Jump to content

Query: The difference between MWB and AV software


Recommended Posts

A virus i'd think falls into the category of malware, and since i began using it, I've had MWAB work far better then any overly costly antivirus system 

 

 

I remember hearing that "Malwarebytes is NOT a standalone antivirus solution"

But why? I've had it solve more problems then my actual antivirus, I stopped using the costly, CPU and money eating Kaspersky in exchange for a MWB license a while back, Accompanied by windows' standard antivirus.

 

So TL;DR, Why isn't MWB a standalone AV exactly,? I mean if it quacks like a duck...

Link to post
Share on other sites

See http://press.malwarebytes.org/resources/

 

There is a link there to a .PDF explaining what MBAM is exactly under Comparisons/Reviews/Tests

 

I'm afraid that one isn't Crystal Clear.

 

Aren't Viruses considered malware?

 

Is it just for the "Multi layer" bit?

Sorry about these questions, Must not sound like the smartest aspiring techie.

Unless i'm told otherwise, I'm going to imagine that i'm safe with MSE/MWAB running side by side

Link to post
Share on other sites

  • Root Admin

Here is some basic level information about this subject.

 

MALWARE | ROOTKITS | TROJANS | WORMS | VIRUS

 

One major difference is that we do not target old infections.  We target new zero hour/day infections that are found to actually be in the wild.  An actual antivirus product is able to detect and remove infections that can be many years old and no longer in the wild. 

 

 

Link to post
Share on other sites

One has to understand what Malwarebytes Anti-Malware (aka; MBAM and not MWB) targets.
 
Viruses are a specific sub-type of malware.  All viruses are malware but not all malware are viruses.  Like animal classifications there is a taxonomy to malware.
 
Viruses are malware that self replicate.  This can be; file to file, file to system, system to file or media to media.  Malware that self replicates through high level functions can be deemed worms.  For example when malware uses the AutoRun/AutoPlay OS facility it is an AutoRun Worm.  When malware uses network protocols to self-replicate they are Internet worms.  When malware prepends, appends or cavity injects malicious code into a legitimate file that file is deemed "infected".  If that now infected file can, in turn, infect other files the malware is called a File Infecting Virus.  If the now infected file can not infect other files, media or systems that file is deemed "trojanized" or "patched".
 
Malwarebytes is INCAPABLE of removing malicious code that had been prepended, appended or cavity injected into a file.  That is when a file is in its pristine state it will have a specified file size and a fixed checksum value (aka; hash).  When the file is infected with a virus or trojanized, the file size will increase and the checksum value altered. To be an anti virus application the software must be capable of removing the malicious code and bring it back to its pre-infected state.  One is completely successful IF the resultant file is returned to its original file size and checksum value.
 
MBAM does not target script files. That means MBAM will not target; JS, HTML, VBS, BAT, CMD, PDF, PHP, etc.
It also does not target document files such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.
 
What MBAM can do that traditional anti virus applications fail at is restoring modifications made to the OS by malware.  That is complex malware will not only create disk folder and file structures but will modify settings within the OS registry.  MBAM shines in reversing many of these modifications.
 
HTH

Link to post
Share on other sites

  • Root Admin

MBAM does not target script files. That means MBAM will not target; JS, HTML, VBS, BAT, CMD, PDF, PHP, etc.

That is not quite as true as it used to be. We don't analyze for content but we do target many known files that are known to be part of an infection and we remove them as part of a specific known infection.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.