App Review Malwarebytes vs Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

enaph

Level 28
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
I skipped to the last few minutes of the video because I was expecting very poor score from Malwarebytes. I was right.
Sad that once great product is having a very bad time - resources consuming, buggy "stable" v3 released too soon to the public, beaten to the ground in almost each of tests... But still I will keep my lifetime MBAM key in a safe place because who knows...
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Well, the encryption process has triggered the detection, which has blocked the process itself but ransomware is fast being able to encrypt some files anyway.
This is a well known and common problem of many security products in the case of ransomware not detected by signatures.
 

ispx

Level 13
Verified
Well-known
Jun 21, 2017
616
lol i am compelled to quote myself " Malwarebytes is way too over hyped in my opinion ".

@Terry Ganzi,

the dates shown next to some of the samples you used are as old as 2015 & even 1990.

am i to assume that malwarebytes could not even block malware that has been around for years ?
 

Aura

Level 20
Verified
Jul 29, 2014
966
Disables two of the real-time protection modules and expect Malwarebytes to function at 100% effiency.
Also, I didn't know that willingly downloading and executing a Ransomware payload from the Downloads folder was a "real world" scenario.

For all the testers out there, is there an expression similar to "skid", but for people that do reviews of security products without having a single clue of what the ... they're doing?
 

Terry Ganzi

Level 26
Thread author
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
lol i am compelled to quote myself " Malwarebytes is way too over hyped in my opinion ".

@Terry Ganzi,

the dates shown next to some of the samples you used are as old as 2015 & even 1990.

am i to assume that Malwarebytes could not even block malware that has been around for years ?

I am not the person who made this video,I just posted this video from youtube to show people that recommend this useless product that was once something to give people better advice,I hate when people recommend a product to novice users that don't perform any more & find all sorts of excuses why it still comes in handy because nuff people they follow uses it or so call top geeks, useless is useless don't care how others try to paint the picture, but i must insist you also have to have facts to back your claims. IT IS WHAT IT IS:)
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
Disables two of the real-time protection modules and expect Malwarebytes to function at 100% effiency.
Also, I didn't know that willingly downloading and executing a Ransomware payload from the Downloads folder was a "real world" scenario.

For all the testers out there, is there an expression similar to "skid", but for people that do reviews of security products without having a single clue of what the ... they're doing?
I agree with certain aspects you have stated here with the exception of the Downloads folder, which by default is where everyone "downloads" too from emails to the web, this is still real world scenario. As for him disabling the malware protection, and executing the first sample, the Trojan may very well have been intercepted before it established the outbound connection to drop and encrypt. He obviously was not watching the network monitor when it spiked up.

This is why disabling components to test separately is not wise, as the modules are designed to all work together in most products. I still give no credit to these type youtube tests. I stopped watching it after the first sample, it was all I needed to see.
 

ispx

Level 13
Verified
Well-known
Jun 21, 2017
616
I think Malwarebytes Is spreading themselves too thin. I think they should have left it the way it was in version 2, without adding all these different modules to it.

you hit the nail on the head. malwarebytes was better off before they incorporated adw cleaner & the anti-ransomware feature.
 
  • Like
Reactions: frogboy

Aura

Level 20
Verified
Jul 29, 2014
966
I am not the person who made this video,I just posted this video from youtube to show people that recommend this useless product that was once something to give people better advice,I hate when people recommend a product to novice users that don't perform any more & find all sorts of excuses why it still comes in handy because nuff people they follow uses it or so call top geeks, useless is useless don't care how others try to paint the picture, but i must insist you also have to have facts to back your claims. IT IS WHAT IT IS:)

And you know what I hate? People that call a product useless without knowing how to use it, how it works, how to test it properly, or that think their opinion must be considered facts when they have no experience in InfoSec, or IT at all and are most likely underage.

I agree with certain aspects you have stated here with the exception of the Downloads folder, which by default is where everyone "downloads" too from emails to the web, this is still real world scenario.

Not really, it depends on your email client. For instance, if you open an attachment straight from an email in Outlook (which most people do), it doesn't download (copy) itself to the Downloads folder, but the Outlook temporary folder which isn't in %USERPROFILE%\Downloads, but somewhere along %AppData%\Microsoft\Windows.

Also, going back to my argument where the "tester" expect Malwarebytes to fully stop a Ransomware payload when he disables 50% of the modules (2 out of 4), I guess he never thought that in a real-world situation it could go like this:

User browses the web and somehow hits an EK
EK have an exploit in store for the user system and manage to drop a Ransomware payload on his system
Payload contact his C2, receives information, proceeds to encrypt the files
Game over.

Now, with Malwarebytes installed, it could stop the infection chain at any moment.

User browses the web and somehow hits an EK, but Malwarebytes Web Protection module blocks it (by preventing the connection to the gate)
EK have an exploit in store for the user system and manage to drop a Ransomware payload on his system, but Malwarebytes Anti-Exploit module blocks it and if not, Malwarebytes Malware protection module detects the file and deletes it on the spot
Payload contact his C2, receives information, proceeds to encrypt the files, but Malwarebytes Web Protection module blocks the connection to the C2, and some Ransomware do not proceed with the encryption if they cannot contact their C2 OR the Ransomware starts his encryption process only to be stopped by the Anti-Ransomware module because of it's behavior.

People somehow think that Malwarebytes' 4 protection modules are fully independent from each others, while this is true (as disabling one of them, don't prevent the 3 others from actually working and do their job properly), did anyone thought about the fact that these 4 modules are enabled together, to work together for a reason?

