Author Topic: Malwarebytes Anti-Malware Update Discussions  (Read 56405 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #195 on: January 27, 2018, 06:14:11 PM »
And I note Marcin's post has been edited to say a fix has been released. I'll wait for the dust to settle before applying.
I updated both my laptop and desktop and so far no problems, although there was a "delayed reaction" before the MBAM icon in the tray "understood" that Web Protection was indeed back on. 

Other than the problem some months ago with Web Protection being off, I have never had any other issues with MBAM so keeping the faith. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline frapper

  • Full Member
  • ***
  • Posts: 36
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #196 on: January 27, 2018, 06:18:56 PM »
Same symptoms in Win7 this AM. It took me down for 3 hours. Not knowing what was wrong, I assumed I was infected and finally restored an Acronis image and all was fine. I'm sure by that time they had the fix in the pipeline. My problem started when I was in Palemoon and stepped away for a few minutes, only to find a script error message on the screen. Then slow as molasses and black screens. I had to do hard shutdowns too. Figured I was somehow infected. Instead I was apparently infected by the very thing that was supposed to thwart infections. All good now.

Posted Image

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1059
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #197 on: January 27, 2018, 06:30:23 PM »

Quote from: pastywhitegurl
All these update issues with MBAM are a bit disconcerting.  I used it for so long with nary a problem, and then once the update that combined anti-ransom with the rest of MBAM protection happened, it has seemed so much less stable.
I agree. Since the release of 3.x over a year ago, it seems their beta testings have been lax as too many updates have been pushed out without sufficient testing.

I accept they cannot catch every problem, but this, like several others was so extensive, it seems to me in-house testing, had it been done properly, would have caught it.

Quote from: Corrine
although there was a "delayed reaction" before the MBAM icon in the tray "understood" that Web Protection was indeed back on. 

Other than the problem some months ago with Web Protection being off, I have never had any other issues with MBAM so keeping the faith. 
Perhaps had I not told Malwarebytes to Turn on Web Protection, it would have eventually turned on on its own. But I tried to turn it on manually after installing the patch and it just sat on "Starting...". After several minutes, I restarted Malwarebytes and that seems to have cleared it. All is working now.

I agree it has been several months since I have had problems and that was reassuring. What has rattled my confidence is what I said above, I feel this would have been caught had proper in-house beta testing been performed. And the fact this seems to be a recurring problem is bothersome. If they tried it on all their company machines first, then rolled it out to all employee personal systems before out to the public, I am sure someone would have encountered these problems considering how fast and how wide spread the problem became.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #198 on: January 29, 2018, 02:10:37 PM »
From the PDF, root cause, attached to the Malwarebytes blog post, IMPORTANT: Web Blocking / RAM Usage - Malwarebytes Labs | Malwarebytes Labs:

Quote
Findings and Root Cause

There are detection syntax controls in place to prevent such events as the one experienced in this incident. Recently we have been improving our products so that we can show the reason for a block, i.e. the detection "category" for the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.

Corrective Action Based on the finding listed above, the following corrective actions will be taken:
  • The system that performs the syntax checking of all Web Filtering heuristics will be expanded to reject entries that cover these wide IP ranges.
  • The components within the Malwarebytes Web Filtering system that runs on customer computers will be changed to perform stronger checking of these entries – similar to the point above – and reject any that do not meet that criteria.
  • Improve the facility within our publishing system that provides the ability for faster rollback of problematic detections. This will reduce the window of exposure, thus reducing the number of customers impacted.
  • Add many more computers to our existing testing cluster to increase the scope of our coverage.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1059
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #199 on: January 29, 2018, 04:51:10 PM »
As indicated in the root cause report, users started reporting problems to Malwarebytes less than 15 minutes after the offending update was posted to the update server. That clearly suggests (to me, anyway) there was little and certainly inadequate testing prior to posting.

Let's hope their plan to "add many more computers to our existing testing cluster to increase the scope of our coverage" becomes a reality soon. They need to restore user confidence by demonstrating this cannot so easily happen again.

