Jump to content

WZZZ

Honorary Members
  • Posts

    52
  • Joined

  • Last visited

Everything posted by WZZZ

  1. Solved: No more alarm bells ringing, plus learned something new. Basically everything seems normal. Just ran the update on a different Mac. Perhaps PlistBuddy has been utilized before for other application updates, but what threw me was BlockBlock reporting PlistBuddy, which I had never encountered before, and knew nothing about. Assumed that if a new .plist (LaunchDaemon) for an update was required, it would be introduced new with the update, not modified via this utility, which is what seems to have happened. Compared the pre-update (v.4.21) to the after-update (v. 5.0.159) .plists at /Library/LaunchDaemons/com.malwarebytes.mbam.rtprotection.daemon.plist. Seeing no difference, except for what seems to be the version string at the end of each.
  2. Running MacOS Ventura. Recently opened Malwarebytes there, after not using for a while (perhaps it was the new V.5?), and was greeted by requests to allow PlistBuddy to install by Patrick Warldle's Block Block. Very puzzled about this, since, as I understand it, PlistBuddy is already installed by default, and don't understand why I was prompted to allow it on the (perhaps) Malwarebytes update. Wondering if this is now expected behavior, and if so why it is happening. Have looked through the .pkg using Pacifist and find zero re. PlistBuddy anywhere there. Pkg is Malwarebytes-Mac-5.0.159.995.pkg. Note, downloaded new install pkg, as my first reflex was to deny the Block Block request, so needed to uninstall and then reinstall. Somewhat concerned, as I wonder whether this behavior, either on update, or on reinstall is actually kosher. Thanks EDIT: Less concerning: thinking now that MWB didn't necessarily install PlistBuddy, but that it triggered its already installed executable. In any case, if this is so would like to understand why MWB needed to run PlistBuddy (which I have never, at least knowingly, run to edit plist files, and was completely unaware of until now). More on PlistBuddy: https://medium.com/@marksiu/what-is-plistbuddy-76cb4f0c262d
  3. Do not want the VPN bundle, just the MWB Premium alone. Is this possible? If so, what is the cost for 1 device?
  4. After restart at least ~3 minutes or more, vs. no restart less than a minute, sometimes 30-40 seconds. -Wondering why this is -Is the scan after restart more comprehensive, thus more accurate? Or is scan time irrelevant?
  5. What I thought was likely: as it's not a real threat Malwarebytes doesn't bother with it, ignores it. Thanks.
  6. Understand that the fast speed of the scanning tool is accomplished by knowing where to look for any known infections. However, just as a test DLd the eicar test file - sitting right on Desktop in plain sight - ran a scan and the eicar was not detected. Does this mean that any form of malware sitting right on the Desktop will be ignored, or just that Malwarebytes has been told to ignore this file wherever it appears? Thanks.
  7. Never allowed the connection, but curious to know just what would have entered had I allowed? (Another concern: Not everyone runs Little Snitch, so what happened to them as a result?)
  8. LS prompts the same here. Guess it's legitimate (checks out at VirusTotal) but since it's a first wondering why this new prompt to dev.cphostaccess.com, which appears to be used by any number of other companies, including principally Shimano bicycle. IP is to Amazon Cloudfront. Denying for two hours until I know a bit more. https://i.postimg.cc/k595zFFG/Screen-Shot-2021-12-01-at-10-56-16-AM.png
  9. WZZZ

    False positive

    Re. x704.net/bbs "alertLoop" Please remove. Nothing malicious or untoward here. Unless cookies for GDRP compliance are already saved the following appear on visit or login. I am long time member, see this block when using a browser other than Firefox where site cookies have not been saved:
  10. Thanks for the information. Relieved to hear that. Supposing also that it doesn't target the "average" user. Just your average human rights activist, journalist, dissident, etc. From https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
  11. Hi Thomas, Wondering if Malwarebytes will be covering Pegasus as on-access (as a zero-click would assume not) or even for a post infection scan. Seeing that the Mac sec update is only available for Big Sur, nothing even for Catalina. As I'm restricted to HS or Mojave, would be nice to know if Malwarebytes may offer any form of protection. https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
  12. Thanks Thomas, Al. I also used to think that vulns were OS specific. Now you've given me reason for doubt. In any case, even if I were able to upgrade to the latest and greatest OS with all the new mostly useless (at least to me) bells and whistles , due to be released in the fall - which I'm not - for better security, I wouldn't want to. Have too many 32 bit applications which I continue to rely on. I've already installed 10.14, via dosdude patcher, on this late '09 iMac, and '10 Mini, and that will have to do for situations where a supported OS is needed once 10.13 is EOL. There has to be a limit to just how much security is needed/affordable/practicable. And we all need to watch out when everything switches over to ARM!
  13. Thomas, please clarify. Doesn't keeping up to date with security updates on any of the still supported but older OSs -- currently 10.13, 1014 -- cover any of those vulnerabilities, which you are suggesting are only patched in a new system update?
  14. Nope, downloaded and tried, the new blockblock v.1.0.0 will not run on anything below 10.15. And not finding the older v.0.9.9.4, except on one of the possibly dicey download sites. Hoping it might reappear at objective-see at some point. I would think that the vast majority of Mac users are being left out, at least those that are informed that older 32 bit applications will not run on 10.15.
  15. My main OS is 10.13.6 HSierra, but I occasionally run 10.14.6 from dosdude1 on my older non-metal machines, which requires SIP to be disabled for its patches run on unsupported Macs. As a FYI, I would encourage anyone running with SIP, disabled or not, to install Patrick Wardle's blockblock, which will prevent anything newly persistently installed, which it would seem will cover a great deal of potential malware. EDIT: link to blockblock above is now to v.1.0.0, "Supported OS: macOS 10.15+" I have v.0.9.9.4, so uncertain if this new version will run on either 10.13 or 10.14. Will be testing to see. Will report back.
  16. 2.0.7 release notes? Not seeing anything anywhere.
  17. If it works on Chrome (haven't tried), wouldn't it stand to reason that it should work on Brave? Note: it does appear to function properly in all respects on Brave, except for this delay issue.
  18. Random, but on occasion delays site opening for as much as 10-15 seconds.
  19. What I would expect for most account logins, but not for an addon. 99% certain I don't think I've ever been asked for my email address to enable an already installed Firefox addon. Really obnoxious/big turnoff. Not something I would expect from this company. Especially that the prompt locks up the program until it gets an email address, and has zero information about its purpose, with no opt-out or skip. Whoever at Malwarebytes had this bright idea, doesn't belong there.
  20. Realize you're not personally advocating this, maybe notifications, but "Promotions," no thank you. For me, promotions = spam. Actually surprised to see this for Browser Guard, since haven't seen anything else Malwarebytes asking for email address, or anything re. promotions (Mac or Android.)
  21. Just reinstalled. Wasn't prompted again to enter password. Seems on again off again. Who knows. I do know that, when prompted for email address earlier, the icon was locked up with that prompt, so didn't appear to be optional.
  22. Not seeing any way to edit post above Nothing about email address in permissions:
  23. Until I know more, no way I'm giving my email address for the FF version. Installed on Brave. First install asked for email, uninstalled, reinstalled and wasn't prompted for address thereafter. Not sure what's up with the FF version.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.