Jump to content
Sign in to follow this  
caintry_boy

Malwarebytes Security Flaws

Recommended Posts

Two things:

  1. This is a bit more than a theoretical flaw. Malicious code injection can be done. MBAM was able to recreate it... but there is no evidence that this flaw has ever been exploited.
  2. Research shows that this flaw can only be exploited on a machine by machine basis. Malicious code cannot be injected that effects everyone who runs MBAM. It can only be accomplished by specifically targeting a specific machine and then the perpetrator would have to interrupt the update in order to inject their code. It sounds to me like it would take a "man in the middle" setup to pull it off.

What I like to see is that MBAM immediately verified the findings when notified and Marcin immediately admitted to the flaw and set to work to fix it. They have already made some corrections, but do not believe it is totally solved yet. The risk is extremely small, but it appears they are serious about fixing it... rather than just saying "Can't fix everything".

Share this post


Link to post
Share on other sites

Two things:

  1. This is a bit more than a theoretical flaw. Malicious code injection can be done. MBAM was able to recreate it... but there is no evidence that this flaw has ever been exploited.
  2. Research shows that this flaw can only be exploited on a machine by machine basis. Malicious code cannot be injected that effects everyone who runs MBAM. It can only be accomplished by specifically targeting a specific machine and then the perpetrator would have to interrupt the update in order to inject their code. It sounds to me like it would take a "man in the middle" setup to pull it off.

What I like to see is that MBAM immediately verified the findings when notified and Marcin immediately admitted to the flaw and set to work to fix it. They have already made some corrections, but do not believe it is totally solved yet. The risk is extremely small, but it appears they are serious about fixing it... rather than just saying "Can't fix everything".

 

:clap: :clap: :clap:

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

Question Tomk_ or anyone...where do I find this > implement the “self-protection” setting

I run the FREE Malwarebytes and don't find that option anywhere...

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

Sorry Roger. That information isn't going to do you any good. The ability to check that option will be grayed out on the free version. MBAM Free doesn't have "real-time" protection. The self protection module only works with "real-time" protection.

 

As I understand it, what it does is put any MBAM program updates in a quarantine until a scan is ran on it, to protect against some outside source injecting or manipulating the code. Your free version doesn't do automatic updates so I believe that the theory is... nothing is going to update unless you tell it to so your are unlikely to update from some unknown source.

Share this post


Link to post
Share on other sites

You can upgrade your free version with a click of a button in program. I don't think the disk will do anything new for you. What you need is the activation code... and I believe they ask for money for that.

 

For the record, I run the free version also. I'm not really concerned about the "flaw" that is being worked on.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...