Malwarebytes Anti-Ransomware Beta

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Jan 25, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Seriously, I don't understand why this wasn't tested by Malwarebytes before releasing this tool, even if it's still a beta. These are quite big bugs.
     
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    The very objective of a beta is to test and fine-tune the technique. Yes it was tested internally quite a bit against ransomware, but out in the real world there are millions of possible configuration combinations and it is best to test for this out in the open. What we did underestimate is the number of people that ended up installing this in their production machines instead of test/VM machines.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Yes I understand, but I've read about the issues on the MBARW forum, and they aren't caused by conflicts is my impression. So this stuff looks clumsy to me, it looks like a serious flaw in the protection method itself. Don't get me wrong, I'm excited about this new product, and will most likely be using it, but there is no excuse for these kind of false positives, even for a beta product.
     
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I am going to be patient and trust pbust on this one. Pretty impressive starting his own program as a teenager and doing the world such a great favor and not out of selfishness. And he just got like 50 mill from a company for venture capital, I can't remember who.
    AS far as not installing in a VM: I run Quietzone and it interferes with other security install so I disabled it to get it to work. I also run Marcum Reflect to restore my partitions on bad days :)
     
  5. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    843
    Location:
    North of the 38th parallel.
    Hello boredog:
    A very strong possibility exists that you are confusing @pbust (Pedro Bustamante, VP of Technology) with @RubbeR DuckY (Marcin Kleczynski, CEO, Malwarebytes Corporation).

    BTW - @DecrypterFixer (Nathan Scott, Technical Product Manager - Anti-Ransomware) the author of CryptoMonitor, is the Malwarebytes Corporate developer of Malwarebytes Anti-Ransomware (MBARW).

    The $50M investment you may be referring to might be coming from Fidelity Management and Research Company. -Malwarebytes Raises $50 Million Investment from Fidelity

    HTH :)
     
    Last edited: Feb 1, 2016
  6. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,288
    Location:
    USA, MICHIGAN
    I agree somewhat, the product was rushed out to the public to soon the FP were crazy even for Beta, of course people are going to DL it on there production machines it was foolish for them to think otherwise coming from a well known safe company.

    I'm sure they'll get it sorted out and purring..:thumb:
     
  7. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  8. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,267
    Location:
    USA
    Did clean install of Beta3 on Windows 7 Professional SP1 x64. Open and closed all programs on my computer with no problems. FP with TrendMicro Rootkit Buster is no more. I noted initially I could not stop protection after closing MBAWR splash screen. After a reboot it worked fine (I did not reboot after initial install). CPU use is 0. Ram usage is 19K for mbarw.exe and varied with MBAMService.exe from around 22K to 176K (seems to normally run at around 22-28K). Tray icon should change to white (or something else) if stopping protection (like MBAE). Using Emsisoft Internet Security, AppGuard and MBAE Premium with MBARW. Noted I am getting a lot of blocking events with AppGuard with MBARW installed (example - 02/01/16 23:06:33 Prevented <Plugin Container for Firefox> from writing to memory of <pid: 4>.). Not sure if this affects anything.
     
    Last edited: Feb 2, 2016
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,162
    Last edited: Feb 2, 2016
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Yes, that's what I meant. This should be a lesson for all other companies. Don't just rely on beta testers, but test your product not only against true malware, but also see how it interacts with other software. This all should be easy with the help of virtual machines.

    Perhaps an idea to add the version number to the file.
     
  11. haakon

    haakon Guest

    Windows 10 Pro
    MBAE Free 1.08.1.1189
    MBARW Beta 0.9.9.314

    FYI: After updating MBAE and MBARW, I ran the update for Bitdefender Internet Security 2016 (v20.0.24 to .25) which involved about 80MB of a few dozen executables and libraries, the Active Threat Control driver and a reboot. No problems.

    Sysinternals Process Explorer is no longer an FP.

