caintry_boy Posted February 12, 2016 Share Posted February 12, 2016 Not what I want to hear about a company that I've come to trust... http://techtalk.pcpitstop.com/2016/02/08/free-software-has-major-security-flaws/?malwarebytessecurityhole= Thanks to Kayla Thrailkill from PC Pitstop for the heads up! Link to post Share on other sites
Tomk_ Posted February 13, 2016 Share Posted February 13, 2016 Two things: This is a bit more than a theoretical flaw. Malicious code injection can be done. MBAM was able to recreate it... but there is no evidence that this flaw has ever been exploited. Research shows that this flaw can only be exploited on a machine by machine basis. Malicious code cannot be injected that effects everyone who runs MBAM. It can only be accomplished by specifically targeting a specific machine and then the perpetrator would have to interrupt the update in order to inject their code. It sounds to me like it would take a "man in the middle" setup to pull it off. What I like to see is that MBAM immediately verified the findings when notified and Marcin immediately admitted to the flaw and set to work to fix it. They have already made some corrections, but do not believe it is totally solved yet. The risk is extremely small, but it appears they are serious about fixing it... rather than just saying "Can't fix everything". Link to post Share on other sites
caintry_boy Posted February 13, 2016 Author Share Posted February 13, 2016 Two things: This is a bit more than a theoretical flaw. Malicious code injection can be done. MBAM was able to recreate it... but there is no evidence that this flaw has ever been exploited. Research shows that this flaw can only be exploited on a machine by machine basis. Malicious code cannot be injected that effects everyone who runs MBAM. It can only be accomplished by specifically targeting a specific machine and then the perpetrator would have to interrupt the update in order to inject their code. It sounds to me like it would take a "man in the middle" setup to pull it off. What I like to see is that MBAM immediately verified the findings when notified and Marcin immediately admitted to the flaw and set to work to fix it. They have already made some corrections, but do not believe it is totally solved yet. The risk is extremely small, but it appears they are serious about fixing it... rather than just saying "Can't fix everything". :clap: Link to post Share on other sites
caintry_boy Posted February 16, 2016 Author Share Posted February 16, 2016 Question Tomk_ or anyone...where do I find this > implement the “self-protection” setting I run the FREE Malwarebytes and don't find that option anywhere... Link to post Share on other sites
Tomk_ Posted February 16, 2016 Share Posted February 16, 2016 https://support.malwarebytes.org/customer/portal/articles/1834890-what-is-the-self-protection-module-and-why-should-i-enable-it-?b_id=6438 Link to post Share on other sites
Tomk_ Posted February 16, 2016 Share Posted February 16, 2016 Sorry Roger. That information isn't going to do you any good. The ability to check that option will be grayed out on the free version. MBAM Free doesn't have "real-time" protection. The self protection module only works with "real-time" protection. As I understand it, what it does is put any MBAM program updates in a quarantine until a scan is ran on it, to protect against some outside source injecting or manipulating the code. Your free version doesn't do automatic updates so I believe that the theory is... nothing is going to update unless you tell it to so your are unlikely to update from some unknown source. Link to post Share on other sites
caintry_boy Posted February 17, 2016 Author Share Posted February 17, 2016 Well, I DO have a disk for the Pro version... Link to post Share on other sites
Tomk_ Posted February 17, 2016 Share Posted February 17, 2016 You can upgrade your free version with a click of a button in program. I don't think the disk will do anything new for you. What you need is the activation code... and I believe they ask for money for that. For the record, I run the free version also. I'm not really concerned about the "flaw" that is being worked on. Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now