Malwarebytes Anti-Malware's malicious website blocking module

Discussion in 'other anti-malware software' started by justenough, Oct 23, 2012.

Thread Status:
Not open for further replies.
  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    For all I know it has been there for a long time, but I just discovered that you can run MBAM's malicious website blocking feature real-time without enabling the filesystem protection module. The button to turn it on is under the 'Protection' tab. It's been running for a couple of days now on my computer without problems with my other browsing protection. Anyone have any information on it or know how effective it is? Or how long it's been available?
     
  2. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    As far as I'm aware, the IP blocker has been there a good long time. What it does ( at least my take on it) is check whether an IP address you're connecting to or attempting to is associated with known malware distribution or is currently hosting malware either through temporary infection or intentionally. If it determines the IP unsafe, it will refuse to either load the website associated with that website or the link/s on an otherwise safe website associated with the troubled IP address. It's usually quite effective in my past experiences with it. Sometimes a little too effective at times :) What I mean by that is that there have been times that an IP wasn't infected, but, as with the case of P2P websites, were considered "risky" and therefore were blocked.

    It works very well and is a great tool to have in your defense if you so desire. Just be aware there may be times you and it may disagree ;)
     
  3. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    A recent update to Malwarebytes has allowed users to independently enabled/disable the File System Protection and Website Protection. Also eliminated having to reboot after installing the update.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    It uses a black listing of known malicious IP addresses. I would consider it basic protection at best. Problem is the sheer number of web sites that can be infected on a daily basis makes effective maintenance of black lists almost impossible.

    Personally I like the proactive approach. Install the WOT add-on to your browser and you will get a visual display of if a web site is safe or not prior to selecting it. Also if your the "asleep at the keyboard type", WOT will warn you of a malicious web site prior to entering it.

    Bottom line is with today's malware, you need browser protection that will detect malicious activity via behavior, hueristics, and file signatures.
     
  5. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Please be cautious with WOT however. It can be a decent tool to get an idea of what to expect, but be aware a good amount of ratings are user-driven and not necessarily proof a website is good or bad.
     
  6. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Malwarebytes introduced IP Protection into Malwarebytes' Anti-Malware in v1.40.
    I couldn't find the exact date, but I do know that v1.43 was released on December 30th, 2009, so it was sometime prior to that... a good 3 years ago.

    A little more info can be found here...
    IP Protection Module
    http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100&#entry162100

    I run MBAM Pro on 3 machines, justenough, including the Website Blocking (IP Protection Module). I find it to be a far greater asset than any problems it might cause with blocking non-infected sites, and if I want access to a blocked site, it's easy to add it to the Ignore List.
     
  7. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Just because it rarely gets mentioned.....

    MBAM also blocks uploads to malicious servers.

    IP based is more proactive than domain based. One IP can have almost unlimited domains and something like WOT would have trouble keeping up rapidly generated domains while we should just block the IP outright. That being said WOT + MBAM is even better.
     
  8. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Good to know. :thumb:
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Marcin mentioned it in his recent interview. ;)
    Interview with Malwarebytes' founder, Marcin Kleczynski
     
  10. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Thanks for the links and other good information. The more I learn about MBAM the more I appreciate what it can do. I knew that MBAM had malicious website blocking, but a couple of days ago I first saw that you have the choice to run it real-time without also running 'filesystem protection'. Since the internet is my main security risk, being able to use the malicious website blocking on its own is just what I need, glad it's become available.
     
  11. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,786
    it is not recent . it used to be like that for sometimes now. At list i had it last year and it did so for me
     
  12. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    You may be right gery, I'm certainly capable of not seeing the separate website browsing option in MBAM when it's been right in front of me.
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Perhaps this is the answer you seek...

    Version 1.51 (May 31st, 2011)

    Website Blocking is now disabled when protection is turned off.

    Version 1.60.0.1800 (December 27th, 2011)

    Settings for Protection Module behavior can be changed without protection being active.

    Malwarebytes Anti-Malware History / Updates
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    ~snip~

    I find this hard to believe. If MBAM Pro had this capabilty, it would be in essence operating as an outbound firewall. Great idea though especially for users of Vista and WIN 7 firewalls that only use inbound protection.
     
  15. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Malwarebytes does not care what kind of connection it is or if its inbound or outbound. If the connection is to a black listed IP then the connection will fail and no data will be transmitted.

    This comes in handy for these situations:

    Undetected downlaoder attempts to gets it friends from blacklisted IP.
    Undetected trojan tries to upload your data to a blacklisted IP.
    Exploit on a site tries to pull payload from a blacklisted IP.

    I am sure you guys can think of more cases like this but the main point is that this technology does a lot more than block bad sites from loading.

    This is not a real firewall though as nothing is evaluated, connections are simply blocked. This allows you to use the firewall of your choice so that the two forms of web blocking combined can synergize each other.
     
    Last edited: Oct 27, 2012
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    this is a cool feature indeed:thumb:
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Will this conflict with Avira Premium(Paid)2013?
     
  18. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,697
    Location:
    Zagreb, Croatia
    No.
    It is made to be used along with standard AV.
    But just to be sure, you can exclude Avira's folder in MBAM and vice versa.
     
  19. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA

    Good Explanation.

    MBAM is ~ Snipped as per TOS ~

    A very good product on multiple levels.

    I hope they keep developing and improving the product at the same rate that they have since its inception.

    And -- MBAM achieved another impressive score in the most recent MRG tests.

    http://www.blog.mrg-effitas.com/

    100% passed in Zero Hour test. (SAS got 100% fail -- again)

    Good stuff.



    -ftp


    .
     
    Last edited by a moderator: Oct 27, 2012
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    When I installed Avira Premium 2013, it asked me to uninstall MBAM even though its real time protection was disabled. I did as suggested, and re-installed MBAM afterwards with its real time protection disabled, and no problems (apparently anyway).

    No matter what, it remains a controversial issue whether MBAM can really co-exist effectively with any AV on any machine, with its real time protection activated. It is good enough for me to have it on demand.
     
  21. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    On demand is basically what I have now with the free version anyway. Thanks.
     
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I find that to pay for a licence it's not only good to support them (a very dynamic team indeed) but it will update automatically, which is very important even when using it on demand.
     
  23. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    What your saying certainly has merit. But I always check for updates before an on demand scan.
     
  24. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,697
    Location:
    Zagreb, Croatia
    ...and updates are incremental....
    No need to download whole database each time you update it.
     
  25. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Before reading this, I wouldn't have thought to use MBAM as a reinforcement for the firewall. Great to hear, since the strength of the firewall that comes with Windows 7x64 has been a long-term unresolved question for me. I've tried all the main 3rd-party firewalls and always return to the Windows one because it is basically invisible in use, never causing any trouble and is probably adequate for the job. In my particular set-up what this blocking module adds to internet security is on its own more than worth the price of MBAM.
     
Loading...
Thread Status:
Not open for further replies.