Jump to content

exile360

Experts
  • Content Count

    23,589
  • Joined

  • Last visited

Everything posted by exile360

  1. It's true. Since the launch of MB3 when all the additional modules were integrated into MBAM, particularly the anti-exploit and anti-ransomware components, Malwarebytes has pretty much become just about as bullet-proof of a protection tool as one could hope for given the current threat landscape. Over the past few years since ransoware became the primary malware threat and exploits became the primary means of infecting victims Malwarebytes has been positioned to provide a substantial and effective suite of protective layers against the threats of the day. Additionally, many of the criminals who once used malware for profit have now begun using PUPs (Potentially Unwanted Programs) to get paid by using malware to install them on users' systems, and likewise Malwarebytes with its aggressive stance on dealing with PUPs, one which leads the industry with a zero-tolerance policy for anything the community deems as being undesirable and a group of researchers dedicated to upholding their belief that PUPs should not be tolerated, has proven to make Malwarebytes the go-to tool for preventing and removing PUPs. Right now Malwarebytes is in a good place for providing well rounded layered protection against virtually all of the threats faced by users on the web each day, and if their history is any indicator when things do change, Malwarebytes will adapt to meet the new challenges of tomorrow.
  2. Greetings There's nothing wrong with continuing to use Advanced System Care or any other software classified as PUP as long as you find it useful/want it on your PC. The entire category of PUP is designed to be subjective so that users are presented the option of removing software which many in the community as well as the criteria set forth by the Malwarebytes Research team have classified as potentially undesirable so that the users who do not find it useful may easily have it blocked/removed from their system by Malwarebytes. Specifically in the case of Enigma I suggest you take a look at the article published on Malwarebytes blog here. Enigma did file, and lost, the case against Malwarebytes as the court agreed that Malwarebytes was not in the wrong in classifying their software as PUP based on public opinion of users/consumers including the easily discover-able high volume of complaints about their software from users on the web via a search of the web. Specifically in the case of ASC I believe it has more to do with their aggressive registry cleaner and some of the somewhat misleading advertising tactics they often employ in order to get installed on users' systems, including ads embedded in software download pages that make it appear as though the ad (which is a link to download/install ASC) appears to be the actual download button/link for a completely unrelated piece of software hosted on the page which is the software the user actually intended to download/install (for example, trying to download a CD burning tool from Download.com and clicking what you think is the download link/button for the software's installer but you end up with ASC because the ad tricked you due to its appearance and placement on the page). Regarding the registry cleaner, I've personally seen test results where a completely fresh installation of Windows was scanned and yet ASC still reported tons of so-called 'issues' and 'errors' to be fixed/corrected/removed even though theoretically there should be no such issues/errors on a fresh install prior to loading anything else onto the system. Besides that, there is the fact that removing obsolete registry entries doesn't actually do anything to measurably improve system performance and can often do more harm than good, especially if an entry thought to be orphaned is removed and it turns out it actually belonged to a piece of software or component which is actually still in-use/still installed. In extreme cases if a critical registry key/value is modified or removed it can render the system unbootable. Not only that, but the days of leftover registry values leading to constant error pop-ups and mysterious prompts on system startup are pretty much done and have been since Windows Vista (and really even the later days of XP prior to that) since most software vendors who received complaints about issues from customers updated their softwares' uninstallers to more carefully delete the appropriate registry values/data and unregister DLLs and other files correctly (not to mention the much improved iterations of System Restore now shipped with every Windows version which allows for more comprehensive rollback of the registry to a state prior to the software being installed). By the way, you don't necessarily need to disable detection of all PUPs in Malwarebytes to continue using ASC without having Malwarebytes flag it if you don't want to. You might instead just run a scan with Malwarebytes with ASC installed, click the checkbox at the top left of the column headers so that all detections are unchecked/cleared in the scan results screen where it lists all of the ASC PUP detections then click the Remove button and choose the Ignore and add to exclusions option when prompted on how to handle the items not marked for removal. That will add all of them to your exclusions so that Malwarebytes shouldn't detect them any more.
