Jump to content

Malwarebytes' Anti-Malware lack of self-protection


Recommended Posts

Hello,

I have been a MBAM user for at least 4 years. I love the product, but it does seem to have one major flaw. It seems to be totally incapable of protecting itself from being disabled by malware infections when they occur.

I am sure that I am not the first one to have noticed this, and I am sure that I'm not the first one to have pointed it out.

I spend a lot of time online, much more than the average person. I also visit a lot of sites that are "high risk." Because of this, I frequently end up with severe infections at least several times a year. I have gained a lot of experience in learning how to deal with these infections, and I have also gained a lot of experience in using various anti-malware programs to remove them. I have experimented, over the years, with dozens of different anti-malware programs, and the only two that really stand out by working effectively and consistently are Malwarebytes' Anti-Malware (MBAM) and SUPERAntiSpyware (SAS).

No matter how bad the infection is, these two programs have always been able to take care of it. I must point out, however, that neither is totally effective on its own. For a simple infection, or a single threat, they are fine. Either program is generally capable of dealing with it. However, with a serious infection, such as when a trojan downloads many other infections into the computer and the threats are multiple, neither program is able to remove everything by itself. MBAM will always find something that SAS missed and vice versa. Both programs are usually required to thoroughly remove everything after a severe infection.

However, MBAM has a serious weakness that SAS does not, and I would love to see MBAM overcome this shortcoming. The problem is that MBAM is not able to protect itself. Every time I get a serious infection, it usually disables my primary anti-virus protection and all of my other installed anti-malware programs as well, including MBAM. However, never once has anything ever disabled my SAS. Every time I get a serious infection, I always rely on SAS to get my computer functioning again. It has never been disabled by any infection that I have ever had. Since SAS is usually always the only anti-malware program that I am able to access after a severe infection, I am able to use it to remove most of the infection.

After I get the use of my computer back, with the help of SAS, I then run MBAM to remove whatever is left that SAS has missed. After both programs have done their jobs, everything is usually back to normal at that point.

Besides having a primary anti-virus program of the user's choice, I think everyone should also have MBAM and SAS both installed on their computers. Both are outstanding programs, and they really complement each other. Neither one is able to remove every single infection by itself (no program is), but together they do an excellent job of removing almost anything. Personally, I think MBAM does a slightly better job in removing some of the nastier infections. On the other hand, however, I don't like how MBAM has to rely on another program, such as SAS, to come to its rescue and allow it to run after it has been crippled from an attack.

I would like to know why MBAM is not capable of protecting itself from being disabled? It usually always becomes disabled after every attack that I have ever had. Granted, it does do a fine job of removing the infections eventually, but only after another program, such as SAS, has cleaned the computer up enough to allow MBAM to run again. If MBAM could protect itself from being disabled as well as SAS is able to, then you would have one of the best products on the market.

On the program settings of SAS there is an option that can be clicked that prevents other applications from terminating it. I don't know what kind of processes run behind the scenes in that regard to prevent them from doing so, but whatever SAS has employed in their program to prevent malware from disabling it really works.

Why doesn't MBAM have such a feature? I would love to know this, and, even more so, I would love to see it offered.

I cannot imagine that designing MBAM with the ability to not become disabled from an attack can be that difficult. Is it? I don't see why it would be. After all, SAS has this ability. I am sure the programmers at MBAM are just as talented, if not more so, than the ones at SAS. In other words, if they can do it, you can too. It just seems as though it isn't a priority to make MBAM better in this regard. I hope I am wrong about that because no matter how good MBAM's detection and removal capabilities are, it doesn't matter if the the program is susceptible to being easily crippled.

Can somebody (hopefully from MBAM) please address this issue and explain this shortcoming.

Link to post
Share on other sites

Hello JohnnySokko: :welcome:

Your intelligent post is appreciated and I'll ask the mods/admins if it should be moved to the "Comments and Suggestions" subforum, with your permission.

If you'll check the statistics, you'll find that SAS is a much smaller target for the bad folks because not as many SAS PRO systems are installed compared to MBAM PRO. Yes. I have SAS on some of my systems too.

For the benefit of myself and other readers:

  1. Do you browse from an user account without un-necessary permissions?
  2. Do you have a good NAT router?
  3. Do you have a good/activated Personal Firewall?
  4. Is your MBAM the latest PRO version?
  5. If MBAM is the latest PRO version, is the IP Protection Module enabled?
  6. Is your Windows OS, and browser(s), always up-to-date?
  7. Are your various security settings set as protective as practical?
  8. Have you hardened your OS as much as practical? NSA standards where practical?
  9. Are Intrusion Protection/Detection Systems practical for you?
  10. Do you browse from within a sandbox? e.g. Sandboxie?
  11. Do you use a browser other than Internet Explorer?
  12. Do you have a comprehensive and well maintained HOSTS file?
  13. Do you now, or have you considered, using a virtualized OS?
  14. When you are compelled to browse "high risk" sites, could you use a browser within a Linux based OS?
  15. Can some of your "highest risk" browsing be done from a Live CD? e.g. Knoppix?

Very respectfully yours. :)

Link to post
Share on other sites

1PW: Very Very good Post. - I had to answer NO to five questions, and consider myself safe on the WEB ! Guess I'm 2/3 there.

Send me a PM with any of the upper series questions you missed. The lower series are for malware hunting sometimes...

...if you wish.

Link to post
Share on other sites

Please stay tuned - we actually are working on a project that we think will handle this very subject.

I cannot provide more details at this time but we are looking into it.

How about a Malwarebytes "God mode"? Runs under SYSTEM, randomly named driver and other files, updates via an encrypted tunnel, runs several processes simultaneously to check if one of them was terminated, etc.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.