Galt's Gulch

Malwarebytes' latest tool protects against ransomware

Posted by $ nickursis 8 years, 2 months ago to Technology
70 comments | Share | Flag

This might be worth looking into, I haven't had much chance to look into what conflicts it might have with Kaspersky Internet Security, but if it can coexist with current tools, it might be good to use. Just be careful with what you do, as it is Beta, so may cause problems, but there are some Gulchers here who seem pretty savvy about software.
SOURCE URL: http://thenextweb.com/apps/2016/01/27/malwarebytes-latest-tool-protects-against-ransomware/

Add Comment

FORMATTING HELP

All Comments Hide marked as read Mark all as read

    -
  • Posted by $ Snezzy 8 years, 2 months ago
    Sooooo happy using Linux.
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by Timelord 8 years, 2 months ago
      It's common for Linux users make comments like that but you guys aren't immune! The bug found in the SSL stack (heartbleed, if my poor memory is right) originated with early versions of the stack - in Unix/Linux. There have been other viruses (or other malware) that targeted Linux.

      Mac users used to be very smug about not even needing anti-virus like we poor, unwashed Windows users. Now if you read the trades you'll see that the majority of new malware is targeting the Mac OS.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by $ Snezzy 8 years, 2 months ago
        The one time I had major trouble with viruses was the day I allowed a stupid friend to use my W98 machine. I thought he was just going to check his mail on Yahoo. He discovered I didn't have any games he liked and immediately downloaded a whole bunch of stuff.

        Now any guest users of my Linux boxes get guest accounts. They can complain all they want about not having CrazyVirusGame.exe, but they'll never be able to run it even if they download it!

        Yes, there might be Linux viruses. Once in a while I'll hit a website that announces that my computer is infected, and I just laugh.

        I'm STILL sooooooooo verrrrrry happpppppy with Linux.

        I've used Unix or something much like it since 1976. 40 years now. Even once met Ken and Dennis, way back when.
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by Timelord 8 years, 2 months ago
          Wow, the closest I came to Kernighan and Ritchie was their book on C programming - back in the 1980's. Feel free to disagree, but after dealing with C I have to say I prefer C#. Of course there're a lot more differences than just improved code safety and support for real strings, but my comparison was just about the language improvements - without regard to the .net framework et. al.
          Reply | Mark as read | Parent | Best of... | Permalink  
            -
          • Posted by $ nickursis 8 years, 2 months ago
            I did some classes in some of the various programming languages and found sticking red hot pokers in my toes to be more fun. I got an IT degree but have never went back to try anything, as it is just not something I can wrap my head around. Hardware is easy, software not. Good for you if you can, my hat is off to you!
            Reply | Mark as read | Parent | Best of... | Permalink  
            • Posted by ewv 8 years, 2 months ago
              Listening to lectures on programming syntax is deadly. It's best to read it, learn by doing, and experiment, followed by looking up what you need in references.
              Reply | Mark as read | Parent | Best of... | Permalink  
            • Posted by Timelord 8 years, 2 months ago
              There are a lot of valuable IT functions other than programming. Good business analysts are valuable (assemble the requirements for new software and turn into specs for programmers) and good project managers are also valuable. Both need excellent organizational skills and communications skills but don't require technical knowledge (although it's helpful, for sure).

              Being a good programmer requires a very particular mindset and an uncommon way of looking at the world. Notice "good" programmers. I work in a very large organization surrounded by lots of programmers and most of them are very bad at writing code and abysmal at debugging.
              Reply | Mark as read | Parent | Best of... | Permalink  
  • Posted by Ben_C 8 years, 2 months ago
    I have Malwarebytes on my computers. I coughed up the money for the premium version (really, not that much) and it has been smooth sailing ever since. Good product.
    Reply | Mark as read | Best of... | Permalink  
    -
  • Posted by MaxCasey 8 years, 2 months ago
    I work in infosec and while these products may do an ok job, the problem with the ransomware/malware is 1) the end user 2) the fact that windows allows an unprivileged user to run an .exe from the appdata directory structure in the users profile. These ransomeware apps run just like the webex or gotomeeting installers and while an AV or Anti-Malware product may be effective to an extent, they rely on either signatures (which come from after the ware is in the wild) or from heuristics, which in some cases are good and getting better, but still difficult to identify.