  3. By the way, just FYI in case anyone is curious, the reason this happened was most likely due to the nature of some of the behavior based aspects of this new plugin. It doesn't just use a database of known bad websites the way MB3's web protection does. Instead, it also looks at the page layout, content, structure and behavior and based on certain patterns of known bad sites/types of sites, it can trigger at any point it finds that the site looks like/acts like a type of site which the plugin was designed to block (tech support scam sites, phishing sites, fake/deceitful download sites hosting malware/PUPs etc.) so it may not always block/redirect the page in time to stop it from loading certain content such as downloads or even exploits which is why ideally it's best to combine the plugin with the protection in MB3 if possible because for one thing, obviously if it's a malicious download then hopefully MB3's protection will catch it and if it's an exploit then MB3's anti-exploit protection will certainly block/defeat it. That said, as long as you don't actually deliberately run anything downloaded from a site that the plugin has blocked, then the download can't hurt your system (thanks in no small part to the security built into modern browsers and Windows versions which no longer allow any automatic execution of downloaded executables without user consent nor do they even allow automatic downloads for that matter to my knowledge). So just be cautious and don't run anything that comes from such sites and you should be OK.
  4. By the way, this ties in nicely to another feature in the MB3 UI. That counter that shows the number of items scanned and threats detected/removed presents a compelling argument to any free user that adding the protection of the paid version might not be a bad idea, especially after sufficient time has passed that the numbers aren't so insignificant. It can really make one pause to consider such things when they see just how many times the software has saved their bacon.
  5. Sure, but as long as you always provide an option to disable it so that it still behaves like it used to (as a strictly on-demand scanner/remediation tool) then there should be no problem. One of the primary reasons the scheduled scan was added to the free version was because the company saw too many incidents where someone would download and install the software, proceed to clean their system with it but then never use it again, or only after a really long time once they've become infected again. So including this new scheduled scan feature keeps Malwarebytes active in a way that not only provides some basic level of security by automatically periodically checking for threats, but also reminds the user that Malwarebytes is there should they need it and of course to remind them that if they ever have the need, they can upgrade to the paid version to add additional layers of active protection to their system down the road but it accomplishes this in a way which is unobtrusive and actually beneficial to the user providing real value rather than a periodic nag to upgrade/buy a license.
  6. That's true, but only because the function of exiting Malwarebytes completely is tied to the menu entry/function in the tray. Were the code modified to allow it, the services could continue running in the background to execute scheduled scans/updates etc. without requiring the tray or any other UI components/processes to be running.
  7. I think the tray is more for easy access and notifications (the service handles the scheduler and scans now that the tray and main UI are separate processes).
  8. It's mainly for notifications and easy access. That said, you can right-click the tray and select "Quit Malwarebytes", though personally I'd prefer an option (at least for the free version) to have the app terminate upon closing enabling the user to activate/deactivate a hypothetical "Keep Malwarebytes running in tray upon closing" or "Close Malwarebytes to tray" etc. I've seen plenty of apps offer this kind of functionality/option and I think it would eliminate virtually all of the complaints about its current behavior since it would no longer require the user who does not wish for Malwarebytes to continue running in the tray to always have to perform the extra tasks/clicks to close the app via the tray icon's context menu.
