Jump to content

Why isn't Malwarebytes detecting adware/toolbars any more?


Recommended Posts

There is no "settings" under the maintenance tab, but it isn't set to clean up logs because I have a whole slew of logs. I had selected to "remove" the offending items at the time of the scan so maybe that's why it isn't showing.

I just read some disturbing news about MBAM -- that it is starting to not include recognition for some PUPs in definition updates. Is this true? I sure hope not.

Link to post
Share on other sites

I read this in a very reputable computer newsletter which I have subscribed to for years and totally trust ... And which, by the way, highly recommends MBAM in every newsletter as one of their recommended programs.

They voiced concern that in the past few months MBAM has stopped detecting Ask Toolbar and Conduit as PUPs, stating that these are both malware by their definition.

They are not saying there is anything wrong with Malwarebytes and still recommend it, but voice concern that this may become a slipperly slope. They state that they have been in contact with you on this and are waiting for an explanation.

Link to post
Share on other sites

I read this in a very reputable computer newsletter which I have subscribed to for years and totally trust ... And which, by the way, highly recommends MBAM in every newsletter as one of their recommended programs.

They voiced concern that in the past few months MBAM has stopped detecting Ask Toolbar and Conduit as PUPs, stating that these are both malware by their definition.

They are not saying there is anything wrong with Malwarebytes and still recommend it, but voice concern that this may become a slipperly slope. They state that they have been in contact with you on this and are waiting for an explanation.

I'm not sure about Conduit, but as far as I know, we've never detected Ask. Ask is pretty much on par with Google and MSN/MS Bing as far as toolbars go. They always have an opt-out option in software installers and don't really do much other than show you search results from their search engine and gather statistical data (which all search engines do anyway, even if not using their toolbar as that's how they rank results and gauge the popularity of links/websites and handle their 'targeted' adverts).
Link to post
Share on other sites

  • Root Admin

Conduit is a legal service provider but unfortunately there are those that abuse it and do not follow guidelines for its distribution and use. That said we do attempt to detect and remove when possible the elements that are being used illegally.

If you or your newsletter can prove otherwise then we'll be happy to review further.

http://www.conduit.com/legal

Thanks

Link to post
Share on other sites

It's a rather vague memory right now, but I know that at some past time I ended up with something called Conduit which caused me a considerable amount of problems. I no longer remember how I got rid of it but if I recall it was not easy. Whatever it is, I did not intentionally download anything like this myself. Thank you for taking the time to post your information.

As I stated earlier, the newsletter I am speaking of state that they have contacted Malwarebytes about their concern and I'm sure they will keep their readers informed through their newsletter.

I will only add that this had been such a good, solid program and having it on my computer has made me feel considerably more secure ... So I am hoping that does not change.

Link to post
Share on other sites

  • Root Admin

No change Nikilet. Perhaps some confusion on the part of some as to what, when, why something is considered malware, PUP, or PUM. As said, when we find specific threats that have gotten onto the system that are not legit we do detect them. Sometimes though it is difficult to detect them because they're using a valid toolbar product which can make it very difficult to determine the real validity at times.

Link to post
Share on other sites

I have to come back to this subject because I have received my new newsletter (referred to as my source previously) and it states that MBAM was contacted about what appears to be a change in its detection practices and has not been heard back from. They are still waiting for a reply and don't take that as a good sign.

I depend on the people involved in this newsletter, and I absolutely trust them. If they are telling me that MBAM has stopped detection of certain things which are some of the most common forms of malware that people like me are most likely to have -- like Conduit, Babylon, Ask, etc., then I believe that because they have never steered me wrong many years of following their news and advice.

They work on peoples' computers also so I guess they sure know what they are talking about. They state that in the past these things (mentioned) all used to be detected and removed by MBAM, but that is no longer the case. I am thinking I may have stepped in to purchase the PRO version at the wrong time. It hasn't been too long ago that I purchased 3 copies of your PRO program for myself and one for my daughter, and also convinced a friend to purchase 3 copies for her 3 computers. But it would appear there is a high probability that I can no longer rely on MBAM to keep my computers clean. While they are waiting for a reply from MBAM my source is continuing to recommend your program but with the caveat that it doesn't detect everything it once did. And if they don't hear to their satisfaction what is going on I am betting they will remove it from their "recommended" programs list.

This is all very sad for me as a home user.

Link to post
Share on other sites

Like it was explained. Ill try it in another way. Ask conduit ect. ARE LEGIT programs. And they can be avoided VERY easily by watching the PRE CHECKED installs BUNDLED with 95% of all programs on the net and UNCKECK them. MBAM CANT Just remove LEGITIMATE Software from a computer that was installed with your consent ( you gave consent when you FAILED to read and UNCHECK those checks) .If a company did that to my legitimate software no matter how I choose to distribute it, They would be in court so fast it would not be funny.

Link to post
Share on other sites

Hi, Nikilet:

The other folks have pretty much "covered it", but there are also these KB topics that further explain "PUPs", "PUMs" & how to safely deal with them, if you choose to do so:

What are the 'PUP' detections, are they threats and should they be deleted?

