Jump to content

Cavehomme

Honorary Members
  • Posts

    84
  • Joined

  • Last visited

Posts posted by Cavehomme

  1. By the way, from a GUI design perspective, this is another example in current apps needing to take an extra step or two or more to do the same thing. Why not simply sho all three scans on the same dialogue / window rather than clicking on "advanced"? I think you got the v3x GUI just right and v4 is a step backwards...that's my 2c worth.

  2. 25 minutes ago, LiquidTension said:

    The 3.5 version is only intended for Windows XP and Vista machines. For Windows 7 or higher, you are best served installing version 3.8.1 (download link) if you wish to revert from version 4.0. Both version 3.8.1 and 3.5 will continue to receive database updates for the foreseeable future.

    @OldMainframeGuy Thank you for providing data on the issue. We hope to have a fix available shortly. In the meantime, you may wish to keep Web Protection disabled or revert to an earlier version. See here.

    Excellent, thank you.

  3. 2 hours ago, 1PW said:

    Hello @OldMainframeGuy:

    https://downloads.malwarebytes.com/file/mb3_legacy

    Yes.  However, some of MB4's modules were rewritten to counter today's latest threats.

    IMHO you are likely better off assisting staffers/developers with your system's instability issues for your best protection.

    HTH

    Nice idea, but most of us need to crack on with our daily work and not end up beta testing below-production quality software. Don't get me wrong, I've been a MWB user since v1x probably a decade ago, but v3 and v4 releases were not tested adequately and customers took the brunt.

  4. 13 minutes ago, OldMainframeGuy said:

    I wouldn't mind going back to v3.8; it was stable.  Is it still available for download and would it receive security updates?

    Rob

    There was a v3.8 link from a mod somewhere on this site. I installed it directly over v4.x without issues. It's getting signature updates but of course no program updates.

    There's also a v3.5 legacy version for Win7 and XP which might get better support than v3.8, perhaps a mod can comment on this specific matter?

  5. 21 hours ago, exile360 said:

    Thanks a lot for the logs/dump.  If the Support team needs the full memory dump I'm sure they will let you know and provide an alternate means of uploading it (assuming you'd be willing to take the time/bandwidth to upload a file so large; I'd totally understand if you didn't want to do so).

    On the up side, based on what I've been hearing from the staff recently, it does sound as though the Developers have a handle on this issue at last and I believe they expect to have it addressed in the next update for Malwarebytes which hopefully will be arriving soon.

    There's an issue with quality control and testing again. Same thing happened when v3 came out. Concerning your proposed workaround, mine is different: revert to v3.8 until at least mid-2020 by when hopefully v4 issues are ironed out.

  6. On 1/8/2020 at 9:24 PM, Porthos said:

    Also, Since Malwarebytes believes that the only security you need active is Malwarebytes (I still disagree because how MB works and file types it does not detect) The default is to register in the security center.

    Defender will detect many threats before they are even run because MB is an on execute protection. So if the web protection misses a bad site and I download something bad Defender usually gets it before I get a chance to run it and have MB catch it.

     

    I've highlighted your text which I'm most concerned about, it means that MWB is still not a sufficient replacement for AV, or at least not for Defender. That's why I am running both, but I do also wonder that now we have just two choices for MWB status rather than three, that something subtle has been lost in the relationship between the two programs running simultaneously. In other words, my worry is that perhaps MWB does not know that it should delegate to Defender to resolve a problem, and instead may fight with it.

    Anyway, as far a v4 is concerned, it's not stable enough to run on my business laptop, this weekend it conflicted with my WiFi driver (same driver version for several months, so it's not an issue with an updated driver) and I spent an hour troubleshooting, initially thinking that the router had an issue. I've reverted to 3.8 and all is well again.

    Overall, I'm getting concerned that MWB direction is to compete with / replace WD rather than being just complementary to it. There are so many AVs out there, very well funded too, so there's no point in MWB competing with them, and there's no point in competing against Defender because it's now so good, but an extra layer to monitor and pounce is all that's needed. Loads of people are going back to Defender, so MWB would be better served by properly working alongside , or on top of Defender, rather than trying to replace it.