    My recommendation is locking down the ability to install/run from the appdata directory and using allowances for the apps you need which need to run this way. Google Chrome takes advantage of the appdata flaw (yes it is a flaw imho) and will install itself despite user privilege restrictions. If you are a home user, this may be over your head, and if you are sysadmin and haven't done this for your users yet, well... get to work.

    If you need help or want to do this for your computer or in your company I will be happy to point you in the right direction (I'm not advertising per se so don't flag me por favor).
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ nickursis 8 years, 2 months ago
      Well, Windows does allow you to have a user account that does not allow installers to work, or requires the painful process of going through all the clicking. That is one reason that is the reccomended setup, but the valid software people have created so many scrpts and inside the inside programs that run as executables, that it sort of hobbles the web experience. That is one thing they rely on, is users who have got all the windows open so they don't have to put up with it. Most of the ransomeware reports I have seen say they had to click on a file or such to install it. The latest one I saw can install like a JS file, just by going to the infected website. Now that is a real problem, which is why I am in favor of this Malwarebytes Beta.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by MaxCasey 8 years, 2 months ago
        This isn't totally correct. Chrome, and others will install for an end user who does not have permissions to install regular software. Spotify does too. They exploit the appdata directory just like cryptolocker and other ransom ware packages do. Regardless of whether the user clicks it, or JavaScript launches it via a website, the payload is installed dude to a basic and simple to fix flaw in Windows which doesn't require malware bytes. I've protected thousands of computers this way.
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by $ nickursis 8 years, 2 months ago
          Is that a reg edit or an application?
          Reply | Mark as read | Parent | Best of... | Permalink  
            -
          • Posted by MaxCasey 8 years, 2 months ago
            It's neither. It's a policy. Applied to the domain, it's a group policy, or for just one machine you can just apply a local policy.
            Reply | Mark as read | Parent | Best of... | Permalink  
              -
            • Posted by $ nickursis 8 years, 2 months ago
              So you have to ask your domain provider to do it? Say for my own website I lease my space from a provider where my domain name is held. It is a Linux server so would it still be needed?
              Reply | Mark as read | Parent | Best of... | Permalink  
                -
              • Posted by MaxCasey 8 years, 2 months ago
                No. This is completely separate from your website. Most businesses are using Active Directory for authenticating windows computers. Active Directory is set up with a domain name, (similar to yourdomain.com but has little if anything to do with the web), so that when they log into their computer the computer looks for Username in the xyz.local domain namespace. Within active directory you can apply policies to groups of computers that are joined to that domain. In essence, you can control everything that those computers can or cannot do, from installing software, to what the desktop wall paper is. One of the things you can do is choose to secure the appdata directory that resides in every user profile across all the computers joined to the domain from one location. This is how I go into a company like JP Morgan and apply a fix to 60,000 computers by doing 10 minutes of work.

                Alternatively, if you don't have a domain that your office computers are joined to, you can secure that directory by affecting the local computer policy on each computer. it's more time consuming, but very very effective.

