Test: Real-Time Protection seems to be pure eyewash

[ZVAXX]

To test the Real-Time Protection, I have searched on virscan.org for some dangerous files. An example:

- the Real-Time Protection of Malwarebytes 3.0.6.1469 is completely on
- download the file "Vista Automated Activation Crack v3.0.exe" on the system drive - there was no problem, to do this!
- Custom Scan -> Malwarebytes finds (after 20 minutes with insane 83% CPU usage) in this file a virus type called "Worm.VBAgent" (the name of the virus itself is not experienced)...
This was just an example, with further tests it was the same!

Conclusion: The Real-Time Protection leaves dangerous viruses on the computer, without warning or prevent it.
I do not know what that is, but MB is in this form just great crap and completely unnecessary.

[Porthos]

1 hour ago, ZVAXX said:

To test the Real-Time Protection

Targets files on access by running the exe or scanning the exe manually. If the file is more than 3 months old it most likely wont be detected. Historical scanning has been always left to your antivirus program. MB is about ZERO DAY threats. The file you mentioned is not ZERO Day.

In plain English...If I download file name xxx to my downloads folder nothing will trigger unless I run it and it triggers one of the 4 layers of Malwarebytes protection.

Keep in mind Malwarebytes does not target all file types as well.

If you are testing its stand alone effectiveness you are going about it the wrong way.

 

@pbust

 

Edited February 7, 2017 by Porthos

[Guest]

Interesting test!

 

Therefore I have some additional questions:

Can you give some more information and details about your further tests?.Which viruses or threats weren't detected by MB3 while installing them?

Could you delete successfully the "Worm VBAgent" by MB3 after the scan?

Could you delete all other intentionally installed viruses and threats by MB3 or was that impossible for some of them?

 

Did you ever do a smiliar test with Anti-Malware 2?

 

Quote

Portos:   "Historical scanning has been always left to your antivirus program"

Hmmm...

Malwarebytes claims explicitly in their promotion for MB3, that MB3 now can substitute an antivirus program.

What's right now?

Edited February 7, 2017 by GMork

[pondus]

1 hour ago, GMork said:

Malwarebytes claims explicitly in their promotion for MB3, that MB3 now can substitute an antivirus program.

https://forums.malwarebytes.com/topic/191650-malwarebytes-30-frequently-asked-questions/#comment-1077438

 

[ZVAXX]

GMork: Well, I've given an example about what I've tested in regard of the Real-Time Protection. Inquire at virscan.org about dangerous files and try to download them somewhere. But beware of obscure pages on which such files can be downloaded! I have not written anything about it, that I would have installed such files (do not do that!). "Worm VBAgent" is by the way not the name of a virus, but MB's name for a category of pests (which I had also written, please read something more precisely). The files could be deleted after the download, yes, they were not installed, in order to be able to spread on the computer. It is, however, conceivable that some viruses will develop a life of their own after the download - and precisely for this reason they should be recognized by a Realtime Protection before or during the download.

Edited February 7, 2017 by ZVAXX

[pondus]

4 minutes ago, ZVAXX said:

"Worm VBAgent" is by the way not the name of a virus, but MB's name for a category of pests (which I had also written, please read something more precisely).

Probably because it is a signature that detect multiple variations of this worm  

[Porthos]

@ZVAXXCould you post the virus total link for that file in your original post.

[Porthos]

1 hour ago, ZVAXX said:

It is, however, conceivable that some viruses will develop a life of their own after the download

Only if they are run.

[ZVAXX]

>> Only if they are run. <<

Are you kidding me? The fact that certain viruses activate themselves, you should know in that matter (and you should not tell people the opposite)

>> Could you post the virus total link for that file in your original post. <<

This is probably not a question, but an invitation to publish illegal downloads. Are you still to rescue?
If you have problems finding one of the downloads, use a search engine. (Here you can find name variations, and here a list of other stuff - pick something out and test yourself)

[Guest]

11 hours ago, ZVAXX said:

"Worm VBAgent" is by the way not the name of a virus, but MB's name for a category of pests (which I had also written, please read something more precisely)

I've read precisely. But you didn't mention the explicit name of  the used virus. Therefore I only could use MB's general designation for it in my reply. Additonally I set it in quotation marks.

 

13 hours ago, ZVAXX said:

This was just an example, with further tests it was the same

Sorry, but your answer to my question about those further tests is far too vague and indifferent.

I didn't invite you to name the sources or links, where you got the other allegedly tested threats from, but there's no reason not telling their names here.

If you question the RTP  it's a point of fairness to call a spade a spade. By not doing that you give currency to a rumor about MB3 without a real background or evidence.

Afterthought:

I don't have any personal connection to Malwarebytes to defend their at time very buggy MB3. But critizising MB3 publicly in this forum concerning such a decisive feature like RTP you have to name precise details and facts.

[ZVAXX]

GMork: You are talking too much.
If my test has frightened you, try to understand it or leave it simple.

[Guest]

@ ZVAXX

Many thanks for your last answer.

It proves, that your either aren't able to answer in detail or you shirk a real answer.

That comes out to the same thing and sheds the corresponding light on your whole topic.

Period

[Aura]

Quote

This is probably not a question, but an invitation to publish illegal downloads. Are you still to rescue?

It is okay to provide VirusTotal report URLs here. No one can download files from VirusTotal unless they have VTi, and I can guarantee you that only trusted experts around the world have access to this. Simply members like me, Porthos, GMork, etc. don't have access to downloading files from VirusTotal. Without the report, we cannot really help you.

