Jump to content

Malwarebytes - RealTime Heuristics?


Recommended Posts

Note that Malwarebytes' is not an antivirus. It's an antimalware and designed to work alongside your existing protection by catching threats commonly missed by antiviruses.

 

It's like comparing apples and oranges. You can't compare the two. Some groups like MRG Effitas (known as Malware Research Group or just MRG) do test antiviruses, cloud antiviruses and antimalware/spyware together which is highly misleading and inaccurate. So you have to be careful on who's tests you read. I'm not familiar with any group who just tests antimalware products as there aren't very many competitors aside from SuperAntiSpyware and Spybot Search & Destroy. Most companies prefer to protect against all threats.

Link to post
Share on other sites

That makes sense, (thank you all) - 

 

DarkSnake - Thank you as well for answering my next question - every AV vendor I'm aware of tells you not to run more than one AV - I see now that MBAM's Real-Time engine isn't supposed to replace your AV, but run with it, as it protects against malware.  

 

Assuming the IT company I work for had an AV Vendor claiming that MBAM's RT protection would interfere with it's own, would anyone know of any research or documentation that I could refer to in order to build an argument to the contrary?  

 

If not I understand - I'm just doing the legwork on the research!

 

Thank you all again.

Link to post
Share on other sites

You're welcome! :)

Few other notes here that differentiates Malwarebytes' from an antivirus:

 

1. Malwarebytes' focuses only on executables (excluding java programs and script). MBAM does unpack archives which are noted by David.

 

2. Malwarebytes' only checks a file when it's executed. Long after your antivirus should have picked up.

 

Malwarebytes' research group excels at finding and writing signatures for zero day threats (threats not known) that are not known by most companies yet.

 

edit: added more clarification.

Link to post
Share on other sites

Anonymous_Network:
 
I believe Shuriken is a file level heuristic and came out in 2010 before a Zero Day, which is an action level, heuristic which I think came out in 2012. 

{ Samuel (exile360) will have to confirm and/or qualify that. }
 

th3fall3n777:
 
There are some traditional anti virus applications that don't "play well" with Malwarebytes' Anti-Malware (MBAM).  Some will even bitch when you install them complaining that MBAM is installed.  Others won't install unless you remove MBAM, install the traditional AV application and then reinstall MBAM.  For the most part, MBAM happily coexists with the vast majority of anti virus applications.
 
You are also correct it is NOT a good idea to install more than one fully installable anti virus applications that perform "On Access" and "On Demand" scanning.  But you can have one fully installed anti virus application that performs "On Access" and "On Demand" and multiple "On Demand" anti virus scanners.
 
As DarkSnakeKobra noted, MBAM targets executable binaries.  MBAM does not target script files. That means MBAM will not target JS, HTML, VBS, BAT, CMD, PDF, PHP, etc.  It also does not target documents such as; DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.  They are all relegated to traditional anti virus applications.  However what MBAM does, and does very well at, is making corrections to modifications malware makes to the OS.  Something traditional anti virus applications don't do well at.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files type can be renamed to be anything from TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.
 
HTH

Link to post
Share on other sites

There's more than Shuriken to our heuristics, but yes, our heuristics are used heavily for the real-time protection offered in the paid version of the product. Also, our Malicious Website Blocking is essentially ALL heuristics when you think about it, since it cuts off access to known sources of malware, including any new malware/new variants of malware which might be distributed using those malicious servers.

Link to post
Share on other sites

Is there any documentation available that could be used if a person were to find themselves in a debate with an existing AV vendor claiming that their product will not run properly if MBAM's RT is running simultaneously?  From my own direct experience I haven't seen a conflict in test environments - 

Link to post
Share on other sites

Also - I don't know if this would be a question that can be answered or not, but is there a chance Malwarebytes might develop any time of Remote Administration system similar to ESET's ERA system for instance?

Link to post
Share on other sites

Is there any documentation available that could be used if a person were to find themselves in a debate with an existing AV vendor claiming that their product will not run properly if MBAM's RT is running simultaneously?  From my own direct experience I haven't seen a conflict in test environments -

Not currently, no, however we have tested with every major AV for compatibility and we continue to do so every time we release a new version of our product as well as when we find out about new major releases of any of the AVs.
Link to post
Share on other sites

Also - I don't know if this would be a question that can be answered or not, but is there a chance Malwarebytes might develop any time of Remote Administration system similar to ESET's ERA system for instance?

We do for businesses, that's our Malwarebytes Enterprise Edition. It offers remote deployment and administration along with an easy to use console for managing all of your clients.
Link to post
Share on other sites

  • 3 weeks later...

Is there anyone that I could contact during business hours to discuss this in further details?  I've drafted my initial proposal encouraging my company to buy into a business license of Malwarebyte's Pro version, but they've thrown additional questions at me - I can fire them off in this forum though too, I just thought I would ask!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.