     

  7. 1 minute ago, Porthos said:

    If you let MB decide, it seems to always disable Defender. So now the choice of one or the other. Less confusion. Any program that registers in the security center will automatically disable Defender.

    I would prefer it to never register automatically unless activated in settings my self.

    ..so that suggest to me that losing the thoird options means that we've therefore lost some fine tuning in the co-existence of MWBP and WD...back to my original point!  :wacko:

  8. 29 minutes ago, Porthos said:

    That will not happen since Malwarebytes acts upon execution or on scan only. Defender acts on download, folder access or during scan.

    Just downloading or opening a folder with malware on it will not trigger detection. You would have to run the malicious file or manually scan it or the folder containing it.

    The component that blocks on download is the web protection blocking bad sites and IP's.

    That is why MB is compatible with most 3rd party AV programs.

    And MB will not act on the following files during a scan.

    Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

    It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

    It also does not target media files;  MP3, WMV, JPG, GIF, etc.

    Malwarebytes will detect files like these on execution only.

    Defender will get those if they are in the database or their cloud scanning detects it.

     

    That's helpful, thanks. But why the change from 3 to 2 options, and what / why have we lost as a consequence precisely?

  9. 16 hours ago, Dodgercivic said:

    @Porthos   

    @exile360

    I apologize for the disappearance but this was found by their lawyer and he brought up that this violates a part where nothing can be disclosed until after and it has taken awhile for the back and forth to state I was in the clear and this counts as research.

    As it stands the company wants to dismiss it all and is heavily claiming to our public service committee that their virus/security software can help protect and lessen the amount of spam calls if we had used it and that it maybe already to late even if we did use it before hand. Given the limit jurisdiction of the court we will most likely have to go other avenues because this court is no permitted to rule on internet or anything spam call related which is only 40-50% of our claims. One of our arguments is they failed to protect our information because people are using our name and number to call and harass people.

    Im doing my best to research as much as possible on the topic and will continue to do so. Its such a complex issue given the amount of variables/options hackers can use and how testing which is better is impossible but I know that their are cases of people being exploited and companies have no clue, don't want a clue or can do nothing about it so they keep quite on it. 

    The long story short of all this is, we have never gotten the speeds we pay for and they had us upgrade multiple times which included new routers and other equipment. Since those upgrades occurred we started to notice a connection between cuts & extremely slow internet speeds and activity on our phone line. We now have long periods where our phone is in use but not by us and we cannot dial out. THis has happened for over 2+ years now. The consistent amount of coincidences with the phone and internet show that they are linked somehow especially standing out how this all stops for a good period of time whenever we get a new router installed. Since then we have had attacks out our identities, online accounts and get at least 2-5 people per week calling us threating to stop calling, they are reporting us, calling the cops and more. 

    Its hard to explain without writing a detailed book of events. I know a good deal about robo/spam calls but to the point its reached is unbearable. The net will cut out, then shortly after our phone line will go and we cannot call out. Then other times the net speed will suddenly die to 1 or 2 MBS and our phone will ring non stop almost as if we are being used to robo call and its coming through on our line. Also If Im on the phone for long periods of time I can hear someone pick up like they are on the only other phone in the house, then when they hear me and hang up it disconnects our call completely and a large rash of spam calls to our house follows within 1-3 hours after.

    I am the only person in our house that uses a computer and I am extremely cautious! No porn, no sketchy sites and very little to no online orders. What few orders I make are from the same 4 places, never amazon or likewise sites.

     

    I do appreciate you guys chiming in with information and helping out. I would like to make this thread as open as possible to retain as much info, similar stories or anything that will help me learn more on this topic. I know we will most likely be going back after this company in another court that has more "jurisdiction" than the current one and I know they will bring up the same things against our particular complaint. 