    Still poking around but lookin' good so far. :thumb:
     
  12. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,288
    Location:
    USA, MICHIGAN
    Same here my BD update went smooth no issues
     
  13. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    (Marcin Kleczynski, CEO, Malwarebytes Corporation).
    Yes that is who I meant. I just wish I still had two instead of one gray matter brain cell left
     
  14. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    No software company ought to be blamed for user-side stupidity.
    Just because it's from a reputable outfit like MB doesn't mean beta isn't spelled b.e.t.a.
    Running a 1.0 or 2.0 beta on a production machine 'willy nilly'-style, is no excuse for bitching&moaning due to self-induced cognitive dissonance.
    Beta belongs in a VM or test machine. Not on a kazillion enthusiast systems where nonsensical WTF's are to be expected.
     
  15. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,288
    Location:
    USA, MICHIGAN
    Grab another cup of coffee lol :isay:
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Agreed; the company made the usual disclaimer about not using the software in a production environment.
     
  17. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Already ahead of you. :)
    Perhaps MB should have named it alpha 2.0/3.0
    Not that it would have made much of a difference, imao.
    If users flock towards late alpha/early beta software, drama is to be expected.
    Rather than bug/fp reporting according to procedure, you end up with a litany of forum posts all over the place.
    Nothing personal though, daman1.
    It seems a bit typical for Wilders security software enthusiasts. I was there once too.
    But production machine + late alpha/early beta is a no-go.
    At least when a user has the assumption that he does not have to assume that something might terribly go wrong. That's all.
     
  18. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    We still not have any official answer why AE und AR are not merged into one product. :mad:
     
  19. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    In message #77 ZeroVulnLabs said:

    "Integration is the path. Concrete plans and dates not yet available though."
     
  20. haakon

    haakon Guest

    Baserk is 100%. :thumb:

    Realistically, speaking as one who runs betas on a test system, a multitude of unfortunate individuals who engaged in an unsound exercise provided exactly the reports needed for this program. As a result: a vastly improved Beta3.

    As for daman1's "well known safe company," certainly not alone in the industry, Malwarebytes is no better or worse in its record. Two cases that come to mind are the database update that borked system files across the globe and now the Project Zero revelations which exposed paying customers to risk - for years. (For the record, I've been a paying customer, long time MBAM and recently MBAE.)

    As for MBARW, I'm looking forward to its development but with focus on its playing well with Bitdefender AV and IS (and whatever you're running, of course). I've followed one member's inquiry over on their forum regarding Cryptomonitor Pro's well documented Count Protection, if used in MBARW, and BD's Active Virus/Threat Control. I'm not happy with the side stepping non-response to a legitimate technical inquiry by a user who understands the tech.

    [/soapbox]
     
  21. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Sounds more like a 'maybe'. The last changelog's or blogs not telling anything about the 'plans'. The next question is if they then drop the other two products or not. So you see some question are unanswered, and people like me want to know what's going on because the beta-tests are then all useless because with AE this might work different.
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Perhaps the reason we don't have more information is they haven't decided yet how the products are going to be integrated? Maybe we should be patient and give them some time?
     
  23. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    So time, ha? And then we got something like this? Externals like Googles Project Zero showing us the truth, why not the AV developers? ... look at there own blogs nothing mentioned and now they saying it takes some time, which is all okay except the part that they not telling us that there is/was something wrong, is it so hard? For a product I pay for I want information what goes on and get possible workarounds (if possible) this is how it should work and this has nothing todo with complaining about xyz Av development it's an general problem because they are not transparent enough, no source, mostly no issue tracker (just only forums) and in 90% no roadmap. We definitely need audits and more transparency and especially for users/beginners more information how to harden the OS if not then nothing ever changes and people still believe in myths that installing external tools 'secure'/'harden' things or are 'totally protection' - this cake is a lie.
     
  24. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    1. Opensourcing your code as commercial company doesn't make sense.
    2. For that vulnerability you need to perform an MITM.
    3. Feel free to audit any of their applications, they now have a bug bounty program. :)
     
  25. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Can you point me to what you are referring to? I wan to make sure nothing feel through the cracks and everything gets answered.

    All these technologies and products are big projects with a lot of moving parts and dependencies. There's no point in providing roadmap information for things we know are not 100% and will likely change. The impact of saying something today and then changing it every week thereafter is worse. You would then be complaining about how we said one thing and changed some detail the week after.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.