Reddit Is Malwarebytes Still Good

admin

First I would upgrade Malwarebytes to the current Beta version. Once you do that do another manual check for updates. I would also recommend creating exclusions between Malwarebytes and Your AV to help prevent any possible conflicts or performance issues. Please add the items listed in this support article to Your AV 's allow list(s)/trust list(s)/exclusion list(s) particularly for any of its. Norton offers online protection for your computer, tablet or smartphone. Choose from a variety of plans starting at just $39.99 for the first year.

  1. Reddit Is Malwarebytes Still Good Today
  2. Reddit Is Malwarebytes Still Good 2019
Reddit Is Malwarebytes Still Good

Well, actually it isn’t the genuine WinDirStat but a trojanized version posing as WinDirStat and it’s masquerading under the disguise of the good Unicode version of windirstat.exe which is contained in the installer. So it’s named that as well.

Now, the report I got from a WinDirStat user from Sweden (thanks again!) was that MalwareBytes had detected WDS once again. I assumed false positive and it turned out that it was at least for the particular file that the Swedish user had (SHA1: 26e14a532e1e050eb20755a0b7a5fea99dd80588)1 – which was the genuine file from the genuine version 1.1.2 installer. That is the installer with the following two cryptographic hashes2:

  • MD5: 3abf1c149873e25d4e266225fbf37cbf
  • SHA1: 6fa92dd2ca691c11dfbfc0a239e34369897a7fab

We’ve had this before, but this time it was a slightly different case.

I contacted Doug from MalwareBytes. We had been in touch some time before. So I got a contact for the malware research at MalwareBytes and was able to inquire about the file. It turned out that the file aforementioned Swedish user had inquired about wasn’t under detection, but another file with the MD5 hash a84aad50293bf5c49fc465797b5afdad. Now I didn’t have that file in my release archive so I asked for the file3 and was then able to look at the actual trojanized file. And what struck me was that all external traits shown by this file matched closely the Unicode build from the 1.1.2 installer. The size matched, the timestamp in the PE header matched, just some things like the sections and a whole lot of code or data had been changed in the middle of the file.

So I loaded the genuine file into IDA Pro and the entry point looked like this:

and when I did the same on the trojanized file it looked like this:

Holy moly, Batman! Someone actually trojanized WinDirStat and it looks like EPO4 just from a brief look.

Again, this file is namedwindirstat.exe and to the naked eye it looks like the Unicode build from the 1.1.2 installer, but in actuality this is a trojanized version of the genuine file. Now I don’t have the time to investigate into what exactly this thing is doing, but it bears all the hallmarks of malware and therefore from my perspective that file isn’t a false positive.

Conclusions

Reddit is malwarebytes still good for free

If you download files. check that their hashes match what is expected. Future releases of WDS will be signed with an Authenticode certificate, so it will also make it harder to trojanize WinDirStat.

I checked last night and at least the downloads from SourceForge.net and DownloadBestSoft were genuine. No danger there. Still: you are encouraged to double or triple check! And keep in mind that MD5 is broken, so never ever rely on MD5 alone.

// Oliver

the clean files are:

MD5:

Still
  • 3abf1c149873e25d4e266225fbf37cbf *windirstat1_1_2_setup.exe
  • 3f3dd4476249ae664e3365e5bb651601 *release/windirstat.exe
  • 24cd9a82fcfc658dd3ae7ba25c958ffb *urelease/windirstat.exe

SHA1:

