Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can malwarebytes be trusted security wise after this?


  • Please log in to reply
10 replies to this topic

#1 TheRedMeanie

TheRedMeanie

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 06 July 2017 - 03:08 PM

Malwarebytes is arguably the most popular secondary malware scanner. I have been using it for a year now, but recently I found out something which raised many doubts in my mind, so much that I decided to join this forum & start this thread.

 

Yesterday, while browsing though the internet, I unexpectedly downloaded a RAR file which contained something which looked like a folder.(But it wasn't) It was an exe, but it's icon looked like a folder & due to windows hiding known file extensions by default(Thanks Microsoft), .exe after the file name didn't appear. So to any average user, it would look like a folder. So after double clicking on it, i immediately realized that it was not a folder but an application. I decided to upload the file to virustotal. 44/55 detection, yup it's malware. Out of all the anti malware scanners to not detect it, I didn't expect malwarebytes to be one of them. The other 10 which didn't detect it aren't 'BIG' names in the anti malware business. I can't comprehend how I can trust malwarebytes now in keeping my device secure when literally every other major anti malware scanner was able to detect the file. I know anti malware scanners can't be perfect, but this is just too much.

 

Here's the VirsTotal link - https://www.virustotal.com/en/file/a23a02b39cbbb0c85c1022ee099783aed97b43d781cafe7d1881c17e49127caf/analysis/

 

Addional notes - That scan is 6 months old now, i can't rescan it because I deleted the file. But the point is, 6 months ago, MalwareBytes considered that extremely unsafe file as safe when no other major anti malware scanner did, so what's stopping that from happening again?

Since I'm not familiar with the security world, if something like this occurs with other well known malware scanners as well, I would certainly like to see a VirusTotal report where 40+ malware scanners flag a file but a well known malware scanner like Kaspersky/Bitdefender/Norton does not.  



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:05 PM

Posted 06 July 2017 - 03:47 PM

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time.

The security community is in a constant state of change as new infections appear and it takes time for new malware to be reported, samples collected, analyzed, and tested by anti-virus/anti-malware researchers before they can add a new threat to database definitions. Further, if you're dealing with zero-day malware it's unlikely the anti-virus is going to detect anything. Malware writers have the advantage since no matter how hard security vendors attempt to stay on top of new threats, there is always a short time-frame in which a new malicious file goes undetected and can infect a computer without detection. Just because one anti-virus or anti-malware scanner detected threats that another missed, does not mean its more effective.

Further, Malwarebytes 3.0 is not an anti-virus...see here. This is a more detailed explanation by David H. Lipman, a trusted Security Colleague and Malware Researcher/Analyst.

In its role as a adjunct, complimentary, anti malware application it has limitations in aspects that the anti virus application performs in its role. MBAM does not target script files...It also does not target document files...media files...MBAM targets mainly non-viral malware. The exception being a virus dropper (a malware file that drops a virus and starts a virus infection but is not infected with the virus) and worms (such as Internet worms and AutoRun worms).


As for VirusTotal....read on.

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners...VirusTotal...a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect...Very often antivirus solutions and URL scanners will produce false positives...VirusTotal simply acts as an information aggregator and cannot and will not be held responsible for these false positives. VirusTotal will not whitelist any files or URLs and will not remove any detections resulting from the normal operation of the products it makes use off. False positives should be dealt with the developer/company that offers the product generating the erroneous detection...VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions...

About VirusTotal
VirusTotal FAQs


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:05 PM

Posted 06 July 2017 - 04:01 PM

I totally agree with Quietman there is no product that gives you 100% protection, the best protection starts with the user (configuring windows to show all file extensions is something everyone should do!)

 

I have collected several malware samples from infected machines that show 0 detections at the time I upload them to Virustotal.

