MBAM security risk?

Hi

I was reading this page: http://www.techsupportalert.com/best-free-adware-spyware-scumware-remover.htm

And a comment said:

"A note of caution about Malwarebyte's Anti-Malware:

It uses a very old version of the zlib compression library. I expect it uses this in order to minimize bandwidth used during updates. The version that Malwarebyte's Anti-Malware uses is 1.1.3.1. The most recent version (released on July 18, 2005) is 1.2.3.0. In previous versions, there are known security vulnerabilities; there is at least one possible buffer overflow vulnerability and at least one denial-of-service vulnerability in versions prior to 1.2.3.0. I've already sent an email to the developers requesting that they close this security hole. Hopefully, they will listen."

Is this true?

Thanks

 

It will be fixed soon.
http://www.malwarebytes.org/forums/index.php?showtopic=5245&st=0

 

I don't know anything about it, but if it is true, that's pretty pathetic for security software, and an even more pathetic excuse IMHO. I kind of doubt this report, but we'll see.

Edit: Well, so it is true. Sorry, but that is pretty sad.

 

Hi

Well Rubber Ducky said "I believe Secunia exaggerated when they said it poses a security threat. The worst that could happen is a targeted attack against Malwarebytes' Anti-Malware and it crashes"

 

@dw426: you should remember that this info originates from Secunia. Its in their interests to make noise from such information, if I may say so

As the link to MBAM forum points out, Marcin already stated the reason for keeping that older library still in use. It's neither pathetic nor sad.

 

I accept their reason to an extent, but what's most important is it is being fixed. As for Secunia, I like it when they make noise because in my opinion they don't just make noise to hear themselves talk, and that noise alerts me to potential problems so I can be more cautious.

 

Some folks test & report. Some folks make excuses. Some folks quietly fix problems.

I appreciate the first & the last.

The fact that an outfit like Secunia is testing MBAM has caused my confidence in MBAM to increase, not decrease.

 

I agree. I'm very confident in MBAM, I just became concerned when it was thought that MBAM used a vulnerable library simply because it used less bandwidth for updating, which WOULD be a poor excuse in my mind. However, the real reason was stated by RubberDucky and it is being fixed promptly, so my concern is now gone and I will continue to use this fine product

 

Hey everyone,

Secunia had every right to report this problem. Version 1.21 will have the latest version of zlib.dll and the security issue will be fixed.

If I answer your e-mail with the same note as above, I am sorry, but I do not know whose e-mail is what.

 

Hmmm ... i don,t think they tested MBAM.

 

Hi

So version 1.2 is still using the old version of zlib.dll?

 

According to RubbeR DuckY's post that would be a 'yes'.

 

Really this needs to be put into some perspective for want of not seeing a very effective botkiller bad coverage

So for all naysayers then read the following news story and maybe time to see the bigger picture of it all!
http://blogs.zdnet.com/security/?p=1445&tag=nl.e539

So is any security software really that secure....