Like it or not, security programs are, and should be held to a higher standard than other applications. Users must "feel" and believe their security products are protecting them at all times.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #200 on: January 29, 2018, 05:54:27 PM »
My experience yesterday was that the issues didn't start immediately.  Web Protection never showed on my laptop as being disabled but did on my desktop.  Yes, Pale Moon crashed once with a script error like Frapper mentioned but after restarting it, it didn't crash again.  It was on my desktop where I noticed the higher CPU usage and Microsoft Edge crashing followed by the black screen with cursor.  Combining the two events, I headed to the MBAM forum and knew that had to be the problem so disabled the service on both devices.  As a result, I can understand how it was missed.

Yes, I do agree that security companies need to be held to a higher standard, however, as I've said many times in the past (especially when people have problems with Microsoft updates), there are so many variables.  Take two brand new, identical machines out of the box and give them to two different people.  Those two machines will never be identical again and whatever changes made/software installed can indeed have an impact on updates.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1059
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #201 on: January 29, 2018, 07:28:07 PM »
Quote
As a result, I can understand how it was missed.
I think you are being generous. I saw many posts on multiple sites by many users complaining of high RAM usage, Web Protection turned off, or both. 3 out 3 of my own regularly used systems that run Malwarebytes Premium were affected, including this PC which also had that black screen issue. 2 clients called me to report problems with their systems.

None of these systems run unique software scenarios or hardware configurations. I suspect if it happened on a weekday instead of a Saturday morning, I would have received more calls and seen more posts.

Quote
as I've said many times in the past (especially when people have problems with Microsoft updates), there are so many variables.  Take two brand new, identical machines out of the box and give them to two different people.  Those two machines will never be identical again and whatever changes made/software installed can indeed have an impact on updates.
This is totally true, an excellent point and I agree completely. But the scope of the impact with Windows Updates is multitudes bigger than it is with Malwarebytes. And the reality is with Windows Update issues, they typically only affect a very few people out of the 100s of millions (billion +) who got the updates. It is just that even a tiny percentage is still millions and millions of users who can and do make a lot of noise.

I note this update only affected Malwarebytes Premium and Endpoint users, not Malwarebytes Free users and that narrows the field even more, making the percentage impacted (based on what I saw) even greater. :( For example, I have never had a Windows Update break any of my computers - let alone 3 out of 3. :(

The Root Cause report noted this update, which was distributed (or would have been distributed is systems were on) to every Malwarebytes Premium and Endpoint user on all versions of Windows, had that syntax error that blocked "a large range of IPs".

Syntax errors don't just happen. Somebody changed something!

Having worked in a software development company for 10 years where one of my "other hats" was as a beta tester, I feel certain the problems noted are precisely the type problems adequate in-house testing should have been looking for, and caught before releasing to the field. And especially tested should be those areas where code changes are made.

Don't get me wrong. I still think Malwarebytes is an excellent program with a fine development team behind it. But that team and management must not assume they cannot make mistakes. There should be peer reviews with code changes and better testing before any update goes out. This is again, where that higher standard comes in. With over 250 employees there, they could push these out to their own personal machines first and probably caught this before it went public and saved face, hassles, and maybe overtime pay too - with none of us customers being the wiser, or disappointed.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #202 on: January 29, 2018, 08:45:38 PM »
Syntax errors don't just happen. Somebody changed something!
From the PDF:
Quote
The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.
Yup.  Things were changed BUT there was a change that was supposed to be made that got missed. 

Bottom line, yes, it was a major screw-up that impacted the Pro & Enterprise customers -- and, as you said, would have been worse if it was during the week.  However, what impresses me is that ownership was taken for the error and we weren't left wondering what happened and what they're doing to prevent something like this from happening again.  Compare that to Intel's report on January 11 about reboot issues and not recommending that OEM's stop issuing the updates until January 22.   Granted, the issue was not as problematic but how many customers does Intel have and how large is their research facility compared to Malwarebytes?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1059
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #203 on: January 30, 2018, 02:02:09 PM »
Quote
However, what impresses me is that ownership was taken for the error
I agree completely here. And I applaud them for how fast they determined and corrected the problem too. We'll see what happens if they implement the changes they said they would to prevent (or at least marginalize) these events in the future.
Quote
Granted, the issue was not as problematic but how many customers does Intel have and how large is their research facility compared to Malwarebytes?
I agree with this too. But I think part of the problem here was the shock and dismay that this problem went back decades and nobody (not Intel, not AMD, not whitehat security firms, nor the badguys) detected it before this. I am not offering "shock and dismay" as an excuse, just a partial - though inadequate - explanation for them being in denial.

