Malwarebytes, system security and trusting installs

[Captain Blackberry]

In trying to optimise a Win7 machine ( ) to be as secure as possible, it's reasonable to make sure outward facing software is controlled or trusted as much as possible.

Malwarebytes is quite noisy on the firewall so raises suspicion. It's blocked until I let it through to update.

Update checks are also lengthy to undertake, sometimes it takes a minute to check.

I can't fathom the need for more than a check of two version numbers totalling a few bytes of data. An almost instant check to see a new update is required.

It doesn't seem there is a way to download definition libraries/files and check their authenticity either. I assume the update stream is encrypted to prevent MITM attacks, but lacking manual updates is worrisome for paying customers.



Purely from a security point of view I'm increasingly sceptical about trusting this software on my system. It's also a US company which raises suspicion in the current digital data climate.


Has anyone fully logged Malwarebytes to view what it is sending and receiving during updates and checks?

I'll give it a shot with Wireshark and post my results.

[marzametal]

MalwareBytes PAID is noisy because it has hardcoded entries to fire off update requests every 30 mins or so. The FREE version relies on manual updates only. I have a valid licence, but to silence the noise, I didn't register, so only using it as on-demand. I suggest you get another on-demand to back it up like Emsisoft Emergency Kit.

Malwarebytes has lost my respect since it jumped on the Amazon Web Services bandwagon. I punched on with tweaking its updates for over a month, because it would make calls to AWS, bypassing their previous CDN requests to Edgecast and Highwinds.

I brought this up on their forum, and pretty much got a rehearsed response. So I am using Free version, and have 2 MBAM rules in my firewall: 1 to allow to specfic update IPs while on VPN, and 1 to block while on VPN. I had a 3rd while using PAID version because of the update requests every 30 mins, which was a block on all interface rule. But got rid of it, since I am using FREE atm.

So it is a matter of disabling the block while on VPN rule and enabling the allow while on VPN rule to update, and then reversing to shut it up. These are the entries I have, I might actually trim them down since there are 6. But so far no issues in MBAM asking for more IPs.

68.232.34.124
68.232.45.119
69.16.175.10
69.16.175.42
93.184.221.133
192.229.145.124
205.185.208.98

[marzametal]

It doesn't just check version numbers, it checks a lot of definition updates that are on your system in relation to MBAM, compares them with lists on their update server, and then updates to current list. It is ridiculous! I also agree, I smell a rort.

[Captain Blackberry]

Thanks for the great information feedback.

I ended up running firewall notifier and also setting up rules for the windows firewall.

Not much is allowed to talk as default, and a quick shortcut or batches open/close rules as needed.


Yes these big CDN are holding your user data and a VPN IP, and if MWB is pinging constantly to AWS then you're just providing your IP and real user data perpetually into the 'internets'

Not ideal.


My subscription is coming to an end. I'm not going to repeat my subscription. I'll email them and say why.
There should at least be the possibility of a simple version check and update system that respects a users privacy and anonymity.
Ie, a version check could be a simple number check, no data sent. And a download link to a generalised open server to get data without passing my username to them.

This stuff shouldn't be hard.