Is MBAM safe?

My query stems from the following:

1. No downloading of free version from the site, download is from CNET. There's a thread on why many Avast AV users do not want to download from CNET. Won't the same apply here?

2. The digital signature iis countersigned with Comodo Time Stamper (COMOD has led to lot of debates on Wilders).

3. When I try to update data in banking mode from domains *.mbamupdates.com or data-cdn.mbamupdates.com, OA Premium reports suspected DNS poisoning.

I am looking for specific replies to the above issues. Thanks.

 

Yes. Yes it is.

 

This is where I download from:

http://www.malwarebytes.org/products

 

from your description of the current situation......I say you find a smooth linen cloth.......fold it.......slowly and quietly put it in front of your frightened soul..be careful not to make a sudden move or there could be trouble waiting for you.....then with a lightning change of position.....blindfold yourself........finally go ahead and use mbam.......

 

And it takes me to
http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware?1

Not CNET anymore as I see.

 

Ha ha..you can't blindfold a blind man (w.r.t security). But ya, no offence meant, but even with my eyes shut, I would love to see some replies, particularly to point 3 about updates and why it says DNS poisoning, from someone in the know of this.

 

Mine goes straight to Malwarebytes site directly, no bleeping others.

 

it's probably a fp........to be sure you can scan the mbam installer that you downloaded with your av and hitman pro and upload it to virustotal.......

 

MBAM installer from CNET have no crapware
just download update and use .. u are safe

 

Direct link for present version:
-http://data-cdn.mbamupdates.com/v0/program/data/mbam-setup-1.60.1.1000.exe-

 

Another good download site is: http://filehippo.com/

 

AVboy- I'm probably overreacting, but I'm concerned about the DNS poisoning message that you are getting when trying to connect to a security site. You may or may not have heard about the current DNSChanger Trojans. This type of malware has both been released on its own as well as being coded into other forms of malware recently. What it does- in some forms it will alter the your computer’s Internet settings to hijack search results and to block you from visiting security sites.

The biggie in this field affects over 4 million machines and was detected in November. When the botnet servers were shut down they were replaced with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. If you have this version you may not be able to get online at all after this date.

For your (my) piece of mind I suggest checking things out by going to either of 2 places:

1). Manual checking- http://dcwg.org/checkup.html

2). Avira check tool: http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199


Your issue is no doubt some FP, but one never knows...

 

This is just not for me I guess.

First MBAM redirects to bleepingcomputer or download.com for free and pro version. I finally used the direct link provided above.

Now while updating it takes more than 15 mins on a broadband. It stops in between and starts again at least 3 times. The IP of updating is 68.232.45.119 and on lookup I cant find any details about the same. Can anyone confirm if this is indeed the IP of MBAM?

Thanks for the links Cruelsister. I am very happy that you did "overreact". i'd better be safe than connect to some scamster and hand over everything on a platter. I am going to check now.

 

Both free and paid versions are downloaded through http://www.malwarebytes.org/mbam-download.php which will randomly choose a download site for you from MBAM's link database. There was a post somewhere on Wilders regarding this issue where someone from MBAM explained it. They refer to it as a download rotator I believe. Just paste link I gave you to different browser tabs, to see what I mean. Alternatively go to http://www.malwarebytes.org/products choose product and hit Download.

From what I know Comodo is still a valid Certificate authority, so there is nothing strange here. To be honest I know little about digitally signing programs, but I assume in it's principal it's not that different then certificating a website: Only valid CAs can do it.

I suspect that Comodo just provided best offer and was choose because of it. But those are pure speculations.

NOTE: I'm not a big fan of COMODO and would rather choose different signer myself, but I see nothing malicious about some company choosing this CA.

From what I remember, OA DNS checking works by comparing their results of a DNS query with one you got. If they are different it could mean that something is bad.

Problem is, that some websites use different servers for same address to speed things up: users from USA -for example- get content from USA servers instead of those in Poland, and vice-versa. I remember I had similar problems with steam site (store.steampowered.com) some servers delivering content (pictures, videos) was different for my location and location of OA.

That doesn't mean it's 100% safe, but it could be the cause.

HTH

 

Odd- When I update MB I am connected to their servers in Amsterdam (also registrant unknown). 68.232.45.119 is an EdgeCast Networks ServerFarm from Engelwood, California. But as Malwarebytes is based in San Jose they may use the servers there also.

 

I have used the links provided by Cruelsister, no DNS changer on my PC. In case ISP's was compromised, I used Norton DNS, same slow/failed updates.

I'd be glad if someone else from the US can check the IP of MBAM's update server.

BTW I am referring to the free edition, not Pro.

 

I would say, just go ahead and try it, you will not regret it.

 

AVboy- Just received a response from Malwarebytes- they are using the California servers that you were connecting to for updates, so everything is fine.

 

In my experience MBAM isn't immune to false-positives, I'd check their forum.

 

Thanks a lot everyone for replying, particularly Cruelsister for contacting MBAM, which I should have done. I have started using MBAM. Updates are fine early morning, erratic by afternoon, almost impossible by evening. So I guess its the load on their servers.