Does Malwarebytes antimalware protect at all against Ransomware

[smipx013]

Hi,  I am a fully paid up user of MBAM but wanted to know if MBAM has any protection against Locky or does one have to try the Anti Ransomware beta.  If this is the case then are we going to end up in a situation where we have to have and AV + MBAM + MBARW + other programs for future issues?

If the latter then why is MBAM not incorporating Anti-Ransomware technology?

 

Sorry for being a bit thick on the subject.

Thanks

Paul

 

[John L. Galt]

The MBARW is a βeta product, meaning that it is undergoing extensive testing in real world situations by real world users, including myself.  The plan is that, after extensively testing and refining the product, it will be incorporated into a Malwarebytes product.  However, incorporating it now is both practically and economically infeasible, as it is not yet ready for general public utilization.

Hope that answers your questions.  If you have any further inquiries or would like more clarification, please do not hesitate to respond.

[Firefox]

to further add to what @John L. Galt has mentioned above, Malwarebytes Antimalware Premium does protect you against ransomeware attacks, at least the ones that Malwarebytes knows about.  It helps if you have the Premium with the IP blocker enabled as this helps in preventing from your computer going to IP addresses that are known to host the ramsomeware files.

[smipx013]

Thanks John and Firefox.  That is good to know - thanks.  I got MBAM many years ago (back in the good old days of lifetime licenses - I was an early supporter) but was a bit concerned to see other malwarebytes tools such as MBAE and MBARW (if it ever was released as a seperate commercial product) being sold alongside MBAM. It was making me think that my lifetime license against all forms of Malware was a bit of a con when half of the attack vectors might not be included in MBAM but instead in MBAE and MBARW, 

For example - if you look at the USP of MBAE it states that " Malwarebytes Anti-Exploit Premium shields browsers and software programs from attacks that exploit vulnerabilities in their code. A layer of protection that stops malware before it's delivered to your door."

well.......  Why would I need to worry about that because I have MBAM to protect me once the exploit has been delivered and tries to run?  or....   does MBAM not cover all of the exploits at run time that MBAE protects against getting into your front door in the first place.  Its a bit confusing to a dim wit like me.

Reason I ask is that I have a friend who was hit by Locky and I wanted to be sure I was safe.  I have MBAM Premium, Avast Free AV and also Office 2010 (so no automatic running of Macro's).  I also take backups weekly and never leave my external hard drive plugged in unless im actually running the backup. I also have a free Cubby account from LogmeIn to cloud backup.  I'm pretty sure I'm covered but I want to be able to advise my friends and family on the "minimum" they realistically need to be 99.xx% safe (I know you can never get to 100%). My theory is Avast Free gets me to 97%. MBAM Premium takes this up to 99.5%......  The other 0.5% is covered by me being careful and not using out of date operating systems and Office software. Problem is that its that 0.5% that I worry about for some of my family members as they are not particularly careful/knowledgeable :-)

 

 

Cheers,

Paul

 

[smipx013]

ps.  I also fix PC's for a living - full disclosure :-)   Did't want you to think I was pulling the wool over anyone's eyes.  but this does relate to my own personal MBAM and not any customer.....

 

[John L. Galt]

No worries.  I understood your concerns from the OP, and I, too, run a computer repair business on the side of my regular job.  My own version of being safe is not only backups but also full disk images via CloneZilla.  Because, well, you never know lol.  I just recently (last week, actually) decided to bite the bullet and install everything from scratch - it is painstakingly slow, as I determine what is cruft and what I need, and I make modifications to the install itself, but in the end, I get it working the way that I want it to.  For clients, it is all about the same as you describe - I often spend just as much time discussing options and explaining the need to various protections as I do actually working on their systems.  Surprisingly, over 70% of my clients have opted to purchase MBAM Premium, much much lower percentage for MBAE though.

