App Review Malwarebytes 1.60 Test and Review

[NSG001]

Malwarebytes 1.60 Test and Review by Malware Geek




The Geek is Back

 

[Ramblin]

Nice video, thanks for posting it.

I think that 65% detection rate is about right. A few days ago I pick up 9 malicious executables and tested MBAM, HMP, Avira free version and Eset Online antivirus scanner. MBAM did not detect 4 of the 9 samples. HMP and Avira did just about the same. Only Eset detected 100% of the samples. The tests were not done by a pro but the results were an eye opener.

Eset scanner is my NEW preferred scanner. I even uninstalled HMP and don't have any scanner installed on my real system at this time. Anybody wants to try it, here is the link. If you go to the link using Firefox, you ll be allowed to DL the installer and do the scan on your computer.
http://www.eset.com/us/online-scanner/

Bo

 

[MetalShaun]

He makes a very good point about the Password Protection. Also Bo.elam a sample set of 9 does not really show you anything. Especially when its all down to signatures.

 

[Ramblin]

He makes a very good point about the Password Protection. Also Bo.elam a sample set of 9 does not really show you anything. Especially when its all down to signatures.

MetalShaun, I said the test was done not by a PRO but it does show that HMP is not as good as I thought it would be detecting malicious executables. I thought HMP was going to detect almost all and it did not. The other surprise was Eset detecting everyone of the executables.

By the way, what I was testing were the applications"signatures", nothing else. I don't use real time scanners so I just DL the files to my PC and ran the scan.

Bo

 

[MetalShaun]

He makes a very good point about the Password Protection. Also Bo.elam a sample set of 9 does not really show you anything. Especially when its all down to signatures.

MetalShaun, I said the test was done not by a PRO but it does show that HMP is not as good as I thought it would be detecting malicious executables. I thought HMP was going to detect almost all and it did not. The other surprise was Eset detecting everyone of the executables.

By the way, what I was testing were the applications"signatures", nothing else. I don't use real time scanners so I just DL the files to my PC and ran the scan.

Bo

It doesn't matter who done it. Like I said a sample set of 9 doesn't show you anything. You could try 9 random samples tomorrow and HMP could detect all 9. Of course you were only testing signatures, I also mentioned that in my post.

 

[Ramblin]

It doesn't matter who done it. Like I said a sample set of 9 doesn't show you anything. You could try 9 random samples tomorrow and HMP could detect all 9. Of course you were only testing signatures, I also mentioned that in my post.

I ll tell you something that made me scratch my head a little bit. Some of those files that were not detected by HMP, when I uploaded the files to VT, guess what, right, Ikarus did detect them. OK.

Now, if that does not get you thinking a little, I don't know what will.

Anyway, Eset scanner detected 100% of the files. I am not a fan of any antimalware but that's what I found.

My test don't mean much and the results, (I am an amateur who has learned how to prevent getting infected) I take them as I take the results of any of the tests done by our friends who test malicious links and post the results in Youtube.

I also like HMP but this is the way that it is, I am sorry that you are dissapointed but don't worry about it. Just learn prevention so you can forget about scanners and scanning. Thats what I did. I did this testing just for fun, the results don't mean much. OK.

Bo

 

[DiabloBlack]

I think that 65% detection rate is about right. A few days ago I pick up 9 malicious executables and tested MBAM, HMP, Avira free version and Eset Online antivirus scanner. MBAM did not detect 4 of the 9 samples. HMP and Avira did just about the same. Only Eset detected 100% of the samples. The tests were not done by a pro but the results were an eye opener.

Eset scanner is my NEW preferred scanner. I even uninstalled HMP and don't have any scanner installed on my real system at this time. Anybody wants to try it, here is the link. If you go to the link using Firefox, you ll be allowed to DL the installer and do the scan on your computer.
http://www.eset.com/us/online-scanner/

The testing of any anti-malware product is very subjective. What is effective today won't be tomorrow. That is why you measure how good a product is over time rather than just one test. How well does it do in the real world day in and day out and not just in a single test or review. Testing 10 pieces of malware or 100 pieces will give you very different results and can easily sway you to use another product IF it did good in that particular test.

I'll give you an example. I just tested Avast Free 6.0, ESET Online Scanner and MBAM (not pro) against 120 pieces of malware downloaded on 1/7/2012. Below are the results.

Avast Free 6.0 - 104 out of 120 - 86.6%
ESET Online Scanner - 82 out of 120 - 68.3%
MBAM - 78 out of 120 - 65%

As I would expect my real time protection (Avast) did rather well at 86.6% and both of the on demand scanners detected in the 60-70% range. As a second opinion (on demand scanner) these both did ok with ESET performing just a little bit better than MBAM. But like I said that is subjective.

