MBAM security risk?

Discussion in 'other anti-malware software' started by Someone, Jul 7, 2008.

Thread Status:
Not open for further replies.
  1. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I was reading this page: http://www.techsupportalert.com/best-free-adware-spyware-scumware-remover.htm

    And a comment said:

    "A note of caution about Malwarebyte's Anti-Malware:

    It uses a very old version of the zlib compression library. I expect it uses this in order to minimize bandwidth used during updates. The version that Malwarebyte's Anti-Malware uses is 1.1.3.1. The most recent version (released on July 18, 2005) is 1.2.3.0. In previous versions, there are known security vulnerabilities; there is at least one possible buffer overflow vulnerability and at least one denial-of-service vulnerability in versions prior to 1.2.3.0. I've already sent an email to the developers requesting that they close this security hole. Hopefully, they will listen."

    Is this true?

    Thanks
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't know anything about it, but if it is true, that's pretty pathetic for security software, and an even more pathetic excuse IMHO. I kind of doubt this report, but we'll see.

    Edit: Well, so it is true. Sorry, but that is pretty sad.
     
  4. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Well Rubber Ducky said "I believe Secunia exaggerated when they said it poses a security threat. The worst that could happen is a targeted attack against Malwarebytes' Anti-Malware and it crashes"
     
  5. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    @dw426: you should remember that this info originates from Secunia. Its in their interests to make noise from such information, if I may say so :)

    As the link to MBAM forum points out, Marcin already stated the reason for keeping that older library still in use. It's neither pathetic nor sad.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I accept their reason to an extent, but what's most important is it is being fixed. As for Secunia, I like it when they make noise because in my opinion they don't just make noise to hear themselves talk, and that noise alerts me to potential problems so I can be more cautious.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Some folks test & report. Some folks make excuses. Some folks quietly fix problems.

    I appreciate the first & the last.

    The fact that an outfit like Secunia is testing MBAM has caused my confidence in MBAM to increase, not decrease.
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I agree. I'm very confident in MBAM, I just became concerned when it was thought that MBAM used a vulnerable library simply because it used less bandwidth for updating, which WOULD be a poor excuse in my mind. However, the real reason was stated by RubberDucky and it is being fixed promptly, so my concern is now gone and I will continue to use this fine product :)
     
  9. RubbeR DuckY

    RubbeR DuckY Developer

    Joined:
    Jul 7, 2006
    Posts:
    202
    Hey everyone,

    Secunia had every right to report this problem. Version 1.21 will have the latest version of zlib.dll and the security issue will be fixed.

    If I answer your e-mail with the same note as above, I am sorry, but I do not know whose e-mail is what.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hmmm ... i don,t think they tested MBAM.
     
  11. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    So version 1.2 is still using the old version of zlib.dll?
     
  12. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    According to RubbeR DuckY's post that would be a 'yes'.
     
  13. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Really this needs to be put into some perspective for want of not seeing a very effective botkiller bad coverage;)

    So for all naysayers then read the following news story and maybe time to see the bigger picture of it all!
    http://blogs.zdnet.com/security/?p=1445&tag=nl.e539

    So is any security software really that secure....
     
Loading...
Thread Status:
Not open for further replies.