 

About Malwarebytes, according with the company position with the version 3 release the program is now a full antivirus product...

https://blog.malwarebytes.com/malwarebytes-news/2016/12/announcing-malwarebytes-3-0-a-next-generation-antivirus-replacement/


Edited by SleepyDude, 06 July 2017 - 04:03 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#4 TheRedMeanie

TheRedMeanie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 06 July 2017 - 05:24 PM

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time.

 

I totally agree with Quietman there is no product that gives you 100% protection

Ok, these are general statements. They do not specifically address my situation. (I already went in great detail explaining my situation, but anyway, let's break down your statements.)

 

The security community is in a constant state of change as new infections appear and it takes time for new malware to be reported, samples collected, analyzed, and tested by anti-virus/anti-malware researchers before they can add a new threat to database definitions. Further, if you're dealing with zero-day malware it's unlikely the anti-virus is going to detect anything. Malware writers have the advantage since no matter how hard security vendors attempt to stay on top of new threats, there is always a short time-frame in which a new malicious file goes undetected and can infect a computer without detection. Just because one anti-virus or anti-malware scanner detected threats that another missed, does not mean its more effective.

 

I totally agree with Quietman there is no product that gives you 100% protection, the best protection starts with the user (configuring windows to show all file extensions is something everyone should do!)

 

I have collected several malware samples from infected machines that show 0 detections at the time I upload them to Virustotal.

 

As you all know, there are these things called Anti Virus & Anti Malware programs that are supposed to keep us secure. I already acknowledged in my first post that

I know anti malware scanners can't be perfect, but this is just too much.  

 Hoping that I wouldn't get a response saying 'Nothing can be perfect', but that didn't work out. The thing is, in my situation, I'm not dealing with zero day malware. I am dealing with a well known malware which was for some reason not detected as malware by MalwareBytes. Now, I understand that if some state sponsored hacker is after my data then I can't stop him with an anti malware or anti virus, but this isn't that case. This is a case of a well known malware file, so MalwareBytes should have been able to detect it as malware otherwise Anti Malware & Anti Viruses on the whole are pointless in existence.

 

Further, Malwarebytes 3.0 is not an anti-virus...see here. This is a more detailed explanation by David H. Lipman, a trusted Security Colleague and Malware Researcher/Analyst.

 

Ok, since their site clearly states that Malwarebytes 3.0 is a full featured anti virus replacement - https://blog.malwarebytes.com/malwarebytes-news/2016/12/announcing-malwarebytes-3-0-a-next-generation-antivirus-replacement/

 

You are saying that they are fooling people? Mind you, that VirusTotal scan date was after Malwarebytes 3.0 was released. If I am to take explanation by David Lipman as a fact, then any person who installs MalwareBytes 3.0 thinking it will protect them from all sorts of malware is being misguided. Is that what's going on now?

 

VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions...

 

I couldn't find anything online about this related to MalwareBytes Anti malware, but I don't see any reason why they would incorporate an inferior scanning engine on the command line version which would make it unreliable to use compared to the GUI version. 



#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 06 July 2017 - 05:43 PM

Ultimately, you are the one responsible for the security of your system.

 

Doing frequent disk image backups, and daily backups of volatile (personal) data is the best protection against any disaster (ransomware, malware, hard drive failure, etc.)

 

Testing your backups is the second best protection.

 

http://www.techrepublic.com/article/disaster-recovery-worst-practices-dont-test-your-backups/

 

Creating a System Restore point when making changes to your system (settings, installing new software, etc.)

