Malwarebytes Anti-Ransomware Beta

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Jan 25, 2016.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "I think it's supposed to be integrated into MBAM.
    It was never meant to be a standalone utility." right!!!!

    but what happens to the lifetime lic for MBAM? will we get the upgrade including this new anti-ransomeware or will be be stuck with just MBAM unless we buy a yearly sub for this new product?
    seems like there are getting to be more companies sucking people in with a lifetime lic then finding a way to make them buy a yearly sub.
     
  2. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,109
    Location:
    USA, MICHIGAN
    Once MBARW is out of beta(some day:confused:) YES it will be rolled into MBAM, one product, for FREE

    those who have a lifetime lic will have it forever those that have a yearly sub will have to renew it as it's intergraded into MBAM that is now renewable software yearly.
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    coll so at that point I should give up my paid sub for WAR?
     
  4. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,109
    Location:
    USA, MICHIGAN
    Its up to you but once product is up and running and migrated with MBAM im sure it's going to be a very good.
     
  5. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    Currently MBAR is nothing more than a rebranded CryptoMonitor (unsurprising as it is coded by the same person), and is about the worst choice that can be made when selecting specific antiransomware protection as it does not come close to HMPA, WAR, or even the native ransomware protection of BitDefender in actually protecting a system.

    The reason for the poor performance of MBAR is easy to grasp- the mechanism of action that it uses is fatally flawed, and unless the product is totally scrapped and rebuilt from square one there is no reason to suspect that it will improve.
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    If you knew anything about Malwarebytes you would know this is not true with Malwarebytes. We've grandfathered EVERY single lifetime license when we moved to subscription and will AGAIN grandfather EVERY existing MBAM subscription to anti-ransomware for free. I bet you'd have a tough time naming a couple other companies that do that for their users.

    This could not be further from the truth. Yes we acquired CryptoMonitor, but mostly to get Nathan to lead the project due to his experience. The actual code does not have a single line of code from CryptoMonitor and was developed from scratch (it was actually started before the acquisition of CryptoMonitor). Re: the comment about HMPA, WAR or BitDefender, if you actually knew what you were talking about you'd be laughing at your own comments. MBAM-ARW is much more advanced than any of those. Granted the shell (UI, etc.) we put together quickly to wrap around the technology so we could publish a beta is crappy, it is the least important aspect. Once we throw away that shell and it integrates into MBAM it will be a different story.
     
  7. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    I stated nothing regarding MBAM if you'll notice. My comments were just about MBAR and its inferiority to other products that are specific for, or have modules specific to stop ransomware. Even a cursory test will quickly demonstrate that MBAR as currently coded will be outperformed.

    And yes I do know what I am taking about and do not in any way find this to be a laughing matter.
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    pbust?

    I was not implying that is what you were going to do, I was only asking and making a true statement about a lot of other companies.
    I have been using MBAM for some years now and I was never one to actually pay for any software unless I thought it was worth. I also currently pay the yearly for MBAE. as you know I have spoke with you in e-mail about a few things and always found you to be professional and pretty darn quick with your responses.

    CS are you going to make a video of MBAR when it comes outa beta? ;)
    oh that's right I forgot you are in Vegas for some months.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    Wow, these are some serious claims. :D

    Can you give a bit more technical information? Why do you think that it's more advanced than WAR and HMPA? I believe most anti-ransom tools that make use of behavioral monitoring are watching for suspicious activities of the file system, am I correct?
     
  10. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    695
    Location:
    Melbourne, Australia
    Sounds like the gauntlet has hit the floor! When are we going to see the HPMA vs WAR vs BD vs MBAR test? Let's throw VS into the mix, as well.

    Volunteers (who know what they are doing), please. Let's walk the talk.

    Questioning cruelsister's knowledge? Hmm..., good luck with that.o_O
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    The thing is, it's a matter of how you define "advanced". If it is purely about behavioral monitoring, I'm guessing HMPA and MBARW are the most advanced. The problem is that WAR sometimes seems to be more effective, but that's because it's looking at other parameters, like if a file is signed or if it's trying to perform "process hollowing" and other stuff. I hope that developers will give some more info about the inner workings.
     
  12. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Cruelsister, you are more knowledgeable (or at least you really seem to be) than the average WSF member.
    How come you write that MBAR is "nothing more than a rebranded" product/heap of code, which seriously needs to be "rebuilt from square one".

    Didn't you notice that MBARW has been coded from 'square one' even before the purchase of CryptoMonitor, as pbust claims?
    Do you question this claim about this particular MBAM product actually having been rebuild?
    At some point, one wonders about some of the claims you make...
     
  13. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    BinDiff can probably provide the answer.
     
  14. :thumb: a program to check the binary differences and map changes in logic flow will answer that question for sure
     
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    "At some point, one wonders about some of the claims you make...
    Click to expand...
    BinDiff can probably provide the answer. "

    ok you guys lost me again. what does bindiff have to do with CS remarks?
     
  16. DecrypterFixer

    DecrypterFixer Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    9
    First off i would like to say that any opinions i may have in this comment does not reflect the opinions Malwarebytes may have.

    Since you like to do these types of tests, I would encourage you to preform this "cursory test" with the latest version of MBARW :) It would be very informative to everyone here, and i think you will be quite surprised with how well it does, especially compared to products out on the market now. The BETA did take some unexpected time to get MBARW to its goal and fruition, but we are there now and even have much more to come!

