Jump to content
Rhp

Consumer Reports bad Malwarebytes review

Recommended Posts

Exactly, my point was that the entire industry has had to take a different approach because the old way of using static signatures to detect known threats doesn't work any more because threats adapt and change too rapidly for that approach to remain effective.  Malwarebytes, like the other AV/AM vendors throughout the industry, have focused more on a layered approach now because relying on signatures and massive databases no longer works to provide effective protection against live threats.  This is why Malwarebytes culling signatures out of its database for threats no longer found in the wild doesn't reduce the protection that the product provides.

Share this post


Link to post
Share on other sites
17 hours ago, exile360 said:

Exactly, my point was that the entire industry has had to take a different approach because the old way of using static signatures to detect known threats doesn't work any more because threats adapt and change too rapidly for that approach to remain effective.  Malwarebytes, like the other AV/AM vendors throughout the industry, have focused more on a layered approach now because relying on signatures and massive databases no longer works to provide effective protection against live threats.  This is why Malwarebytes culling signatures out of its database for threats no longer found in the wild doesn't reduce the protection that the product provides.

MWB can also cull those older threats because in its default / recommended configuration, it sits on top of Windows Defender which can continue to deal with the look up and isolation of older threats, if they arise. Smart.

Share this post


Link to post
Share on other sites
Just now, AP2012 said:

MWB can also cull those older threats because in its default / recommended configuration, it sits on top of Windows Defender which can continue to deal with the look up and isolation of older threats, if they arise. Smart.

Of course, but even beyond that, it is very often the case that when a threat signature is removed from the Malwarebytes database it is because it has been replaced by a superior and more advanced heuristics signature or algorithm that detects the same threat(s) as the one that was removed in addition to even more threats/threat families.  When a Malwarebytes threat researcher analyzes a malware sample and goes to work on writing a signature/def to detect it, their goal is not just to target that specific file/sample, but to target/detect as many similar samples that might exist currently, may have existed in the past, and may not even have been created yet using that single signature/definition.  This is also why, when a signature is removed from the database, even if it is solely because that threat has not been seen in the wild, it is even further justified because it doesn't mean that just that one file hasn't been seen, but any threat that the signature being removed would detect has not been seen which is generally the result of the bad guys moving on to a completely new threat/method of attack, and just like all software developers, the bad guys very seldom (practically never, really) return to their old code, because they know that because those methods/samples have already been seen by the security researchers throughout the industry, that the various AV/AM products (including Malwarebytes) will likely be able to detect it without even needing an update, and this is especially true now that Malwarebytes and other vendors are relying more and more on behavior based, signature-less detection methods, so whatever the bad guys do to attempt to evade detection, it must be something dramatically different and new, otherwise it will trip one or more of the user's layers of defense in their AV/AM product(s) and the attack will fail.

This is the very reason that Malwarebytes never tried using signatures to detect malicious scripts and exploit code, because it is far too easy to modify and/or encrypt such attacks to bypass traditional signature based detection tools, and this is also why the Exploit Protection layer in Malwarebytes is by far one of the most proactive and effective layers of defense against modern threats because changes to the malicious scripts, including advanced/custom encryption routines become irrelevant because it isn't analyzing the contents of their scripts, but instead looks directly at process behavior (such as malicious code injection, attempts at OS security layer bypass like privilege escalation, DEP violation etc., memory buffer overflow attacks etc. etc.) because no matter what the actual script/code of the exploit may look like, the basic fundamental methods of execution and infiltration to perform its malicious tasks remain constant.  This is also why the bad guys' tactics will change completely every so often where they suddenly pretty much abandon one method of attack/infection and move on to something completely different.

It's the reason we had fake/rogue AVs as one of the most common/prominent threats at one time, but today virtually none of those exist, both because security vendors have become proficient at detection/stopping them, and because users have become educated about what they are and not to fall for their tactics of extortion, so instead they moved on to what we have now which is ransomware and tech support scams, by far the two most common threats over the past couple of years (not the only ones, but definitely the most common, especially if you don't count PUPs, which have always been very common, though there are more which are bundled with real malware these days) because those tactics are still working and reaping profits for the bad guys.  As soon as users become wise about the tech support scams and stop calling the fake tech support numbers and paying the overpriced fees for fake assistance in cleaning their devices (which aren't actually infected in the first place), those too will vanish and some new method of scam/attack will emerge.

