MalwareBytes Question

Discussion in 'other anti-malware software' started by Frank the Perv, Jun 12, 2011.

Thread Status:
Not open for further replies.
  1. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    In the MBAM Pro version, it apparently blocks hostile websites.

    Here is an example of a log:

    08:03:47 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57612, Process: firefox.exe)
    08:04:27 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57646, Process: firefox.exe)
    08:13:32 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57762, Process: firefox.exe)
    08:13:32 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57763, Process: firefox.exe)
    08:17:08 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57808, Process: firefox.exe)

    =============

    ... so is this like DNS filtering?

    I also use Norton DNS. Did MBAM just filter it out first? Am I getting double filtering, or does MBAM block IP's in a different way?

    Basically, I don't get it.

    I visited malwarebytes website, but it had no info (that I saw) on this capability.

    Overall -- I like what I see in MBAM. Seems to test well, blocks bad sites in real-world use, and the product keeps evolving.


    -FTP
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    It blocks IPs, while DNS blocks addresses. A DNS server works on almost any machine (routers included), while Malwarebytes only works on a Windows one. Not similar at all. More like a blacklist firewall.

    Not sure about which filters it out first, but there are no incompatibilities.
     
  3. Fuzzydice45

    Fuzzydice45 Registered Member

    Joined:
    May 13, 2009
    Posts:
    108
    Location:
    Australia
    Norton shouldn't reply with an IP address if it is on their blacklist, so norton must've thought the website was ok and resolved the web address to the IP address and then it was blocked by MBAM.

    Norton should've blocked it first if it was on their blacklist.

    Fuzzy
     
  4. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Its very good at stopping script malware. So it basically stop the website from putting malicious code on your pc. Almost like what no script does but only 10000000000 times better
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    Need pr0n?
    http://www.onthesamehost.com/?q=78.140.143.49

    Whatever what is blocked, some kind of webbugs - no regular site
    has them built-in. are you visiting illegal sites or some strange hosters
    or xxx-sites? (some minor private sites earning money with such crap)

    if not - any ad-blocker may help!
     
  6. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Outgoing ports of firefox?
     
  7. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    lol

    As Brummelchen pointed out, MBAM will block either connections to various pr0n sites (for example), or those connections you listed, they can be ads loading from various sites MBAM is blocking while the site you're on isn't malicious (eg. games sites with adult ads/links for example).

    I noticed when using utorrent for example, MBAM will be blocking various connections. Either way, does a great job.

    MBAM's ip blocking, I find personally, is quicker and lighter than other programs using web scanning technology. End of the day, you want the site blocked with no fuss.
     
  8. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    Thank you for the responses.

    I'm still trying to understand this...

    From Wiki:

    A DNSBL (DNS-based Blackhole List, Block List, or Blacklist; see below) is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.​


    So Norton DNS is ultimately blocking IP addresses, right?

    Is MBAM doing the same thing?

    Norton DNS redirected my net traffic through its server. Does MBAM do anything like this?

    And how close are any of these activities to what SpywareBlaster does?

    With an AV, MBAM, Norton DNS, WinPatrol Plus, and Windows Defender, is there any purpose for SpywareBlaster?

    And does Windows Defender even count for much anymore? I remember Windows Defender in its previous life when it was a very nice little product.
     
  9. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    Last edited: Jun 12, 2011
  10. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    spyware blaster protects your system settings to be changed and provides a backup of it if anything happens. A thing you can do is use Spybot S&D and adds its list to your host file and use the immuninizer.
    Also make sure Adobe reader and the writer as updated to latest version. Java remove all the old version. Do not leave the old versions on your pc it will render the latest patches useless.
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    @Spooony: Script malware is only one part of what it can stop, but saying it's far greater than NoScript is false. A whitelist is always stronger than a blacklist unless you make many mistakes creating rules.
    Outgoing means Firefox is trying to connect to those websites, not the other way around.

    @Frank the Perv: It doesn't affect IP addresses. For example compare these two same pages: http://setup.nortondns.com and http://198.153.194.6/
    Once again, MBAM isn't similar at all. It can block IPs though.
    No, it simply blocks the connection using a local blacklist.
    Not close, SpywareBlaster adds blacklists onto your browser settings. The end effect is similar though.
    If you have Internet Explorer, there might be a purpose. If not, no (only blocks cookies in Firefox, no support for other browsers).
    With an AV and MBAM running in real-time, Windows Defender is unnecessary.
     
  12. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    that's why I asked outgoing?
    Depends on what white list your talking about?
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    What do you mean by outgoing then? Don't be vague if you want answers.
    NoScript uses a whitelist obviously. It disables the scripts unless you allow the website. What other whitelists are there discussed on this thread?
     
  14. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Opening post of the OP it shows Type outgoing.
    no script you have to create a white list. Malware creators use sites like you-tube to infect people. That place is full of links to rats etc etc. Can you use no-script on you-tube?
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Yes, of course. You have to whitelist youtube to watch videos. Same applies to fake sites, except you don't have rules for them due to different domain.
     
  16. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    yes I know but what's the common thing a person does when on a site like you-tube and no-script block something. They let it run. Don't think avg doesn't even know he have to start with his own white list rather than keep on picking the defaults. I once had a link that WOT blocked and no-script blocked. So I ignored WOT let it go with no-script and here starts a antivirus scanning the folder with like something 80 trojans found in a empty folder lol
    But if http headers live is good one to use with no script. you can see the requests coming in and out.

    OP that ip belong to ~ Domain Name Removed ~ The site has been flagged bad. So it was trying to call home. If you were browsing a social site or a site no where near that place (I hope so) then run a malware scan with malware bytes and do a online scan from any of the av products online scanners to see if there isn't something still hiding on your pc
     
    Last edited by a moderator: Jun 16, 2011
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    MBAM blocked that first. You're not allowed to post malicious sites by the way. I already have enough scanners.
     
  18. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    .Eh? That was the site mbam blocked the outgoing attempt of the OP. That was for him not you lol
    Do a look up of that ip because adds do the same sometimes. Think that was no add lol
     
Loading...
Thread Status:
Not open for further replies.