     

    Thanks guys. Anything else that can help or I should look for is always greatly appreciated

    Clearly there are multiple issues at play here. My 2c worth, as a casual observer with 30+ years of IT and related comms real-world experience:

    - F-secure is one of the most reputable AV solutions. However, nothing is 100% secure.

    - F-secure may or may not have a spam module, but regardless, nothing is 100% secure

    - phone and scammer related issues may be related to someone breaching the "nothing is 100% secure" reality. However, since the same issues seem to be appearing for many clients of your ISP (and you will only know about those amongst your PSC grouping, but they may exist much more widely), it suggests that there might be a breach at Frontier and / or one or more of their staff might be compromised. I stress the word might, it's only a suggestion.

    - Their replies, and your focus, seems to suggest that you might be both barking up the wrong tree and the issues lays elsewhere, as per my previous point.

    The only way you can be sure is by conducting a very detailed forensic examination of BOTH all affected customers AND the ISP itself. In the real world that ain't gonna happen, so the best suggestion for you is to try and claim some damages, but more importantly walk away from the source of the apparent problem, Frontier. If that's not physically possible because there are no other option, then try to investigate the feasibility of creating your own direct link to T1 networks like the ISP do, ie. your own local ISP.

    Good luck!

     

  10. On 1/4/2020 at 3:38 PM, exile360 said:

    You can still run Malwarebytes 4 alongside Windows Defender, you simply need to disable the option under Windows Security Center in Malwarebytes under settings in the Security tab (click the gear icon in the upper right corner of the UI to access settings).  Once you do that, restart your system and Windows Defender should be active again.  We have many users running this combination without any issues so it should work on your system as well, however if you are experiencing performance issues then it is likely related to an issue with some systems and version 4 that is currently being investigated by Malwarebytes' Developers.

    Hi Exile,

    Thanks for the suggestion. However, previously in 3.x there were three options to co-exist or replace WD, but in 4x there are only two options.

    My point is the the missing option appeared to allow a fine-tuned co-existence between WD and MWBP (Premium). This missing option is -

    "Let Malwarebytes choose whether to register: Malwarebytes will determine whether it should be registered in Action Center. The program will not register when Microsoft Security Essentials is in use on a Windows 7 or older operating system. It will also not register when Windows Defender is used on a Windows 8 or newer OS."

    The remaining 4.x two options are to either a) replace WD or else b) run MWBP fully in parallel with WD. My concern about the latter is that this will lead to a fight between MWBP and WD whenever malware is spotted by both, whereas the third missing option suggests that MWBP would cede to WD whever WD decides to jump onto malware?

    Perhaps my understanding and expectations are incorrect or naive, but perhaps you can clarify the situation regarding these setting and my observations?

    Thanks,

    Cavehomme

  11. I've been a MWB premium users for many years. After the fiasco of PCs crashing for months when V3 came out, I hesitated to use v4 immediately.

    I tried it a few days ago and was disappointed that the "compatability mode" is no longer there, allowing MWB to properly run live with Windows Defender, although I understand the reasons for this. I've therefore reverted to 3.8 and will continue to run it until such a time as independent test results show it's as capable as I hope.

    For what it's worth mentioning, I also noticed some sluggishness with v4, but not the severe problems mentioned by the OP.

  12. On 11/13/2019 at 12:50 PM, exile360 said:

    Greetings,

    Unfortunately Malwarebytes does not include a firewall so you should still leave the Windows Firewall enabled when using Malwarebytes Premium.  With that said, you could install the free Malwarebytes Windows Firewall Control application which is available here.  It uses the same WFP APIs as the native Windows Firewall but allows greater control over your connections and applications and this should allow you to get your VPN client working without having to disable the firewall.

    Please let us know how it goes, and if you have any trouble you may contact the support team for Windows Firewall Control here and they will assist you.

    The Binisoft website seems not be active any longer. Is there a MWB page where I can access WFC to download please?

    When is WFC expected to be integrated into the MWB product, roughly?