                Now when you lock down the directory, there will be things you might not be able to do as a restricted user anymore. launching webex or gotomeeting might be one of those things. You can customize which software can run using the appdata folder while blocking everything else. This is what I do for my clients. You effectively deny all, while making allowances for the few good things you need.
                Reply | Mark as read | Parent | Best of... | Permalink  
                • Posted by $ nickursis 8 years, 2 months ago
                  OK, now I see, this is an issue sort of one we have run into internally, where we have locally set up web sites within our factory and they went through and changed all the active directory's so most are set to just view but not alter data. Had to go fight with them for sites where we enter data for specific tools and we were locked out. I would have to do each of my home machines as they are all independent.
                  Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by saucerdesigner 8 years, 2 months ago
    Thanks for this, nick. I've downloaded, installed and even though Kaspersky Total Security is a little different than the product described in the article in the link provided below, set up the exclusions to hopefully keep both Malwarebytes Anti-Ransomware and Kaspersky from conflicting. I'll report back if I have any problems with it.
    http://tinyurl.com/jem5yf9
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ nickursis 8 years, 2 months ago
      Thank you, I look forward to what you find. I use Internet Security, so I am not sure what config changes would be need to get them to play nice with each other. Kaspesky is very auto setting.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by saucerdesigner 8 years, 1 month ago
        I have received one update to Malwarebytes Anti-Ransomware. Everything has gone smoothly until this morning when I saw an alert that ransomware activity had been detected and that the process (I believe the alert used the word "process") explorer.exe had been quarantined. I nearly panicked because even with my rudimentary understanding, I knew that explorer.exe was crucial to the operation of Windows. The taskbar had disappeared and only the familiar desktop was showing. Holding my breath I chose to restart the machine. It started normally, the taskbar reappeared and I was able to launch Malwarebyes Anti-Ransomware but did not see any history or explanation that anything untoward had occurred.
        Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by Herb7734 8 years, 2 months ago
    Even though I've been using computers since '88, I really know little about them. To me, a computer is like a car. If it runs, and does what it's supposed to do, I'm happy. If something happens and it doesn't function properly, I go to the mechanic in the case of the car, or my son unless he's too busy, or the computer wizards who know my HP computer inside out. I couldn't tell one computer protector company from another until my computer goes down, which means the company I used wasn't worth crap and I got a different company. This one gives me reports every few days and makes me feel secure, but, what do I know?
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ nickursis 8 years, 2 months ago
      Herb, I am willing to bet you are in the 80-90% of people who are in that same boat. I do not pretend to know much in the software area myself, I have built many systems (I am building one right now with a Haswell E 6 core chip) and can usually get them to work, but she software end is just what seems to work and what doesn't. I can say if you get CC Clean (free) and run it at the end of each session, it seems to keep your system pretty happy. My major issues have almost always been windows or driver related and sometimes have to throw my hands up. One issue was one of my back up harddrives caused the computer to shuffle the hard drive designations around and the boot drive went off to become like z: and windows does not work. Finally undoing all the drives let me get it back, but the new way motherboards use BIOS is the culprit, along with a bad SATA port. Hardware I can do (I work at Intel making chips) but software is mehh.. so stay with your son or experts. :)
      Reply | Mark as read | Parent | Best of... | Permalink  
      • Posted by Herb7734 8 years, 2 months ago
        Hi, Nick:
        I know you're being helpful, but I haven't a clue as to what you're talking about. I understand what makes cars and computers run, but that's it. I get flummoxed by the slightest snag. Or when installing software, I dread when it asks me a question. I hate upgrades. It took me a while to learn this much -- I don't want to learn anything new. I know, I'm an old fogey. OK, I've gone on enough. Hopefully there are some out there who are older and understand my dilemma.
        Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by $ Olduglycarl 8 years, 2 months ago
    It seems we must go to extremes to keep the barbarians at bay. (barbarians= hackers and their digital intrusions)
    Don't they have better things to do?...guess not.

    Pain in our butts!
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ nickursis 8 years, 2 months ago
      The fact that they have been allowed to run wild in the country side until they piss off someone important, before any prosecution. The ransomeware thing is a perfect example, some police departments have paid to get their stuff back!! A good ongoing backup system is the best defense in this case, or something like Malwarebytes if it works...
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by MaxCasey 8 years, 2 months ago
        The "defense" analogy would be, in this case, as follows:

