Jump to content

Recommended Posts

Yes, but those are usually updates for correcting issues and FP's as well, not just detections. There's more than 10 hours in a day ;) .

Okay, let's put it this way. Do you think that it is not necessary for a MBAM Pro user to have detections the moment they are released? In other words, you seem to have a comfort zone of 2-6 hours (I believe that was the update spread that you deemed optimal) wherein you're willing to wait for newly released protection. Why is that? I don't understand your willingness to roll the dice on vulnerability that way, especially if you don't have to. Why are you opposed to getting database updates out to subscribers as soon as they are released?

Link to post
Share on other sites
  • Staff

I'm not rolling the dice, I understand how MBAM works and how it updates ;) . Kaspersky updates once very hour, adding detections. MBAM does not always add detections. Sometimes they correct a False Positive with the scanner, sometimes they correct a False Positive with the IP blocker. Sometimes they add IP's and sometimes they add detections. The reason I don't consider it necessary to have the absolute latest rules for MBAM is because its strongsuit is not its database, it's its heuristics. That's what I rely on more than anything else to protect me with regards to MBAM. I update it about 2-3 times a day. I personally update all of my security applications manually and when I'm on the computer (meaning when it's running), I update Kaspersky once every hour manually, I only update MBAM once every few hours.

While it is entirely possible that some new baddies will be added to the DB within the next hour, I won't be checking because I don't see the need. Perhaps I'm wrong and this next database covers a whole slew of new infections that weren't detected previously by the heuristics and existing DB but I still believe that if everyone checked hourly it would likely cause issues with the DB servers. Again, I don't know, they may have ample bandwidth with the CDN to roll out hourly updates, I'm not sure, but I still don't see the need.

Link to post
Share on other sites
While it is entirely possible that some new baddies will be added to the DB within the next hour, I won't be checking because I don't see the need. Perhaps I'm wrong and this next database covers a whole slew of new infections that weren't detected previously by the heuristics and existing DB but I still believe that if everyone checked hourly it would likely cause issues with the DB servers. Again, I don't know, they may have ample bandwidth with the CDN to roll out hourly updates, I'm not sure, but I still don't see the need.

If a threat exists, and MBAM staff writes an update to combat that threat, I see the need to install that update on my system as quickly as they have made it available to me.

Link to post
Share on other sites
  • Staff

That's my point, many of the updates are not released for the addition of a new threat, many are simply to correct FP's or fix issues. But I do see your point, I am a paranoid user as well. But you also need to remember that MBAM is a second line of defense, behind your AV, not in front of it.

Link to post
Share on other sites
That's my point, many of the updates are not released for the addition of a new threat, many are simply to correct FP's or fix issues. But I do see your point, I am a paranoid user as well. But you also need to remember that MBAM is a second line of defense, behind your AV, not in front of it.

Well I want the false positive fixes on my machine just as quickly! ;) Or the issue fixes. The sooner the better.

And indeed MBAM is a second line of defense, but I want the program to be as good as it can be. In fact we probably both use it because we believe it can do some things the AV can't. So expecting the most out of it is a vote of confidence. :)

Link to post
Share on other sites
  • Staff

Yes, I understand what you're saying and it does make sense, my primary concern is the network that delivers the updates, but if it can handle it then I concede, hourly updates would be more accurate for detections, FP's and issues ;) .

Of course, on the reverse side, you could also change it to once very 10 minutes as there isn't always an hour between them, they get updated as needed so where does the line need to be drawn? Or does it?

Link to post
Share on other sites
Of course, on the reverse side, you could also change it to once very 10 minutes as there isn't always an hour between them, they get updated as needed so where does the line need to be drawn? Or does it?

As you may have noticed in the log I posted earlier, I have Scheduled Tasks set to check with MBAM every 30 minutes. I'm liking that for now. ;)

Link to post
Share on other sites
  • Staff

Let me give you a prime example of what I'm referring to:

The FP's that are corrected are often for minor traces in the registry or for non-running, non executable files that get picked up by the scanner but wouldn't be detected by MBAM in realtime (paid version) because it only checks processes in memory and does not monitor the registry or any non-running files. They try to fix FP's as quickly as possible, often resulting in rapid fire releases of DB updates to fix FP issues so that they get responded to quickly and can quickly be confirmed that they have been corrected by the user that reported the FP. This and this are good examples. There were 2 DB updates released simply to correct a single program getting flagged by the scanner, none of which would have been detected by the realtime component because they weren't running in memory as can be seen in the log posted by the user here

Memory Processes Infected: 0

Memory Modules Infected: 0

While I see your point and also desire to have the latest protection, I suspect they do rollup DB udpates for new detections and that the more frequent ones (semi-hourly etc) occur only to correct FP's, again, I could be wrong as I'm not a developer, but after observing the FP forum and at the same time looking at the DB versions it mentions this would seem to be the case.

Link to post
Share on other sites

My anti virus updates 1 to 2 times a day and I update Malwarebytes once per day followed by a Quick scan and I have Windows Defender that I update regularly through its portal that runs a Quick scan daily plus I have other applications and tools that I use as a Layered Defense approach to system security.

False positives are a fact of life with these applications and tools so I investigate before pushing the panic button as they are not life threatning.

As a recent example my anti virus application detected an infection and I was apprehensive so I watched its forum and many other people started to report the same infection so then I knew it must be a false positive and I was glad I did not have to fix the problem it caused:

http://blog.avast.com/2009/12/04/apologies-for-bad-definition-update

It was human error that caused the situation that was corrected quickly.

Malwarebytes has had its share of false positives that were corrected quickly.

I prefer to use my system safely without fear that it might be infected at any moment which is the same as I go about life as I go about it safely and not venture into dangerous places for if I did not I would not get out of bed in the morning to eat nor go outside to get food nor forget my vitamins and exercise.

Some people still use dial-up either because they have no choice or they can't afford "Always On" connection and would not be happy if their anti virus or anti malware application was using up all the bandwith just keeping themselves up to date.

Link to post
Share on other sites

More frequent updates also make the case for incremental updates to save bandwidth.

I have customers with up to 30 computers sharing a single 1.5 megabit DSL connection. Between windows updates, AV updates and MBAM it all starts to add up. Yes I try to stagger them to update at different times but still...

Link to post
Share on other sites
  • Root Admin

Well until incremental is available you can have your customer update from a shared location. Please review the FAQ on using the rules.ref

http://www.malwarebytes.org/forums/index.php?showtopic=10138

If you're a Corporate customer then you should also already have email contact information and I can discuss more details if desired.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.