Jump to content

Updating program -- Please, stop making it "mandatory"


Recommended Posts

Since the "new" program update, I have noticed that there is no way in the free edition to skip updating.

 

Today, I could not connect to the internet. Thinking there was a remote chance it could be related to malware, I decided to scan with Malwarebytes.

 

But, Malwarebytes just stalled on the update process since it could not connect to the internet.

 

I do like to keep the program up-to-date, but there are circumstances where requiring this before each scan is not appropriate.

 

Any chance of changing this and making updates optional in future builds?

Link to post
Share on other sites

Hi:

 

MBAM targets zero-hour and zero-day threats.

It is critical to have a current database when scanning. 

Databases are updated 6 to 10 or more times a day.

The Free version is just a manual, on-demand scanner, without automatic updating.

Many home users would forget to update before scanning.

This resulted in both false-negatives and occasional false-positives, when they would scan with (sometimes seriously) outdated databases.

 

So, the automatic update check before a manual scan (in both the Free and Premium) versions was introduced as a safety feature.

 

Having said all that, a few other users have mentioned the issue you describe (being unable to scan because there is no internet connection and no way to update).

 

>>>We will need to wait for a staff member from the MBAM product team or forum staff to provide you with "official" feedback on the suggestion. :)

 

Thanks!

Link to post
Share on other sites

Thank you for the reply Spam Hunters. :)

 

In the previous free edition, Malwarebytes would open and initiate an automatic update, but the user still had the option to hit "skip update," and carry-on the scan.

 

To me, this was the perfect solution. Update was started, but it could be deferred.

 

People who don't think about updating still are updated, unless they make a conscious decision to opt out.  That option would have been very nice earlier today when I had no way to connect to the internet. I think that option should be brought back.

Link to post
Share on other sites

Hi:

 

Hmmmm, mandatory updating, sounds like Windows 10. :angry2:

 

Sounds like "apples" vs. "oranges"?

 

This discussion is about malware database updates before a manual anti-malware scan against zero-hour malware threats, not Operating System updates (or even MBAM program updates, which may be controlled separately).  See here.

I'm not sure there's much to be gained by taking this thread off-topic to discuss Win10.

 

 

But I guess we'll need to wait for a staff member to provide additional feedback.

 

Thanks,

Link to post
Share on other sites

Yeah, Windows 10 has nothing to do with this.  You can opt out of checking for program updates.  People who are hell-bent on using the old version do that.  They lose the ability to use a newer detection engine, but if that's OK with them, its OK with us.  Database updates are another story.  Using an old database during a scan is the same as asking a hacker to cut you some slack.  Their advantage is a zero-day attack, and YOUR advantage is an updated database which guards against that.

 

Anti-virus programs take a while to analyze, verify and post signatures to guard against new threats.  By that time, the hacker has made as much money (or gathered as much information) as he expected to, retired that attack vector and moved to a new one.  Malwarebytes is quite often the first program to guard against a new attack vector.

 

The bottom line is...who do you want to trust, Malwarebytes or the attacker.  It is, ultimately, up to you.

 

EDIT:  If you haven't noticed this setting yet, check out the screenshot.

post-141357-0-47535600-1440213430_thumb.

Link to post
Share on other sites

I have seen the update settings.  I druged through them yesterday morning when I tried to find a way to stop the updating and get a scan going.

 

Now, I do not pretend to be the most computer savvy, but nowhere on that setting is the user given the option to cancel updating and "get to scanning," 

 

I actually clicked the manual proxy radio button (having no idea what proxy means in this case) and got a bunch of other options that I had no idea what to do with, so I went back and checked the "no proxy server" option.

 

Again, nothing on that screen, that I see lets the user skip the database update.

 

Honestly, the chance my connectivity problem was connected to malware was remote (and it turned out NOT to be malware-related),

 

But such things DO happen. Having a option to have a functioning malware program when there is no connectivity seems to me to be a no-brainer.

