Jump to content

Steve1982

Honorary Members
  • Posts

    69
  • Joined

  • Last visited

Reputation

3 Neutral

Profile Information

  • Location
    Canada

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I connect to WiFi but it's infrequent, mostly just to install iOS updates. I have unlimited LTE so prefer the extra battery life over using WiFi. I'm also not a fan of leaving WiFi on while I'm out and about, not knowing what it's reaching out to or doing while it's in my pocket ☺️ Quick question about the new version (1.4.5) that was released on June 16 ... I have the Premium version but don't use the phone or SMS blocking features, just the web protection and ad blocking features. I won't see any visible changes in the UI then right, just under-the-hood bug fixes etc. with the new version?
  2. I see a new version 1.4.5 is now available in the app store, released on June 16. Anyone install this yet? Any issues? @treed Any chance we can get the ability to auto-update "protection updates" via mobile data in a future release? I almost never connect to WiFi and have to remember to manually click the update button every now and then. Thanks!
  3. Hi @1PW Nice chatting to you again and thank you for the link to the VirusTotal scan with the hashes, much appreciated! I still use VirusTotal to scan files but file hashes published by the vendor help verify chain of custody. Signing certificates are great but basically has the same problem. You still need to verify the details of the certificate (not the somewhat useless CN but the SHA256 fingerprint, etc.) to ensure chain of custody since it's increasingly common for malware to be signed. BTW, I wrote a PowerShell script (see screenshot) that extracts the signer and counter signer certificates of the new file to a known, verified copy of the previous version and compares them to each other. That's when I noticed that the file was countersigned by a new company that I'm not really familiar with, hence my hesitation and decision to ask on the forum what the file hashes were to put my mind at ease. Better safe than sorry! πŸ˜„
  4. Hi there! Can a Malwarebytes staff member please be so kind as to post the SHA1 or SHA256 hashes of the latest MBSetup.exe file? Looks like it's v4.4.0.220. I want to verify the file hashes before I accept the UAC prompt and continue updating my v4.3 install to v4.4. Thank you!
  5. Do you guys use some of the common and widely-used ad and tracker blocking lists like EasyList or do you compile your own list from scratch? While Malwarebytes managed to eliminate a decent amount of ads it wasn't able to get rid of YouTube ads. I'm also seeing sponsored ads at the bottom of items on eBay, etc. It would be nice to have the option of adding our own block lists.
  6. Hi, I noticed that the AdwCleaner cloud update server(s) are frequently down/unavailable, especially over weekends. I confirmed the issue from multiple PC's in multiple networks so it's not a problem with my network. AdwCleaner then resorts to using the local copy of it's definitions which is the copy that comes with AdwCleaner when you download it, so it's severely out of date. Two suggestions: 1) Can someone please look into the reliability/availability of the AdwCleaner cloud update servers? 2) Should the cloud update fail, it would be nice to have the option to use the definitions from the last good cloud update, as opposed to the original local copy. Thanks!
  7. Thanks @1PW over the years I always found it funny that, when I went to scan my MABAM executables at VirusTotal, the majority of the time I'd find your upvote there already. It happened so often that eventually I'd be suspicious of the file if it wasn't there. πŸ˜‚ The world has become a lot more tech savvy so I think a lot of people would actually know how to use hashes. The problem with code signing will always be that any bad actor with a couple of hundred dollars and some time on their hands can get their malware signed. So the real test of file integrity via code signing is verifying the authenticity of the certificate used to sign the code. And this is where things get a lot trickier, real quick. How do we know that the certificate used to sign the file we just downloaded, belongs to the real Malwarebytes Inc? Is simply relying on the CN good enough? At the very least you'd also want to verify the serial number and a few other details. But where are those details published so we can verify them? Suddenly we're back to things not being published on the Malwarebytes website that probably should be (at least, I haven't seen it). Anyway, I'm hoping the Malwarebytes team comes around on this. BTW, nice talking to you!
