Malwarebytes

Can you point me to an independent review of the result obtained by any independent person/body who/which has examined a brand spanking new computer - upon which *Malwarebytes* has been loaded and then removed from the computer.

I'm referring to the computer being *forensically examined* to determine if any 'gremlin' has or has not been left behind.

Does *anyone* reading here know if this has *ever* been undertaken?

--

 

Are you trying to see what MBAM leaves behind after being uninstalled? I can't help you with your request, but I'm just trying to understand your question better.

 

Who loaded and removed MBAM in the first place?

 

If you run MBAM's cleaning tool, mbam-clean after uninstalling, all traces are removed aside from a few empty directories.

My pet peeve with MBAM is how their Pro version constantly scans your PC after boot for bootleg software.

 

Hmmmmmm...... do tell more.

I've never heard this before.

Link?


-ftp



.

 

Are we talking leftovers from MBAM after an install/uninstall, or is the OP talking about malware in quarantine and whether or not MBAM eradicates it when uninstalled?

 

Do you mean that we kill pirated keys because yes, we do that.

Other than that you are going to have to be a bit more specific.

 

I am going to make the assumption that you implying that something will be actively in memory after MBAM is uninstalled. The answer to that is no.

 

MBAM kills pirated MBAM keys or kills pirated keys of other programs? If of other programs, how does MBAM have info about what is pirated and what is not? I'm assuming there is some pecuniary benefit from this with info exchanged between MBAM and whatever company of the pirated keys in question.

 

Yes - right on the nail!

Has *any* research ever been done to check whether or not any malware has actually been installed by loading Malwarebytes?

I'm simply asking a question!

I'm not implying that the software does have an ulterior motive - but has anyone ever checked?

--

 

I am implying nothing - nothing at all!

Can you point me to an independent review of the result obtained by any independent person/body who/which has examined a brand spanking new computer - upon which *Malwarebytes* has been loaded and then removed from the computer?

Something which will, independently, corroborate that which you have said.

--

 

Wow, that's even different from what I thought you were asking. "Does MBAM silently install malware, or leave any traces behind after uninstalling, that could somehow act in a malicious way?"

I have installed/uninstalled MBAM on my test rig many times, and scanned after with several other malware scanners like HMP, Emsisoft Emergency Kit, Trend HouseCall, SAS, Panda Cloud Cleaner, ect... and none of them ever found anything suspicious.....Ever. This is a real machine that I do not test actual malware on, but rather how the AVs/scanners act.

So while I'm far from qualified to do a *forensic* analysis of my machine, I am 99.99999999999% sure that MBAM is clean when installed, and when uninstalled.

 

Keys for MBAM, not even sure how we would know if other apps had pirated keys.

 

This is like me asking if anyone has direct evidence that you have never been in jail for assaulting a minor and then pretending that nothing was insinuated.

Sure you did not directly say anything, but no one is going to read your question and not wonder why you are asking. This, you are well aware of and so is everyone else.


Let me ask a question in return. If there was even the slightest chance of this wouldn't it be a lot more likely that we would charge 70$ a year, charge for removal and install a toolbar? All of these things are totally legit (according to the community as a whole) and would make us a lot of $ yet none of them happen.

 

OK, well that makes perfect sense. Thanks.

 

Your asking such a strange Question Dave. If it's on there and you don't want it just uninstall, but why may I ask? I even have a couple of paid copies that I use for On-Demand to support this great product.

TH

 

That is really good to hear, DBone,

Thank you!

Are you aware of anyone else who may have checked and come to the same conclusion?

--

 

Surely a wilders troll has a tad more finesse...
For professional trolling you need to add f.i. legit info, logical argumentation and reasonable assumptions besides the full frontal go-nuts approach.
Check this troll guide from member Mrkvonic; link, practice and then come back.

 

I knew this username sounded familiar:

lame accusation <- about half way down.

As shocking as it may be Dave, we are actually the good guys. BTW, do you even know the researchers that work for our company? Making accusations like this insults people like S!Ri, Atribune, Swandog46, Merijn, sUBs and Miekiemoes. Do some research on these usernames before you want to start making ridiculous claims. FYI all of these people were in the good fight LONG before there even was an MBAM.