 

Whatever...

Link to post
Share on other sites

Hi:

 

AFAIK, there is no way to disable the DATABASE update check that occurs before a manual scan in either the Free or the Premium version.

These database updates occur several times a DAY, to stay ahead of current threats.

The rationale for this change was previously explained in Reply #2.

 

There is an option, as @gonzo explained and illustrated in Reply #6, to disable simultaneous PROGRAM update checks.  These program updates occur only a few times a year.

 

(With MBAM Premium, update checks & scans can be scheduled to run automatically, largely obviating the need for manual scans or manual update checks.)

 

>>Having said all that, I understand your concern.  As just another home user, I need to defer to the MBAM Product Team to address the likelihood of a coding change to bring back the old behavior.

 

Thanks again for your feedback,

Link to post
Share on other sites

Hi:

 

 

Sounds like "apples" vs. "oranges"?

 

This discussion is about malware database updates before a manual anti-malware scan against zero-hour malware threats, not Operating System updates (or even MBAM program updates, which may be controlled separately).  See here.

I'm not sure there's much to be gained by taking this thread off-topic to discuss Win10.

 

 

But I guess we'll need to wait for a staff member to provide additional feedback.

 

Thanks,

Its a joke, nobody have a sense of humour around here?

Link to post
Share on other sites

I strongly agree with the OP. Having the option to not update the database should be allowed. There are many legit reasons to not have an active online connection. That shouldn't prevent the user from being able to run a scan.

 

Yes it's risky not having the latest database, but it's also risky not allowing MBAM to run simply because it can't update at the moment.

 

If it's that important, then have the program display a clear warning saying that the database may not be the most recent one available, but then let the user take the risk of scanning with an out-of-date database. After all, it's their machine!

Link to post
Share on other sites

Hello--

 

You should not have to be online to perform a scan, which means you are not required to update when you don't have a connection.  While we strongly recommend an update before a scan, and thus built it into the default scan flow, if you are offline/not connected you should still be able to perform a scan with whatever the latest databases are that are available on your system.  The first phase of the scan "Checking for updates" will simply fail gracefully and the scan will move on to the next phase automatically.

 

If you are not seeing this behavior, then there is something else going on.  We have been investigating numerous issues around database updates, and there are known problems with attempting to update while running in a limited user account.  We hope to have these problems addressed in our next patch release.   :)

Link to post
Share on other sites

Hello--

 

You should not have to be online to perform a scan, which means you are not required to update when you don't have a connection. <<<<<SNIP>>>>>>

If you are not seeing this behavior, then there is something else going on. :)

 

OP again, thanks for the reply. If the MBAM people are aware of this issue great. That was the intention.

Link to post
Share on other sites

Yeah, Windows 10 has nothing to do with this.  You can opt out of checking for program updates.  People who are hell-bent on using the old version do that.  They lose the ability to use a newer detection engine, but if that's OK with them, its OK with us.  Database updates are another story.  Using an old database during a scan is the same as asking a hacker to cut you some slack.  Their advantage is a zero-day attack, and YOUR advantage is an updated database which guards against that.

 

Anti-virus programs take a while to analyze, verify and post signatures to guard against new threats.  By that time, the hacker has made as much money (or gathered as much information) as he expected to, retired that attack vector and moved to a new one.  Malwarebytes is quite often the first program to guard against a new attack vector.

 

The bottom line is...who do you want to trust, Malwarebytes or the attacker.  It is, ultimately, up to you.

 

EDIT:  If you haven't noticed this setting yet, check out the screenshot.

