Jump to content

Recommended Posts

Here 'ya go with the technical reasons.

 

1.  First, MBAM is incapable of removing malicious code from an infected, legitimate, file

 

File infecting viruses (real viruses, not what people "think" is a virus) prepend, append or cavity inject malicious code into legitimate files.  As a virus, the infected file can, in turn, infect other files and/or systems.  Some trojans may also prepend, append or cavity inject malicious code into legitimate files.  However, in this case, the infected files don't infect other files or systems.  These are known as being "trojanized" or "patched".  In both cases, MBAM can't remove the malicious code from infected files.

 

2.  MBAM does not target documents, graphics/media or scripted files.  That means scripted files such as;  HTML, VBS, JS, JavaScipt, PHP, BAT, CMD, etc are not targeted.  Documents such as;  DOC, DOCx, XLS, XLSx, PPT, PPTx, PDF, ODF, RTF, etc are not targeted.  Mediia files such as graphics are not targeted such as;  GIF, PNG, JPG, BMP etc.  Movie files such as;  MOV, AVI, MPG, etc are also not targeted.

 

This means that MBAM will not target a MS Word document that has a Macro Virus or a movie file that is a Wimad trojan. 

 

3.  MBAM does not target exploit code.  That means malicious Java, PDF, Word files or other files that have been specially prepared to exploit a vulnerability will not be targeted. 

 

4.  MBAM targets Windows executable files.  They can be EXE, DLL, SYS and OCX.  Windows Executable files have the first two characters being 'MZ'.   Any executable file that has been renamed will still be targeted just as long as they are Windows executables where the first two characters are 'MZ'.  That means an EXE that has been renamed to have the JPG extension will still be targeted.

 

5.  MBAM is not a historical anti malware solution.  That means MBAM will not target malware that was seen in the wild in 2008, but is no longer seen in the wild.  MBAM targets new, fresh, malware seen in the wild Today.  Malwarebytes' personnel periodically cull the signatures for malware that is no longer seen in the wild and thus no longer relevant.

 

So when you take all that into account, MBAM complements a fully installed anti virus solution.  The fully installed anti virus solution is relegated to the detection of such things as a malicious JavaScript, a PDF that is using exploit code or if the site is hosting a malicious Java Jar.

 

What MBAM excels over anti virus solutions is remediating the modifications that malware makes to an Operating system.  Today's non-viral malware will greatly modify the computer they infect to change the way they work.  This could be changing file structures, NT Services or Registry modifications.  Traditional anti virus applications do poorly in reverting those changes to normal.  MBAM excels in reverting those changes to normal.

 

HTH

 

{ I could probably write more but that's good enough - for now }

Link to post
Share on other sites

  • 2 weeks later...

Sorry if I'm being obtuse, but out on the front of the site there's a quote from a user, employed as sales pitch, that says, "...forget the rest...".   In here it sounds like you're saying that, rather than "forget the rest", we should actually run three products:

1. Some other brand of antivirus,

2. Malwarebytes Premium

3. (implicitly) Malwarebytes Anti-exploit.

 

Is this a correct understanding of the gist here?

 

Thanks very much for clearing this up, either way.

Link to post
Share on other sites

It'd be a good idea for David, if acceptable to the Forum boss, to do a thorough explanation on the subject and pin it.

+100

Well done again David. May we please have your permission to reproduce with the proper attribution?

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.