MBAM 3.0 and av-comparatives.org

[KenW]

Just came across this thread and all I can say is "this garbage again". Seems to pop up every so often. I read through the posts to see what

crap is being posted this time. No security program will catch everything every time so comparing two programs is STUPID. I have had MBAM, Superantispyware and Outpost Security Suite each catch something the other two did not at the same time. May not prove my point to everyone,

but is good enough for me.

 

Edited March 3, 2018 by KenW

[lock]

8 hours ago, KenW said:

each catch something the other two did not at the same time

If you install 10 security suites and give it enough time , each will eventually catch something which is missed by the other 9.

So what????  Where do you stop adding "security layers"????

[KenW]

This is where people like you cause troubles. '10' is a stupid comparison. Go bother some other security program. I now have someone to add to my ignore list, #1

[dcollins]

16 hours ago, lock said:

It is not exactly an "issue".

Only if you uninstall both and run something else, you can see the difference. With both MSE and MBAM you have a delay, let's say of 0.6 sec in opening a page; "millions" of users wouldn't bother for this (like me)

Now, you install something else and the page opens instantly (let's say 0.1sec) .

So, we can say that the PC is 6 times faster.

We don't see this much of a delay in any of our testing. So once again, please provide the logs we've asked for multiple times and you haven't provided, or won't be able to reliably address your concern.

[Davidtoo]

Interesting thread, and I don't know what to make of it...but I feel perfectly secure using Kaspersky Internet Explorer as my main protection, which is probably the best if not one of the best security suites out there (no...I could care less about the alleged Russian hacking on dod computers)  and Malwarebytes Premium as secondary protection.  I have noticed Malwarebytes prevents me from going to certain malicious websites at times so I know its doing something, and truth is, I doubt much will get by Kaspersky anyway.

I've had bad experience with AV suites.  Started out with Iolo System Shield years ago, and it didn''t take long that I had to reinstall the operating system due to infections.  Then used Symantec on my Business server and workstations...it still updated definitions but apparently stopped updating the engines.  The results, after various experiences of my system being penetrated, turning off Symantec in the proces, once so bad that one of our computers was actually being used by a Hacker as a botnet, storing a thousand or so viruses.... I decided to go with the best.  Kaspersky is actually very reasonably priced if you buy an older year version and than update.  Malwarebytes I always used the free version, and it always found stuff that Symantec, etc. missed, including getting rid of those damn pups (that my wife always seemed to get).  I then picked up a malwarebytes lifetime premium license.

So the bottom line to me... even well respected companies, like Symantec...screw up, but since using Kaspersky and Malwarebytes Premium for a few years now....NOTHING has gotten through, email ways, malicious website ways or any other ways.  Would Kaspersky be enough?  Probably... but I like the secondary protection from Malwarebytes.  Kaspersky is not perfect... as Total Virus has told me, at times letting malicious links getting through the email scanner.  Of course, being wiser now, any suspicous Link I run through total virus... but I still feel better knowing that malwarebytes is there to catch something if I mistakenly click on a link that Kaspersky let through.

I'm still steaming mad at Malwarebytes trashing my hard drive last month with its defective update...but I kind of suspect that it has revised its procedures and absent a rogue employee, that's not likely going to happen again... that cost me, so far, $300 for a new hard drive and the use of a tech and of course 1.5 days of lost productivity.

 

 

Edited March 4, 2018 by Davidtoo

[exile360]

To be frank, the single greatest advantage Malwarebytes adds to your setup with Kaspersky is its signature-less exploit protection.  I've been studying and testing various security tools and AV suites/products for years, and I have honestly never seen anything so proficient at single-handedly vaporizing one of the bad guys' most frequently used attack vectors (web exploits and maliciously crafted document attachments in emails are by far the two most commonly used methods of system infiltration/infection these days and have been for at least a few years now).

The second, and one which you yourself have already commented on is the web protection component.  I'm good friends with the main Researcher that maintains the database and I know how dedicated he is to his work, how little he sleeps and how passionate he is about thwarting the efforts of those who would use the web for ill and he is very good at what he does.  Not only that, but just recently (a couple years ago or so) he finally got some help when Malwarebytes hired on some additional staff to maintain the web protection database.  This has greatly increased the level of coverage that module has for discovering and blacklisting bad websites and servers and it also means that there's at least one person working on it at every hour of the day.

