Jump to content

Unsigned MBAM update executables

blind12
 Share

Recommended Posts

blind12

blind12

Posted
Posted

Are the MBAM update executables supposed to be digitally signed or not?

 

I don't know how much protection a signature adds.

But I kind of recall cases where program updates have been used to introduce a payload, like Finfisher in Firefox updates or something, so I try to keep an eye on at least executable update files. I'm sure Finfisher users have no issue adding any signature to anything of course but smaller players might.

 

And how well protected are other MBAM updates, like data files?

 

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello blind12 and :welcome:
 
For the highest possible level of integrity, please download only from Malwarebytes servers. Yes - mbam-setup-2.0.4.1028.exe is self signed by Malwarebyes Corporation plus VeriSign and countersigned by Symantec Time Stamping Services and Thawte Timestamping CA.
 
To add to that level of integrity, and prior to installation, you may also upload to VirusTotal.com and closely check the validity which should lead you only to:
 
https://www.virustotal.com/en/file/3bdbcf37ad6277f09d2ac9722bbae90e16ce83ac4c5c3cb7922c0fc4ae7b3662/analysis/1419025632/

 

AFAIK, and because MBAM database updates are not scripts nor executables, those updates are not able to be digitally signed in the identical manner as installer applications.
 
 
Due to the unfortunate past actions of a few, post editing of your topic has not been enabled yet in the IP.Board software that supports this forum.

Your ability to post edit will be automatically enabled when your member ranking elevates from Members to Honorary Members upon your 100th post.

Thank you.

Link to post
Share on other sites
  • 2 weeks later...
blind12

blind12

Posted
  • Author
Posted

AFAIK, and because MBAM database updates are not scripts nor executables, those updates are not able to be digitally signed in the identical manner as installer applications.

 

Hi 1PW, this isn't a database update this time, although I did also wonder how well database updates are verified.

 

It's a program version update and an executable, 2 executables in fact. A previously privileged, signed, 20,447,074-byte "mbam-setup.exe" matching the "mbam-setup-2.0.4.1028.exe" you posted above spawned an unsigned, 706,560-byte "mbam-setup.tmp"

 

https://www.virustotal.com/en/file/6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a/analysis/

 

which then requested elevated privileges. And an unsigned executable requesting elevated privileges made me wonder.

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

If the installed has a Publisher's Certificate verifiable by the Certificate Authority (CA) then executable don't necessarily have to also have the Publisher's Certificate.

 

It is good that you are thinking about such subject matter !

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept