Malwarebytes Anti-Malware Version 1.51.1.1800

One of the functions of a digital signature is to confirm that the signed file hasn't been altered in any way, so I'd consider a hash value useless. At the very least, including the hash would be superfluous for signed software.

 

I always believed that a digital signature would only say This file is from whom it says it is.

But, we all know that malware has used stolen digital signatures in the past. So, digital signatures should not be the primary concern when verifying whether or not the installer/file is from the source we expect it to be.

Couldn't I download a file from a third-party service, believing it was MBAM. It happens it has the digital signature (stolen). But, if I had the hash values, I could tell if it was the real deal or not.

This is where hashes come in.

So, how are they useless, even when the file is digitally signed?

I'm just glad that not every security software vendor and other software vendors thinks like that. They sure believe hash values are valuable, even when their software is digitally signed.

I'd stop using most applications that I use.

 

You can't alter a signed file without invalidating the digital signature. Otherwise, they'd do a pretty poor job of confirming where the file comes from.

Anyway, if you don't trust a company to protect their signing certificates, then why would you trust them to protect their website from hackers getting in and changing the hash values they display for their software? Both systems require some degree of trust, and pretty much any "What if...?" that you come up with for digital signatures applies just as much if not more to hash values.

 

I never talked about someone compromising XYZ software, and by consequence the digital signature.

I already mentioned it here, so look for it. I gave SpywareBlaster as an example. Softpedia is hosting a SpywareBlaster file that has no digital signature and obviously the hashes do not match.

Now, I know that SpywareBlaster has a digital signature. If Softpedia was hosting a SpywareBlaster file with a digital signature, would that mean it's safe? No. It could damn well be a file with a stolen digital signature from the real SpywareBlaster file couldn't it?

So, we got a file confirming it's from Javacool Software... But, not really... Hashes wouldn't match.

In this case, the Softpedia's file isn't digitally signed, but it could damn well be, and would I just take the digital signature as a proof that it's, in fact, the real file? No. Why? Because that file could be using a stolen digital signature from Javacool Software. That's why.

Now, imagine that Javacool Software didn't provide users the hashes on their website?

Would I simply trust on the digital signature?

Ok.... now we're deviating a lot. Now we're talking about MBAM ower servers being compromised... That's a whole different matter, IMHO. In this case, only the MBAM servers "were" hacked, and not third-party services. Unless, some crazy event would happen and all third-party services in the world that host software were to be compromised as well.

But, think about this, and I'll play the What if:

What if the file at Softonic's website/Other hosting service is not the real file (at some point, let's say), and simply a file with a stolen digital signature taken from MBAM installer?

It has MBAM name... it happens to have the same size... It happens to have Malwarebytes digital signature...

Now, what if it would happen the same that happened with Softpedia and SpywareBlaster? What if, in this case, the file at Softonics/Other hosting service happens to have Malwarebytes digital signature?

Should I simply and blindly trust that Digital Signature? No bloody way.

Also, I want to believe we all have under consideration What ifs scenarios. Otherwise, why the bloody heck are we on a security forum?

The same way we use the security measures we use, due to What ifs, no? It's not a certain thing my system will be infected, but there's a probablity that it will happen. So, what if if I have no security in place? Including verifying hashes...

 

excuse me but... how do I check hashes in windows 7? PM me

 

I have MBAM latest version. Can anybody tell me why under "Settings" the first check box refers only to IE ?

If it is so vital to terminate browser IE during threat removal, then why is it not equally vital to terminate other popular browsers during threat removal ?

John

 

There were some specific infections a few years back that were a lot easier to remove if you closed IE, we just never removed the function.

I guess we could expand this to all browsers but it is not a high priority as DDA and DOR more or less negated the 'in memory' effect.

 

What an explicit reply and thanks very much. I am sure other people wondered why just IE is stated.

Actually, not wishing to wander, other programs just mention IE e.g SpywareBlaster. Looks like a left-over from the good old days when IE was the only browser of significance. Not so now though.

John

 

Hello m00nbl00d:

mbam-setup-1.51.1.1800.exe hashes

HTH

 

Such a nice gesture. I sincerely hope that this nice gesture of yours turns out to be useful to everybody else, older and new MBAM users.

Again, a very nice gesture.

 

Hello m00nbl00d:

Thank you for your suggestion. I'm sure others have wanted the hashes too.

I, and hopefully my successor, will try to post a similar hash table with each new release announcement.

If anyone has a suggestion for improving the information in that post please let us know.

HTH

 

Problem solved The setup probably wasn't digitally signed at the time it was uploaded.

 

Doing a full scan with MBAM,and the scanning is stuck for more than 10 minutes at this file,and the GUI is freezing from time to time and not responding.Anyone experience this issue?

 

Hello JoeBlack40:

Please copy/paste your post here, into a new topic here on the Malwarebytes' forums.

Perhaps you could add a few relevant details about your OS & computer there too.

HTH

 

Hello 1PW.Done