  9. I think a lot of it just comes down to ad revenue and customer profiling for the purposes of theoretically improving an organization's ability to target products, services and advertisements at specific demographics. Then there's the 'high minded' stuff that some companies, like Google and Microsoft among others, attempt to accomplish via the gathering of mass data such as attempting to predict future events, political trends, societal shifts in consciousness, and of course purchasing/sales trends in consumer markets (the big reason companies like online and big box retailers always want your PII (Personally Identifiable Information). It's all about market segments, demographics and applying 'AI' (not real Artificial Intelligence, just algorithms mostly) and machine learning to big data to attempt to learn things and shape the future for the benefit of the company/organization (like changing how a website functions in order to increase ad clicks and other means of revenue generation). To a degree, even companies like Malwarebytes participate in some of these practices such as applying SEO to their website for the purposes of increasing their ranking on search engines. But to me at least those things make sense for a company. It's when they try to collect everything about everyone for no valid/justifiable reason that I tend to be bothered. Or when they attempt to manipulate data to falsely gain advantage (like using spam to increase SEO as some less scrupulous vendors/resellers/affiliates do). The way I look at it, it's a lot like tumblers in a lock. Given enough time and use, any of these 'systems' (the AIs, algorithms, databases etc.) can easily isolate and identify who and where we are based on the footprints we leave on the web. Yes, you absolutely can manipulate the data if you're careful in order to keep yourself from easily being identified. But all it often takes is access to the right connected data in order to determine precisely who we are both online and offline. I agree with your sentiments on offering more comprehensive and transparent documentation on what is collected and why. Transparency in these areas is important these days for establishing trust with the public, especially with all we've learned about what's going on out there today with big data and similar concepts/systems.
  10. I suppose that depends largely on how the individual defines spying. While the most prominent current definition of spying and spyware has certainly changed over the past several years since companies (starting largely with the likes of Google, Microsoft and Yahoo among others) began collecting massive amounts of data, both general and specific about all of the users of their software and services which has now actually reached the point where these organizations can determine and predict an incredible array of startlingly specific and accurate information about individuals thanks to all of the aggregate data collected over time that even though they haven't exactly been capturing our screens and logging all of our keystrokes (though technically they do log our searches, which themselves are technically the direct result of keystrokes, not to mention the links we click and sites we visit), the level of information they now possess could be considered downright invasive, even far beyond what would typically be harvested from an individual's system by more traditional "spyware" in the past. While most of this collected information is supposedly anonymous, it really isn't because thanks to persistent data such as cookies as well as behavioral pattern matching and things like "super cookies" and the like, they/their services/systems are fully aware for the most part of who each individual is and what they are reading/searching for/viewing/posting/clicking at any given time, what their political leanings are, their beliefs/morals/interests/hobbies/vocations etc. etc. that the idea of anonymity online is pretty much an illusion short of going to great lengths to "game the system" and/or conceal your true identity (TOR, deliberately searching for/clicking/visiting sites etc. which you have no interest in at random etc.), but even then, through the use of certain more persistent and virtually unavoidable tracking measures even that has become more difficult than ever ("ever cookies", use of DOM etc.). And of course there's all the info we volunteer on services like Facebook, Twitter, Instagram, Snapchat etc. and all the data those sites/services/organizations collect (including on other sites where they, much as Google/MS/others do, track your movements through the web). Thanks to all this, the applications we use everyday now collect more info on us than ever before as well because a certain amount of "anonymous" data collection for the purposes of improving their products/services is considered reasonable and acceptable. And while I will not argue that it isn't reasonable (because I believe it is), I do believe that some organizations collect far too much, store it for far too long and are capable of "knowing" and predicting far too much about us. That said, Malwarebytes is most certainly NOT one of those organizations, and I know for a fact through first-hand knowledge that the data they collect is specifically for that very purpose, including and especially for finding/tracking FPs and improving their detection rates, not to mention finding and tracking possible bugs/issues and areas they might improve. They have not and are not doing any sort of user "profiling" (unlike some of the organizations I mentioned previously who most definitely ARE, regardless of whether you might have an actual "account" with them and regardless of whether you happen to be signed in to said account if you have one). I believe that it is pretty much all spyware/spying, however I do not believe that the data being collected by the likes of Malwarebytes, either through their apps/plugins or websites is being used by them for any sort of nefarious purpose and that they are far more careful about what they collect, ensuring that it is truly justified and in the best interest of the customer/user in order to earn the trust that has been placed in them as a vendor/provider of security and privacy protection software. After all, it would be pretty hypocritical to offer tracker blocking in their browser plugin only to track the browsing habits of their users, don't you think? It's just not something they would do. I get why you're asking, and I'm sure they will be quite transparent about it. I just happen to have some pretty strong opinions on this subject and see far more malicious actors on the web who are generally considered benign even though the amount of information they're collecting and correlating on their users/customers is downright spooky and absurd and goes light-years beyond what any known actual spyware collects, at least in my opinion. I mean sure, if it's turning on your webcam secretly and recording through your microphone, that's definitely beyond what Google and the others are gathering, but in my opinion it's just as much of a privacy violation, especially since they don't really need to do those things to know virtually everything about you and who and what you are connected to in your online, personal, social and professional life. TL;DR: While I'm of the opinion that many "legitimate" organizations now collect far too much personal/profiling info/data, I'm certain Malwarebytes will be pretty transparent and will answer your questions adequately and I know from experience that they keep the info they collect pretty limited to what actually serves a valid purpose for improving their software and services (FPs, better detection rates, better UI/UX, improved compatibility etc.).