 

Security is implemented in "layers" -

 

Configuring your router security settings properly

 

http://routersecurity.org/checklist.php

 

Checking for open ports

 

https://grc.com/x/ne.dll?bh0bkyd2

 

https://www.speedguide.net/ip/

 

Pair a good software firewall with your router's NAT firewall (for me, that's the Windows Firewall)

 

Selecting the best AV software for your requirements

 

AV-Comparatives -

http://www.av-comparatives.org/

AV-TEST -

https://www.av-test.org/en/compare-manufacturer-results/?avtest[type]=3

Virus Bulletin VB100 -

https://www.virusbulletin.com/testing/dates/vb100-antimalware

 

Doing regular scans with various malware detection scanners

 

AdwCleaner

https://www.bleepingcomputer.com/download/adwcleaner/

Malwarebytes Anti-Malware (already mentioned)

https://www.malwarebytes.org/antimalware/

Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Junkware Removal Tool

https://www.bleepingcomputer.com/download/junkware-removal-tool/

 

 

You also might take a look at Brian Krebs' 3 Basic Rules for Online Security and Tools for a Safer PC -

https://krebsonsecurity.com/2011/05/krebss-3-basic-rules-for-online-safety/

https://krebsonsecurity.com/tools-for-a-safer-pc/

 

A lot of people will say they "know all this stuff", but "implementing this stuff" is different than being aware.

 

Implementing the above, I have never been infected in over 25+ years.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:05 PM

Posted 06 July 2017 - 05:52 PM

How a company markets a product is up to them. In the end, the reaction of it's buyers/users usually dictate if a change in strategy is needed.

The information provided by Dave Lipman indicates to me that Malwarebytes 3.0 Premium is still better served as an adjunct anti-malware solution to complement and strengthen your protection when utilizing a traditional anti-virus solution.

If you want specific answer to your question about the non-detection, then your best bet would be to report this issue in the Malwarebytes 3.0 Support Forum so the development team can investigate and answer.Some of the employees involved with Malwarebytes Anti-Malware product development, research and technical support are well known security experts who have volunteered their personal time to assist victims of malware infection long before their program was created. They still stay personally involved with helping victims on Internet forum boards as well as provide individual support services to users of their products. This means they are personally tuned into the day to day analysis of active malware and any reported issues with their software so they are able to respond quickly to them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 frogbreath

frogbreath

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bromley
  • Local time:06:05 PM

Posted 06 July 2017 - 05:54 PM

Malwarebytes should still be used with an antivirus and firewall. Like they said to you nothing will stop everything. Anti malware companys play a catch up game with malware creators. The malware is created and the antimalware company's must find/uncover it to then apply a solution. Without time travel it's always going to be the way. 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:05 PM

Posted 06 July 2017 - 05:58 PM

Forgot to mention...I know and trust many of the folks associated with Malwarebytes.

The Malwarebytes Tech Support & Help Forum team know the inner workings of the program and have direct access to the developers and research engineers. Your best option is ask them directly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 frogbreath

frogbreath

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bromley
  • Local time:06:05 PM

Posted 06 July 2017 - 06:03 PM

Could always submit your sample to mbam  if you still have the offending critter. 



#10 Porthos

Porthos

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 07 July 2017 - 09:16 AM

First submission 2015-12-06 02:52:44 UTC ( 1 year, 7 months ago )

 

Malwarebytes is not a historical scanner. In most cases files over 3 months old are not considered for inclusion to the database.

 

Considering what the file is (crack) you get what your deserve with files like that.

Undertale-ALiAS.exe
Sony Vegas Pro 13 0 Build 453x64 Latest Working KeyGen.exe
WINDEV 20 -- WINDEV MOBILE 20 -- WEBDEV 20 -- CRAC.exe
FINAL DRAFT 9 0 2 BUILD 136 CRACKED.exe
INSSIDER WIFI HACKING TOOLS COMPLETE VERSION.exe
Family Guy S12E21 HDTV x264 REPACK LOL eztv.exe
COREL PAINTER 2016 15 1 0 715 SERIAL KEYGEN SO30 15.exe
Corel Video Studio Pro X8 18 6 0 6 Setup Update Keygen x86 Core X.exe
Limitless S01E10 720p HDTV X264-DIMENSION.exe
Microsoft Windows 10 5in1 Nov x64

 



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:05 PM

Posted 07 July 2017 - 02:59 PM

Malwarebytes is not a historical scanner

Yep..that's what Dave said in his detailed explanation...it will not target older malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users