Security Flaw Fixed in Malwarebytes Antivirus

Minimalist · Dec 12, 2015

amarildojr said: ↑

Is 1.75 still suported? If so, I think they patched it too.
Click to expand...

Yes it is getting signature updates but no product updates. If patch was delivered through signature updates it might be fixed.

Tarnak · Dec 12, 2015

Obviously, the bigwigs of Malwarebytes seem not to be aware aware of this thread here, in Wilders...absent by choice? Strange, that.

Dragon1952 · Dec 12, 2015

I can't seem to find the mbam thread here anymore.

Minimalist · Dec 13, 2015

Dragon1952 said: ↑

I can't seem to find the mbam thread here anymore.
Click to expand...

Here it is: https://www.wilderssecurity.com/threads/malwarebytes-anti-malware.374540/

jwcca · Dec 13, 2015

If mbam.exe or one of it's dlls has code that examines the 'database update' stream and uses some of that data to 'patch' the executable(s) then the statement that MalwareBytes 'patched' the program is true.

Because I'm an 'old guy', I was only aware of the 'old way' of downloading a small executable that contained the changes plus the code to apply the changes or patches to the main executables, although those also updated the version number of the program to show that the patch had been applied, which is why I was concerned when that number hadn't been changed.

Wikipedia has a reasonable description of 'patches', I copied some of that as follows:

Patches for proprietary software are typically distributed as executable files instead of source code. This type of patch modifies the program executable—the program the user actually runs—either by modifying the binary file to include the fixes or by completely replacing it.

Because the word "patch" carries the connotation of a small fix, large fixes may use different nomenclature. Bulky patches or patches that significantly change a program may circulate as "service packs" or as "software updates". Microsoft Windows NT and its successors (including Windows 2000, Windows XP, Windows Vista and Windows 7) use the "service pack" terminology.[3]

Historically, (that's us 'old guys'-j) software suppliers distributed patches on paper tape or on punched cards, expecting the recipient to cut out the indicated part of the original tape (or deck), and patch in (hence the name) the replacement segment. Later patch distributions used magnetic tape. Then, after the invention of removable disk drives, patches came from the software developer via a disk or, later, CD-ROM via mail. With the widely available Internet access, downloading patches from the developer's web site or through automated software updates became often available to the end-users.

Computer programs can often coordinate patches to update a target program. Automation simplifies the end-user’s task – they need only to execute an update program, whereupon that program makes sure that updating the target takes place completely and correctly. Service packs for Microsoft Windows NT and its successors and for many commercial software products adopt such automated strategies.
***********************************
Some programs can update themselves via the Internet with very little or no intervention on the part of users. <<<<<< MBAM?
***********************************

The maintenance of server software and of operating systems often takes place in this manner. In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency. The application of security patches commonly occurs in this manner.

The size of patches may vary from a few kilobytes to hundreds of megabytes; thus, more significant changes imply a larger size, though this also depends on whether the patch includes entire files or only the changed portion(s) of files.

*****************************************
Hot patching, also known as live patching or dynamic software updating,
*****************************************
is the application of patches without shutting down and restarting the system or the program concerned. This addresses problems related to unavailability of service provided by the system or the program.[10] A patch that can be applied in this way is called a hot patch.

A hotfix or Quick Fix Engineering update (QFE update) is a single, cumulative package that includes information (often in the form of one or more files) that is used to address a problem in a software product
**********************
(i.e., a software bug).

[1] Typically, hotfixes are made to address a specific customer situation.
The term "hotfix" originally referred to software patches that were applied to "hot" systems; that is, systems which are live, currently running, and in production status rather than development status. For the developer, a hotfix implies that the change may have been made quickly and outside normal development and testing processes. This could increase the cost of the fix by requiring rapid development, overtime or other urgent measures. For the user, the hotfix could be considered riskier or less likely to resolve the problem. This could cause an immediate loss of services, so depending on the severity of the bug, it may be desirable to delay a hotfix. The risk of applying the hotfix must be weighed against the risk of not applying it, because the problem to be fixed might be so critical that it could be considered more important than a potential loss of service (e.g., a major security breach).
Click to expand...

