Jump to content

Add BD detection to mbam.


Recommended Posts

3 minutes ago, exile360 said:

The trouble is that one vendor's signatures are not the same as any others so it would require integrating their full AV engine, including its drivers, DLLs and any other components needed to decrypt, read, understand and use those signatures, as well as their cleanup/remediation engine which is also most likely proprietary, and this would also mean, as I mentioned before, that Malwarebytes would cease to be compatible with most other AV products.

So yes, I can suggest it to the Product team again if you wish, however it's been suggested many times in the past including by me back when I was still a member of the Product team, so one more request for it isn't likely to change their position as that's not the direction they're going in.  They're working to get away from relying on signatures and other less proactive protection measures in order to increase the capabilities and overall effectiveness of their products against real-world, new and unknown threats.  I'm not saying that it's impossible that they'll change their minds, I'm just not very confident that they will and wanted to explain why I believe that is based on what I know from my own experience.

Thank you so much. We give the issue as solved. Best regards.

Link to post
Share on other sites
5 hours ago, exile360 said:

So yes, I can suggest it to the Product team again if you wish, however it's been suggested many times in the past including by me back when I was still a member of the Product team, so one more request for it isn't likely to change their position as that's not the direction they're going in. 

Since you were a part of the malwarebytes team, is it possible for you to talk directly to @RubbeR DuckY (marcin) about this, and see what he thinks about this(just a namely suggestion)

Link to post
Share on other sites

I have already on several occasions.  I've spoken directly with Marcin about it, as well as pretty much everyone else in any position of power where these kinds of decisions would be made and pretty much always got the same answer.

Again, it's always possible that they could change their minds depending on what the future brings, but as far as I am aware they still plan to stick to their current methods for now to retain compatibility and focus on more useful proactive/preventative protection measures rather than the much more outdated, much more reactive and far less effective methods used by traditional AV engines/signatures.  Such things certainly look good on these synthetic tests, but in the real-world it is a very different story and it's usually the other components of an AV, those which more closely resemble the kinds of technologies integrated into Malwarebytes Premium, that end up stopping an attack/detecting a threat in a real-world scenario.

Link to post
Share on other sites
18 hours ago, exile360 said:

The trouble is that one vendor's signatures are not the same as any others so it would require integrating their full AV engine, including its drivers, DLLs and any other components needed to decrypt, read, understand and use those signatures, as well as their cleanup/remediation engine which is also most likely proprietary, and this would also mean, as I mentioned before, that Malwarebytes would cease to be compatible with most other AV products.

So yes, I can suggest it to the Product team again if you wish, however it's been suggested many times in the past including by me back when I was still a member of the Product team, so one more request for it isn't likely to change their position as that's not the direction they're going in.  They're working to get away from relying on signatures and other less proactive protection measures in order to increase the capabilities and overall effectiveness of their products against real-world, new and unknown threats.  I'm not saying that it's impossible that they'll change their minds, I'm just not very confident that they will and wanted to explain why I believe that is based on what I know from my own experience.

I don't suppose an open-source definition/remediation engine would be viable?

Link to post
Share on other sites

The problem is no AV vendor would be willing to provide direct access to their source code/unencrypted signatures for the same reasons that Malwarebytes doesn't; because it is their intellectual property and doing so would severely compromise their viability as a business and would also enable the bad guys to figure out ways to easily bypass their engine's detection methods.

Open source is a great thing in my opinion, but there are cases where it can be very bad, and this is one of those cases as it would compromise the effectiveness of an AV/AM product for them to make their signatures/engines open source.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.