  8. A digital certificate does not prove that the file you downloaded, came from the site you downloaded it from! It simply proves that the file was signed by the holder of the certificate. What part of this is so difficult to understand? Yes, digital certificates are a very important verification, nobody is disputing this. A file hash on the other hand is just another way to validate chain of custody to me, the end user. The two compliment each other. They offer similar, but slightly different forms of verification. Stop harping on spoofed websites, it's a distraction and merely one of many scenarios in which hashes are useful. But for what it's worth ... a savvy hacker is not going to setup a fake website for "www.malwarebytes.com" when all they need to do is redirect DNS for "downloads.malwarebytes.com" or "download.toolslib.net". None of these subdomains resolve to the same server so why bother spoofing the web site when Malwarebytes aren't posting hashes? The really smart hackers aren't that stupid. So ironically, by not putting a hash on the web site Malwarebytes is literally making it easier for them. Furthermore, spoofing the site is easily defeated by posting hashes to social media. Also, it really doesn't matter that some of the other AV vendors don't publish hashes. Many vendors do. Just do the right thing, regardless. Anyway, this is getting tedious. I'm out.
  9. Apologies if it sounded like I was coming at you personally, not my intention at all. I did read the article. Let's just say that the reasons provided in the article are not compelling at all. Hashes aren't supposed to replace digital signatures as a means of verifying the integrity of an app. Period. These aren't two competing concepts, they complement each other. You can - and should! - have both. Hashes are more a chain of custody check to me personally. Also, the example provided of a web site being compromised therefore the posted hashes can also be altered to match the fingerprint of the downloaded file is not the only scenario where a hash would be useful, and in the case of Malwarebytes*, it's not even the one I'm most concerned about. I'm more concerned about bad downloads from a compromised PC (bad DNS, code injection, etc). Also, the article literally saying that keeping hashes updated is a "pain" is just cringe. Seriously? This can easily be automated. (*As an aside, it's not typical for a company like Malwarebytes to host their downloadable content on the same infrastructure as their public web site so if we assume for the sake of argument that a bad actor manages to compromise the entirety of Malwarebytes' infrastructure - downloads, web sites, update servers, etc. - plus their social media accounts where they should also be publishing the hashes, then we're talking about an extinction level event for the company).
  10. Yep I'm aware if this but I'm referring to something else ... a popup that has a summary of all the real-time detections, scheduled scan detections, and a bunch of other summary information for the month all on one screen.
  11. Me, the OP, users who asked for it over the years on the forum ... basically anyone who thinks that providing more ways of verifying a files authenticity is a good thing, not a bad thing? If a poll was conducted I'm sure most users would be in favor of it. Your reasons for not postings hashes is simply not compelling enough. We all use VirusTotal. We all check the digital signatures. Let's move beyond that. I (and many others) would like to compare vendor provided hashes too. If you don't want to, you don't have to. Forget about the users level of experience ... it doesn't matter and it's not for you to decide who is or isn't technically savvy. And forget about state actors. My original comment was just to underscore a point. State actors are the least of my concerns, and is the least likely to affect the average person. State actors target specific political opponents and/or other government entities. In the interest of time I'm not going to unpack the rest of it ... it's not that important to the topic at hand and we're just beating dead horses now. So instead of wasting more time on the thousands of hypothetical what-if scenarios we can conjure up where a hash may or may not have helped, can we please just acknowledge that some of your users would like to have the hashes posted?
  12. One of my PC's recently gave me a monthly summary in a popup when I opened Malwarebytes, and then just a few days ago it did it again. None of my other PC's running Malwarebytes have given me this popup and they're all configured more or less the same. Any idea why? Is this something that need to be activated somewhere. I quite like this feature and would like to see it on all my PC's. In fact, it would be nice to see it on demand.
  13. So how are we doing with this suggestion ... it still pains me to see this universally recognized "not good" color used to relay "all is well" πŸ˜‰
  14. This happened to me recently with one of my lifetime licenses. In the end I opened up a ticket and they fixed it for me. I too a little while though so you may have to run in trial mode for a bit.
  15. Not fake it, or match it. Just sign it using a corporate identity that looks something like "MalwareBites".
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.