MBAM hoax?

all the people making negative posts about mbam should think about something:
1. mbam is small company have a look how many employee's for exsample kaspersky has and mbam.
2. have a look in the removal forums, mbam is doing a great job.
3. have a look for the mrg tests, also great job.
so why they should change something?
every company has fps, ok, mbam fixed them quickly, so whats the problem?

 

Woah then it was true

 

On that detection you would have one of two responses:
1) "Who's the foolish ninny who put svchost.exe there?"
2) "Oh, that's the backup I have taken."

 

Probably has something to do with the content of Post #1 in this thread.

 

We detect malware how we see it in the real world. If you'd like to continue staging fake scenarios, be our guest.

As Bruce said, we can detect a piece of malware with hundreds of types of signatures and heuristics. If detection by filename is useful to our detection scheme, then why not use it? Sure, there may be some silly side effects such as an empty file being detected -- but saving just one user far outweighs that consequence.

Now, if we saw a real issue with these definitions, i.e. users having their systems broken in the real world, we would take corrective actions to fix that and help the user resolve that and their original problem.

Our detection schemes have been getting better each and every day and as Bruce said, we are looking to fix some of these silly side effects.

Marcin

 

Keep up the good work, I'm very happy with your product

 

Don't take this the wrong way, but as user SLE mentioned there are most whitelisted names.

I'm pretty sure you guys know that the same infective file (in websites) can be present in different websites (and also in the same website), but with different names.

The question I really would like to make is: If I were to install MBAM as the sole antimalware solution in a relative's computer, if one of those files happened to have one of the whitelisted names in MBAM, would any of the other MBAM technologies make any beep or would MBAM go silent?

That's the question. Not silly names that users may purposefully name other files as.

The situation I ask could very well be, just by mere coincidence, a real situation. Will MBAM be of any good? That's what I'd like to know.

Unfortunately, I cannot proceed with any testing.

Thanks.

 

If MBAM removed the whitelisting method which has helped millions of users to satisfy a handful of testers coming up with scenarios, how would that be a smart and effective decision?

As another poster said. Their removal of malware support is excellent. Other AVs are charging $80 a license for 'advanced techniques' when in reality their support doesn't exist, and the program is poor at what it's supposed to do.

Further, MBAM pro's IP blocker is exceptional. You could use the same argument it's blocking a whole site at times when another program will block just the one file. Bottom line, MBAM can improve but it's already better than most and millions of people have this program to thank for saving their personal files and cash spent on a local iT dude.

So referring to it as a hoax is plain nonsense.

 

Excellent piece of software IMO.

You people calling it a "hoax" find yourself a hobby,seriously.

 

Well said, Saraceno.
MBAM is one of a small handful of programs that I have faith in and rely upon.
I appreciate that they also use alternate methods of detection and prevention.
It's what makes them great.

 

They have consistently had a high detection rate so they must be doing something right. It is an automatic install when I set up a new computer or reinstall Windows.

 

I would like to see MBAM in a FP test

 

ppl calling it a hoax need to seriously stop smoking pot..

 

I believe the OP meant the strange filename / folder as hoax. RTFM.

 

Get Norton Power ERASER for Free. See my sig. Even the big boys are providing much better free tools that use aggressive techniques like MBAM to remove malware.

 

I don't think the problem is detecting abnormal files, etc. The problem is the whole whitelisting thing. I know you have the knowledge, but imagine someone who doesn't. This person happens to download a malicious file, without knowing it so, and the file happens to have the same name as one of the whitelisted names. For what I understand, MBAM won't flag it. If it doesn't have one of the whitelisted names, then it will flag it. If it has detections, that is.

This is what is wrong, IMHO. Hopefully, and accordingly to what has been said, it's something that's being phased out.

The more means to fight the bad guys the better, but I don't get the whitelisting approach. Can you imagine if all other antimalware apps had this whitelisting approach, based on file names?

 

You haven't even answered nosirrah's replies yet, and you're still promoting NPE.

 

Few. You have got to be kidding me. The FP forum on your website has been up for at least a year and I visit it regular and they are always new reports of FPs.

"Malwarebytes" false positive - 373,000 hits.
"Power Eraser" false positive - 8090 hits

The results sure do handle this one.

Sure, please try and convince us you are doing this from the goodness of your heart. Give me a break.

Have you tried installing windows in a directory other than C:\Windows. Something like D:\WinXP ?? Try it

If you are familiar with the current Marijuana crisis in California, your company is like a medical store that sells marijuana saying that we have a top notch product that sells real well to the junkies, and they try to justify their business saying that the mainstream approaches of education, and legal methods have failed and they are the best alternative. They dont even realize the damage they cause to the average person.

You are welcome to sell your product to the crackheads out there, but dont try and convince folks on a technical forum that your product is so advanced that you guys are the smartest guys in the room.

 

In the interest of total disclosure, "qakbot" you are a Symantec employee, correct? (Or should we ask the forum admins to view your IP addresses and discover the truth that way?) And if you are, don't you think bashing a competitor would.. well, get you fired? I don't think Symantec would appreciate that. But, let's all find out shall we? Everyone here, submit to anyone you know at Symantec these posts by qakbot and see how long before they fire him and deny bashing a competitor.

 

@qakbot: Google results simply mean MBAM is more popular and was around for a longer time. Have you checked the links themselves?

Crackheads? Now that'll make everyone convert to NPE. You're the one that will have problems convincing people on a technical forum.

 

You already know that this changes nothing as there is no chance you are unaware of environmental variables (at least I hope based on your attacks).

You dodged the question so I will be more direct. These FPs are not path originated FPs. We also do not hide our FPs. Instead we keep that public as an incentive to fix them as quickly as possible.

You clearly did not research our staff before you made this comment. Go ahead and do some checking, you just insulted many of the best malware fighters in the history of the community based support. Collectively we have put in many decades of work for free, MBAM was just a new way to extend our reach. Do we make $, yes obviously. Like everyone else we have bills and families. Also go to download.com and look at our download numbers, do you honestly think we have not had toolbar offers?

So AVs have things well in hand and the forums are full of what, crack heads? Read what I said again, we use tech that is advanced and simple and everything in between, we have no problem saying that we sometimes do not go by the book. The AVs going by the book and failing is the reason we were even able to start this company. Smartest guys in the room? I think I said (like 20 times) not going by the book, nothing more.

 

I’m a big fan of MalwareBytes’, and admire the different approaches that they use in their popular Anti-Malware product to get the job done, even if there are some harmless side-effects.

I must admit.., If I created / renamed a file to one of the system filenames, and placed it in the root directory or one of the system folders, regardless how unorthodox it may be ... I don’t want this file named SVCHOST.EXE being flagged as a known severe threat type like 'Trojan.Agent’ or EXPLORER.EXE as 'Worm.AutoRun’ when signatures and behavioral nature isn’t considered. To flag with such severity even on 0-byte files is pretty annoying, but I don’t like to see it flagging the way it does on any files that isn’t a for sure threat. All I’m basically saying is, I’d like to see files that are detected without the use of signatures and behavioral nature, with a lot less threat severity labeling and flag those files 'suspicious’ instead. Or add some additional checks (that may increase a tad or a bit more the on-demand scan time) to decrease this type of detection method FPs.


And if you don’t mind me throwing another suggestion; file exclusions should be maintained at least by signature checkings.

 

This +1!! everything is fine except the whitelist that thing is outrageous.

 

The worst thing about all this stupid harassment against great and decent developers is that, for a moment, you forget all the helpful people that you find in forums like this one and you really hate internet.