I did another set of tests but this time I ran Avast against 120 pieces of malware and then immediately ran ESET and MBAM against the remaining pieces of malware in two separate tests and below are the results.

Avast + ESET - 111 out of 120 - 92.5% (ESET found an additional 7 pieces of malware)
Avast + MBAM - 115 out of 120 - 95.8% (MBAM found an additional 11 pieces of malware)

As you can see, when MBAM is used along with Avast the combined detection rate is higher than ESET with Avast. All of these tests are subjective and open to argument about which is better.

I think both of the on demand scanners are good and worth having in your tool box. I picked Avast as a base antivirus because that is what I already had installed on my VM test install of Windows XP Pro.

Note: One thing I don't like about ESET Online Scanner is it does not install a start menu item. To run this program again in the future you have to go to the installed folder location and run it or create a short cut.

 

[Ramblin]

The testing of any anti-malware product is very subjective. What is effective today won't be tomorrow. That is why you measure how good a product is over time rather than just one test. How well does it do in the real world day in and day out and not just in a single test or review. Testing 10 pieces of malware or 100 pieces will give you very different results and can easily sway you to use another product IF it did good in that particular test.

I agree.

As I would expect my real time protection (Avast) did rather well at 86.6% and both of the on demand scanners detected in the 60-70% range.
Avast + ESET - 111 out of 120 - 92.5% (ESET found an additional 7 pieces of malware)
Avast + MBAM - 115 out of 120 - 95.8% (MBAM found an additional 11 pieces of malware)

At the same time, I hope for your sake that you are not relying on Avast or Avast/MBAM to keep you clean, 86.6% or 95,8% detection rate is not enough. Your "real time protection" main line of defense should not be an antivirus. All AV miss something all the time. Thats one of the reasons that I got rid of them.

Bo

 

[DiabloBlack]

At the same time, I hope for your sake that you are not relying on Avast or Avast/MBAM to keep you clean, 86.6% or 95,8% detection rate is not enough. Your "real time protection" main line of defense should not be an antivirus. All AV miss something all the time. Thats one of the reasons that I got rid of them.

My main line of defense is common sense. The Avast and MBAM were in my VM. My main config is NIS 2012 and MBAM Pro and if I'm feeling frisky (risky) then I'll run Sandboxie but most of the time if I feel what I am doing is of any threat I'll work in VM. If anything really stupid happens I can just roll back to a snapshot.

 

[Ramblin]

My main line of defense is common sense. The Avast and MBAM were in my VM. My main config is NIS 2012 and MBAM Pro and if I'm feeling frisky (risky) then I'll run Sandboxie but most of the time if I feel what I am doing is of any threat I'll work in VM. If anything really stupid happens I can just roll back to a snapshot.

Yes, common sense is huge, we can agree on that.

By the way, if you use SBIE all the time instead of part of the time like you are using it now, you can forget about NIS and MBAM. Sandboxie can do more for you than the scanners combined if you use it the way it was designed to be used. That is, use it all the time.

Using SBIE for only certain sites or for opening some (supposedly) risky files is not the right way of using SBIE. Picking malware is not like picking cherries. You know what I am saying. Use SBIE 100% of the time, there is no reason not to and it does not make any sense not to do so.

Hey Diablo, I noticed the other day that you are from Georgia. I dont live in GA but I am a huge Falcons fan. Sad day today.

Bo

 

[DiabloBlack]

Hey Diablo, I noticed the other day that you are from Georgia. I dont live in GA but I am a huge Falcons fan. Sad day today.

Actually I live in South Carolina. You probably saw Augusta Georgia on the speedtest which is the server it used. That is only about 60 miles away.

Not a Falcons fan myself, I was rooting for the Steelers and well that turned out real BAD.

By the way, if you use SBIE all the time instead of part of the time like you are using it now, you can forget about NIS and MBAM. Sandboxie can do more for you than the scanners combined if you use it the way it was designed to be used. That is, use it all the time.

Using SBIE for only certain sites or for opening some (supposedly) risky files is not the right way of using SBIE. Picking malware is not like picking cherries. You know what I am saying. Use SBIE 100% of the time, there is no reason not to and it does not make any sense not to do so.

