https://forums.malwarebytes.org/topic/180348-mbam-221-patch-release/
Issues Fixed:
Fixed security vulnerability to ensure database updates are
downloaded over SSL connections only
Fixed crash that occurred if Dell Backup and Recovery software
was installed on same system
Fixed issue where scheduled scan did not honor weekly recurrence
properly
Fixed issue where license expiration notices were incorrectly
displaying multiple times in rapid succession
Fixed issue where the Scheduler would continue to run in certain
cases after a trial had expired
Fixed issue where the update progress bar on the Dashboard would
appear to hang and would never complete
Several improvements to Chameleon self-protection
Unless they just left it out, the database itself is still vulnerable
to unauthorized modification once it's stored on the possibly
infected machine. It's super important for them to send the database
via secure comms as they make no effort (afaik, still!) to protect it
from unauthorized physical modification. The thought didn't occur to
them on their own, and when brought up several times, was ignored.
Since they go out of their way to make it portable conversion
unfriendly, this process can be an annoying pain to get around. *run
cmd.exe as admin, copy two files. [g] rules.conf, rules.ref)
They haven't addressed the internal (which have been made public
information, so can be taken advantage of with malware. Malwarebytes
is a big enough target) command vulnerabilities, unless, again, they
just aren't mentioning it.
They've published fixing two possible vulnerabilities that were made
public. Insecure download of datafiles/program updates as well as
issues with the self protection module. I do hope those improvements
now justify the name it was given.
I do not presently recommend updating to this version. If you're
already using it, I recommend uninstalling it. And, avoiding the
program altogether until the serious security issues are addressed
and resolved. These issues are unacceptable. And, unsafe for you.
Online support via their forums as of the date of this post is iffy
at best. Malwarebytes changed their forum software and really messed
things up. The company can't even follow proper and standard
procedures concerning testing a forum package before making it live.
The software is a mess, internally. The forum is a cluster####er. I
don't know WTF is going on with that company, but their going down
the crapper.
Superantispyware is more than enough to replace whatever benefit you
may have thought Malwarebytes was providing you. Superantispywares
code is lightyears ahead of Malwarebytes. And, they seem to
understand that you make some effort to test your software before you
release it to end users.
I have nothing to do with Superantispyware, either. I've just taken
the time to reverse engineer both programs as provided to a normal
end user, using typical reverse engineering tools. neither program
really makes much/any effort to prevent you from peeking inside.
Superantispyware's code is more efficient, and does not suffer from
the same vulnerabilities as malwarebytes. What's worse, Malwarebytes
Antimalware scanner continues to have most of the vulnerabilities
that have been published (remember, they were given an extension on
this too!) concerning their product. They do NOT care. It's evident
by their lack of timely patching/reworking the code to remove them.
--
MID:
Hmmm. I most certainly don't understand how I can access a copy of a
zip file but then not be able to unzip it so I can watch it. That
seems VERY clever!
http://al.howardknight.net/msgid.cgi?ID=145716711400
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|