. (I've replied there as well.)

For the moment I am going to monitor the situation to determine if it was just a temporary hiccup.

All appears normal this morning and MBAM is blocking (and alerting to) sites I know are on its blacklist.

If further action (or your suggestion) is implemented, I will report here and on the MBAM forum.

 

I see. Thanks for explaining everything.

 

Can anyone point me to official information regarding MBAM hash values?

I can't find them at their website or forums. I checked this thread (http://forums.malwarebytes.org/index.php?showtopic=89691&st=0), which refers to the last version, but no mentions to hash values.

The free download goes to -http://malwarebytes-anti-malware.en.softonic.com/download

Does this mean that hash values have no value, at all? Is this why they're not provided?

Otherwise, how can I be sure I'm downloading a clean file, if I can't compare the hashes?

Déjà vu...

 

Yeah, pity security sites don't provide them. Filehippo has both SAS and MBAM though and they do provide hash values under the Technical tab.

 

MBAM won't update. Have twice tried to download free MBAM from CNET site and get this message when I attempt to update:


Did a clean uninstall, turned off realtime AV protection, downloaded again. Still the same message.

Help? Many thanks.

 

Is it possible for you to ask on the MBM forum?
http://forums.malwarebytes.org/index.php?act=idx

Your screenshot is not Version 1.51.1.1800

Gerard

 

Hello m00nbl00d:

You may find the hash values when you check the installer file with Virus Total. When you expand the VT report, you'll see that the files are digitally signed. Additionally, you'll see the files have been further validated by VT members and if you click on "Show All" you'll see plentiful bonus information.

After a successful install you can further check the installed files against VT where you'll find additional & similar validations like the above.

This has been true for at least the current & previous version.

The good part is you don't need to employ a hash calculator.

The download site you encountered above is that of a Malwarebytes' partner. Myself, I prefer FileHippo.com where you will never face a visual barrage of choices that may lead you astray.

I applaud your attention to detail!

HTH

 

I know I can get hash values from VirusTotal. That's how I usually compare hash values.

The problem is there are no hash values to compare them with.

Filehippo does seem to have them, because they calculate them, I guess... and provide them to their visitors. But, by downloading from Filehippo (trustworthy or not) doesn't matter if they provide the hashes or not, since there's no way of comparing them with official hash values (in MBAM website/forum), since there are no hash values provided by MBAM team.

Are we now in an age of download, install and hope for the best?

I simply don't understand why some security vendors do not provide hash values for their installers. It's not just MBAM team. It happens with SAS, Emsisoft (I couldn't find any so far.). Probably with others as well.

 

Actually, it IS Version 1.51.1.1800, per this on the About Tab:



Any thoughts on update problem are appreciated. I can post on MBAM Forum, too, I suppose. Thx.

 

Here is the file hash that I have:

TH

 

I get the same hash values using HashTab.

 

Hello m00nbl00d:

Surprisingly I agree with you! However the only comparison I might make is unlikely to satisfy you; when we discuss comparing a unit of measurement against those held by NIST, you are not permitted to make the comparison to the primary standard. You will only be able to compare against secondary standards or less.

In the case of the MBAM installer file, at least you do have the comfort of a comparison to a digitally signed file and up to four different hashes that were calculated probably weeks before your upload to VT. We have been there already and we are endorsing the results we see. This is also true for the file with a randomized filename downloadable from only Malwarebytes itself.

If you upload a good v1.51.1.1800 MBAM installer file to VT, you'll see I endorsed it. If a disagreement were to have come up, it would have - weeks ago.

I'm afraid this is the direction to the future.

What say you?

 

I appreciate the effort. I really do. But, I can calculate the hashes myself. But... that takes me where exactly?

I just know the hashes for the file I downloaded, but does that tell whether or not the file I just downloaded (and, I'm just talking about third-party services, and I'll exclude from MBAM own servers) is legit? The answer is no.