In fact, the new plugin developed by Malwarebytes which is currently in beta already does an excellent job of targeting these kinds of scams, even if the websites are not known/contained in Malwarebytes web block databases because like so many other aspects I've spoken of, this new plugin uses behavior based methods to detect tech support scam sites (along with several other classifications of malicious websites) to protect users.  That plugin is in beta and currently available for free for both Chrome (as well as other Chromium based browsers like SRWare Iron) and Firefox, with versions for Microsoft Edge and Safari in development and I can tell you from first-hand experience that it is extremely effective having used it since it was first created.

Share this post


Link to post
Share on other sites
18 minutes ago, ram1220 said:

AV replacement means AV replacement. I love how some people try and skew this meaning just for marketing.

Correct, it means replacement.  It does not mean that it is the same thing as an AV.  The idea is that, because of the combination of layers, features and capabilities in Malwarebytes 3, sufficient protection is provided to guard against all threats on the net rather than just a sub-set of infections as was once the case when all it had was the Malware Protection, Web Protection and scan engine components.  Today, thanks to the addition of features like Exploit Protection, Ransomware Protection and greatly enhanced and augmented heuristics and detection algorithm capabilities as well as cloud components, an AV is no longer necessary if a user chooses to run Malwarebytes alone.  In other words, Malwarebytes 3 should be fully capable of providing adequate protection on its own without the use of an AV, and that's what AV replacement is referring to.

With that said, Malwarebytes does continue to be developed and tested to be compatible when running alongside an AV for users that still prefer to have an AV active on their systems.  Likewise, it should also be compatible with most other types of security software such as HIPS, other anti-malware software, third party firewalls, blacklisting solutions, whitelisting solutions and other types of protection software.

Edited by exile360

Share this post


Link to post
Share on other sites

I've been a MBAM user from the very start.  Many years ago I purchased multiple MBAM discs off the shelf from my local Circuit City.  I have used MBAM on all of my computers and even gave MBAM to friends and family as gifts.  I can say emphatically that MBAM has provided excellent protection for all of my computers and I have seen the results by way of malware that was blocked and/or quarantined.  Therefore, from personal experience I know that it works.

I have also been a Consumer Reports subscriber for about 50 years and have found their evaluations to be consistently reliable although sometimes they do indeed miss the mark.  Again, based upon my personal experience it would seem that their evaluation of MBAM was incorrect.  However, I am curious about the Consumer Reports review and whether or not MBAM intends to address the issue.  I have followed the MBAM blog and I have not yet seen this issue discussed.  I would really be pleased if Marcin would comment and help ally our fears.  It would be nice if Consumer Reports revealed their testing procedures as well.

Share this post


Link to post
Share on other sites
9 hours ago, Unicore said:

I've been a MBAM user from the very start.  Many years ago I purchased multiple MBAM discs off the shelf from my local Circuit City.  I have used MBAM on all of my computers and even gave MBAM to friends and family as gifts.  I can say emphatically that MBAM has provided excellent protection for all of my computers and I have seen the results by way of malware that was blocked and/or quarantined.  Therefore, from personal experience I know that it works.

I have also been a Consumer Reports subscriber for about 50 years and have found their evaluations to be consistently reliable although sometimes they do indeed miss the mark.  Again, based upon my personal experience it would seem that their evaluation of MBAM was incorrect.  However, I am curious about the Consumer Reports review and whether or not MBAM intends to address the issue.  I have followed the MBAM blog and I have not yet seen this issue discussed.  I would really be pleased if Marcin would comment and help ally our fears.  It would be nice if Consumer Reports revealed their testing procedures as well.

In the UK we have a highly respected consumer magazine called "Which?".  If they wrote a poor review about Malwarebytes, I would ignore it because IT security is not their area of speciality. Consumer devices, sure, but not IT security software. There are plenty of IT security review sites out there and specialist testing organisations.

It's up to you whether you expect Consumer Reports to write an accurate review on Malwarebytes or not. I personally don't expect Marcin to make a comment about ANY review out there - it's not arrogance or ignorance, but once you start to respond to, and feed, the media machine, there's no stopping it, it's a monster that can devour you, best to ignore it and keep on improving your product.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.