Fingerprints and realtime.

[dallas7]

Without considering IP Protection, with respect to realtime in MBAM Full, how critical to the effectiveness of protection is the role of fingerprints updating? Put another way, does realtime protection depend 100% on fingerprints?

Fingerprints increments... if one has database 3495 and the next day updates to 3498, were there a 3496 and a 3497 that were "missed"?

Thank you.

[Baz.]

Without considering IP Protection, with respect to realtime in MBAM Full, how critical to the effectiveness of protection is the role of fingerprints updating? Put another way, does realtime protection depend 100% on fingerprints?

Fingerprints increments... if one has database 3495 and the next day updates to 3498, were there a 3496 and a 3497 that were "missed"?

Thank you.

Hi,

It is important that you keep your copy of MBAM up to date in order to get the best protection for your machine. MBAM utilises a number of techniques to heuristically block malware, which means that one update can protect you from many variants of a particular malware, however to keep up to date with the constant barrage of new threats, updates are needed to add new signatures and heuristic rules (because MBAM is so good at blocking the bad guys they have to keep constantly changing their tactics)

[Firefox]

to add to the reply, if you have 3495 and your next update was 3498, dont worry you got the latest update. (you did however miss update 3496 and 3497, but they are included in the lastest update of 3498). Hope that answers your question.

[dallas7]

OK then... updates for realtime, critical.

@Firefox: some vendors and developers don't release incremental updates so nicely in numerical order which is why I asked about that. That the latest release would include and wrap up previous updates should be expected. I have been keeping an eye on the MBAM updates over the last eighteen hours or so and they've gone from 3495 to 3499.

There is a madness to my questioning. I have noticed from a screen shot and info I've gathered at other sites that once Free is registered and boosted to Full, under the Protection tab there is an option to select a 24-hour only update check at a top-of-the-hour time of the user choosing.

Once every 24 hours. Doesn't quite jive with the urgency at which Fingerprints updates efficacy is indicated, does it?

Hopefully there will be a version cut soon which will allow greater update frequency (I would prefer every hour, like G Data permits).

It would, in the meantime, behoove Full users to update Fingerprints manually whenever it comes to mind. If I buy it, I'll probably put a sticky note on my forehead.

Cheers!

[Firefox]

Yes on full version it will update once every 24 hours. A lot of user will do manuel updates too, they come out with about 3 updates a day.....

[dallas7]

Let's look at some hard numbers. I know that on Dec 30 the fp file was 3458 and today it's 3499. That averages out to 7 a day if the releases do indeed increment up plus one each time. As such, considering the perceived critical value of updating, the default 24 hour cycle is inadequate. But, of course, it's better than not at all. I'm sure the developers realize this and that will be fixed in the next major release. In the meantime in light of that seven a day average and that I just bought MBAM Full, I think I might need something more than just a sticky note on my forehead as a reminder...

[swagger]

Hello dallas7,

A couple of things I wanted to touch on:

MBAM's database number does increment +1 on every update, HOWEVER, I do not believe it's always an incremental update. More specifically, this does not mean that what was once in database version 3499 is now in 3500. There may be things that are removed or added depending on the latest threats and things that aren't in the wild anymore. The developers might also optimize the database to pickup 3-4 different threats with one string of code as opposed to 1 string for each threat. I'm not a programmer so pardon me if I don't know the exact verbiage. I could be wrong but I believe this to be true as Malwarebytes targets the latest and most difficult to remove threats, not all of them.

You are correct, Malwarebytes does release more than 1 or 2 updates a day; I would say the average is right around 4-5 a day. Yet, the paid version program only offers you an automatic update of once every 24 hours. There are ways around this like creating a scheduled task in Task Scheduler, but I am fairly sure the developers are working on implementing a better scheme for updating more frequently. When it's released is entirely up to the developers

Regards,

swagger

[nosirrah]

I couple of points as I skim through this .

You cannot miss definitions by skipping updates . At this point each update is the full DB . We are looking at ways to only give you what you are missing in an update but in that case you still will always have the full DB after an update .

We are looking reworking the updater to allow more flexibility in update frequency to better accommodate the 4 to 10 updates there are on a typical day .

The fingerprints themselves are often forward looking based on past variants predicting potential new variants and in our testing we have consistently gotten better at this as both our skills and technology gets better . We have several things cooking that greatly increase the forward looking ability for both known and unknown threats .

IP blocking by its vary nature is forward looking as this allows us to completely block malware that has not even been coded yet .

[dallas7]

@swagger & nosirah Thanks for your input.

Fully understood on updates being optimized, newer codes etc. etc. and not just "slapped on" top of the old stuff I was trying to keep it simple. The main goal of my inquiry was how the updates incremented and now I know. Since, as you know, some developers release even numbers to the public and odd numbers are for internal testing or vice versa. Some increment internals and release them when they're ready so the last one was 2.7.0.12 and the latest is 2.7.0.22 where the public never saw .13 thru .21. I like Malwarebytes' one-two-three schema.

Shortly after my post #6 I did build a task to check for updates every two hours using /updateshowdialog and it's working quite well. We've gone from 3499 since then to 3504 - in less than 24 hours. Excellent work by the folks back at the factory!

No doubt I'll be going to just /update real. Might even bump it up to one hour...

Anyhow, I think this thread can be closed. Cheers!