Jump to content

Malwarebytes auto-protection


giofio
 Share

Recommended Posts

I think Malwarebytes is a great software, with an high detection rate and it is my favourite antispyware/malware software.

However I think that its autoprotection against malwares has to be improved.

Some rootkit are able to terminate him.

What do you think about that?

ps: sorry for my English but I'm Italian ;)

Link to post
Share on other sites

Hello and thanks for your suggestions....

Are you using the full version or free version? Also do you have any anti-virus software installed as well?

Malware and viruses are ever changing and Malwarebyes trys to stay ahead of the infections out there, but like any other program sometimes things get by.

Link to post
Share on other sites

  • Staff
I think Malwarebytes is a great software, with an high detection rate and it is my favourite antispyware/malware software.

However I think that its autoprotection against malwares has to be improved.

Some rootkit are able to terminate him.

What do you think about that?

ps: sorry for my English but I'm Italian ;)

Welcome to the forums.

There are far too many ways for rootkits to disable any security tool. The research team could spend enormous amounts of time trying to subvert these, but in the end, would be futile and just load the software with bloated code. No matter what we do, the malware authors can disable virtually any file they want.

So it's better they concentrate on things they can, such as detection and removal routines. We have many other tools to use in cases that Malwarebytes cannot run.

Link to post
Share on other sites

Hello and thanks for your suggestions....

Are you using the full version or free version? Also do you have any anti-virus software installed as well?

Malware and viruses are ever changing and Malwarebyes trys to stay ahead of the infections out there, but like any other program sometimes things get by.

I'm using the free version. In my PC are also installed SpyBot S&D SUPERAntispyware and Avira Antivir 10.

The malware I used for the test was a common rootkit agent (Avira named it TR/rtkit) and was able to terminate Avira and Malwarebytes.

I think both this software have to improve their processes protection from unwanted termination.

Avast for example, disableing (?) the real-time, was able to resist from bagle while Avira wasn't.

Link to post
Share on other sites

  • Root Admin

Thank you for your suggestion however, Prevention is the KEY here.

Once any advanced form of Malware gets on the box it is impossible to prevent it from killing off other security software.

Once something has gotten on the box then it becomes a challenge to find and remove it completely, so again, preventing it from getting on the box in the first place is the key.

Yes we could make it more difficult for some beginner to kill off our program but the reality is that much of the Malware written today is written by advanced programmers that know what they're doing and is very easy for them to kill off anything they want once they do get on the system.

Link to post
Share on other sites

I'm using the free version. In my PC are also installed SpyBot S&D SUPERAntispyware and Avira Antivir 10.

good list there, but you were using the free version of Malwarebytes, if you would have been using the full version and the protection module enabled, more than likely you would have received a pop-up from Malwarebytes asking you to quarantine it, or it would have blocked the website from installing it.

Link to post
Share on other sites

Thank you for your suggestion however, Prevention is the KEY here.

Once any advanced form of Malware gets on the box it is impossible to prevent it from killing off other security software.

Once something has gotten on the box then it becomes a challenge to find and remove it completely, so again, preventing it from getting on the box in the first place is the key.

Yes we could make it more difficult for some beginner to kill off our program but the reality is that much of the Malware written today is written by advanced programmers that know what they're doing and is very easy for them to kill off anything they want once they do get on the system.

Thanks for your exhaustive reply. So it's very hard protect the processes from malware termination... but I think something more can be done.

Prevention is the KEY: I agree, but an unexpert user could ignore the antivirus allarm to install, for example, a crack. Once he discover it was really a malware he should have the softwares ready to disinfect the pc, but if these softwares are disabled...

Link to post
Share on other sites

  • Staff
Prevention is the KEY: I agree, but an unexpert user could ignore the antivirus allarm to install, for example, a crack. Once he discover it was really a malware he should have the softwares ready to disinfect the pc, but if these softwares are disabled...
So you are saying we should invest our resources to help people who steal software? ;)
Link to post
Share on other sites

So you are saying we should invest our resources to help people who steal software? :)

It was only an example ;)

However it was only a suggestion. Malwarebytes is already a great great software!