If you select this setting, MalwareBytes will still ignore it from time to time.  To get rid of the annoying popup (several times a day), 1) make sure "Check for program updates..." is checked, 2) go to "Advanced Settings" and turn off "Enable self-protection early start" and then turn off "Enable self-protection module", 3) go to "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" and delete "mbam-setup.exe" (what triggers the popups), 4) go back to "Advanced Settings" and turn back on "Enable self-protection module" and "Enable self-protection early start" if you wish those protections (I recommend them), and enjoy no more nags for a while until the software chooses to ignore the setting again.  As for why I choose to update on my schedule, MalwareBytes ruined my Christmas / New Year's vacation by releasing a fatal update to all of my clients' computers on 2012/12/27 (verison 1.70.1.1100) which rendered all of their computers unable to boot up.  Also, the current version (2.1.8.1057 2015/06/29) does not work on many computers (massive crippling delays causing boot times to exceed an hour or not boot at all except Safe Mode) requiring them to continue using 2.1.6.1022 2015/04/21.  These reasons are why I always update security software manually after testing the updates on unimportant computers in my lab.  I always keep definitions updating constantly (exclusively use the Pro edition) and add an update for 5 minutes after boot to the schedule.

Link to post
Share on other sites

  • 1 year later...
On 8/26/2015 at 7:12 PM, DeGraff said:

If you select this setting, MalwareBytes will still ignore it from time to time.  To get rid of the annoying popup (several times a day), 1) make sure "Check for program updates..." is checked, 2) go to "Advanced Settings" and turn off "Enable self-protection early start" and then turn off "Enable self-protection module", 3) go to "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" and delete "mbam-setup.exe" (what triggers the popups), 4) go back to "Advanced Settings" and turn back on "Enable self-protection module" and "Enable self-protection early start" if you wish those protections (I recommend them), and enjoy no more nags for a while until the software chooses to ignore the setting again.  As for why I choose to update on my schedule, MalwareBytes ruined my Christmas / New Year's vacation by releasing a fatal update to all of my clients' computers on 2012/12/27 (verison 1.70.1.1100) which rendered all of their computers unable to boot up.  Also, the current version (2.1.8.1057 2015/06/29) does not work on many computers (massive crippling delays causing boot times to exceed an hour or not boot at all except Safe Mode) requiring them to continue using 2.1.6.1022 2015/04/21.  These reasons are why I always update security software manually after testing the updates on unimportant computers in my lab.  I always keep definitions updating constantly (exclusively use the Pro edition) and add an update for 5 minutes after boot to the schedule.

I made an account just to thank you for this answer! This is the solution that I was looking for. I assume you mean to un-check the "Check for program updates..." setting. This post is the Best Answer/Solution in my opinion.

On a side note, all of these comments about MB definitions needing to be updated to protect you from zero-days is BOGUS. Nothing that uses definitions to check for malware can reliably stop a true zero-day attack, because a zero-day is something that by definition has not been seen before! A heuristic scan would have a better chance of detecting something like that, but heuristic detection shouldn't need updated malware signatures to operate, so the people who keep saying that updating definitions will protect you against zero-days seem to just be spreading misinformation.

Link to post
Share on other sites

Hello and welcome @bagmenot

This is quite and old topic you replied to, but still a valid answer as posted by @gonzo in post #6 above which also includes a screen shot of the setting.

Some folks like to stay on older versions, and that is totally up to you of course, however the newer versions have more features and better scan engines.

Link to post
Share on other sites

  • Staff
4 hours ago, bagmenot said:

I made an account just to thank you for this answer! This is the solution that I was looking for. I assume you mean to un-check the "Check for program updates..." setting. This post is the Best Answer/Solution in my opinion.

On a side note, all of these comments about MB definitions needing to be updated to protect you from zero-days is BOGUS. Nothing that uses definitions to check for malware can reliably stop a true zero-day attack, because a zero-day is something that by definition has not been seen before! A heuristic scan would have a better chance of detecting something like that, but heuristic detection shouldn't need updated malware signatures to operate, so the people who keep saying that updating definitions will protect you against zero-days seem to just be spreading misinformation.

This would be true except we have heuristic type defs in our database. Our defs are forward looking based on the malware we have already seen.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.