  11. That is correct, however I also know for a fact that right from the start, certain scripts/script types are detected or even flat out blocked by default under certain conditions (typically if executed/called by a process known to be used in exploit/drive-by attacks such as a web browser/browser plugin or extension, office application or email client app). No, Malwarebytes does not use signatures to target scripts. And frankly, I'm glad that it does not because such protection which is unfortunately typical for many AVs these days is not only outdated, but also largely ineffective against real-world script based threats and attacks. The reason I say this is because all a script file is when it comes down to it is a text file. A text file can easily be rewritten, modified and/or obfuscated/encrypted using any number of common, very easy to implement (and even automate) methods. This means that all the bad guys need to do in order to avoid having their scripts blocked by vendors who use signatures is make one or two simple modifications to their scripts to evade detection and bypass completely that layer of defense. On the other hand, if a script is blocked from being launched by the application being used by the bad guys to deploy their attack, the only choice the bad guys are left with is moving on to a completely new attack vector (in other words, they have to stop using scripts and/or stop using web browsers/plugins/emails for their attacks). I was once told by one of the Malwarebytes Developers that the Anti-Exploit layer in Malwarebytes is pretty much bullet-proof, meaning there is no known way to get past it using any exploit attack vector currently covered by it (and there are a LOT of them; you can see this if you look under Settings>Protection>Advanced Settings located under Exploit Protection in the Realtime Protection section). So basically, unless the attack vector being used is completely new (i.e. not just another obfuscated/altered re-hash of a known exploit attack vector already covered by Malwarebytes), it shouldn't be able to bypass detection and prevention by the Anti-Exploit layers in Malwarebytes 3. Not only that, but whenever a new attack vector emerges in the wild, the team goes to work analyzing it and determining if it can be generically/behaviorally secured and blocked by implementing a new exploit blocking rule or adding a previously unprotected app to the list of default protected applications and if it makes sense, they generally will proceed with implementing the new layer to further enhance protection from exploits. That means that once the bad guys get wise to the new protection in Malwarebytes blocking their exploits, they can't just encrypt/obfuscate their scripts or make some rewrites to the script file's contents to get around Malwarebytes exploit defense layer. They're forced to go back to square one and build a new attack vector from scratch that avoids using any currently shielded attack vector. For signature based protection from scripts (the typical script protection offered by most AVs which is what you see for scripts detected by vendors on VirusTotal and similar sites, and what would cause Malwarebytes to detect such files via scans were it made to do so), altering and/or obfuscating the script would be sufficient to bypass them and infect more users. In fact, it is for this reason that some threats/attacks won't even attempt to infect a system where Malwarebytes is detected as being installed, much as many will detect if the OS is running in a virtual machine (VM) and refuse to run/execute/infect the system if it is, because their targets are systems they are more likely to be successful in attacking and they don't want researchers to see their threats if they can avoid it.
  12. Some additional info, "Error 5: Access Denied" may indicate that the user account you're currently logged in as lacks administrative permissions. This means that you cannot make changes to system files/folders, system registry keys or program files/folders. If you are still unable to remove Malwarebytes via the tool Firefox linked to above, try right-clicking on it and selecting Run as Administrator then clicking Yes or Continue when prompted. Otherwise you can try restarting the computer and logging into a different user account if you have access to one that has administrative privileges and then try uninstalling normally from that user account via Programs and Features.