What are 'PUM' detections, are they threats and should they be deleted?

Hope this helps, :)

daledoc1

Link to post
Share on other sites

  • 2 weeks later...

I'd like to give those who showed interest a couple of links. I still am not satisfied. I want MBAM to be the good program it always was, but if it's not I want to find something I can trust. Since these links are online for anyone to have access to, I assume it is ok to lead you to them.

 

http://thundercloud.net/infoave/new/whats-going-on-with-malwarebytes/

 

http://thundercloud.net/infoave/new/something-odd-going-on-with-malwarebytes-why-we-believe-there-is/

Link to post
Share on other sites

I moved this post here since it was completely unrelated to the false positive topic you originally posted it in. We welcome your analysis, opinions and discussions, but the false positive area is specifically for assisting users with false positives.

These items would technically be possibly false negatives (the opposite of false positives).

Link to post
Share on other sites

Well, in my opinion there are questions that were not answered, only deftly skirted around. I will not bother you guys with this any longer, but I'm sure upset over all the money I have spent on this program -- purchased three for my own house and one for my daughter, plus talked a friend into purchasing 3 licenses for her house --  and now I do not have the protection I had come to expect and count on (nor do they).

Edited by AdvancedSetup
Unknown site so external link removed.
Link to post
Share on other sites

Nikilet, please provide proof from a widely known and legit source of any anti Malware and anti virus program that provides 100% protection as you seem to want from MBAM. I've never heard of thundercloud.net and cloudlight info ave until you promoted them and I'm sure that about everyone else here had had no knowledge of them either. Is that your site? We have to wonder if all this from you was just a attempt to promote yourself and that site.

Link to post
Share on other sites

The crapware mentioned hasn't been detected in the past.
 
One has to understand what is malware.  I have spent 20 years striving to gain that understanding.  One thing that I have noticed over the years is how the general public perceives "malware".
 
Right off the bat the vast majority of people think that if it is malicious then it is a virus.  Here in the Malwarebytes' Forums I see it everyday.  People posting in the Malware Removal Forum indicating they have the; "FBI virus", "Moneypak virus" and "Google redirect virus" and posts such as ""Browser Manager" seems to be a virus?" and "Help Multiple Trojans (filename).exe contained a virus and was deleted."
 
The fact is the overarching concept for all Malicious Software is malware, not "virus".  10 years ago viruses were indeed a big deal.  In August 2003 when the Lovsan/Blaster worm was hitting anybody and everybody the number of posts made to the Microsoft News Group microsoft.public.security.virus were through the roof.  That was an Internet Worm which is a sub-class of virus because it "self replicated".  Viruses Self Replicate.  That means a malicious software is a virus when it autonomously spreads from file to file or computer to computer and needs no assistance.  The way that the Lovsan/Blaster Worm performed this was through a TCP/IP protocol over the Internet or within a Local Area Network or Wide Area Network.  In the case of the Lovsan/Blaster Worm it used TCP port 135 to exploit a vulnerability in the Microsoft construct called "RPC DCOM".  An infected computer sent out packets to other computers via TCP Port 135 to seek out vulnerable computers.  If found the Worm would attempt to exploit the vulnerability and perform what is called a "Buffer Overflow with an Elevation of Privileges".  What that means is when the Worm successfully exploited a vulnerable computer over the 'net the process would gain administrative privileges, drop an executable file on the host and execute that file thus making that PC "infected".  Once that PC was infected it then started seeking out other hosts to infect.  Thus the Internet Worm autonomously spread, replicating itself on each infected computer.  That's "viral activity".
 
But the malware arena has changed.  We don't see email transmitted viruses like Melissa anymore.  Back then creating malware was for "bragging rights".  "I just created XYZ virus that infected 20,000 hosts and cost 1 million dollars" type of boast.  Today there is a simple mantra "It's All About the Money".  Malware Today is about monetary gains not bragging rights and the virus has become marginalized.  One way or another, malware is used for monetary gain and the kind of malware that is used does not self replicate, it needs assistance, so they are trojans.
 
So that is one major misperception of malware; that all malware are "viruses".  All viruses are malware but not all malware are viruses.
 
Another misperception is that if a piece of free software shows an advertisement for a Paid-For version of that company's software then it must be "adware".  Adware is a sub-class of trojans.  A perfect example of this is the Avira AntiVir, anti virus, application.  Avira provides a "free for personal use" license for a version of their product.  However, it creates some Pop-Ups promoting its Paid-For version.  Thus many in the Freeware Community have deemed Avira AntiVir as "adware".  However that is incorrect.  If anything the Free version of Avira AntiVir is what's called "nagware" where its self promotion is nagging the user.  To be adware the application or utility has to fail to mention this activity in a End User License Agreement (aka; EULA) and not be self-promoting but promoting anything else but the application vendor.
 
