Malwarebytes Anti-Ransomware Beta

Seriously, I don't understand why this wasn't tested by Malwarebytes before releasing this tool, even if it's still a beta. These are quite big bugs.

 

The very objective of a beta is to test and fine-tune the technique. Yes it was tested internally quite a bit against ransomware, but out in the real world there are millions of possible configuration combinations and it is best to test for this out in the open. What we did underestimate is the number of people that ended up installing this in their production machines instead of test/VM machines.

 

Yes I understand, but I've read about the issues on the MBARW forum, and they aren't caused by conflicts is my impression. So this stuff looks clumsy to me, it looks like a serious flaw in the protection method itself. Don't get me wrong, I'm excited about this new product, and will most likely be using it, but there is no excuse for these kind of false positives, even for a beta product.

 

I am going to be patient and trust pbust on this one. Pretty impressive starting his own program as a teenager and doing the world such a great favor and not out of selfishness. And he just got like 50 mill from a company for venture capital, I can't remember who.
AS far as not installing in a VM: I run Quietzone and it interferes with other security install so I disabled it to get it to work. I also run Marcum Reflect to restore my partitions on bad days

 

Hello boredog:

A very strong possibility exists that you are confusing @pbust (Pedro Bustamante, VP of Technology) with @RubbeR DuckY (Marcin Kleczynski, CEO, Malwarebytes Corporation).

BTW - @DecrypterFixer (Nathan Scott, Technical Product Manager - Anti-Ransomware) the author of CryptoMonitor, is the Malwarebytes Corporate developer of Malwarebytes Anti-Ransomware (MBARW).

The $50M investment you may be referring to might be coming from Fidelity Management and Research Company. -Malwarebytes Raises $50 Million Investment from Fidelity

HTH

 

I agree somewhat, the product was rushed out to the public to soon the FP were crazy even for Beta, of course people are going to DL it on there production machines it was foolish for them to think otherwise coming from a well known safe company.

I'm sure they'll get it sorted out and purring..

 

Beta3 has just been published with the FP control mechanism:
https://forums.malwarebytes.org/index.php?/topic/177751-introducing-malwarebytes-anti-ransomware/

You can choose to download and install over the top or wait for the auto-upgrade to apply.

Thanks for your patience!

 

Did clean install of Beta3 on Windows 7 Professional SP1 x64. Open and closed all programs on my computer with no problems. FP with TrendMicro Rootkit Buster is no more. I noted initially I could not stop protection after closing MBAWR splash screen. After a reboot it worked fine (I did not reboot after initial install). CPU use is 0. Ram usage is 19K for mbarw.exe and varied with MBAMService.exe from around 22K to 176K (seems to normally run at around 22-28K). Tray icon should change to white (or something else) if stopping protection (like MBAE). Using Emsisoft Internet Security, AppGuard and MBAE Premium with MBARW. Noted I am getting a lot of blocking events with AppGuard with MBARW installed (example - 02/01/16 23:06:33 Prevented <Plugin Container for Firefox> from writing to memory of <pid: 4>.). Not sure if this affects anything.

 

@malwarebytes

for your installer you better use inno code instead SC or NET
http://vincenzo.net/isxkb/index.php?title=Service_-_Functions_to_Start,_Stop,_Install,_Remove_a_Service

SC and NET dont work in sandboxie. at least swissarmy can not be loaded anyway.


there is also some inconsistent handling for files
,2 is for x64, then again for x86,
,1 for x86 and then for x64
it switches.

 

Yes, that's what I meant. This should be a lesson for all other companies. Don't just rely on beta testers, but test your product not only against true malware, but also see how it interacts with other software. This all should be easy with the help of virtual machines.

Perhaps an idea to add the version number to the file.

 

Windows 10 Pro
MBAE Free 1.08.1.1189
MBARW Beta 0.9.9.314

FYI: After updating MBAE and MBARW, I ran the update for Bitdefender Internet Security 2016 (v20.0.24 to .25) which involved about 80MB of a few dozen executables and libraries, the Active Threat Control driver and a reboot. No problems.