Jesus that post is badly constructed but I'm in a hurry so I'll adjust it later if needed.
 

russ0408

Level 5
Verified
Well-known
Jul 28, 2013
234
We could argue this till we're blue in the face. You have your opinion I have mine. To me Malwarebytes is like the old saying, "Jack of all trades master of none."
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
Not really, it depends on your email client. For instance, if you open an attachment straight from an email in Outlook (which most people do), it doesn't download (copy) itself to the Downloads folder, but the Outlook temporary folder which isn't in %USERPROFILE%\Downloads, but somewhere along %AppData%\Microsoft\Windows.
Since I'm not a user of Outlook, I just used my significant others outlook account to download some photos I had sent her, I clicked download all, clicked save and let it by default throw it where it does on the system, guess where it landed, yep, in the downloads folder.

Also, going back to my argument where the "tester" expect Malwarebytes to fully stop a Ransomware payload when he disables 50% of the modules (2 out of 4)

People somehow think that Malwarebytes' 4 protection modules are fully independent from each others, while this is true (as disabling one of them, don't prevent the 3 others from actually working and do their job properly), did anyone thought about the fact that these 4 modules are enabled together, to work together for a reason?
I had fully agreed with you on this aspect. Modules are designed to work together as I stated above.

Jesus that post is badly constructed but I'm in a hurry so I'll adjust it later if needed.
This is no biggie, I got what you meant, and as stated above, pretty much agreed with you other then testing from the downloads folder or desktop, which is two common places people drop downloads.

BTW, I'm well aware of drive by's and webfilters, file indicators, ect. This does not mean that executing samples from the desktop or download folders are not still real world.
 
Last edited:

FrFc1908

Level 20
Verified
Top Poster
Well-known
Jul 28, 2016
950
well this is the perfect example that good results in the past are are no guarantee for good results in the future. back in its hayday mbam was one of the best a.m. scanners out there.....it is a shame to see that all those bells and whistles are not more than smoke and mirrors :( thanks for the share terry!
 

ncage

Level 3
Verified
May 20, 2017
103
I skipped to the last few minutes of the video because I was expecting very poor score from Malwarebytes. I was right.
Sad that once great product is having a very bad time - resources consuming, buggy "stable" v3 released too soon to the public, beaten to the ground in almost each of tests... But still I will keep my lifetime Malwarebytes Anti-Malware key in a safe place because who knows...

Ya i agree. I purchased 5 lifetime licenses in the past because i like it so much. Even when they were good they have had a lot of issues. I was using it during the time when they had something get screwed up with their definitions where a lot of OS files were detected as malware which basically bricked your system. They released a fix which was supposed to fix the systems they bricked but it never worked so all the affected machines had to be repaved. They have always had issues with definitions sporadically not automatically updating or certain protection features just randomly turning off. They other day i looked at one of my instances that still has malwarebytes installed and the service was using 650MB of memory. Wowser...maybe it was using java :p.
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
well this is the perfect example that good results in the past are are no guarantee for good results in the future. back in its hayday Malwarebytes Anti-Malware was one of the best a.m. scanners out there.....it is a shame to see that all those bells and whistles are not more than smoke and mirrors :( thanks fpr the share terry!
That's what this discussion was just about up to your post, the product was not tested correctly, and therefore one can not use this to base any kind of judgement on it. Disabling modules that are designed to work together of course will give it bad results.
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
We'll have to wait for CS before we have any meaningful test of MBAM v3. This one is so flawed.

EDIT: Isn't that cute... I abbreviated the program name and the forum automagically spelled it out. Can we expect the same result for "CS" in the future?
 
  • Like
Reactions: _CyberGhosT_

ispx

Level 13
Verified
Well-known
Jun 21, 2017
616
i had put this question to @Terry Ganzi, but he must have missed it. i now address it to all & anyone who can explain it to me.

the dates shown next to some of the samples used are as old as 2015 & even 1990.

am i to assume that Malwarebytes could not even block malware that has been around for years?

So adding more detections to Malwarebytes' database (by rolling in AdwCleaner defs if I understand what you're saying) is bad? How so?

let me re-phrase it, malwarebytes in its old avatar was a better performer. pardon me if i confused you @Aura.

this is not to debate with you since i know that your technical knowledge about malware is way more than mine.

nevertheless i would like to add that after paying 40 bucks i would expect that piece of software to prove its worth.

i work hard for my money & if i feel that my money has gone down the drains i am bound to crib & i will yell & tell all & sundry about it.

my feedback is based not only on this video.

i recently stumbled across a self-replicating virus & a ransomware. windows defender pounced on the ransomware in a flash.

zemana flagged the virus & also got rid of it real quick but according to malwarebytes both the infections were clean as a whistle.

as a paid subscriber that makes me feel like i flushed 40 bucks in the pot. i hope you can see what i mean.
 
  • Like
Reactions: Terry Ganzi

Nuno

Level 2
Verified
Feb 26, 2016
98
I understand what you were trying to achieve with the video.
By disabling the malware protection layer, you are disabling any chance of the av fetching data from previous signatures, treating all of those samples as a zero day. However, issue with this test is that by disabling that actual malware protection, you are also disabling its ability to run heuristic modules on the executables.
I'm no fanboy of anything, but in my opinion, that's severely crippling an antivirus. The antiransomware layer was incorporated as an extra layer of security and not a standalone heavy antiransomware shield, crippled in the test by the lack of the module that's supposed to stop the infection earlier.

I still enjoyed watching the test though. It can be interesting if you compare it to other antiransomware modules (I don't know which antivirus have a separate antiransomware layer though). However, as a separate test, with no base of comparison, the results can't be used to determine of mbam is or not good at doing its job.

Just my opinion, though.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top