    I'm sure you know, i'm the creator of CryptoMonitor, and i can assure you not a single line of code from CM was used in MBARW.
    You see, CryptoMonitor got to big, to quick for what i was expected. I was a lone developer who was simply creating a small/medium application to help and stop Ransomware, because there was nothing that was doing this at the time for your regular endpoint users. You could argue that there was some tools out, but it was quite clear they were not working. CM was even free at first with donations!
    But because computer users were ready for a solution to this problem, CryptoMonitor grew larger than I expected, and thus I did my best with keeping up with it along with starting EasySync Solutions! Because i'm a developer and Security Analyst, and at the time wasn't much of a "business Guy", I was quite overwhelmed. So its quite hard to compare CryptoMonitor/EasySync to most larger companies :)

    This is why, given the opportunity, I teamed up with Malwarebytes and brought all my Ransomware knowledge with me! Malwarebytes had a goal on point with what my goal was, stopping the on coming Ransomware Pain Train. They already had a plan and action in the works, and I was happy to come on board and help lead the Ransomware Team to where we are now and where we are going in the future. Because i finally had the resources and time with Malwarebytes, we could now take advantage of ideas and methods that i couldn't do alone with CryptoMonitor to make an amazing application that would stop Ransomware cold, and minimize FPs. This combined with Malwarebytes Excellent plans, has made a great product. The BETA was just that.. a BETA. It has fine tuned MBARW to a application i'm proud to say i had a part of creating, and will provide a unbeatable amount of protection when coupled with MBAM, which won't even require you to run another application!

    Malwarebytes products and reputation speaks for itself, and doesn't need much explaining. I was simply hoping to clear up any misconceptions there may be here. I will be releasing a unbiased video that shows all Anti-Ransomware products against 0 day ransomware very soon which should help some users here, and else where when trying to find a solution to Ransomware.
     
  17. BinDiff is a program to detect the difference of two programs by comparing them on a binary level, it also makes a map of the logic differences. When something is just a rebranded program, 95% of the code is the same (only text literals representing the name of the program, images representing logo and colouring scheme of the GUI are different).

    So comparing MBARW against CryptoMonitor through BinDiff could proof CS claim (only rebranded) to be right or wrong.

    Great let the programs speak for themselves. I hope you will also include Bitdefender and Kapersky (free) anti-ransomware solutions and (besides MBARW) paid solutions like Cryptoprevent, HPMA and WInAntiRansomware.
     
    Last edited by a moderator: Aug 16, 2016
  18. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    695
    Location:
    Melbourne, Australia
    Excellent. Show me always works better than tell me. When is it due to be integrated into MBAM?
     
  19. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,109
    Location:
    USA, MICHIGAN
    Hopefully ZAL is thrown in there also.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    Can you perhaps also give some more info about the inner workings of MBARW? Details are not necessary, but I would like to know if it watches for suspicious file system operations and for apps that are using "process hollowing" and other stuff to bypass HIPS.

    ZAL doesn't use behavioral monitoring to block ransomware. So no need to test it, since tools like WAR, MBARW and HMPA are completely signature-less.
     
  21. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    Please pardon my not taking part in this discussion very much as real life has intruded.

    I used the term "recoded" previously. I did this just to be nice- obviously MBAR is different from CryptoMonitor in a number of ways,- so more properly I should have said that both are equally ineffective in stopping many ransomware strains (like I said, I was being nice). For proof of this one needs only to review a number of videos that have been published to demonstrating this statement.

    But for those that have a VM and have neither the time nor inclination to watch YouTube, run a Petya, Satana, or a Putty (aka MirCop) against MBAR, then against HMPA. You will notice that whereas Erik (et al.) have reacted to current ransomware threats, MBAR has not. And I will not even mention Bart.

    As to integration of MBAR into MB, the bar has been recently set much higher by a certain Russian developer (whom I am without doubt biased against); this product appears to be the best of breed in a number of ways although further analysis needs to be done (I hope to publish something about this prior to All Hallows Eve).

    Finally, I would suggest that the MBAR coder spend more time on product improvement than casting dispersion on those who test the product without emotion or prejudice.
     
  22. @cruelsister

    Because a Russian developer is setting the bar, I rather have those published on All Saints Eve when you don't mind (All Hollows Eve is associated with Western Capitalism in Russia).

    Thx Kees
     
    Last edited by a moderator: Aug 17, 2016
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    Is this some new anti-ransom tool you're talking about? And about this whole discussion, so you're basically saying that MBARW is not as effective as other anti-ransom tools. I really hope that ZeroVulnLabs and DecrypterFixer can explain why they believe that MBARW should still be considered as more advanced. To be clear, I'm not picking any sides, I just hope the end goal will be even stronger tools.
     
  24. haakon

    haakon Guest

    FWIW & FYI, MBAR was coined for MB's obsolete Anti-Rootkit which never got out of beta.

    MBARW has five letters, I know. But what can anyone do? :)
     
  25. haakon

    haakon Guest

    It'll be interesting to see how they'll market that re their free/paid model.

    MBAM works only when you tell it to.

    MBAM Premium adds workings in its running process(es). Except when the user chooses to disable them, of course.

    Throwing MBARW into MBAM Premium makes sense.

    Because what good does MBAM do for protection against ransomware unless you would stumble on or suspect a time delayed payload?

    Which is what MBAM should be doing now, given the latest defs have been loaded.

    Or with an MBARW component, MBAM would offer a clean-up attempt after the fact??

    If MBAM kept its name, then MBAM Premium would need a re-name. MBAA: Anti-ALL!

    If MBAM Premium kept it name, the MBAM would be... MBAP. Anti-Probably.

    Or they could just roll back their thinking and keep both MBAMs and MBARW separate products. Gasp!
     
Loading...