Take a look here: https://www.wilderssecurity.com/showpost.php?&p=1895913&postcount=4

I know better, yes. I know that SpywareBlaster is a digitally signed application. It happens that I know what a digital signature is. But, by itself it means nothing really. As an example, my relatives know they should always make sure hashes match. How can they compare the hashes provided by the software vendor, if the software vendor doesn't provide them?

Digital signatures are secondary to me. It's not like malware hasn't used stolen digital signatures before. It's the hashes that I care about. Digital signatures come after.

But, imagine that Javacool Software provided no hash values? Would I simply trust Softpedia? Just like that, and then calculate the hashes myself, without having official hash values to compare them with? (It happened that I couldn't download from Javacool's own servers back then.)

What comfort? Uploading an installer/file to VirusTotal won't tell me if the file is legit. Even if it has been uploaded before and others rate the file clean. What are they basing their opinions on? Scanning MBAM installer with other scanners? Sure... they're all 100% effective.

Or, are they comparing hash values And, against what hash values? There are none to compare them with.

So, hash (re)liability will turn into the My WOT of the future? A community thing?

Please, do note that I'm not saying that MBAM installer (or any other) is dirty or anything like that.

But, let's not assume people will download MBAM from Malwarebytes own servers. It actually happens they will be redirected to another third-party service.

I ask: Why should I install anything without confirmation that it's, in fact, the installer I'm looking for and not some other odd file, just like the SpywareBlaster example I gave?

I just don't put blind trust on anything. I like confirmation.

 

Hello m00nbl00d:

If we don't place some trust in digitally signed installer files, that nobody flags as having illegitimate hashes, and the install renders digitally signed installed files that also pass this same criteria, then you may also hold PGP signed encrypted files in similar light. It's a new web of trust model that we aren't totally comfortable with.

Under the circumstances, my bet is you are using the latest MBAM.

Cheers

 

I'm not saying digital signatures aren't important. Just not the most important to me. And, I'm just talking about software.

As an example, a few applications I use have no digital signature. But, the developers do provide the hash values.

So, when I download something, the first thing I check are the hash values and not the digital signatures. Just because something has a digital signature, that doesn't mean open path to my system.

And, your bet would be wrong. I don't use MBAM. I do install it to relatives, though. And, when I do install/upgrade some security software to relatives that the software developers happen to provide no hash values, I wait a few weeks to a couple months.

If no one starts to complain during this period of time, that should be a good sign, considering very skilled people would also be using them.

But, let's not make this the standard procedure, though.

 

Hello m00nbl00d:

If I opened a topic on the Malwarebytes' forum with 3 to 5 different hashes, would that satisfy your requirements?

After all if the hashes were incorrect/illegitimate, Malwarebytes' staffers would take my topic down forthwith. Yes?

Then if I had intentionally posted bogus hashes, wouldn't I be banned from the forum? Yes?

Cheers

 

Sorry, but I don't understand this reply of yours. Maybe I'm missing some point.

But, it seems you're "targeting" me. Let's not make this about me. Let's make this about people, who would like to compare the hash values they get against official hashes provided by MBAM team.

It just happens I'm one of those among these people. But, don't make it about me, please.

I'm getting a feeling that hashes are not important. It seems they aren't. Otherwise, they would be mentioned in OFFICIAL places.

What does it take for me to get official hash values? Do what you mentioned you'd do? Open a thread at MBAM forum with wrong hashes, and then let MBAM team let me know the real ones? Seriously? This has got to be a joke.

It just surprises me that SECURITY folks don't consider important to provide users with the hash values of their software installers.

Nothing more, really. Just that.

Anyway, I just expressed my view: Security software developers not providing their software installers hash values, when they should. That's just my humble opinion.

But, as I asked before: Perhaps hash values have no value, at all. I'm not pretending to understand/known everything. So, if there's a reason why hash values are not provided (that is, they're useless), I'd like to learn why hash values are useless.

But, if they're useful, then they should be provided, no?

Anyway, I'm done with this matter. There's nothing more add to it.

Cheers.