  • 6fa92dd2ca691c11dfbfc0a239e34369897a7fab *windirstat1_1_2_setup.exe
  • 752e1687d58de3bef927d9ad24c0ed3da3754e17 *release/windirstat.exe
  • 26e14a532e1e050eb20755a0b7a5fea99dd80588 *urelease/windirstat.exe
  1. that false positive has been fixed meanwhile. [↩]
  2. keep in mind that MD5 has been broken, so you should never rely on it alone anyway. It is possible to forge binaries that match the MD5 hash of another binary as recent government-sanctioned malware has shown. [↩]
  3. Usually you won’t get a file that is deemed malicious from any anti-malware company, but since I work in the AV industry as well and had contact with Doug before, I had the credentials. [↩]
  4. Entry Point Obfuscation [↩]
(Redirected from Malwarebytes' Anti-Malware)
Malwarebytes
Developer(s)Malwarebytes Inc.
Initial releaseJanuary 2006; 15 years ago (as Malwarebytes Anti-Malware)
Stable release
Windows4.3.3 / May 5, 2021; 4 days ago[1]
macOS4.8.12 / March 21, 2021; 49 days ago[2]
Android & Chrome OS3.7.5.8 /
May 26, 2020; 11 months ago[3]
Operating systemWindows XP and later,
OS X 10.11 and later, Android Marshmallow and up, iOS 11 and later, Chrome OS
PlatformIA-32, x86-64
SizeWindows: 68.61 MB
Android: 31.13 MB
Available in30 languages
Bulgarian, Catalan, Chinese (Traditional), Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese (Brazil), Portuguese (Portugual), Romanian, Russian, Slovak, Slovene, Spanish, Swedish, Turkish and Vietnamese
TypeAnti-malware
LicenseProprietary (Freemium)
Websitewww.malwarebytes.com

Malwarebytes (formerly Malwarebytes Anti-Malware, abbreviated as MBAM) is an anti-malware software for Microsoft Windows,[4]macOS, Chrome OS, Android, and iOS that finds and removes malware.[5] Made by Malwarebytes Corporation, it was first released in January 2006. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.

Overview[edit]

Reddit Is Malwarebytes Still Good Today

Malwarebytes is primarily a scanner that scans and removes malicious software, including rogue security software, adware, and spyware. Malwarebytes scans in batch mode, rather than scanning all files opened, reducing interference if another on-demand anti-malware software is also running on the computer.[6][7]

Malwarebytes is available in both a free and a premium paid version.[5] The free version can be run manually by the user when desired, whereas the paid version can perform scheduled scans, automatically scan files when opened, block IP addresses of malicious web sites, and scan only those services, programs and device drivers that are currently in use.

On December 8, 2016, Malwarebytes Inc. released version 3.0 to the general public. This includes protection against malware, ransomware, exploit, and malicious websites.[8]

Reception[edit]

  • PC World's Preston Gralla wrote that 'Using Malwarebytes Anti-Malware is simplicity itself'.[5]
  • CNET in 2008 cited Malwarebytes as being useful against the MS Antivirus malware[9] and also awarded it an April 2009 Editor's Choice, along with 25 other computer applications.[10][11]
  • Mark Gibbs of Network World gave Malwarebytes Anti-Malware 4 stars out of 5 in January 2009 and wrote that 'It does the job and only the lack of a detailed explanation of what it has found stops it from getting 5 out of 5'.[12]
  • PC Magazine gave Malwarebytes Anti-Malware 3.5 stars out of 5 in May 2010, saying that although it was good at removing malware and scareware, it fell short on removing keyloggers and rootkits.[13] However, the free version got 4.5 stars out of 5 and an Editor's Choice award for free removal-only antivirus software in 2013-4[clarify].[14]

Dispute with IObit[edit]

On November 2, 2009, Malwarebytes accused IObit, a Chinese company that offers similar products, of incorporating the database of Malwarebytes Anti-Malware (and several products from other vendors, which were not named) into its security software IObit Security 360. IObit denied the accusation and stated that the database is based on user submissions, and sometimes the same signature names that are in Malwarebytes get placed into the results. They said that they did not have time to filter out the signature names that are similar to Malwarebytes. IObit also stated that Malwarebytes did not have convincing proof, and declared that the databases were not stolen. After the declaration from IObit, Malwarebytes replied that they are not convinced of the argument from IObit. Malwarebytes claims to have served DMCA infringement notices against CNET, Download.com and Majorgeeks in order to have the download sites remove the IObit software. IObit said that as of version 1.3, their database has been updated to address those accusations of intellectual property theft made earlier by Malwarebytes.

