Malwarebytes' Anti-Malware v1.50 Released

Maybe they want it to be more secure?

Port 443

Name:
https
Purpose:
http protocol over TLS/SSL
Description:
This port is used for secure web browser communication. Data transferred across such connections are highly resistant to eavesdropping and interception. Moreover, the identity of the remotely connected server can be verified with significant confidence. Web servers offering to accept and establish secure connections listen on this port for connections from web browsers desiring strong communication security.

 

Question: Is there any plans of MBAM incorporating a "cloud" system?

I'm pretty sure some here would argue that there's no need for it to do so and that MBAM is awesome as it is currently but introducing an option for users to opt for either the traditional signature downloads (as it is right now) or use a 'cloud database' system may bring in further benefits for both MBAM and it's users in the long run. At the very least, it'll keep up with its competition...the likes of Hitman Pro, etc

MBAM Pro is pretty much known for being a "side-kick" as in complementary real-time protection to be used in conjunction with a primary AV, although some do use it as their only anti-malware program. Not everyone needs MBAM signatures to be downloaded on their PC if their main protection comes from their AV of choice. Furthermore, some users are only interested in using MBAM (free) on-demand as a second-opinion scanner. In that sense, having the "cloud" system does provide ease of use (doesn't require the user to manually update time-to-time) and probably less hard disc usage in the long-term period.

Of course, I'm not suggesting MBAM to do away with the current signature downloads - that's still a very useful feature. I'm suggesting this as an an additional optional feature. I hope MBAM can take this into consideration as something to add in to what they're offering currently. They already have a good reputation in the market so far...this ought to be the time they make use of it to their benefit. No offense to anyone...please take the suggestion lightly.

 

I have always had that unchecked so that can't be it.

 

Would have been nice if it was, huh?
But since it is such a simple resolution, why not give this a go...
on the MBAM forum, I recently read where exile360 advised a user to "try unchecking and then re-checking" a setting. In this particular instance, the user reported back that it had worked. In your case, it would be the opposite... check and then uncheck.
If it turns out to be the culprit, you got off cheap.

 

Well, the scan has improved at last. Previously for a mere 160gb hdd it took 2.8hours_3 hours to finish! On a 320gb hdd 3.5_almost4hours! On an 80gb hdd 1.5hours to 2hours. Got frustrated with full scan taking a long time I resorted to using HitmanPro instead of Mbam.

Now full scan: 80gb hdd = 58minutes / 160gb hdd 1.6hours / 320gb hdd 2.5hours. Cloud scan would be nice addition to capabilities of Mbam.

Would like to see a suspicious file submission in the gui though.IMHO that will be VERY nice. Something like Superantispyware or the AV around.

 

Well... DUH!!

@Malwarebytes
Please see my #25 posting in this thread. I still could use a relevant reply. Thanks!

 

My name is Robert Hafner and I'm the guy who handles all the server side stuff, including the various communications that happen between Malwarebytes and our servers. During this last update we made a lot of changes to how we handle this communication, much of which is to support new ideas that will be coming in down the lines, and since you guys were interested Marcin suggested I go over a few of them with you.

To start with the simplest question first- yes, at this point we've pretty much decided that all communication (with a single exception, which I will get to) is going to be over SSL (port 443). SSL lets us do two things that I feel are extremely important-

1. It lets us verify that the servers MBAM are talking to are in fact the proper servers (otherwise a certificate error should show up and stop the connection).
2. It protects our users by ensuring that third parties on the same network or between their network and our servers can't view what is being sent.

Most of the information being sent is completely harmless- for instance, pulling down the current version number (which is publicly available anyways) is not going to give anyone any useful information- but rather than go point by point to decide what should or shouldn't be encrypted we're simply just encrypting all of it.

There is one exception to this rule, at least at the moment. Due to the way our updates are pushed out adding SSL would actually decrease security. This is because we use multiple CDN's to push our downloads out from locations around the world, and so we've have to distribute our private keys to each of those CDN's. This would increase the likelihood of someone stealing our key while also making it much more complex to add more download sites in, so we take a different approach to securing our downloads.



The other aspect of this is what we are sending. This can be divided up in three ways- Client Statistics, License Statistics and Malware Statistics. Each of those groups has access to the mbam user agent, which tells us things like what version of MBAM is being run with what version of the database, but other than that the information they each get is fairly basic. We also try to get some information from the network connection- such as it's general region and what type of connection (broadband, dialup, etc)- but this information is very general and typically not that accurate (if you've ever used google analytics or awstats then you'll be somewhat familiar with it), and we discard the IP address itself.

License Statistics send us a version of the license being used, in order to help us support our customers. This is the only collection tool that isn't affected by the Anonymous Statistics option. There is currently a bug where users of the free version are sending their "license" (a blank request) despite not having any, and that data is being discarding completely by the server.