  13. Well, I couldn't locate anything for MB-Check, however I did find this article which shows supported switches for the MB-Clean.exe uninstall utility so you might try some of the switches listed for that to see if they also work with MB-Check. I also discovered that the older MBAM-Check.exe tool is still available, so if you find that the more recent MB-Check.exe tool does not work as desired for older (pre-3.x) versions of Malwarebytes, you might try this version and it should do the job.
  14. Yes, I do believe there are some switches supported by the tool, including one to accept the EULA and run the tool and you may also be able to determine the location where the log is stored. I'll look into it and get back to you if someone from the staff doesn't respond first.
  15. Greetings and welcome The most expedient means of getting assistance with any issues related to purchases, renewals and licensing would be to contact the Malwarebytes Support staff directly. You may do so via the options on this page. They offer support via email by filling out the form on that page or via live chat during business hours. It may also be necessary to contact Cleverbridge so if that is required, please refer to the information in the knowledgebase article posted here.
  16. You're most welcome, should you need anything else please don't hesitate to post and we'll do our best to assist .
  17. By the way, you should be able to deploy/script the mb-check.exe support tool to check the version/license status for any Malwarebytes installation among other things (it provides a ton of useful installation info). You can find the tool and info about it here as well as here.
  18. No, it wouldn't apply to 2.x as the configuration files/structure was completely rewritten for 3.0+. If I recall correctly, the license key info was still stored in the registry in 2.x as it had been in 1.x (primarily for the purpose of backwards compatibility). For 2.x you should be able to find the ID/Key values located under HKLM\Software\Malwarebytes Anti-Malware I believe.
  19. I just checked on my own system and the license status and info appears to be contained here within the following file (Vista+; the path for XP would be different): %PROGRAMDATA%\Malwarebytes\MBAMService\config\LicenseConfig.json
  20. While I cannot speak with authority about it, I assume it's much like the telemetry sent by Malwarebytes 3 when websites are blocked. It most likely sends info on the site being blocked including the domain/URL and IP address (especially useful for stats as well as seeing how the heuristics are doing since it doesn't only use a strict IP/domain database). I don't know if it sends further info such as the user agent string and/or system/OS environment info, but it might send such info as well.
  21. Greetings, Yes, this issue has been resolved. It was fixed earlier today and an update was rolled out to prevent it from happening in the future. More info can be found in this sticky topic. They've also implemented automatic checks to ensure no entry makes it into any future database update that triggered this issue.
  22. Hehe, I ran the uninstaller, killed the service via Task Manager (so the uninstall could complete), then just reinstalled and updated once the fix was published. Perhaps not as clean of a solution as the one you describe, but I didn't have to reboot my system either .
  23. Yep, it has some pretty powerful heuristics for blocking the various categories of sites/threats etc. beyond a standard block database. It's a pretty cool tool, and when combined with the web protection in Malwarebytes 3 Premium, it makes for a rather robust web security/privacy browsing solution. Not to mention the fact that it can also speed up page load times rather substantially thanks to the fact that it blocks the ads and trackers found on most sites.
  24. It shouldn't be preventing web protection from starting in MB3 Premium. They're supposed to work together alongside one another. In fact, the plugin ties into web protection when MB3 Premium is installed/active and takes over redirecting for sites blocked by MB3's database in the browser displaying its newer block/redirect info page rather than the block page normally displayed in the browser when only MB3 is installed/active. That's due to the trackers such as Google etc. which are used for telemetry and whatnot. They're present on most pages on the web (which is one of the reasons organizations like Google have so much info on browsing statistics) so you're likely to see at least a few blocks on most pages you visit. The same is true for social networking trackers such as Facebook and Twitter. They're embedded on most sites these days and are blocked by most tracker blocking utilities, including the Malwarebytes browser plugin.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.