[smipx013]

Ah - a kindred spirit :-)

I recently upgraded all my kit to W10.  Lovin it. I know a lot of people don't but I think its the Dogs B*********s  I upgraded my ancient Dell D630 to W10 and it's twice a quick as it was on W7. Also - may customers upgrade via GWX without even checking if their machines will run on it.  They don't bother disabling their AV during the process and don't "spring clean" first - may have a dud system at the other end so lots of money for me  - Thanks Microsoft :-) Giving W10 free was the best thing you ever did for my little enterprise - ha ha.......

 

 

and.... don't get me started on the Samsung Evo 850 SSD.  what a revelation that is........... 10x faster still.........  And this is from someone who hardly ever pays money out for new hardware.  I'm so cheap!!

 

[Khadijah]

In the first place you better stay safe than sorry and store back ups from your data on external hard drives for example, and that's also advice you can give friends and family. And not open any suspicious files that comes in by email. I really bothering my friends and family with my advises and press really hard on them to invest a litle of money into a premium protection to be safe. A lot of my friens come to me and ask me questions because I share a lot on my social media so I tell them the best is to instal MBAM premium in the first place.

 

[John L. Galt]

Agreed   Running WinX on all machines here as well, and loving it.

[smipx013]

Agreed Khadijh

 

[abuela]

On March-24-16 at 5:10 PM, Firefox said:

to further add to what @John L. Galt has mentioned above, Malwarebytes Antimalware Premium does protect you against ransomeware attacks, at least the ones that Malwarebytes knows about.  It helps if you have the Premium with the IP blocker enabled as this helps in preventing from your computer going to IP addresses that are known to host the ramsomeware files.

I am curious as where I can find the IP Blocker in my MBAM Premium latest version as I looked everywhere and can't find it.

TIA

Edited March 26, 2016 by abuela
clarification

[Firefox]

IP Blocker is the Malicious Website Protection feature of Malwarebytes.  sorry for the confusion

[abuela]

Ah, that explains why I couldn't find it.  Thank you Firefox!

[Firefox]

Your quite welcome, again sorry for the confusion...

[smipx013]

I wish I could test against Locky but I'm damned if I'm going to risk even allowing it into my environment to test if MBAM catches it or not.  Too much to lose...  Grrrrr.

[KenW]

There are many flavors of ransom ware. I got hit by opening a zip file in an email message. MBAM didn't catch it. My own fault because the file name

could have something I was interested in.

[Firefox]

21 hours ago, smipx013 said:

I wish I could test against Locky but I'm damned if I'm going to risk even allowing it into my environment to test if MBAM catches it or not.  Too much to lose...  Grrrrr.

My suggestion is that if you do not know what your doing and how to clean your computer after you run such tests, its best to leave the testing to experts.  Never test any malware on a live working environment.

[smipx013]

Well,

Today I got this email from Malwarebytes.  It is a little worrying because it suggests - I say suggests (I have no evidence) - that MBAM does not protect you on its own from ransomware and if you don't have MBAE then you may be at risk from this "known" ransomware.  I would have assumed that since the company knows about this exploit that the protection would be inside malwarebytes.  Nowhere does it state that if you have malwarebytes premium (on its own) that you are safe.  this is either very misleading and preying on people's fears or something is different to what we discussed above.

Adobe issued an emergency update to its Adobe Flash Player software today after researchers discovered a vulnerability that was being exploited to deliver ransomware (variants of Cerber ransomware). Flash has over one billion users, so odds are you are affected by this update.

This is exactly the type of zero-day attack Malwarebytes Anti-Exploit Premium can protect you from. So, nice work! If you're currently running Malwarebytes Anti-Malware Exploit Premium, your computer will be safe.

As a precaution, we suggest you update your Adobe Flash Player (Shockwave Flash Plugin). In addition, we also recommend you install Malwarebytes Anti-Malware Premium if you haven't already. For top security, run both Malwarebytes Anti-Malware Premium and Malwarebytes Anti-Exploit Premium, as a layered approach is the best way to keep threats off your computer.

We'd hate to see your computer compromised. Here at Malwarebytes, we pledge to keep you protected and informed about the latest issues. Your peace of mind is our number one priority.