To me, the other modules in Malwarebytes are just icing on the cake.  I know how good the heuristics and threat detection capabilities are in Malwarebytes standard Malware Protection component and scan engine because I used to write the tests for them for QA, and they are nothing to scoff at, and are light years beyond what's being used by most AV engines even today, not only because of the flexible and versatile syntax provided to the Research team to target threats and threat families (to counter polymorphism, a common tactic of today's malware), but also because of additional technologies designed to leave active malware no place to hide and no way to survive removal or to resurrect itself (capabilities missing from every AV I've ever used or tested and the only engine I've seen ever come close to the ability of a technically proficient human being laying hands on a system and combing it thoroughly for malicious binaries, directories and registry structures which don't belong, something I myself used to do as a PC repair tech when my hands were tied because of lackluster tools from major security vendors during a time before a product like Malwarebytes existed).  When you add to that the new smarter anomaly detection engine that was developed with 0-hour threats in mind, it only increases the proficiency of what the Malware Protection and scan engine components have to offer.  But as good as all of that is, it still doesn't come close to the effectiveness of the first two components I mentioned at preventing infection.  They're just that good.

You already mentioned PUPs, which is definitely something Malwarebytes has proven itself to be superior at eliminating when compared to the majority of tools out there thanks in no small part to Malwarebytes' aggressive stance on PUPs.

Malwarebytes also recently added the new ransomware behavior based protection component to the mix, and while it has definitely had its share of growing pains (high FP rate early on during alpha/beta testing as well as missing a few major families of known ransomware at first before it was better tuned by the Devs/Researchers), it has also proven to be a valuable asset and an effective additional layer of defense.

There are also a few modules in development/test that we can't share any info on yet which I'm very excited about.  But even without those added goodies, Malwarebytes as it is today is quite a powerful protection tool, whether used alone or alongside other layers of protection.

The incident that happened last month was unfortunate.  It exposed a critical flaw in the code of the web protection component and Malwarebytes responded quickly to not only correct the issue on the database side, but also rapidly wrote and rolled out a fix for the engine itself which prevents it from ever happening again.  They also took extensive measures to ensure that such an entry cannot possibly make it into any database update that gets pushed out to customers via automated database analysis that looks for entries matching the bad string that caused the incident in the first place.  This means that even users of older versions of Malwarebytes which don't include the engine fix don't need to worry about the issue impacting them ever again because no update like that can possibly go live.  It will be automatically flagged by the system and rejected and the Research team will immediately be alerted to the issue so that they may adjust the database accordingly and push it back out to the automated test systems to run it through the testing process again, and only when it passes all validation requirements will it be allowed to go live to the users.

[lock]

13 hours ago, exile360 said:

The second, and one which you yourself have already commented on is the web protection component

Have you seen the amount of FP's reported on "Website Blocking"???

"Thanks, the block will be removed"  is the common answer for 9 of 10 reported.

When I used MBAM, this shield was the first which I disabled.

[lock]

13 hours ago, Davidtoo said:

using Kaspersky and Malwarebytes Premium for a few years now....NOTHING has gotten through

How many detections were initiated by Malwarebytes Premium???

 

13 hours ago, Davidtoo said:

that cost me, so far, $300 for a new hard drive

So your HDD caught fire or something because of the bad update? 

[crisoliv]

Based on the amount of salt and time wasted trying to reply to every single post, this guy must be one of those social incompetents who gets overjoyed flaming and creating drama in internet forums and reddit.

[Davidtoo]

"""""I'm good friends with the main Researcher that maintains the database and I know how dedicated he is to his work, how little he sleeps and how passionate he is about thwarting the efforts of those who would use the web for ill and he is very good at what he does.  Not only that, but just recently (a couple years ago or so) he finally got some help when Malwarebytes hired on some additional staff to maintain the web protection database.  """"

 

I always assumed there is one company out there whose sole funciton is to keep track of malicious websites and who then sells that information to all other Anti-malware security companies.  That would make a lot more sense to me than every individual AV company trying to keep track itself...and I also thought to a good degree malware detection on malicious websites was pretty much automated at this point?  You mean there are people employed by malwarebytes who are constantly scanning the web looking to add malicious websites to a black listed data base?  Wow.

[exile360]

19 minutes ago, Davidtoo said:

"""""I'm good friends with the main Researcher that maintains the database and I know how dedicated he is to his work, how little he sleeps and how passionate he is about thwarting the efforts of those who would use the web for ill and he is very good at what he does.  Not only that, but just recently (a couple years ago or so) he finally got some help when Malwarebytes hired on some additional staff to maintain the web protection database.  """"

 

I always assumed there is one company out there whose sole funciton is to keep track of malicious websites and who then sells that information to all other Anti-malware security companies.  That would make a lot more sense to me than every individual AV company trying to keep track itself...and I also thought to a good degree malware detection on malicious websites was pretty much automated at this point?  You mean there are people employed by malwarebytes who are constantly scanning the web looking to add malicious websites to a black listed data base?  Wow.