[ZVAXX]

Aura: It does not seem to make sense to describe a problem if it is not read. Did I write that the download is on Virus Total? Or that you have to be an expert to find such a file through a search engine? Not that I know. As far as I can see, there are two or three users who are either too comfortable or unable to use a search engine. Or begin to troll when their primitive blackmail attempts to promptly request dangerous download addresses are unacceptable.
By the way, I had also not asked for help, but pointed out a circumstance. If my information is not enough, I will not be able to help you.

[Aura]

Quote

Did I write that the download is on Virus Total?

No, but I'm asking you to upload the file on VirusTotal and post the report URL here so I can check what file you're referring to in your "problem".

Quote

Or that you have to be an expert to find such a file through a search engine? Not that I know.

No you didn't, you just misinterpreted my previous post. You seemed concerned that posting a VirusTotal report URL was "dangerous", but it isn't. Re-read my post.

Quote

Or begin to troll when their primitive blackmail attempts to promptly request dangerous download addresses are unacceptable.

There's nothing dangerous that can come out from a VirusTotal report URL. You cannot download anything from it unless you have VTi (once again, re-read my previous post).

Quote

By the way, I had also not asked for help, but pointed out a circumstance. If my information is not enough, I will not be able to help you.

And I'm trying to understand your circumstances, but for that, I need more information which you're basically refusing to give me.

[ZVAXX]

54 minutes ago, Aura said:

There's nothing dangerous that can come out from a VirusTotal report URL. You cannot download anything from it unless you have VTi (once again, re-read my previous post).

This is simply wrong.
And you repeat yourself. Endless talk. Pointless to go on.

---

What really surprised me here: Where are the users who use their minds? Obviously, the question is only one thousand times asked to get MB v.3 superficially to the - seeming - functioning. That MB does not function as promised, may be noted later. Okay, by myself. 

[Porthos]

23 hours ago, ZVAXX said:

To test the Real-Time Protection, I have searched on virscan.org for some dangerous files. An example:

Sorry I misread that you used virustotal.

There also seems to be a bit of a language barrier involved here (might be mistaken my apologies ). Is English your native language?

You are out to prove that Malwarebytes is not an anti-virus. No one here said it was. MB is designed to remeidate CURRENT threats not to be a flat file scanner like most anti-virus programs. Malwarebytes does not hold a database of every bad file there is, It only keeps CURRENT THREATS that are still being used today to infect your computer.

This debate is getting old. You are given the facts on how MB works but you seem not to understand what we are trying to tell you.

[ZVAXX]

3 hours ago, Porthos said:

Sorry I misread that you used virustotal.

No. I used MB.

3 hours ago, Porthos said:

You are out to prove that Malwarebytes is not an anti-virus

No. I have found that MB is not able to detect viruses during a download or protect the user from it.

3 hours ago, Porthos said:

Malwarebytes does not hold a database of every bad file there is, It only keeps CURRENT THREATS that are still being used today to infect your computer.

Unfortunately, I have already noticed. There are no "old" viruses that can not lead to an infection today. And if you explain to me now that MB can not prevent the download of viruses, then I would like to know why MB advertises with "MAKES ANTIVIRUS OBSOLETE Stop paying for your old, clunky antivirus." Should a virus be detected, e.g. in an email attachment, my Antivir program warns me before downloading this file (apart from that it can also scan). To this extent, it seems to be clear which program is obsolete.

[Porthos]

12 minutes ago, ZVAXX said:

"MAKES ANTIVIRUS OBSOLETE Stop paying for your old, clunky antivirus."

Many of us non staff members believe in using MB with an Anti-Virus as it has always been. Personally I use Defender.

There have been many posts( I cant look them up right now) to fully explain how MB can stop current threats with the 4 layers in the program and there are more advancements in the future.

 

@pbust can explain it better.

 

[dcollins]

Hi @ZVAXX, and thanks for reaching out with your concerns around the Real Time Protection module. I'll try to hopefully clear up some information here to see if it helps, although it will be similar to what most others in this thread have stated.

You are correct that our Real Time Protection is not going to catch most infections as soon as they are downloaded. Scanning every new file on a computer, as soon as it's put on the computer, generally requires checking the signature of the file or running heuristic scans against it. Because there are new files created on a computer all the time, this makes this process very inefficient. However when you run a threat scan on your computer, we use heuristic scans and a few other methods to identify threats, which is why this threat gets detected by a threat scan.

Where Real Time Protection really shines is when the threat tries to activate. When you download the file to your computer, nothing really happens at that point. And until something triggers that threat to run (the user double clicking it, opening the file with another program, etc), it lays dormant. However once the threat activates and tries to attack your machine, that's where Real Time Protection steps in and prevents the threat from working. It's much more efficient to keep track of what new processes and files are being actively ran on the machine, and that's just one of the things we watch for so we can catch the threat in the moment, stop it from running, and remove it before it goes any further.

This is also why we have multiple methods of Real Time Protection. Exploit protection keeps vulnerable applications like Internet Explorer, Firefox, Adobe Reader, etc from being taken over by infections when they run, while Web Protection makes sure that if threats try to download any new files from the internet, they get denied. Ransomware Protection keeps your files safe from being encrypted and Malware Protection keeps viruses and pups from taking over you machine.

Hopefully this helps clear up any questions you may have, but feel free to let me know if you have any follow ups

[ZVAXX]

dccollins: Thank you for your effort to finally contribute something substantial. According to my results, it was clear to me that only a shared strategy would allow some security. But know that the less ambitious users too, who rely on such "serious" sounding sayings like "MAKES ANTIVIRUS OBSOLETE" and pay not just little money for it? After all, it is slowly becoming clear what MB can do and what not (what can be seen in this advertisement, rather reminiscent of alternative facts). However, I have little hope that this is communicated in an honest way, where it is read.