Probably a fault of mine but I do have some faith in some venders HAHA! So I do surf the web without using Sandboxie 100% of the time. So what you are saying is everything you download and run/install is done twice, once in the sandbox to see if it is safe and then again out of the sandbox so you can actually use what ever it is you downloaded? How do you know what you downloaded is safe? You have no AV installed so no alerts or auto protection would ever kick in. What if a rootkit known by most AV venders runs silently in your sandbox from some download with no problem what so ever and since you have no AV installed it goes undetected. You think everything is good to go so you install it outside the sandbox and bam, you're infected. Yeah I understand that no AV product will detect everything 100% of the time but I don't see any reason not to have both proactive protection, Sandboxie in this case and reactive protection e.g. your AV product(s). Many of the AV products available these days are proactive as well even if not 100%. My example of Avast + MBAM 95.8% may not be perfect but it is pretty darn effective. If anything ran outside the sandbox did fool you at least you would have a second option in place to try and stop it.

Here are two questions from Sandboxie Frequently Asked Questions with Sandboxie's response.

How safe would I be, by using Sandboxie?

You would be quite safe using Sandboxie. It should be noted that, from time to time, people are able to find some vulnerability in Sandboxie, an open hole through which malicious software can still infiltrate the system.

This happens once every few months, on average, and is quickly resolved by closing the hole that is the attack vector.

Thus it's a good idea to have more traditional anti-malware software. This is is the subject of the following question.

Do I need other solutions if I use Sandboxie?

Sandboxie may be your first line of defense, but it should certainly be complemented by the more traditional anti-virus and anti-malware solutions. These solutions can let you know if your system does become infected in any way.

Typically, those other solutions employ various forms of pattern matching to discover malicious software and other threats. Sandboxie, on the other hand, quite simply does not trust any software code enough to let it out of the sandbox.

The combination of the two approaches should keep malicious software -- which is serving the interest of other unknown parties -- out of your computer.

As you can see Sandboxie themselves doesn't think you should rely on Sandboxie alone as your only form of protection.

 

[Ramblin]

I ll try to make it as short as possible but its hard. I use sandboxie for browsing and opening files that are in my PC or that I download. The only time a browser or a program like Foxit, Excell, etc opens out of a sandbox is when is time to do an update. At no other time, programs other than the browser connect to the Internet, most programs are forced to open in their own sandbox and they are restricted according to the program.

I rarely use SBIE for trying programs other than browsers. I prefer to try programs using something like TimeFreeze or some other system virtualization program. Very important, I never try unknown programs.

I ONLY install on my real system well known programs and ONLY use the developers site or File Hippo for downloading installers. I ll never fool around getting installers from iffy places. Never. After I get the installer, I run it by Virus Total and Jottis and until recently I would run the 1 minute 45 seconds scan by HMP. Doing it like this, really works well for me, its real simple, follow the rules and thats it.

What you quoted from the SBIE website is very true for most users but for some users, for different reasons, we prefer to go without real time antivirus and actually feel safer by doing so. I ll give you a couple of my own personal reasons that are very important to me. One, I truly believe that SBIE works better alone, with no interference by another program. I want SBIE to be on top shape if I ever get attacked and by not using anything else, I am achieving that. Conflicts between security programs are well documented as you know and "unknown conflicts" specially is what would worriy me the most if I was using real time scanners. Two, I mentioned "worries" at the end of the previous sentence and by not using, updating or upgrading security programs my stress level while using the Internet is at a low 1. If I was using an antivirus, right away, my stress level would jump up to a 5 and when its time to upgrade, oh boy, that day, the stress level would certainly go sky high.

Basically what I am saying is that I feel better and safer by not using a real time scanner but that does not mean that SBIE is a replacement for an antivirus. It turned out that way for me and for many others but I certainly did not plan it that way.

Greetings from Central America
Bo

 

[Rompin Raider]

Nice video, thanks for posting it.

I think that 65% detection rate is about right. A few days ago I pick up 9 malicious executables and tested MBAM, HMP, Avira free version and Eset Online antivirus scanner. MBAM did not detect 4 of the 9 samples. HMP and Avira did just about the same. Only Eset detected 100% of the samples. The tests were not done by a pro but the results were an eye opener.

Eset scanner is my NEW preferred scanner. I even uninstalled HMP and don't have any scanner installed on my real system at this time. Anybody wants to try it, here is the link. If you go to the link using Firefox, you ll be allowed to DL the installer and do the scan on your computer.
http://www.eset.com/us/online-scanner/

Bo

Good to see you hanging out in a nice neighborhood Bo! Happy New Year! RR

 

[Ramblin]

Good to see you hanging out in a nice neighborhood Bo! Happy New Year! RR

Nice to see you RR, don't get lost. Rooting for the Santos now.

Bo