For Client Statistics we collect some very basic information about the machine MBAM is running on, such as the Language, Windows Version, Architecture (32 or 64bit). This information is only sent if you agree to, which is what that Anonymous Statistic option is for. If you don't have it enabled it sends us a blank request after updates, which we use to count how many clients are active- we could get this same exact information by processing the CDN logs, but this method is a bit easier for us to deal with.

The final bit of information is centered around Malware statistics. This information is only ever sent when Anonymous Statistics is enabled- we don't send anything along otherwise. These stats are amazingly useful to us, as they tell us what malware vendors are being detected (which you can then see from our MalwareNet website) and what database rules did the detecting. Those users which choose to send back these anonymous statistics are really helping us figure out what is or isn't affective.


I hope this answers you're questions about what kind of statistics we collect, why we encrypt the connections, and what the Anonymous Statistics option enables for sending. If you have any more questions please let me know, and thank you guys for supporting our product!

 

Gave this version a try and find it exhibits the same behavior as past versions. Periodically, Mbam will cause a svchost.exe process to go sky high with CPU activity for approximately 30 minutes. I also think this high CPU starts after an update of Mbam. This particular svchost.exe hosts three services,
1) Base Filtering Engine
2) Diagnostic Policy Service
3) Windows Firewall

To the best of my knowledge, it is the Base Filtering Engine Service that is the root of the problem.

During this time of system crippling, Mbam will also uncheck, the context menu option of "Website Blocking". When the high CPU has stopped, Website Blocking becomes rechecked. What's up with all that? I really want to use this but the CPU issues are too much. Any ideas what is causing this?

 

Why does Malwarbytes 1.50 FREEWARE now require a windows reboot after installing?

Is it going to run some annoying service now and take up my precious resources and RAM?

It has added these lines to my STARTUP:

Yes HKLM:RunOnce Malwarebytes' Anti-Malware (registration) regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
Yes HKLM:RunOnce Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Yes HKLM:RunOnce InnoSetupRegFile.0000000001 "C:\Windows\is-5CN67.exe" /REG /REGSVRMODE

WHY WHY WHY? And what do these 3 lines do exactly? And what the hell is is-5CN67.exe?

 

This is one of the reasons i have uninstalled MBAM, it happens on my Windows 7 computer and my sons XP laptop, both paid versions.
I tried without success at their forums quite sometime ago to address the issue, it was time consuming but i never solved the problem.

Quite a few other people had the same problem at the time, some solved it, others never.

 

Mine is a paid version too but I can't use it because of this. This exact same issue happens with a paid version of DefenseWall which I can't use either. Both vendors have tried to help in resolving the issue but with no joy for me.

 

I don't post up the endless ad-nauseum "Thanks " some people do here to puff up their post count, but after that reply: THANKS!

As for supporting your product, a lifetime license at less than $30 for the very-best-in-class protection is the finest deal in the industry. Even if you decided to market another security/protection product, I'd be first in line to Pay Pal it into my systems. Keep up the great work.

 

Have you asked this question in the Malwarebytes forum?

D.

 

Yes he has, although there was no answer.

Anyway, those registry entries only run once, at next boot, and are subsequently deleted, They serve to install the mbamgui tray icon which allows you to manage the service, the shell extension and so on.

Lots of software works that way, and there's no need to be concerned...

 

Tony - some confusion here!

I had asked if 'TheMozart' had asked his question in this forum! --> http://forums.malwarebytes.org/

How could I have made my enquiry more clear?

(You somehow assumed, I think, that I meant elsewhere on the Wilders Security Forums)

I now gather that 'The Mozart' has never subscribed to the 'authentic' Malwarebytes forums!

Such detail is getting me into even more trouble!

Dave

.

 

Hi Dave,

My bad; at the time I was convinced I'd seen that post before at the MBAM board.

I just now again searched the board as well as Google again for certain catchwords from that post, and no post by TheMozart at Malwarebyte's came up. Nor can I find any trace of him amongst the members, at least not by that name.

Not sure what exactly happened there, and my sincere apologies for wrong-footing everyone...

 

Your apology is accepted, Tony!

Thank you.

Enjoy your weekend!

Dave

 

LOL! Thanks, and you're very welcome as well, Dave.

Cheers,

 

Is anyone else experiencing MBAM's website blocking module blocking connections made by Skype every now and then?

 

If you do please forward me the IP and I will have it researched.

 

I'm running Pro version and it slows my browser considerably. It also uses more than 100 Mb RAM. Decided to switch it off.

 

I just purchased the pro version. I have had no problems with Mbam slowing down my browsing or anything else. It works great.

Chrome 13.0.772
Norton 360v5
Keyscrambler
Mbam Pro 1.51
Norton DNS