Sysinternals Process Explorer is no longer an FP.

Still poking around but lookin' good so far.

 

Same here my BD update went smooth no issues

 

(Marcin Kleczynski, CEO, Malwarebytes Corporation).
Yes that is who I meant. I just wish I still had two instead of one gray matter brain cell left

 

No software company ought to be blamed for user-side stupidity.
Just because it's from a reputable outfit like MB doesn't mean beta isn't spelled b.e.t.a.
Running a 1.0 or 2.0 beta on a production machine 'willy nilly'-style, is no excuse for bitching&moaning due to self-induced cognitive dissonance.
Beta belongs in a VM or test machine. Not on a kazillion enthusiast systems where nonsensical WTF's are to be expected.

 

Grab another cup of coffee lol

 

Agreed; the company made the usual disclaimer about not using the software in a production environment.

 

Already ahead of you.
Perhaps MB should have named it alpha 2.0/3.0
Not that it would have made much of a difference, imao.
If users flock towards late alpha/early beta software, drama is to be expected.
Rather than bug/fp reporting according to procedure, you end up with a litany of forum posts all over the place.
Nothing personal though, daman1.
It seems a bit typical for Wilders security software enthusiasts. I was there once too.
But production machine + late alpha/early beta is a no-go.
At least when a user has the assumption that he does not have to assume that something might terribly go wrong. That's all.

 

We still not have any official answer why AE und AR are not merged into one product.

 

In message #77 ZeroVulnLabs said:

"Integration is the path. Concrete plans and dates not yet available though."

 

Baserk is 100%.

Realistically, speaking as one who runs betas on a test system, a multitude of unfortunate individuals who engaged in an unsound exercise provided exactly the reports needed for this program. As a result: a vastly improved Beta3.

As for daman1's "well known safe company," certainly not alone in the industry, Malwarebytes is no better or worse in its record. Two cases that come to mind are the database update that borked system files across the globe and now the Project Zero revelations which exposed paying customers to risk - for years. (For the record, I've been a paying customer, long time MBAM and recently MBAE.)

As for MBARW, I'm looking forward to its development but with focus on its playing well with Bitdefender AV and IS (and whatever you're running, of course). I've followed one member's inquiry over on their forum regarding Cryptomonitor Pro's well documented Count Protection, if used in MBARW, and BD's Active Virus/Threat Control. I'm not happy with the side stepping non-response to a legitimate technical inquiry by a user who understands the tech.

[/soapbox]

 

Sounds more like a 'maybe'. The last changelog's or blogs not telling anything about the 'plans'. The next question is if they then drop the other two products or not. So you see some question are unanswered, and people like me want to know what's going on because the beta-tests are then all useless because with AE this might work different.

 

Perhaps the reason we don't have more information is they haven't decided yet how the products are going to be integrated? Maybe we should be patient and give them some time?

 

So time, ha? And then we got something like this? Externals like Googles Project Zero showing us the truth, why not the AV developers? ... look at there own blogs nothing mentioned and now they saying it takes some time, which is all okay except the part that they not telling us that there is/was something wrong, is it so hard? For a product I pay for I want information what goes on and get possible workarounds (if possible) this is how it should work and this has nothing todo with complaining about xyz Av development it's an general problem because they are not transparent enough, no source, mostly no issue tracker (just only forums) and in 90% no roadmap. We definitely need audits and more transparency and especially for users/beginners more information how to harden the OS if not then nothing ever changes and people still believe in myths that installing external tools 'secure'/'harden' things or are 'totally protection' - this cake is a lie.

 

1. Opensourcing your code as commercial company doesn't make sense.
2. For that vulnerability you need to perform an MITM.
3. Feel free to audit any of their applications, they now have a bug bounty program.

 

Can you point me to what you are referring to? I wan to make sure nothing feel through the cracks and everything gets answered.

All these technologies and products are big projects with a lot of moving parts and dependencies. There's no point in providing roadmap information for things we know are not 100% and will likely change. The impact of saying something today and then changing it every week thereafter is worse. You would then be complaining about how we said one thing and changed some detail the week after.