Another big difference between this event and Intels is, as noted yesterday by Woody Leonhard (my bold underline added),
Quote
You’ve no doubt been inundated by the news about Meltdown and Spectre, the two (actually, three) highly publicized security vulnerabilities in essentially all modern computer chips that, at this point, has never been seen on a real, live, in-the-wild computer.

Perhaps lucky for Malwarebytes is the IT Press was sleeping-in this last Saturday morning too. ;)
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline MikeW

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 557
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #204 on: March 06, 2018, 04:11:16 PM »
Version 3.4.4 released.

We just released a new upgrade for Malwarebytes for Windows--Malwarebytes 3.4.4.

Initially this version will only be available via in-app upgrades. If you don't want to wait to be notified by the program that your upgrade is available you can always grab the upgrade manually by clicking Install Application Updates in Settings > Application (if you're running MB 3.2 or later).  The updated installer will be also available for download from main Malwarebytes website starting March 6th or 7th.

Here’s the list of changes / improvements in 3.4:

Performance/protective capability
•   Improved remediation for shortcuts and tasks
•   Added better handling for heavily infected systems to streamline detection & remediation
•   Continued improvements to overall protection, detection and remediation 

Usability
•   Added Notification Center for easy access to most recent real-time block notifications (NOTE: you will see this in dashboard header, but currently it won't display for first time until after a real-time block event has occurred)
•   Added category to website blocked notification to show the reason why site was blocked
•   Improved report design for better usability
•   Added device name to My Account screen in preparation to sync with My Account portal
•   Updated the API used to interact with Windows Action/Security Center
•   Changed the 'Recover if missed by' setting for Scheduled Scans to be enabled by default for new scans
•   Numerous other user interface and copy improvements   

Stability/issues fixed
•   Fixed issue where files did not save properly with anti-ransomware enabled
•   Fixed issue where notifications could stack so you might see multiple versions of same message
•   Fixed issue where Beta opt in setting would not honor Restore Defaults
•   Updated the 7-Zip library to the latest version, v.18.01
•   Improved upgrade process from earlier versions of Malwarebytes
•   Continued improvements to driver operation and management
•   Fixed several crashes, including a blue screen related to Web Protection
•   Addressed other miscellaneous defects

Thanks!
Edited 5 hours ago by bdubrow
added more info on Notification Center
Win 7 Home Premium  IE11 MSE  Mbam Pro

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1059
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #205 on: March 06, 2018, 05:06:50 PM »
FWIW, I was offered this update first thing this morning when I woke my computer. Upgrade proceeded without a hitch.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #206 on: March 06, 2018, 05:47:02 PM »
I ended up installing the beta on my desktop to solve issues I was having with Malwarebytes on an Insider Build.  However, after reading your post, Bill, I launched Malwarebytes, clicked "Install Application Updates" and after the latest definitions were installed I was asked if I wanted to install the update. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1212
  • Gentleman
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #207 on: March 06, 2018, 06:51:10 PM »
a lot of folks are having real issues with this update as you can see at the forum...I will wait as usual
before I update

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1059
    • View Profile
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #208 on: March 06, 2018, 07:08:29 PM »
Quote
a lot of folks are having real issues with this update as you can see at the forum...I will wait as usual
A "lot"? I think I see less than a handful.

https://forums.malwarebytes.com/forum/41-malwarebytes-3/
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malwarebytes Anti-Malware Update Discussions
« Reply #209 on: March 06, 2018, 09:09:11 PM »
To quote exile360 from here:

Quote
Yes, version 3.4 is officially out now and includes quite a few improvements to protection, performance as well as numerous bugfixes and usability improvements.  Based on what I've seen of the beta and reports so far, this appears to be the most stable 3.x release to date.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.