        You are in charge of guarding a bank vault. You hire a security firm who is trained in spotting bank robbers and other shaddy looking folks. You get the best combination lock and security system money can buy. And then you post the combination and alarm codes on a sign out in front of the bank. All that is needed to swindle your customers is a disguise that Barney Fife hasn't seen yet.
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by $ nickursis 8 years, 2 months ago
          Why would not having your own full back up to restore from, or even this Beta be appropriate? I am not seeing the analogy here.
          Reply | Mark as read | Parent | Best of... | Permalink  
            -
          • Posted by MaxCasey 8 years, 2 months ago
            The point is you could have prevented the robbery in the first place. As I explained before, the anti-malware will work against known signatures, and potentially has some hieuristic features, but could be defeated by changing the signatures or creating a new payload. This gets demonstrated all the time at security seminars. As for a full backup, well I suppose that would be appropriate for a ho,e user to rely on, but the analogy would be that of insurance for a bank. Explains to your boss why 20 terabytes of data were maliciously encrypted and it will take a couple of days to restore when you could have just tightened up the operating system security via a simple group policy. Downtime costs money and tarnishes a companies reputation.
            Reply | Mark as read | Parent | Best of... | Permalink  
              -
            • Posted by $ nickursis 8 years, 2 months ago
              In that premise, you are correct, security companies should be instituting multi layered defense that does not rely on a single method or group of methods, for business and large groups. Even if available, though, the geniuses in management running around today would probably not invest in something that complicated and expensive.
              Reply | Mark as read | Parent | Best of... | Permalink  
                -
              • Posted by MaxCasey 8 years, 2 months ago
                Oh, they need only look in the news paper for evidence of why they should. Consider that true disaster recovery, that of a hot spare clone server coupled with offsite cloud based backup AND the ability to run and restore the entire server in the cloud can be purchased for about $4.00 per day and any business owner would be admitting to diminished mental capacity if he or she didn't avail themselves of the opportunity to mitigate risk. In my business, the hardest part is simply talking to people, once they see how affordable things are and how expensive the downside is they make the smart choice. And it's not as complex as one would think.
                Reply | Mark as read | Parent | Best of... | Permalink  
                • Posted by $ nickursis 8 years, 2 months ago
                  technology has it's own fearful reputation, in that there have been a lot of misrepresentation that has built into urban legends. Hopefully you can maybe use the ransomeware plague as a illustrative example.
                  Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by Timelord 8 years, 2 months ago
    Neither Malwarebytes' Anti-Malware nor Anti-Exploit will interfere with anti-virus products - because they aren't anti-virus products themselves; they do different stuff.

    Anti-Malware isn't a real-time scanner unless you're paying for Premium, you have to run it manually.

    Anti-Exploit runs as a service and I believe it's monitoring traffic from your Internet connection, but I wouldn't swear to that under oath. It's definitely doing real-time monitoring.

    As you're aware, you cannot run two anti-virus products simultaneously - or more correctly, you can't do that without running into a lot of problems. All the good products will disable your current anti-virus as part of their own installation routine.
    Reply | Mark as read | Best of... | Permalink  
    • Posted by $ nickursis 8 years, 2 months ago
      That is my understanding, I am going to look at the beta and see if it has any really nasty side issues, but I may give it a whirl...something like this is useful only because they have a boatload of ways to send it, but it usually involves opening an attachment you do not know, or a bogus website. Kaspersky is good at saying this is a bad site, and blocking it. Happens quite a bit with ads on these multi part web pages.
      Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by $ BLinBalto 8 years, 2 months ago
    Even if this tool works, the bad guys are smart and will come up with a new tool. The cat-and-mouse game will not stop. The best, and only 100% reliable, protection against ransomware attacks is a good backup. There are many tools that make this easy and safe, so if you are not backing up all data on a regular basis then you are taking unnecessary risks.
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by Timelord 8 years, 2 months ago
      A really "good" ransomware product infects the master boot record, having a backup won't help. If you have an uninfected system image it might save you, of that I'm unsure. If so, however, you'd have to delete your boot drive, partition, and volume and use a disk-wiper that will overwrite a bare drive. You must overwrite the MBR. It might be helpful to delete the volume and then recreate it as a GUID volume (not bootable to Windows), then delete that and wipe the drive. I think creating the GUID volume will overwrite the MBR.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by $ BLinBalto 8 years, 2 months ago
        The data is all that matters. If your data is safe, then you have defeated the ransom request. Repairing the MBR, or any other part of the system, is then one approach to returning to normal operation. Another is trashing the hardware altogether and starting over. In any event, data safety means the ransom attempt has failed.
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by Timelord 8 years, 2 months ago
          I guess that's true. I was going for the ultimate win, trying not to spend money on a new hard drive and hours installing software.
          Reply | Mark as read | Parent | Best of... | Permalink  
            -
          • Posted by $ nickursis 8 years, 2 months ago
            I am not so sure the drive is lost, there are some good tools for doing a total random write cycle on a hard drive that will clear every sector on it. There used to be a DriveWiper you ran in a DOS window at bootup that worked really good but took a long time, I don't know if it is related to the Win version. I still have it on floopy, but haven't found my usb floppy drive.
            Reply | Mark as read | Parent | Best of... | Permalink  
            • Posted by Timelord 8 years, 2 months ago
              There are lots of drive wiping programs. Eraser is excellent in many ways and DBAN is the most popular for totally clearing an entire drive because you boot from the DBAN cd/usb drive. The tricky part is still ensuring that you overwrite the master boot record. Viruses that infect that drive sector are the hardest to clean.
              Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by Esceptico 8 years, 2 months ago
    I have used Malwarebytes for years and find it catches stuff BitDefender misses. I switched from Norton to BitDefender because Norton was missing so much it gave me a false sense of security. BitDefender says it does not work with Malwarebytes, but my experience is they work find together. I also use CCleaner, and it is good, but it updates so oftenI only update once per month or so.
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by Timelord 8 years, 2 months ago
      I'm not familiar with BitDefender, but Malwarebytes anti-malware and Norton anti-virus are not direct competitors. Norton might have the anti-malware functionality, I don't know for sure cuz I don't like Norton, but Malwarebytes' product is not anti-virus.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by $ nickursis 8 years, 2 months ago
        I am with you on Norton (and Intel owns them) I do not use it because , while good in the beginning, it went downhill fast. Poor definitions and updates, so I went to Kaspersky about 10 years ago and have stayed with them, they rate really well in most of the reviews I see each year.
        Reply | Mark as read | Parent | Best of... | Permalink  
        • Posted by Timelord 8 years, 2 months ago
          Kaspersky does get good marks and they're usually on the cutting edge of anti-virus research and detection. The detection rankings can be deceiving, though, because it all changes so rapidly. Sometimes X brand AV will detect a new virus but Y brand won't, and then someone releases a virus based on old code that X brand stopped checking for but Y picks it up. Then a database and/or scanning engine update comes along and the detection rankings all change. That doesn't include whether or not a product that detects a virus can remove it.