 

I am referring to the constant scan of my HDD by mbamservice.exe after every first boot of the day. It has done this ever since I installed MBAM Pro two years ago. So this is something that has propagated over multiple versions of MBAM.

This has nothing to do with scheduled scans or the like. I have also asked this on question on the MBAM forum and never did receive a direct answer but an half admission that some type of software integrity scan is performed.

I do find this activity irritating since it takes up CPU cycles and on lower powered PCs I have installed MBAM Pro on, tends to lock up those PCs until the scan completes.

 

I'd had once been monitoring comments on the Kaspersky forums (I was using KAV 7.0 at the time). One particular poster, whose 'hobby' was computer forensics, was concerned about the Malwarebytes product.

He said this ....

*

Be careful, however, with what you let this program remove/quarantine!

It has the following detection methods:

1. registry keys (very often empty ones that were not deleted by your resident protection

2. MD5 checksums of a not so big malware-base

2. Files by name - yes, you heard that correctly; MalwareBytes also detects files by name. For example when I was playing with it, I planted a dummy txt file into System32 with the name amvo0.dll
It was immediately detected as

CODE
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.

This, of course, is unacceptable for a program that wants to belong in a certain class!

KIS/KAV and other security programs of that caliber, able to distinguish between false and genuine threats, will most likely leave this file intact because it presents no real threat. However, in your opinion, MalwareBytes may look cooler and better because it found the dummy file and 'protected' you from a really nasty threat; an empty text file...

At the same time, detection by name alone may ruin your system as well!

Paul

This post has been edited by p2u: 14.09.2008 12:09

*

That was post No8 here: http://forum.kaspersky.com/index.php?showtopic=84469&hl=Malwarebytes BoaterDave


This is another comment p2u made, to me, in the thread:

"The topic starts off really nicely, but from post #9 on it becomes clear (after having analyzed what MWB really does in the hidden test section of that forum with the help of a special software analyzer/debugger) that the 'protection' the program offers has its drawbacks and misleading elements. I repeat: calling an empty .txt file or a registry key an 'infection' (by name alone) is unacceptable and unprofessional, and misleads the user into thinking that the program is better than many paid-for versions, which don't pay attention to files without payload. I cannot take that remark back, so sorry.

P.S.: Virusinfo.info is an official ASAP member."

*

Please take a look here - a translation from a Russian site:-

http://translate.google.co.uk/trans...fo.info/showthread.php%3Ft%3D20736&hl=en&sa=G

or http://goo.gl/0dIle

It's all about downloading the Malwarebytes software.

--
HTH

 

I doubt that *anyone* has *ever* *forensically examined* any brand spanking new computer after installation and removal of *Malwarebytes* (or *any other security app*, for that matter). There just isn't any call for it.

Has anyone ever checked if MBAM installs malware?
I'd say that millions of people have checked.
When you consider for even one brief moment the number of people here at Wilders who run layered security apps, who check and double check and sometimes even triple check installers and downloads and running processes, it is beyond comprehension that MBAM could be installing malware and no one knows about it.

Literally millions of people have this program installed, and if their machines were being infected by it, do you think that that fact would at this moment be widespread knowledge? I think it would be.

The more I ponder your question, the more preposterous it sounds.

 

And yet we have no problems dealing with randomly named polymorphic malware, its almost as if MBAM is far more sophisticated than that.

 

Oops! I seem to have touched a nerve!

I never made a claim - what I said there was .....

What a super ruse it would be - to clear a machine of everyone else's 'nasties' but then, perhaps, leave their own package installed on the user's machine. No one would ever suspect, would they?

Cybercrime has risen exponentially since Malwarebytes was first founded in 2004. See: http://www.malwarebytes.org/about.php

It's probably just a coincidence, eh?!! ;-)

--
The Internet needs 'good guys'!

 

Correct, I care deeply about my company and my crew.

If nearly 5 years is not enough to put this to rest for you I hardly think my words are going to matter. I think I will let wilders handle this thread going forward.