Dragon1952 · Dec 13, 2015

Minimalist said: ↑

Here it is: https://www.wilderssecurity.com/threads/malwarebytes-anti-malware.374540/
Click to expand...

Another mbam thread here .. https://www.wilderssecurity.com/threads/malwarebytes-anti-malware-2-released.361805/page-33

haakon · Dec 13, 2015

jwcca said: ↑

So all this consternation was for naught. We're safer with 2.2.0.1024
Click to expand...

2.2.0.1024 was released about mid-October.

Consternation about a vulnerability with an "immediate fix" and details are nada? Um, yes. Well, for paying customers mostly. Free users can demand an apology.

haakon · Feb 2, 2016

MBAM Premium Vulnerability Disclosure
"In early November, a well-known and respected security researcher by the name of Tavis Ormandy alerted us to several security vulnerabilities in the consumer version of Malwarebytes Anti-Malware."
• https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
"Consumers using the Premium version of Malwarebytes Anti-Malware should enable self-protection under settings to mitigate all of the reported vulnerabilities."

It would be nice if they'd post up a method to determine if one's system has been compromised by any of the "all of the reported vulnerabilities."

Rasheed187 · Feb 2, 2016

Here is the link:

https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/

anon · Feb 2, 2016

haakon said: ↑

https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
"Consumers using the Premium version of Malwarebytes Anti-Malware should enable self-protection under settings to mitigate all of the reported vulnerabilities."
Click to expand...

Enable self-protection module: This setting controls whether Malwarebytes Anti-Malware creates a safe zone to prevent malicious manipulation of the program and its components. Checking this box introduces a one-time delay as the self-protection module is enabled. While not a negative, the delay may be considered undesirable by some users. When unchecked, the "early start" option which follows is disabled.
Enable self-protection early start: When the self-protection module is enabled, you may choose to enable or disable this option. When enabled, the self-protection module will become enabled earlier in the computer's boot process — essentially changing the order of services and drivers associated with your computer's startup.
https://www.malwarebytes.org/support/guides/mbam/

haakon · Feb 2, 2016

Rasheed187 said: ↑

Here is the link:
Click to expand...

Thanks for posting up a clickable link of the same italics emphasized URL I posted up. I often forget about the copy/paste challenged members in our midst.

haakon · Feb 2, 2016

More in the news...
http://www.networkworld.com/article/3029071/malwarebytes-still-fixing-flaws-in-antivirus-software.html
http://www.theregister.co.uk/2016/02/02/malwarebytes_0day/

Minimalist · Feb 3, 2016

Malwarebytes Starts Bug Bounty Program Following Recent Security Bugs

Besides patching their product, the Malwarebytes team has also decided that it's time for the company to accept outside help in managing their product's security.

For this, the firm's CEO, Marcin Kleczynski, has announced the founding of an official bug bounty program, which will help Malwarebytes keep their product bug-free, but will also reward third-party researchers that spend their time looking for security bugs.
Click to expand...

http://news.softpedia.com/news/malw...m-following-recent-security-bugs-499813.shtml

Log in or Sign up

Security Flaw Fixed in Malwarebytes Antivirus

Minimalist Registered Member

Tarnak Registered Member

Dragon1952 Registered Member

Minimalist Registered Member

jwcca Registered Member

Dragon1952 Registered Member

haakon Guest

haakon Guest

Rasheed187 Registered Member

anon Registered Member

haakon Guest

haakon Guest

Minimalist Registered Member

Log in or Sign up

Security Flaw Fixed in Malwarebytes Antivirus

Minimalist Registered Member

Tarnak Registered Member

Dragon1952 Registered Member

Minimalist Registered Member

jwcca Registered Member

Dragon1952 Registered Member

haakon Guest

haakon Guest

Rasheed187 Registered Member

anon Registered Member

haakon Guest

haakon Guest

Minimalist Registered Member

Useful Searches