Dealing with Vonteera[edit]

Vonteera is adware that uses stolen certificates and disables anti-malware and virus protection, such as from Malwarebytes.[15] Malwarebytes has listed a solution for eliminating this threat.[16]

Security vulnerabilities[edit]

On February 2, 2016, Project Zero announced four vulnerabilities in the Malwarebytes flagship product, including lack of server-side encryption for update files and lack of proper payload signing within encrypted data; the combination of which allowed an attacker to recompile the encrypted payload with exploits.[17] Malwarebytes responded one day before disclosure in a blog article detailing the extreme difficulty in executing these attacks, as well as revealing that the announced server-side and encryption issues were resolved within days of private disclosure and were not outstanding at the time Project Zero published their research.[18] Malwarebytes also published information on how to protect current users until a patch was released. This event also resulted in the establishment of a formal bug bounty program by Malwarebytes, which offers up to $1000 per disclosure as of 2018, depending on severity and exploitability.[19]

See also[edit]

References[edit]

  1. ^'Release History & News – Malwarebytes Support'. support.malwarebytes.com.
  2. ^'Release History & News – Malwarebytes Support'. support.malwarebytes.com.
  3. ^'Malwarebytes for Android & Chromebook – Malwarebytes Support'. support.malwarebytes.com.
  4. ^'10 Best Malware Removal Tools for Windows 10 - Windows Able'. windowsable.com. Retrieved August 24, 2016.
  5. ^ abcMalwarebytes Anti-Malware review at PCworld.com, retrieved July 22, 2014
  6. ^'Malwarebytes Corporation'. MalwareBytes. Retrieved August 18, 2009.
  7. ^Neil J. Rubenking (July 6, 2010). 'Free Antivirus and Antispyware'. PC Magazine. Retrieved March 2, 2014.
  8. ^'Announcing Malwarebytes 3.0'. Malwarebytes Corporation. Retrieved December 8, 2016.
  9. ^Rosenblatt, Seth (September 24, 2008). 'Take a 'byte' out of malware'. The Download Blog. CNET. Retrieved November 27, 2008.
  10. ^Seth Rosenblatt (February 10, 2009). 'Malwarebytes Anti-Malware'. Download.cnet.com. Retrieved December 5, 2009.
  11. ^'CNET Editors' Choice Awards 2009 Winners'. Reviews.cnet.com. June 2, 2009. Retrieved December 5, 2009.
  12. ^Gibbs, Mark (January 7, 2009). 'Malwarebytes finds pesky Trojan'. Gearhead. Network World. p. 2. Retrieved January 8, 2009.
  13. ^Rubenking, Neil J. (May 7, 2010). 'Malwarebytes Anti-Malware 1.46'. PC Magazine. Retrieved June 3, 2010.
  14. ^Rubenking, Neil J. 'Malwarebytes Anti-Malware 1.70'. PC Magazine. Retrieved March 2, 2014.
  15. ^Casey, Henry T. (November 25, 2015). 'Latest adware disables antivirus software'. Tom's Guide. Yahoo.com. Retrieved November 25, 2015.
  16. ^'Vonteera Adware Uses Certificates to Disable Anti-Malware - Malwarebytes Labs - Malwarebytes Labs'. blog.Malwarebytes.org. Retrieved December 31, 2017.
  17. ^Leyden, John. 'Google ninjas go public with security holes in Malwarebytes antivirus'. The Register. Retrieved February 6, 2016.
  18. ^Kleczynski, Marcin (February 1, 2016). 'Malwarebytes Anti-Malware vulnerability disclosure'. Malwarebytes Labs.
  19. ^'Malwarebytes Bug Bounty'. Retrieved July 6, 2018.

External links[edit]

Reddit Is Malwarebytes Still Good 2019

Retrieved from 'https://en.wikipedia.org/w/index.php?title=Malwarebytes_(software)&oldid=1022271762'