Database outdated by xx Days- (or why won't MBAM auto-update the program?)

[RickNCN]

Hi all,

I recommend MBAM to all my clients and help them purchase and install it. I manage a lot of these PCs on an ongoing basis and notice a trend that MBAM is very out of date. It seems to happen when the program is old and has to be updated. After downloading the program and installing it, it will say the database is outdated by tens of days, like 30-something, 40-something days! This isn't isolated, it happens every time the program gets manually updated.

-If the program is newly installed, the database definitions seem to update by themselves just fine, until a program update is needed (installation of a new version).

-If the program is updated AND I manually click through the warning balloon to update the definitions, I think the definitions will auto-update like normal.

A- was the database outdated BEFORE the program update? (I don't think so)

B- was the program updated but it included an old (month to month and a half) old database? (doubtful)

C- if the program was just updated, why can't it go out and download and install the latest database like it normally does, day-to-day?

D- general PC users are lazy with their upkeep. This we know. A large part of what we all do is to save users from themselves. Why can't MBAM update the program itself like it can with database updates? To me this is a HUGE security hole. I run across this weekly, if not nearly daily on all the PCs I work on.

These customers of yours aren't getting the security they paid for if the program doesn't get updated, and if it does, the database is a month old. Is there any explanation for this?

-RickNCN

[AdvancedSetup]

Hi Rick

As long as nothing is wrong with the installation or setup then yes initially the updates are out of date quickly as they do contain the database that was available at the time of the build. As long as a user has an automated schedule to get updates then it should go get those updates when the time comes.

Sometimes though an antivirus or other security program can interfere with that update process so you'd want to ensure that the antivirus has any exclusions setup that may be required.

To really make sure that the system set to run properly you may need to run the following process.

MBAM Clean Removal Process

The ensure exclusions are setup for the antivirus as shown from the FAQ - Common Issues, Questions, and their Solutions

If you continue to have issues either let us know or open a ticket on the Help Desk

Thank you

[RickNCN]

Hi Ron,

Maybe you're misunderstanding the problem:

-MBAM has been installed.

-Time passes, maybe a few weeks or a month?

-An update to the *program* (not the definitions database) pops up as a balloon in the system tray "Click here to update Malwarebytes to the latest version... etc"

- The program does *NOT* update the PROGRAM by itself - at least not that I have ever seen on the dozens and dozens of PCs I've installed MBAM on. The program only updates the DATABASE by itself.

- This is a security risk - if the program is out of date, then is it no longer getting the most up to date definitions?

- After the user DOES manually update the program (a process in which it downloads and installs the new version of the PROGRAM) the balloon warning pops up that the database is 30-40+ days out of date.

- If MBAM is updating its program, I'd assume the latest definitions are packaged with the new program. Certainly they shouldn't be 30-40 days old! I know that when you download MBAM from download.com for example, the definitions database might be a few weeks old, but even THAT offers to update the defs right away, as a part of the end of the installation!

- I suppose I could leave it after manually updating the program, to update its own definitions, but why would I? There will be a gap in up-to-date coverage!

Am I missing something??

[Firefox]

The program (MBAM) notifies the user that a new version is out and needs to be updated. This is the way its designed.

Most if not all security programs operate the same way, they will not auto update the program (software) itself, user interaction is required.

If you do not update the program you will still get the latest definitions installed so there is no security risk as you put it.

When the user updates the program, yes it will have an older definition file (the one that was available when the installer was created), but after the program update is done, you are prompted to update the definition files as well. (So you being warned that its out of date is by design and so that you know you have to update the definitions).

It would take too much work to keep repackaging the install file with the latest definitions, due to the amount of times the definition files are updated (sometimes up to 10 times a day).

Hope that clears things up a bit for you....

[exile360]

Firefox is quite correct. Additionally, if you have a regular scheduled update set, once you've installed your program version update/upgrade, your scheduled update task will run at the next scheduled interval, updating the database to the latest version. I personally recommend setting your updates to occur between every 1~4 hours as we update our database quite frequently, generally between 10~20 times (occasionally more) per day.

[RickNCN]

The program (MBAM) notifies the user that a new version is out and needs to be updated. This is the way its designed.

>>Ok, yes, I understand that's the way you've designed it.

Most if not all security programs operate the same way, they will not auto update the program (software) itself, user interaction is required.

>> Trend Micro Worry Free Business Security does not make users of the client PC update the engine. They call it engine and pattern. So I assume "engine" corresponds with "program update" in MBAM and "pattern" with "database or definitions". I know of some other AV programs that do, like Avast, I think but the program updates are fairly rare. The fact that MBAM puts out program updates fairly quickly and regularly makes me feel like if I don't have the latest, I'm missing out on some advantage that has been programmed into the new version.. see next point.

If you do not update the program you will still get the latest definitions installed so there is no security risk as you put it.

>>I do understand that you still get the latest definitions. You make it sound like there's no down side to not upgrading the program. If that's true, what is the upgrade doing for us, then? I assume the updates are improving the program and if I'm not receiving the improvements, aren't I at increased risk?

When the user updates the program, yes it will have an older definition file (the one that was available when the installer was created), but after the program update is done, you are prompted to update the definition files as well. (So you being warned that its out of date is by design and so that you know you have to update the definitions).

It would take too much work to keep repackaging the install file with the latest definitions, due to the amount of times the definition files are updated (sometimes up to 10 times a day).

>> I understand it's nearly impossible to keep repackaging every time a definition file is released, but like I said in my post, after upgrading, I'm seeing a message about it being 30+ to 40+ days outdated. That seems excessive. Plus, and I may be wrong here, so correct me if I am - by default, is there a definitions update scheduled under "Protection" > "Scheduler"? I don't think there is. I'm pretty sure I add a scan and an update schedule for every new MBAM I install.

Regardless of all this detail, what it boils down to is this: I recommend MBAM and have clients purchase it and I install it. I set it up to scan and update regularly. I get called back to these clients over time, weeks or months later and almost no-one does program updates. I still go to clients that have the red square "M" icon! I will state emphatically that these people are *not* getting the protection they paid for. Are they irresponsible users? Yes. Are they ignorant users? Yes. Do I explain to each and every one of them what to look for when MBAM will eventually prompt for an update or upgrade? Yes. Do almost all of them forget what I told them a day later and are they all too scared about installing the wrong thing to touch it? Emphatically yes! I submit to you that it is your responsibility to find ways to protect clients despite themselves. I'm merely reporting to you what I see from dozens and dozens and dozens of MBAM installs that I've done and support. I see it as a failure of design that I go to a client I went to 6 months or a year or more ago and they have an old program version running. I don't buy that they're not at increased risk without the latest version. If there's no security benefit, why are you updating the program? To fix bugs? That would also fall under increased security risk I would think.

Please don't take my comments with a rude or negative tone of voice. I'm stating an argument, not trying to be "argumentative". I look forward to your response. I think MBAM is the best security software out there, that's why I'm so concerned about this issue.

[RickNCN]

One additional note - Another reason I'm thinking this way, and expecting MBAM to update itself is because we are seeing more and more programs do it - We've always had Microsoft Updates able to install themselves, but now Firefox, Chrome, and even Flash asks if it can update itself unattended.