Jump to content

How useful would be patch scanning in MBAE?


pbust

Recommended Posts

Depending upon its implementation, anywhere from a 9 to 10 :P

 

The reason I say on implementation is that PSI, while very handy and good, still does not catch everything (and has more than a couple FPs), and being JAVA based as it was (at least in the past) it is simply slow as all get out sometimes.  Other times, it already has results for me as soon as I press the scan button.

 

I also use FileHippo for watching for normal program updates, and I'm using Beta / pre-release versions of many stock programs on my system, hence my lack of need for running PSI all that often.

 

But if you were to look into providing this feature in MBAE, that would be super awesome, and I'd love to take it and run it through the hoops for extensive testing.

Link to post
Share on other sites

How useful (1 not at all and 10 omg we gotto have this now!) would it be to have vuln/patch/outdated software scanner within MBAE?

[rant]

 

As amazing as a patch/outdated feature could be, this might be considered "feature creep" and it might best be taken on as a separate application who's on-going support would probably require several people's efforts.

 

Ask Kyle Katarn how long its been to get this far, and how much effort it takes to maintain SUMo, let alone wrestle with its database or maybe chat with Steven Burn (hpHOSTS) or maybe just have Marcin buy KC Softwares, seriously.

 

Malwarebytes doesn't necessarily need to follow a similar path like Melih Abdulhayoğlu, but the company does need to continue expansion and not depend so much on MBAM for future growth.

 

[/rant] 

Link to post
Share on other sites

In terms of exploit blocking, though, I can see a very real need to integrate patch management into the system.  Not so much with MBAM nor MBAR, but in this particular app yes.

 

Think about it - patch management would be there to help prevent exploitable programs that are unpatched.

 

What you say has merit, in that it would make the database get much, much larger - but if Pedro is speaking of patch management for only the apps that exploits are blocked for then it is still a much smaller, more focused, more specific database than something as large as SUMo, FileHippo's Update checker, PSI, etc.

Link to post
Share on other sites

I think the points made are valid but I personally get shivers when there is talk of adding function/scanning to a program designed to do one thing effectively.

I'm just saying. :)

Link to post
Share on other sites

I run Secunia all the time. The icon is almost always green.

 

Anything wrong with running it continuously?

 

Hello jadinolf:

 

I'm assuming you mean Secunia's PSI. Nothing is wrong at all running it continuously. It's helping you to stay current and out of harm's way.

 

Keep it updated.

 

HTH :)

Link to post
Share on other sites

I agree with Wilpower, I think Anti-Exploit should continue to focus on what it does best and not incorporate other functions/features that may increase CPU, Disk I/O or RAM usage. I think that's a real plus & a selling point with A-E considering it's light system requriements at the moment. It would be a real shame if that changed in my view and you wouldn't want to make the program over complicated for novice PC users too. My two cents worth anyway...

 

Cheers, Ritchie...

Link to post
Share on other sites

  • Staff

I've split this conversation into its own thread.

 

For now this is just an innocent question for my own curiosity. I do agree that for some basic users it might be useful (depending on the implementation of course) but if anything it would have to respect the same values that MBAE has, i.e. transparency, light footprint, simple UI, etc.

 

But again, this is just brainstorming.

Link to post
Share on other sites

I've split this conversation into its own thread.

 

For now this is just an innocent question for my own curiosity. I do agree that for some basic users it might be useful (depending on the implementation of course) but if anything it would have to respect the same values that MBAE has, i.e. transparency, light footprint, simple UI, etc.

 

But again, this is just brainstorming.

 

I had no doubts that you were going to keep those factors in mind.  It would not be an MB product if you didn't :P

Link to post
Share on other sites

To split the question in two:

Is a vulnerability/outdated software scanner useful when anti-expoit software is present?

A definite Yes for me. I prefer my security software to be "bored", and up-to-date software gives MBAE less work.

Should MBAE have this feature?

I'm not sure.

PRO's: Can increase the security of the computer.

Con's: any scanner failure is projected to the entire product. If the scanner fails too often it may reduce the user may start to think that the rest is not working either.

It will increase the system load. Depending on how the scanner is implemented this may be insignificant.

It will make mbae dependant on updates.

More and more software has self-update features. Rendering the proposed scanner more and more obsolete. I'm pretty sure that firefox (the browser), adobe reader, VLC and Java have these self-update features. There are probably a lot more programs that have self-update features.

Secunia PSI offers the scanning for updated software already, offering it for free for home users. Some download sites keep you alerted on software updates of programs you downloaded. Reducing the need and increasing the competition for the proposed scanner.

If malwarebytes is going to implement it I'd say it would be best to keep it simple. Don't check all programs, just the ones protected by MBAE. I don't think automatic updating would be wise. Computers differ a lot and one file/program to meet all the requirements, that never breaks a configuration, will be very hard, if not impossible, to create. (For example (sandboxie): Programs fully installed within a sandbox are near impossible to update from outside the sandbox.) So keep it with an alert, optionally with a reliable update link to the author's site and a warning to opt-out for the mcafee-security scanner. And make it a tooltip-balloon thingy, or maybe an 'action center' warming, and not a huge message like MBAM likes to show.

So far my thoughts about it at the moment.

Edit: forgot the number: Make it a 6 for the subtle warning that is very light weight.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.