  13. On 3/28/2019 at 5:56 AM, exile360 said:

    Just to add a bit of info that may be useful here; Malwarebytes doesn't whitelist any files based on certificates or signatures.  They learned a long time ago that signatures can be spoofed and one of the most common practices for years has been to replicate legitimate Microsoft file signatures and certificates to bypass detection, so Malwarebytes will actually deliberately target objects which it knows are not legitimate Microsoft files if they attempt to use Microsoft file information and/or certificates (and the same goes for other certificates, not just Microsoft's; it's just that Microsoft's are the most commonly used since it allows the bad guys to try and trick anti-malware tools and users into believing their malware files are a part of the OS).  So basically, the behavior of trying to spoof legitimate files would actually make it more likely for a threat to be targeted and detected by Malwarebytes.  It's one of those behaviors that Malwarebytes looks for in new/unknown threats.

    Just catching up and browsing, very informative answer, thanks Exile.

  14. 30 minutes ago, exile360 said:

    I don't know, to me, closed is closed, so as long as the firewall (be it the built in Windows Firewall, a WFP based front-end/replacement for the Windows Firewall using the same APIs, or a third party firewall) is keeping all the ports closed/stealthed as they should be and Windows has all the appropriate sharing/remote etc. protocols locked down/disabled (the Public profile configuration) then I don't see a real difference.  The big advantage, to me, of a third party/more granular firewall is for inside-out communications, i.e. greater control over the programs that communicate with the web.  The local network stuff that you have to be concerned with on a public Wi-Fi connection/network don't really translate to suddenly requiring a more granular firewall, at least based on what I've learned of such things.  The main thing is just keeping things closed/locked down to prevent other devices on the network from gaining access which should be fairly straightforward for any firewall and even Windows itself.

    That said, if you're dealing with the class of hacker that can and does bypass those kinds of protections on public networks, no beefed up third party firewall is going to stop them any better than the more standard WFP stuff would, and anyway, since Microsoft themselves recommend that all firewall devs use WFP they are all going to be subject to the same kinds of potential vulnerabilities that might exist in the protocol regardless of how robust their implementation might be; at least that's my take on it.

    Reference Windows Filtering Platform for more info.

    The other threat is a man-in-the-middle attack where the attacker might try to alter traffic through DNS manipulation/packet manipulation and the like, but since that takes place outside your system, no firewall is going to aid you in dealing with those kinds of threats as it all comes down to the security of the internet connection itself and so tools like VPNs and DNS encryption protocols become much more important (i.e. TOR, VPN tunneling tools, proxies, encryption protocols like DNSSEC, HTTPS, and DNSCrypt etc.).

    Thanks Exile, I'm not an expert but I've used loads of 3rd firewalls over the years and I agree with you. Adding Binisoft / MWB to WF should deal with unsolicited connection attempts I would hope, but as you say, you can probably never be 100% sure in any scenario. Unless a person is a serious amateur or a pro, and configures their firewall very tightly with many rules, I cannot otherwise see yet a benefit to a third party firewall versus WF+Binisoft/MWB to the vast majority of users. I could be very wrong and I await any more explanations from any other user to highlight any issues.

  15. 1 hour ago, Porthos said:

    It is not an extra or an additional firewall. It just gives better control of the Windows firewall that is already included in Windows.

     

    25 minutes ago, David H. Lipman said:

    On a desktop behind a NAT Router with simplistic firewall capabilities or a NAT Router with a full Firewall implementation, I agree.  The Windows Firewall is just fine.

    However...  On a portable system where you jump onto other people's networks, especially public ones, then I can see replacing the built-in Windows Firewall with a 3rd Party Firewall application.

    Why would it be less secure using Windows Firewall on a laptop connected to a public network when Windows identifies and sets the new network with a profile of "Public"?

    Why is this insecure and a third party firewall would be more secure? Genuinely interested.

  16. 10 minutes ago, Porthos said:

    It is not an extra or an additional firewall. It just gives better control of the Windows firewall that is already included in Windows.

    Hmm, perhaps that's been a bit pedantic? For me, an additional method to control WF is a "layer" 😉

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.