Mission impossible? Malwarebytes invents software that blocks zero-day attacks

Discussion in 'other anti-malware software' started by ronjor, Jun 13, 2014.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    http://www.cso.com.au/article/54752...tes_invents_software_blocks_zero-day_attacks/
     
  2. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    No matter how well the software works (or more likely doesn't)
    it is not an 'invention' .

    Article 52 of
    The European Patent Convention
    states :




    Software is 'a work', the author has the copyright .

    Maybe it's just me, but I don't think the solution is yet another piece of security-software to install, hog resources, prevent the user from doing what s/he wants because of false positives and .. hog resources - besides, any installed program is, on its own, a possible attack-vector.

    Someone should make a program that teaches users how not to do stupid-risky things instead !
     
  3. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    552
    The author of the article isn't doing Malwarebytes a favor by using these words.
    "block all zero-day attacks known and unknown against popular Windows applications"


    Later in the article from Marcin, "Malwarebytes Anti-Exploit will help mitigate some of this risk"

    "Exploits have been responsible for a lot of headlines recently as they are a highly effective way of stealing confidential data from people and businesses. After researching thousands of vulnerabilities and exploits, we are confident that Malwarebytes Anti-Exploit will help mitigate some of this risk," said Malwarebytes CEO, Marcin Kleczynski.
     
    Last edited: Jun 13, 2014
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    The sensationalism, it burns.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I will stick with EMET and save myself $25 a year. Sorry, but the MBAE saga reminds me of "snake oil" salesman of the American wild west days. Or more recently, the founder of LifeLock that used to publically give out his social security number as a dare against identity thieves until it was hacked ........................
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Yawn. It's about as "revolutionary" as a hot dog.
     
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    Tough crowd.
     
  8. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    It's justified. Anyone who makes claims about blocking all known and unknown zero-days is at best telling a half truth. There is no way they can prove the ability to block all unknowns - not just as a matter of practice but AFAIK as a matter of the laws of mathematics. (i.e. the Halting Problem.)

    Actually if I were working for Malwarebytes I'd be rather annoyed at this kind of press. People are weary. Articles that misrepresent a product in an excessively optimistic light might rub people the wrong way more than widespread skepticism.
     
  9. Feandur

    Feandur Registered Member

    Joined:
    Jun 15, 2005
    Posts:
    401
    Location:
    Australia
    A measure of MB's anxiety to regain lost revenue from the lackluster BMAM v2 ?

    MBAM and MBAE came out of beta "recently" (roughly speaking). Now attention grabbing promotions.

    hmmm. Shame. I think the products will be / are good enough not to have this sort of PR.

    Jut my view -

    feandur
     
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    I think there's a lot of FUD being spread around here for no apparent reason. Let me clarify a few things:

    * We have tested MBAE against zero-days since its first beta over a year and a half ago. This can be done simply by getting every new zero-day that comes out and using it against an old version of MBAE that was compiled pre-zero-day. In most cases for these tests we use 1 year old versions. Since we started doing this we found that old versions of MBAE stopped every zero-day we've thrown an it. This includes zero-day exploits for IE, Acrobat, Word, Flash, Silverlight, XLS, etc.

    * We have never said we will block every single zero-day from here to eternity. If anyone ever says that they are clearly lying. Sometimes it is difficult to explain vulnerabilities and exploits to media and consumers and unfortunately they do misinterpret things. **** happens, but it is not our fault if someone misinterprets something.

    * We've been very clear since the beginning that MBAE works against RCE exploits and we hook in userland. This means that for example kernel exploits, priv escalation exploits, OS exploits, etc are outside the scope of MBAE. If you look at other articles it actually does mention these limitations.

    * MBAE is different from EMET. The objective is the same but the techniques and the scope is different. For ex Duqu kernel exploit, while none block it, at least MBAE is able to block the payload malicious action from the typical Duqu attacks that were integrated in Exploit Kits until a few months back. Another is Java exploits.

    * By saying it is as revolutionary as a hot dog you're just showing off your ignorance. But you don't have to take my word for it, there's a test performed by an independent researcher which you can look at http://malware.dontneedcoffee.com. This test was performed using MBAE Free and demonstrates how soccer-moms and gramma users might be protected easily against Exploit Kits without paying a dime.

    You're all obviously entitled to your opinions and if you don't like MBAE that's all fine by me, but there's no need to be rude or spread FUD. Instead constructive criticism might be nice, like for example how to create/improve other products out there to provide exploit mitigation for the masses that doesn't require end users to be highly technical.
     
  11. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    424
    Location:
    Canada
    Its a good product, you may not like the price but that's a separate issue. It works for what it was designed to do, same as any other security product.
     
  12. Feandur

    Feandur Registered Member

    Joined:
    Jun 15, 2005
    Posts:
    401
    Location:
    Australia
    pbust - no disrespect ever intended to you as a developer - sometimes I just get a bee under my bonnet with Management and the high handed way they can carry on....

    Used your Exploit Shield in 2013, and intend getting licences for MBAE now it is out of beta.

    congratulations on a great product. :thumb:

    thanks,
    feandur
     
  13. Feandur

    Feandur Registered Member

    Joined:
    Jun 15, 2005
    Posts:
    401
    Location:
    Australia
    digmor crusher - I also am using Appguard and EAM.
    Do you find MBAE plays nicely with your combo? Are you using free or premium?

    thanks,
    feandur
     
  14. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    I don't get the analogy, sorry.
     
  15. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    pbust......For a long time I have been very happy with you people. Thank you.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I haven´t read your post yet, but I also don´t have a clue why people are being so negative. It´s just a standard article promoting the product, like all companies do. And I don´t see any outrageous claims being made. Also, buffer-overflow protection is indeed innovative, before Comodo Memory Firewall and EMET, non of the popular HIPS offered this feature. :)

    Edit: And you even offered some proof that MBAE is really blocking exploits. I´m still waiting for the AppGuard report, a developer claimed it outperformed EMET.
     
  17. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    It's certainly better than those hideous web-antivirus modules and probably more potent than these so called exploit protections in antivirus products. I'd rather pay for this and combine it with a free unproblematic av like MSE than for a bloated internet security suite. Though I understand that exploit protection has to be viewed soberly.
     
  18. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Some hotdots are pretty revolutionary though! But I agree, sensationalism at it's best.
     
  19. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    What are "hotdots"?
     
  20. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Have the two been tested alongside each other, were there any conflicts?
     
  21. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    Marcin has made this statement:
    "Sometimes it catches the exploit so early we can't show the alert" that it has stopped an attack.

    Which exploit was it? Can you clarify this....
     
  22. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Dang, I spilled the beans on the most revolutionary hotdogs of them all.. Hotdots.. Cats out of the bag now!
     
  23. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    Thanks for the clarification, Doc. I'll make sure to look for them at the nearest 7/11. :D
     
  24. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    Not a specific exploit. He was referring to new techniques being introduced:
    https://forums.malwarebytes.org/index.php?showforum=153
     
  25. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293

    "Not a specific exploit"o_O

    Remote Code Exploits seem to dominate the arena of infections... Your provided link simply takes me to your forum.... You still have not answered as far as how are you able to "catch" the exploit without informing a user about the attack? The question still remains (based on Marcin's statement), what does MBAE catch that similar programs can not? I'm sorry about such a specific question, however, I'm just curious about what you might have in your Revolutionary arsenal that no one been able to achieve.... If you have invented the "Holly Grail" of security..... I'm ready to dump all my security applications and keep your "sliver bullet"...
     
    Last edited: Jun 14, 2014
Loading...