Let's take that so-called "Google redirect virus".  It isn't a virus.  The malware didn't self replicate to get on the user's PC, it needed assistance such as the Vulnerability/Exploitation vector or Social Engineering.  Once on the PC, by the action of redirecting Google searches, it gets classed as adware since it is promoting anything by forcing your searches to a specified list of products or web sites.  Since it doesn't self replicate this adware is a redirect trojan.
 
So I have outlined two examples of how the general public misperceives malware.
 
A type of annoying software that falls into the concept of misperception are those that are called "Potentially Unwanted Programs" (aka; PUP).  First, one must determine if the action of the software is malicious or not.  Second is if the software properly describes its action in a EULA.  Programs that have a wrapper that is used to install a given application that provides a EULA that outlines its use and its activities and allows the user to read and accept a EULA BEFORE the application is actually installed is NOT malware.  Getting back to the simple mantra "It's All About the Money" let me mention about "affiliate" programs.  This is a case of a legitimate, non malicious, software vendor who seeks an increased user base and does so by an affiliate program.  One can become an affiliate if they sign some kind of agreement (contract) where they will get "affiliate revenue" for each user that installs the vendor's software or or block of users.  However, some affiliates either outright violate clauses in their contract or bend the rules a little.  The affiliate seeks many ways to enhance their affiliate revenue stream.  This could be by the use of spam (email, Usenet and forum) or by bundling.  Some companies create software specifically for bundling affiliate or vendor software.  For example Opencandy whose web site home page states "Increase Revenues by Recommending Great Apps".  When we have cases of bundled software that is legitimate and has a properly outlined EULA some companies (based upon various criteria) may class the bundled software or the bundling application as a Potentially Unwanted Program (PUP).

 

Another area of confusion are "risk tools" or "hack tools".  These are not viruses or trojans.  They are a class of utilities when used properly and ethically are "safe" but due to the tool's nature (what the tool can do or be used for) in the hands of a malicious actor said tool can be used maliciously.  Many of Nir Sofer's utilities fall into this category.

 

Another "grey area" software are "keyloggers".  There are legitimate keylogging application and there are malicious keyloggers.  For example a company can install a keylogger on their employee's computers to check the activity of their employees.  The laws vary in state and country jurisdictions but it is generally the case that since and employer OWNS the computers their employees use they can legally install a keylogger on an employees computer to deal with employee; risky actions, waste, theft and abuse of their system.  For example an employee accessing pornography or gambling sites.  However one can not legally install a keylogger on another's personal computer.

 

Every anti malware company sets standards for non-malicious and grey area software.  They have to weigh various criteria such as the End User License Agreement (EULA) in making the decision to make a declaration or characterization on a particular piece of software.

 

Take Conduit software.  It is not malicious and a Conduit Toolbar is an application where I, you, or any company can create our own Toolbar from Conduit software.  A kind of "roll your own" Toolbar.

 

There are times when a software company may produce a PUP where the EULA is not properly detailing its actions or an affiliate uses unethical practices to get the software installed and a anti malware vendor will flag the associated software.  But there are times when the vendor recognizes the problem and modifies its EULA and reigns in its affiliates.  The anti malware vendor may see this change in course, re-evaluate their detection, and stop detecting the software.

 

What I tried to do here is to elucidate several areas where the lay person may falsely perceive the malware arena.  I have provided examples and explanations and I hope the readers will come to a *better* understanding.

 

One more thing I want to make clear is people's perception of the "written word" on the Internet.  All too often when someone reads something that is written on the Internet they tend to believe it's true.  The fact is there is just as much misinformation written on the Internet as there is correct information.  Sometimes web sites deliberately mislead or create propaganda and sometimes they are just parroting misinformation.  One has to ALWAYS use Critical Thought, investigate the source of the information and corroborate the information with a known, reputable/vetted, source.

Link to post
Share on other sites

Conduit software is not malware.  It may be considering annoying.  If a Conduit Toolbar (and like I stated it's a "Roll Your Own" so I can make a Lipman Toolbar) is bundled in a freeware software (like IZArc) and someone "accepts" a Conduit Toolbar to be installed then there 'ya go.

 

So what if one may search Google and they "...will get a hundred links about  " Remove Conduit Toolbar and search.conduit.com (Uninstall Guide)"... " ? 

That doesn't make it malware nor malicious.  It just shows it is ubiquitous and many find it annoying.

Link to post
Share on other sites

Which "We"?????

And why do you think somebody would try to promote their products on....MBAM forum????

Indeed, this seems to be the leitmotif today "no anti virus program will provides 100% protection" , but this doesn't apply if something has been detected in the past and not anymore today.

An answer from developers would be appreciated, though.

Thank you, proton!!! I certainly am not trying to promote myself -- in fact don't even understand the meaning behind that statement. What would I be trying to promote? And I am not trying to promote my source either. They are simply a trusted source to me and they have been trying to get an answer to this situation from MBAM. I will use their contact form to email them the link to Mr. Lipman's response. 

Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.