Is MBAM safe?

Discussion in 'other anti-malware software' started by avboy, Feb 21, 2012.

Thread Status:
Not open for further replies.
  1. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    My query stems from the following:

    1. No downloading of free version from the site, download is from CNET. There's a thread on why many Avast AV users do not want to download from CNET. Won't the same apply here?

    2. The digital signature iis countersigned with Comodo Time Stamper (COMOD has led to lot of debates on Wilders).

    3. When I try to update data in banking mode from domains *.mbamupdates.com or data-cdn.mbamupdates.com, OA Premium reports suspected DNS poisoning.

    I am looking for specific replies to the above issues. Thanks.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Yes. Yes it is.
     
  3. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    from your description of the current situation......I say you find a smooth linen cloth.......fold it.......slowly and quietly put it in front of your frightened soul..be careful not to make a sudden move or there could be trouble waiting for you.....then with a lightning change of position.....blindfold yourself........finally go ahead and use mbam.......
     
  5. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
  6. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211

    Ha ha..you can't blindfold a blind man (w.r.t security). But ya, no offence meant, but even with my eyes shut, I would love to see some replies, particularly to point 3 about updates and why it says DNS poisoning, from someone in the know of this.
     
  7. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    it's probably a fp........to be sure you can scan the mbam installer that you downloaded with your av and hitman pro and upload it to virustotal.......
     
    Last edited: Feb 21, 2012
  9. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    MBAM installer from CNET have no crapware;)
    just download update and use .. u are safe:thumb:
     
  10. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Direct link for present version:
    -http://data-cdn.mbamupdates.com/v0/program/data/mbam-setup-1.60.1.1000.exe-
     
  11. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
  12. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    AVboy- I'm probably overreacting, but I'm concerned about the DNS poisoning message that you are getting when trying to connect to a security site. You may or may not have heard about the current DNSChanger Trojans. This type of malware has both been released on its own as well as being coded into other forms of malware recently. What it does- in some forms it will alter the your computer’s Internet settings to hijack search results and to block you from visiting security sites.

    The biggie in this field affects over 4 million machines and was detected in November. When the botnet servers were shut down they were replaced with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. If you have this version you may not be able to get online at all after this date.

    For your (my) piece of mind I suggest checking things out by going to either of 2 places:

    1). Manual checking- http://dcwg.org/checkup.html

    2). Avira check tool: http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199


    Your issue is no doubt some FP, but one never knows...
     
  13. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    This is just not for me I guess.

    First MBAM redirects to bleepingcomputer or download.com for free and pro version. I finally used the direct link provided above.

    Now while updating it takes more than 15 mins on a broadband. It stops in between and starts again at least 3 times. The IP of updating is 68.232.45.119 and on lookup I cant find any details about the same. Can anyone confirm if this is indeed the IP of MBAM?

    Thanks for the links Cruelsister. I am very happy that you did "overreact". i'd better be safe than connect to some scamster and hand over everything on a platter. I am going to check now.
     
  14. Barthez

    Barthez Registered Member

    Joined:
    Apr 28, 2010
    Posts:
    113
    Location:
    Poland
    Both free and paid versions are downloaded through http://www.malwarebytes.org/mbam-download.php which will randomly choose a download site for you from MBAM's link database. There was a post somewhere on Wilders regarding this issue where someone from MBAM explained it. They refer to it as a download rotator I believe. Just paste link I gave you to different browser tabs, to see what I mean. Alternatively go to http://www.malwarebytes.org/products choose product and hit Download.

    From what I know Comodo is still a valid Certificate authority, so there is nothing strange here. To be honest I know little about digitally signing programs, but I assume in it's principal it's not that different then certificating a website: Only valid CAs can do it.

    I suspect that Comodo just provided best offer and was choose because of it. But those are pure speculations.

    NOTE: I'm not a big fan of COMODO and would rather choose different signer myself, but I see nothing malicious about some company choosing this CA.

    From what I remember, OA DNS checking works by comparing their results of a DNS query with one you got. If they are different it could mean that something is bad.

    Problem is, that some websites use different servers for same address to speed things up: users from USA -for example- get content from USA servers instead of those in Poland, and vice-versa. I remember I had similar problems with steam site (store.steampowered.com) some servers delivering content (pictures, videos) was different for my location and location of OA.

    That doesn't mean it's 100% safe, but it could be the cause.

    HTH
     
    Last edited: Feb 21, 2012
  15. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Odd- When I update MB I am connected to their servers in Amsterdam (also registrant unknown). 68.232.45.119 is an EdgeCast Networks ServerFarm from Engelwood, California. But as Malwarebytes is based in San Jose they may use the servers there also.
     
    Last edited: Feb 21, 2012
  16. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    I have used the links provided by Cruelsister, no DNS changer on my PC. In case ISP's was compromised, I used Norton DNS, same slow/failed updates.

    I'd be glad if someone else from the US can check the IP of MBAM's update server.

    BTW I am referring to the free edition, not Pro.
     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    I would say, just go ahead and try it, you will not regret it. ;)
     
    Last edited: Feb 22, 2012
  18. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    AVboy- Just received a response from Malwarebytes- they are using the California servers that you were connecting to for updates, so everything is fine.
     
  19. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    In my experience MBAM isn't immune to false-positives, I'd check their forum.
     
  20. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    Thanks a lot everyone for replying, particularly Cruelsister for contacting MBAM, which I should have done. I have started using MBAM. Updates are fine early morning, erratic by afternoon, almost impossible by evening. So I guess its the load on their servers.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.