Jump to content

Malwarebytes, and the Department of Defense(?)


Amaroq_Starwind

Recommended Posts

Does anybody on this forum think that Malwarebytes should gun for a contract with the Department of Defense? If so or if not, explain why you think that way.

- - - - - - - - - -

I feel like they should go for it, to be honest (if they haven't already). Besides the additional resources they might gain from a successful contract, they might also gain legal authorization* to experiment with some things that they probably wouldn't otherwise be allowed to, and I know that cybersecurity is a pretty big deal with the Department of Defense nowadays. 🦊

*Speaking as somebody who isn't entirely familiar with the law or how DoD contracts work, of course. Take my opinion with a quantity of salt to taste, and note that I accept full responsibility for any inaccuracies in my statements.

 

Edited by tetonbob
edited size of final comment
Link to post
Share on other sites

*Sighs* On mobile browsers,  a lot of the buttons in the editor get hidden, and there's no way to edit or preview my own posts... This is really frustrating when I don't know how something's gonna look due to having to do the formatting tags by hand... And now that one glaring mistake has already derailed my whole thread >.<

Link to post
Share on other sites

Greetings,

I don't think this is really how it works.  As I understand it, agencies like the DoD assess their options, investigate any organizations/potential contractors they might consider working with, then decide via whatever IT/technical personnel and financial committees and/or individuals they staff for this purpose to contact any potential contractors who they wish to pursue as providers for their security software, so I don't think there's anything a company like Malwarebytes could do to try and get their foot in the door beyond continuing to be among the top vendors in their field by providing effective next-generation security solutions for consumers and businesses and whatever other organizations they might have contracts with, and if the DoD is interested, they'll give Malwarebytes a call.

In fact, I assume that since they are probably constantly under attack and have to take their security quite seriously, if they already were a customer of Malwarebytes, Malwarebytes probably couldn't tell anyone that this was the case (likely not even their own employees save for the few that would require such knowledge in order to provide their software/services to the organization) so even if it were to happen, we'd have no way of knowing it (which also means that for all we know, the DoD could already be using Malwarebytes, which I must admit would be pretty cool).

I don't want to be a buzzkill or anything, but I'm pretty sure that's about all there is to it, but I'm sure Malwarebytes appreciates the compliment of recommending them as a solution worthy of an organization like the DoD :) 

Link to post
Share on other sites

It is NOT that simple.

A few hurdles...

  • The software must get a Certificate of Networthiness ( aka; CON ).
  • The software must conform to DFAR
  • It would have to be thoroughly tested by DISA

One of the problems is that MBAM experiences a high number of False Positives.  One way to mitigate that would be a >24hr delay from signature creation to signature distribution allowing time for False Positives to be discerned and mitigated.

Right now the DoD uses the Host Based Security System ( HBSS )  which is a McAfee ePO based solution using McAfee and Symantec anti malware solutions.

NOTE:  Before there was Cyber Command ( hosted by the US Air Force ) it was called the DoD CERT and then they were renamed the JTF-GNO which was rebuilt as Cyber Command.   USCYBERCOM is co-located at Fort George Meade, MD, with the US NSA.

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

 

15 minutes ago, Amaroq_Starwind said:

Really, DoD? Internet Explorer?

Yeah IE.  There are numerous reasons why including but not limited;  NIST STIG standards, Microsoft APIs, FIPS compliance, etc.

Edited by David H. Lipman
Link to post
Share on other sites

7 hours ago, David H. Lipman said:

 

Yeah IE.  There are numerous reasons why including but not limited;  NIST STIG standards, Microsoft APIs, FIPS compliance, etc.

Yep, and believe it or not, if you really dig into it and tweak it, IE can actually be one of the most secure browsers in existence.  It's the browser I use whenever navigating to websites I'm not familiar with.  Its pop-up blocker works better than the ones built into Chrome and Firefox (speaking from actual first-hand experience here, not speculation) and it's cookie management and plugin management options are extremely robust if you mod the standard settings.  Plus it has tons of additional options and functions under Internet Options and in the registry as well as GPEdit that you can use and tweak to make it even more secure.  I won't visit a site I suspect to be unsafe unless it's with IE11 (I'm on Windows 7, of course) even though my main browser for normal websites is SRWare Iron (based on Chromium, just without Google's adware and spyware/tracking garbage).

Edited by exile360
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.