Yes, his name is Steven Burn and he is the creator and maintainer of the hpHosts database.  Originally he worked independently on tracking malware sites, spam sites, ad/tracking servers etc. for the purposes of the hpHosts project which is a series of HOSTS files freely available for the purpose of blocking such sites.  Then Malwarebytes hired him on when they decided to add malicious site blocking to the protection in Malwarebytes' Anti-Malware years ago.  Since then, and thanks to the added capabilities of the web protection component in Malwarebytes, he is now able to block not only specific malicious domains/URLs (as that is a limitation of the Windows HOSTS file), but also malicious IP addresses/servers as well as entire known malware friendly IP ranges.

If you investigate the histories of the individuals who work for Malwarebytes, especially in their Research and Development departments, you'll find a veritable "who's who" of prominent members of the independent internet security and threat research community.  From the longtime MSMVP Mieke Verburgh (otherwise known as "miekiemoes") to legends like sUBs, creator of the powerful and widely used "ComboFix", and S!Ri, creator of tools like SmitFraudFix, one of the early community tools designed to deal with rogue AVs before companies like Malwarebytes came along with engines and tactics capable of dealing with them, do developers like Doug Swanson (also known as Swandog46), developer of the legendary and immensely powerful script based threat removal tool Avenger, the predecessor to the DoR (Delete on Reboot) technology build into Malwarebytes and the man responsible for laying many of the foundations of the engine and capabilities in Malwarebytes during much of its early years (along with others like Marcin and ideas from Research of course).  Bruce Harrison, the head of Research at Malwarebytes who became known early on as one of a handful of individuals capable of keeping up with and tracking down the latest threats in the industry that plague users and compromise their systems.

This trend has continued if you look at key acquisitions and hirings such as the acquisition of ZeroVulnerabilityLabs, whose co-founder Pedro Bustamante now heads R&D at Malwarebytes (current VP of Technology for Malwarebytes and head of Product and Research).  ZeroVulnerabilityLabs had developed an industry leading anti-exploit technology which has since become Malwarebytes Anti-Exploit and has of course been integrated into Malwarebytes as one of its most forward looking, proactive protection layers.  Malwarebytes also acquired popular anti-adware/anti-PUP utilities Junkware Removal Tool (JRT) and ADWCleaner to enhance the detection and removal abilities in Malwarebytes against PUPs, a step in delivering on their public statement regarding a more aggressive stance on PUPs (something they put a lot of money, time and effort into; not just lip service as such acquisitions illustrate).

There are many more.  And if you hunt through the list of Researchers, Administrators and other key employees and forum members here who work for and with Malwarebytes you'll find a lot of familiar names and avatars if you've been around the various security forums/communities throughout the years.  Malwarebytes has always been a community driven company from the very start when a young Marcin Kleczynski had a relative's computer get infected with something nasty that the usual AV tools could not remove and he found one of the free malware removal help forums where he received assistance in cleaning the system up and then turned around and started developing tools for making detecting and removing such threats easier, which eventually lead to the creation of Malwarebytes.

Even I, who am former User Advocate for Malwarebytes and prior to that, the Product Manager for Malwarebytes and many other products (originally I was PM for all products at Malwarebytes as I was the first PM for the company), and prior to that came onboard as the first QA (Quality Assurance) as I had sown a knack for finding bugs in software through my voluntary testing of alphas/betas here on the forums and due to my efforts to learn and help others here on the forums was hired straight out of their own community, and I am not the only one.

[dcollins]

Thanks for all the passionate feedback here. As our team members have made clear, we currently don't believe the way that these tests are performed indicate real-world scenarios which is where our product truly excels. That being said, we have started looking at ways to detect these types of threats without impacting our performance or database size too negatively; our primary goal is always to make sure that our users are protected from the latest threats and attack vectors. You can find a few responses from our team at the following links around our stance on this:

• https://forums.malwarebytes.com/topic/192225-mbam-30-and-av-comparativesorg/?page=4&tab=comments#comment-1220800
• https://forums.malwarebytes.com/topic/192225-mbam-30-and-av-comparativesorg/?do=findComment&comment=1154548

 
At this time, we're going to lock this thread since our stance hasn't changed recently. If there's an update around our comparison testing, we'll be sure to follow up and share that information.