Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM claims it can replace your AV software... is it true?


  • Please log in to reply
6 replies to this topic

#1 glyph

glyph

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 04 March 2017 - 03:24 PM

MBAM claims it can replace your AV software with v3.0... is it true?  Can I get rid of other AV and just use MBAM?  



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:46 AM

Posted 04 March 2017 - 03:40 PM

Although Malwarebytes 3.0 Premium claims it can be used as a replacement for an existing anti-virus, it has limitations and lacks many constructs that a traditional anti-virus applications employ...it does not target scripted malware, document files, media files...it is incapable of of removing malicious code that has been prepended or injected into legitimate files (i.e. file infectors, Trojan patches) and does not handle legacy malware. The Anti-Exploit module is primarily for protection against software exploitation... it does not protect against social engineering, the human exploit often resulting from fraud, spam and phishing emails.

This is an explanation by David H. Lipman, a Security Colleague and Malware Researcher/Analyst.

...there are services in an Anti Virus that are not fulfilled by MBAM.

  • It does not target scripted malware
  • It does not target document files
  • It does not target media files
  • It is still incapable of of removing malicious code that had been prepended, appended or cavity injected into legitimate files such as by a file infecting virus or by a trojan that trojanizes legitimate files ( aka; patches ).
  • It is not MAPI and/or VIM compliant nor does it offer a POP/IMAP Proxy Service.
  • It does not handle legacy malware because Malwarebytes personnel culls it database periodically and only tragets what they call Zero Day malware. Malware that is fresh and new Today and not something that was more prevalent a year or two ago.
An anti virus may intercept email and it will then decode the MIME and scan the body and attachments and flag the email as a Phish, Fraud or some other malicious content. MBAM may have and Anti Exploit module but that is for software exploitation. It does NOTHING for Social Engineering which is the Human Exploit such as those demonstrated in Fraud and Phishing emails.

If one ONLY depends on MBAM they lose the warnings made by traditional anti virus applications that performs scanning the file types MBAM does not target. They lose a layer of protection that an AV provides. So if one has a folder of Wimad trojans and only MBAM is installed, the computer user will never know. However if they had a fully installed Anti Virus solution performing "On Access" and "On Demand scanning on ALL file types, there would be a warning the files are malicious. This an indicator. MBAM will only protect one IFF they try to play a media file and it attempts some not standard media player function. MBAM will not tell you that is a malicious HyperText Application, or that XLS uses malicious macros or that MP3 is a Wimad or that web site has an Embedded IFrame.

That indicates to me that Malwarebytes 3.0 Premium is still better served as an adjunct anti-malware solution to complement and strengthen your protection when utilizing a traditional anti-virus solution.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 glyph

glyph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 11 March 2017 - 11:57 PM

Thanks!  So what AV do you recommend? AVG was good but now they are super push about buying... its annoying.... trying Panda, but I think its making some web stuff slow....   I want something lightweight but that will defend me well.  (im not your average idiot clicking links and browsing bad sites - but still....)



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:46 AM

Posted 12 March 2017 - 08:48 AM

I generally recommend ESET NOD32 Anti-Virus or Emsisoft Anti-Malware if choosing a paid for program as they are effective but leave a small footprint...meaning they are not intrusive and do not utilize a lot of system resources which slow down performance. Kaspersky Anti-virus is also a good choice for the same reason. If you don't want to pay, then I would recommend either Sophos Home Free Antivirus or Bitdefender Anti-virus Free Edition if you prefer not to use Windows 8/10 Defender or Microsoft Security Essentials.

For other suggestions, please refer to Choosing an Anti-Virus Program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 glyph

glyph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 12 March 2017 - 06:19 PM

Thanks!  I looked over your article a bit - is there a site you trust that compares AV's for things like performance and % of malicious software caught in tests, etc?  