[gonzo]

I read the email over a few times after reading your comments.  Anti-Malware and Anti-Exploit use different methods to provide protection.  Anti-Malware goes after the "what" that attacks you, but Anti-Exploit goes after the "how".  Depending on the way that the Flash exploit works (which I do not have knowledge of), blocking the "how" could (I say could) be more effective in protecting you.  If a payload morphs as a result of the way it is delivered, signatures and heuristics would need to continually monitor each component to be able to provide protection.  The more individual components of files that are continually monitored each require resources, and those resources have to come from somewhere.  Anti-Exploit's blocking of the delivery methods are more effective in a case like that.

Something that was not mentioned (and this is strictly my opinion with no implication that the company saw it this way) is that many more people know about Anti-Malware than Anti-Exploit.  Exploits like this help to spread the word about a lesser-known protection product that prevents very bad things from happening to users.

[smipx013]

I agree with your analysis however (and this is only my opinion and not a statement of fact) - It remains that MBAM should prevent this infection from causing any payload damage.  This email does not make this clear and thus is misleading.  If you remember that "most" people are not technical then they would take it at face value and a certain number of them would be scared into purchasing MBAE when they would not get infected because they are already an MBAM premium subscriber.

That is why I personally feel it is misleading.   I think its kind of sad that Malwarebytes is going down this road. I appreciate they are a commercial company trying to grow revenue and sales but, still,  this email is the thin end of a very mucky stick.  It may cause more harm to the company in the long run than good.  There are very few companies that the malware fighting community can trust (almost without question) and Malwarebytes might just be starting to move from that list to the list of "all the rest to be viewed with some caution and a pinch of salt".  That is a shame because they really know their stuff.

I'm not knocking MBAM or MBAE.  I think MBAM is an excellent product and the technical folk at Malwarebytes are all genuine and helpful people (yourself very much included) but I do worry that marketing and sales may be muddying the waters for all of your hard won work a little.

 

[KenW]

There are so many anti-malware programs around today that a little research would have helped you better than complaining here.

I consider myself a computer literate user who knows what to look for and through a simple mistake I got ransomware.

The last time was installing XP while connected to the internet.

It can happen to the best of us with GOOD security programs because the "hackers" are one step ahead ALWAYS.

Even Linux and Apple have joined Windows in the battle.

[John L. Galt]

In addition to the reply I made to your other thread, @smipx013, you have to realize that MBAM and MBAE are two different products, providing two different sorts of protection completely.  They are not competing products, but rather, complementary products.  Each does what the other does not do.

[smipx013]

I don't disagree to most comments apart from " a little research would have helped you better than complaining here "

However.  MBAM does protect against the example in the email and therefore I maintain the view that the email is misleading.  I am saying nothing more or less than that really. KenW.  I'm not sure that comment is very helpful.  I clean machines for a living and have a lot of experience making I.T. my living (26+ years in fact). I have also worked for secutity companies like Malwarebytes in teh past (in technical support and in pre-sales).

I am really hilighting this as a poor tactic on behalf of some of my customers who will likely read the email and purchase the product based on the email.  You have no idea of my expertise or experience.

[John L. Galt]

Actually, MB Anti-Exploit is what is referenced as protecting you from the Adobe Flash player payload delivery vulnerability, as opposed to MB Anti-Malware itself.

But, since you've brought it up, I can see where it can be misleading - but the last line in the email clearly states using both products for layered security.  In the end it is up to the user, because, as stated already, they are different products, providing different methods of protection.

[gonzo]

While I know that both products provide a huge amount of value, I can see how the wording of the message can be interpreted differently.  I have gotten in trouble in the past because the way someone heard what I said was not the way I meant it.  I think this although this topic is different, the results are similar.  What they are really trying to say is something like, "You can get the screw out of the widget with this flat-blade screwdriver, or with that one.  This one works best for this type of screw."  May not be the best analogy, but I hope you see what I'm trying to say.

Still, I can mention it to our Marketing folks, who are responsible for the message.  Thank you for pointing it out.