Link to post
Share on other sites

Prevention is the KEY: I agree, but an unexpert user could ignore the antivirus allarm to install, for example, a crack. Once he discover it was really a malware he should have the softwares ready to disinfect the pc, but if these softwares are disabled...

One should really heed the alarms of their antivirus software to prevent getting infected, sorry to say, if you ignor the warnings, then perhaps you broght the trouble on yourself.... Messing around with cracks you are only asking for trouble.... ;)

Link to post
Share on other sites

  • Staff
The malware I used for the test was a common rootkit agent (Avira named it TR/rtkit) and was able to terminate Avira and Malwarebytes.

I think both this software have to improve their processes protection from unwanted termination.

Avast for example, disableing (?) the real-time, was able to resist from bagle while Avira wasn't.

Sorry, but there is no such thing as a 'common' rootkit.

Every siongle one is different and these variants on many occasions literally get updated hourly.

Your comments are clearly showing your lack of knowledge in how these infections work, propagate and function.

Link to post
Share on other sites

Sorry, but there is no such thing as a 'common' rootkit.

Every siongle one is different and these variants on many occasions literally get updated hourly.

Your comments are clearly showing your lack of knowledge in how these infections work, propagate and function.

I don't know why do you feel attacked!

Malwarebytes doesn't find anythink strange scanning the rootkit, and it isn't a recent one (2008, i think).

I only gave a suggestion, next time I won't do it.

Bye bye.

Link to post
Share on other sites

  • Staff
I don't know why do you feel attacked!

Malwarebytes doesn't find anythink strange scanning the rootkit, and it isn't a recent one (2008, i think).

I only gave a suggestion, next time I won't do it.

Bye bye.

Constructive criticisms and suggestions are always welcome, I was merely pointing out why this can't be done and that rootkits are not 'common' and this last comment about age again indicates your lack of knowledge about rootkits in general. Just because it has a date of 2008 means nothng.

If it was as easy as you think it is, what makes you think we'd not have it covered already?

Link to post
Share on other sites

  • Staff

Self protection is a post infection issue and 100% negated if the offending infection never gets into the system. There is not now nor has there ever been an epidemic on our forums where people post something to the effect of "I have MBAM pro and still got infected". Add these two together and it becomes clear as to why this is not priority one.

Link to post
Share on other sites

Self protection is a post infection issue and 100% negated if the offending infection never gets into the system. There is not now nor has there ever been an epidemic on our forums where people post something to the effect of "I have MBAM pro and still got infected". Add these two together and it becomes clear as to why this is not priority one.

We do not need a self protection ,

take a look @ COMODO

the drivers still bsod and .. it is very killable.

Link to post
Share on other sites

  • Staff

^you are not understanding the issue.

Think of it this way. If you could attain and maintain 100% detection there are 0 infections that can kill your software as none can ever enter memory.

For malware to kill something it needs to run, eliminate its ability to run and you have eliminated its ability to kill.

Link to post
Share on other sites

^you are not understanding the issue.

Think of it this way. If you could attain and maintain 100% detection there are 0 infections that can kill your software as none can ever enter memory.

For malware to kill something it needs to run, eliminate its ability to run and you have eliminated its ability to kill.

This is the point! There is no software that has 100% detection rate.

Link to post
Share on other sites

  • Staff

See post #14 for the other part of this. We do not have pile of people complaining about MBAM pro failing so it is not a priority. Simply put we are doing so well with protection that self protection does not rank high in requests. The need for solid self protection is tied directly to failure rate.

There is a lot of code in the works that is far more beneficial for our users both paying and free. Please trust us to rank what you guys need correctly the same way you trust with security.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.