Is MalwareBytes An Effective Tool?

[Panama Vet]

During the Security Now episode October 30th on TWIT TV Leo Laporte made a statement suggesting that Malwarebytes is not an effective tool.  As I recall Steve Gibson did not comment.

 

He specified Malwarebytes but I don't know if he was commenting on the advanced state of malware in general or Malwarebytes in particular.

 

http://twit.tv/show/security-now/428

 

Any response to that?

[Panama Vet]

Steve Gibson provides text transcripts of Security Now episodes as a service to the public.

 

This episode is not available now but should be soon.

 

https://www.grc.com/securitynow.htm

[hoople]

The question was about 1 hour 30 minutes in.

 

A listener was seeking recommendations for free antivirus software, and was currently using MBAM + MSE. Steve Gibson was in agreement, Leo Laporte said that all software is only a second defense against safe computing practices and will not protect you if you are executing unknown attachments and files. He believes that all security software provides a false sense of security to users who may not know better. He recommends people switch to Macs as they are not as often targets of malicious software.

 

My opinion is while user-dependent behaviour is the largest factor influencing security, telling those people to use a different OS when they can't tell the difference between OSX prompting them for their computer's password from malicious software, or phishing emails from real emails is misguided at best. They may also be propagating Windows viruses which do not currently execute on their machine.

[David H. Lipman]

Who cares what  Leo Laporte says.  How is he an authoritative source and or grounds or basis does he for a conclusion ?

 

If there is a "...statement suggesting that Malwarebytes is not an effective tool." Then that "statement" must be quoted and the facts provided.  Otherwise it is anecdotal, non-factual, hearsay information and not really worthy of a "formal response".

[GT500]

Who cares what  Leo Laporte says.  How is he an authoritative source and or grounds or basis does he for a conclusion ?

He's hosted technology-related TV shows for many years, and so many people trust his judgment and believe he knows what he is talking about. What many people may not know is that he also has a crew backstage that feeds him information through a wireless communication system that he keeps concealed while he is in front of the camera, so he sounds like he knows what he is saying.

I used to watch a couple of his shows on TechTV back before G4 ruined them. Over the years, as I have gained technical knowledge (especially about computer security), I have realized that Leo really didn't know what he was talking about, and that he was nothing more than a TV show host.

The rebuff to Leo is simple. It is possible to make any security software appear ineffective. It just depends on where you pull your test samples from. If I want to make Malwarebytes Anti-Malware look useless, I can do so. If I want to make the anti-virus software made by the company I work for look useless, I can do so. It's far too easy, especially for someone in this industry, to do that. The reason Malwarebytes Anti-Malware is so popular is because of the support of UNITE/ASAP experts who rely on it for supporting users on forums such as BleepingComputer.com and GeeksToGo.com, and if those malware removal experts have an issue with its effectiveness they can and do discuss it with Malwarebytes. These experts also have the ability to submit samples to Malwarebytes, so if they find things that are undetected, then they can easily pass that information on to the research team for analysis.

[djkatscan]

 

 Steve Gibson was in agreement, Leo Laporte said that all software is only a second defense against safe computing practices and will not protect you if you are executing unknown attachments and files. He believes that all security software provides a false sense of security to users who may not know better.

 

There is a big difference between prevention vs removal tools.  Yes, all software is a second line of defense in prevention.  But if the way it was worded made it sound like MBAM isnt effective as a tool, thats pretty misleading.