Jump to content

Web link in MBAM scanner interface...


Recommended Posts

The MBAM scanner interface has links to MBAM blogs:

 

post-182747-0-88843900-1423402583_thumb.

 

I like these links, but some oddities with the opened links.

 

On my system, MBAM had been started as admin by a standard user logged on, utilizing the "Run as administrator.." option of Windows 7.

 

Following the Chameleon link in the picture for example will open the default browser that inherits the program's access level. Since the program runs with local admin right, the browser will open with local admin rights without warning. That's a bad idea, even if one trust MBAM links. While the blog website in itself does not have advertisements and certainly/hopefully no malware; however, it does have twitter links. These links open in new browser tab that also have local admin access rights. Link hopping could quickly escalate without the end user realizing that the all the browser tabs have local admin rights. And these links may not be as trustworthy as MBAM sites...

 

On the other hand...

 

If the non-admin account has the default browser open, with standard access right, the MBAM link opens a new tab in this user's browser with standard access rights.

 

Shouldn't MBAM open the blog links in the default browser with standard user access rights only? Or at the very least, shouldn't it warn the end user that the browser will be opened with local admin rights?

 

Yes, I do understand that the end user need to be careful and should pay attention; however, this is easy to overlook. Especially when people are using their trusted anti-malware software and they are sort of at ease...

 

Link to post
Share on other sites

Hi:

 

We'll need to wait for a staff member to address your specific concerns.

 

In the interim, it's possible that these external links may be removed from the GUI with a future program version due to be released in the coming months.

If that happens, then some of these issues may end up being "moot". :)

 

Thanks for reporting,

Link to post
Share on other sites

 

Just make the developer change the user account access level <snip>

 

Alas, I don't know that anyone can "make" the developer do anything. :(

 

However, for prompt attention by the product development team, it might be advisable to post your product suggestion in the special forum area reserved for this purpose.

That area is here: Comments and Suggestions - Malwarebytes Anti-Malware

 

(This forum area is reserved for problems/issues with installing or running MBAM.  "Suggestions" are collected in a separate area.)

 

Again, thanks for reporting your findings and for making your thoughtful suggestions. :)

 

Much obliged,

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.