Jump to content

tdwatson

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by tdwatson

  1. Well it's certainly heartening to see quick and literate response to an issue. I goes a long way to restoring some faith in the technical end of Malwarebytes, if not the business end. I do like to try to be part of the solution if I'm going to bitch about a problem, but as stated previously, I'm not in love with the idea of sending a vendor's exe file to a third party, even with the best of intentions. I'm not in the software development biz, so I don't claim to know the in's and out's or how things are "done". I don't really have a feel for what the impact might be of having your proprietary meal-ticket shared without your knowledge. I think I'll give the vendor a call on Monday and see how they feel about it. If they're OK with it I'll submit the file. BTW, I was mistaken - it's based on SQLAnywhere, not MySQL. However, either way it's pretty common technology so I'd be curious to know why it would trigger a false positive. Regardless of the technical "why" of the false positive, I still remain aghast and indignant at the "how" that got me into this minor mess. I think it's a huge mistake on the part of Malwarebytes to dumb-down what was once a premier anti-malware tool.
  2. Thanks for posting a snip of the popup - my description was from memory and might have confused someone new to the thread. One thing that you didn't mention is how long this popup is visible before disappearing. It's a few seconds. As it is obviously most likely to appear when the user's attention is on opening their application (and Windows and other apps are constantly popping up garbage notifications in the corner), it takes a few seconds to notice, read, and comprehend. I know in my case it was just as I was saying "Oh crap!" that it disappeared. Going to Malwarebytes in the system tray DOES NOT allow you to pop it back up - you can only look at information about the quarantined program, and does NOT contain a link to View Quarantine. None of this is tragic, but neither is it helpful or intuitive. Does including explanatory text cost money? If Malwarebytes programmers have the technical ability to include a "View Quarantine" button, couldn't they apply that same skill to add a "Remove from Quarantine" button? The clueless granny that this is obviously aimed at could always NOT click on it....and the not-clueless user could... Again, this is a legitimate commercial application. Yes, it's not well known outside of the charter motorcoach industry (but very popular within), but in the end it's a MySQL based-DBMS. So where would Malwarebytes ever get a threat signature specifically targeting that shortcut? And if that's not it, how does any DBMS exhibit any malware-like heuristic qualities to trip a scanner? As for this being standard practice, I'm sure you know more about it than I do, but I've never before had something like this happen with any other piece of software in this vein. (My experience has been the opposite, with Malwarebytes and others failing to get rid of all traces of KNOWN malware). Not sure why shortcuts weren't removed in your test... but I find that more discouraging than encouraging. That tells me that what Malwarebytes is doing is even more opaque to the user - me AND you apparently - so who knows what it's going to do next? NOT the way I like to operate! Why not have a "welcome" screen on first use, explaining what the options are and allowing the user to CHOOSE? Granny could skip reading it and click on the green button, and other users could at least be AWARE and make an INFORMED choice. I do realize that the setting to automatically quarantine can be changed, but I (or any user who hasn't used it recently) obviously could not possibly know beforehand that I might want to change it! I'm not comfortable submitting an executable that I didn't personally write. It's someone else's intellectual property, and I don't think it's a user's place to give it to a third party. I realize that makes it pretty difficult for the authors of scanning software to compensate for false positives, but I also don't want to violate a vendor's T&C. An option might be to allow the user to submit the executable NAME and the vendor contact info, so Malwarebytes can get it straight from them, but that's not without problems either. Another would be to alert the vendor, but Malwarebytes isn't what it once was, and I doubt most vendors would care if it falsely detects their stuff. Myself, I'll just pass on Malwarebytes from now on. ADWCleaner replaced Malwarebytes quite a while back as my first-line scanner anyway, but I see that Malwarebytes bought ADWCleaner, so who knows what will happen with that.
  3. Hello dcollins Thanks for responding. To address your points: Premium Trial Upgrade: Offering this to users is fine, but it wasn't an "offer". I didn't have a choice. If I had been given a choice I would have declined. It wasn't "offered", it was unilaterally implemented without my knowledge or permissions, regardless of what your intentions may have been. That's NOT the right way to go about it to my mind. When I book a plane ticket in coach, they always offer me the opportunity to upgrade to business or first class, and that's fine - I can evaluate whether it's worth it to me and choose accordingly. That is an offer. Malwarebytes offered my nothing - it was imposed upon me unwittingly and unwillingly. Automatic Quarantine: This was NOT A VIRUS! It's a legitimate commercial application. It may be narrowly specific to my industry, but that is hardly uncommon - who doesn't have a piece of software that's industry-specific? Merely originating from an unfamiliar vendor does not make an application a virus. Further, it's simply an industry-specific MySQL based database, which is NOT A VIRUS. How is MySQL and derivatives thereof viruses? It's not even web-aware beyond being able to connect to SMTP! The upshot of this is that Malwarebytes isn't up to the task of identifying viruses if it determines that MySQL databases qualify as such. Therefore, it should not automatically quarantine by default, because it doesn't possess the heuristic chops to make that decision. Un-quarantine Items: This is unacceptable presumption that serves no purpose! YOU know better than I DO what I want action to take??? A Start menu link to an executable that is quarantined can do no harm whatsoever, so it has no security purpose. Giving the USER the OPTION to delete these items... "offer" it to them, as it were... would be not only more useful, but more in line with how security software generally operates. Further, telling me what "should" have happened when I restored is infuriating! I know what "should" have happened - I'M HERE BECAUSE WHAT SHOULD HAVE HAPPENED DIDN'T! It's broken. What "should" have happened is for dcollins to say "OMG, it didn't restore your shortcuts? Something is broken, and we'll fix that!" ... but again, what should have happened, didn't. of·fer ˈôfər,ˈäfər/ verb verb: offer; 3rd person present: offers; past tense: offered; past participle: offered; gerund or present participle: offering 1. present or proffer (something) for (someone) to accept or reject as so desired.
  4. I created an account just to register my discontent, and then I'll be gone from the forum and from Malwarebytes. Windows 7 Pro on a Dell Vostro. Had Malwarebytes installed for the occasional scan because even careful users like me sometimes get the odd spyware because of unscrupulous vendors including unwanted stuff I didn't ask for. It's an OK free tool for that purpose. Not great, not as good as it once was, but easy to find and install, so it is (was) among the tools I use on the infrequent occasion that I run into an infected machine. (I'm the IT manager for my company, which of course leads to being the IT manager for friends and family too ;) I've never had any need or desire for Premium or it's ilk being my real-time nanny. Got a nag pop-up today that there was a new version of Malwarebytes, and I figured I might as well update, because at the time I figured an occasional scan is always a good idea. I was wrong. I kicked off the install, and when it finished it told me about the "Free trial of Malwarebytes Premium". I didn't opt for that, nor did I see any obvious method of opting out, because I most certainly would have. Said to myself "Oh well, no harm. It can run in the background and when it nags me to upgrade I'll just say no and that will be the end of it." I was wrong. This is Problem #1 - I wanted to simply apply the update to plain old Malwarebytes scan tool, but an update wasn't what was installed. It was a "free trial of Malwarebytes Premium", which was NOT expressed anywhere before installation. So, you installed something that I didn't ask for - the classic delivery system for MALWARE! The very next thing I did was open a perfectly legitimate piece of software from a perfectly legitimate vendor. I use it in my business every day, as do a lot of people in my business. The only thing that happened was that I got a pop-up that Malwarebytes had blocked it, and said pop-up promptly disappeared. I thought "OK, false positive, no big deal. I'll merely tell Malwarebytes to make an exception for this executable, and continue on my merry way." I was wrong. This is Problem #2 - With the default settings I didn't want that are applied to the software I didn't ask for, Malwarebytes takes it upon itself to Quarantine (not "block" as the pop-up stated, but Quarantine) an application without giving the user any option to exclude it. Which brings us to Problem #3 - Since I know the difference between "block" and "quarantine", it took much longer than necessary to find out where to make an exception, as at first I didn't look at the "Quarantine" tab in the dashboard - because it said it was "blocked". Clicking on the Notifications only showed me that the action was taken, with no indication whatsoever of what I could do about it. Not explanatory text, no button to undo, no links of any kind, just the option to Export the information. I finally looked at the Quarantine tab and found the entry. Here there was an "Restore" button, so I thought "Aha! Simply click that and I'm back in business!" I was wrong. (Actually, I'm not positive it said "Restore" or if it was some similar term - I've already uninstalled Malwarebytes and I'm certainly not going to install it again to get the reference correct! If someone wants to flame me for getting the label wrong, have at it troll) Anyway, after clicking the button I attempted to open my application, and it was gone from the Start menu! I checked, and the shortcut had also disappeared from my Desktop! WTF? Who do you think you are? It's one thing to block the executable from running, it's quite another to presume to remove it from MY Start menu and desktop. That's unnecessary and intrusive. Of course, I know how to go find the executable, create a shortcut in Start and on the Desktop, change the icon back to my preference, rename it to a more convenient name than the executable, etc... in other words, MANUALLY RESTORE it... kind of what a reasonable person would have expected the "Restore" button to do. OK, so you wasted some of my time with that exercise, but I can't help thinking - what if this happened to my 83 year old mother? How would some casual home user ever regain access to their perfectly legitimate application that was quarantined by Malwarebytes? The default settings in Malwarebytes Premium are a potential disaster for the user, and the most likely consumer of this type of product is the least likely to be able to extricate themselves from the problems it can cause. Look, I'm fine with you looking for a way to cash in on Malwarebytes. It's your property and there's nothing wrong with marketing it. However there IS something wrong with marketing it deceptively, which is exactly what you are doing when an "update" installs a completely different product. That's MALWARE. Maybe you should change the name to "Malware!(...bites!)"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.