          That reminds me that a lot of people don't know that if you know you have a virus and you know specifically which one it is, the major AV companies will have a tool specifically to clean that one that you can download for free. You don't have to be a paying customer for that.

          P.S. Intel recently sold off parts of Norton but I can't remember if they kept the AV piece or the backup piece.
          Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by edweaver 8 years, 2 months ago
    I have used Malwarebytes for the last year. It downloaded fine but I have been unable to get updates. It keeps saying that I need to be logged in as the administrator to update but I am logged in. Just yesterday sent support an email to try to resolve. Anyone else know a solution?
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ nickursis 8 years, 2 months ago
      Check your windows account, there is a user account and an administrator one. Normally that message means you are logged in as a user. Most OTS install of windows sets you up as a user, to prevent people from starting out in administrator and doing unintentional bad things. Go to Control Panel > User Accounts and you should be able to see if you are an administrator or user. It depends on your Win version what it says, my company laptop is different from my home install so I don't have a screen shot.
      Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by $ AJAshinoff 8 years, 2 months ago
    Good product, been using the free version for years (10+ easy). I don't use Kaspersky but its never conflicted with Avast, Norton, or Symantec.
    Reply | Mark as read | Best of... | Permalink  
    • Comment hidden by post owner or admin, or due to low comment or member score. View Comment
    • Posted by $ MichaelAarethun 8 years, 2 months ago
      Avast turned out to be one big virus on it's own. I'm using Avira now it's doing fine. And I've one other to try if needed recommended by the members here. I also use CC Cleaner and Malwarebytes. I will probably go CC Pro .Not sure yet on Avira. So far none of these are invasive trying to take over my computer. They don't slow things down like Avast which literally ground my computer to a halt I'm talking XT speeds. I had to use Malware and CC to get rid of it along with Webroot but Webroot wanted me to pay another year after I had just paid. So I didn't. Used their window washer for over ten years. Haven't gone near Norton, McAfee or any of those older one's since they went the 'we own you route. they are first things I erase and delete off a new computer. EZ Armor and what was the other one went that route AVG? No experience with Kaspersky....
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by $ nickursis 8 years, 2 months ago
        Don't know about Avast but I can believe it. CC Pro has a few bells and whistles and is good for some maintenance stuff if you have the need. I was just feeling I would pay the 29 for the use I have had for the last 10 years or so, since it first showed up. Well worth it.
        Reply | Mark as read | Parent | Best of... | Permalink  
        • Comment hidden by post owner or admin, or due to low comment or member score. View Comment
        • Posted by $ MichaelAarethun 8 years, 2 months ago
          True and maybe it would cure it of it's one bad habit of playing popup in the middle of some other project.I'd like to be assured of that before I paid the $$$.
          Reply | Mark as read | Parent | Best of... | Permalink  

FORMATTING HELP

  • Comment hidden. Undo