 

I can afford to buy something if it's actually better, but if Win10 Defender is actually decent AV nowadays I might be OK just using that.  I work in IT so I feel pretty good that I am not doing super risky stuff....   Like I am curious what makes paid AV worth it?  better performace?  better protection?  etc

 

I noticed your article had basically the same sentence as above except you removed MBAM from your post above... I guess you no longer think that can be used solo? :-)

 

 

 

If looking for a paid for program, I generally recommend ESET NOD32 Anti-VirusMalwarebytes 3.0 Premium or Emsisoft Anti-Malware as they leave a small footprint...meaning they are not intrusive and do not utilize a lot of system resources. Kaspersky Anti-virus is also a good choice for the same reason.

 

Curious.... is there any reason for the list you order these in?   Or the fact you mention kaspersky at the very end, and not just as part of the original list?  Like do you recommend them in that order?  (i.e. ESET > emisoft > kaspersky last, etc)   (If I didn't mention it, my machines are running win10)



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:46 AM

Posted 12 March 2017 - 07:03 PM

The explanation by David H. Lipman I noted above made be reconsider the usage of Malwarebytes as sole protection to replace one's anti-virus since I trust his expertise as a Security Colleague and Malware Researcher/Analyst. Dave also provides a more current but similar explanation in this topic at Malwarebytes where he provides assistance on the forums board.

I have fixed the other link so as not to confuse readers.

The order in the listing of programs I recommend is not a factor...it's just how I wrote it so I'm not inferring the first is better than the last.

IMO Windows 8/10 Defender is just as good as any other free antivirus solution (and probably easier to use for the novice) without bundled toolbars or nagging popups. If you have Windows 10 Anniversary update, it includes Limited Periodic Scanning and allows you to also use a third party anti-virus program as your primary protection.

Both free and paid for products typically use the same scanning engine, detection and removal methods when in comes to malware disinfection. The primary benefit of paid for anti-virus or anti-malware products is that most of them offer additional features such as real-time protection against malware infection and free technical support. In contrast, free versions are limited...typically used as stand-alone scanners or to provide some behind the scene protection.

Also keep in mind that many anti-virus vendors are bundling toolbars and other software with their products as a cost recoup measure. In fact, all free Anti-virus programs now come with toolbars or other bundled software (and annoying prompts to upgrade) except Bitdefender Free, Sophos Home, Microsoft Security Essentials and Windows 8/10 Defender.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:46 AM

Posted 12 March 2017 - 07:12 PM

There are several reputable labs which test the effectiveness of major anti-virus programs and security suites to include AV-Comparatives.org, Virus Bulletin Comparative Tests, AV-Test.org, NSS Labs Consumer Anti-Malware Products Group Test Report, Anti-Malware Test Lab, MRG-Effitas, etc.

These kinds of comparative testing results will vary depending on a variety of factors to include but not limited to who conducted the testing, what they were testing for (type of threats, attack vectors, exploits), what versions of anti-virus software was tested, what type of scanning engine was used, and the ability to clean or repair. There are no universally predefined set of standards or criteria for testing which means each test will yield different results. As such, you need to look for detailed information about how the tests were conducted, the procedures used, objectivity and data results. Read Anti-Malware Testing Standards Organization: AMTSO Fundamental Principles of Testing.

Each security vendor uses their own testing/analysis methodology to identify various types of malware so the detection results are not always the same.Some of the testing criteria and standards may even be misleading.

...for some unknown reason...the renowned German test lab AV-TEST has quietly (there was no warning) modified its certification process. The changes mean that the certificates produced by the new rules are, to put it mildly, pretty useless for evaluating the merits of different AV products...With AV-TEST’s new certification standards, the onus is on the user to carefully investigate the actual results of each individual test…they may find that a product that blocked 99.9% of attacks has the same “certification” as a product that only blocked 55%.

Comparative testing: A bit of background for the uninitiated

Further, if you're dealing with zero-day malware it's unlikely the anti-virus testing is going to detect anything. It takes time for new malware to be reported, samples collected, analyzed, and tested by anti-virus/anti-malware researchers before they can add a new threat to database definitions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users