Overclock.net › Forums › Industry News › Software News › [Inquirer] Google lumps Malwarebytes with a bad security report and a lot of homework
New Posts  All Forums:Forum Nav:

[Inquirer] Google lumps Malwarebytes with a bad security report and a lot of homework

post #1 of 48
Thread Starter 
Quote:
Malwarebytes has "multiple security issues" that can open users to man-in-the-middle attacks and other things that you might choose to avoid, according to a Project Zero report from researcher Tavis Ormandy.

The post said that the problem has been fixed, but a lot of the details have been redacted which, of course, makes things more interesting.
Quote:
"Malwarebytes fetches their signature updates over HTTP, permitting a man-in-the-middle attack. The protocol involves downloading YAML files over HTTP for each update from http://data-cdn.mbamupdates.com. Although the YAML files include an MD5 checksum, as it's served over HTTP and not signed an attacker can simply replace it," he wrote.

Source.


Even though the problem has been fixed now, it goes to show that even widely recognized software can have beginner-like flaws.
Edited by tpi2007 - 2/4/16 at 6:48am
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
post #2 of 48
I don't even understand the need for having such junk on a computer. I haven't used anti virus in years and I've never had an issue.

Don't click advertisements, use common sense when google searching and going to random websites, don't download random torrents...

I mean is it really that hard to not get a virus... Internet browsers themselves are fairly secure and make it easy for even the most lacking users to avoid viruses, spam and popups nowadays.
Current Rig
(9 items)
 
  
CPUMotherboardGraphicsRAM
Intel 6800k Gigabyte GA‑X99‑UD3P  Asus GTX 980ti Platinum edition 32 GB Crucial Ballistics 
Hard DriveHard DriveCoolingOS
Sandisk 512gb m.2 Western Digital reds Cooler Master 212 evo Windows 10 64bit 
Case
Fractal design define S 
  hide details  
Reply
Current Rig
(9 items)
 
  
CPUMotherboardGraphicsRAM
Intel 6800k Gigabyte GA‑X99‑UD3P  Asus GTX 980ti Platinum edition 32 GB Crucial Ballistics 
Hard DriveHard DriveCoolingOS
Sandisk 512gb m.2 Western Digital reds Cooler Master 212 evo Windows 10 64bit 
Case
Fractal design define S 
  hide details  
Reply
post #3 of 48
Quote:
Originally Posted by Kirus2012 View Post

I don't even understand the need for having such junk on a computer. I haven't used anti virus in years and I've never had an issue.

Don't click advertisements, use common sense when google searching and going to random websites, don't download random torrents...

I mean is it really that hard to not get a virus... Internet browsers themselves are fairly secure and make it easy for even the most lacking users to avoid viruses, spam and popups nowadays.

Pretty much yeah
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 4690k MSI Z97 Gaming 5 GTX 1070 Gaming X HyperX Fury 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 250GB + X25-M 80GB Noctua NH-D15 Windows 10 MG279Q 1440p 144hz 
KeyboardPowerMouseAudio
QuickFire TK Cooler Master V750 Logitech G402 HD 558 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 4690k MSI Z97 Gaming 5 GTX 1070 Gaming X HyperX Fury 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 250GB + X25-M 80GB Noctua NH-D15 Windows 10 MG279Q 1440p 144hz 
KeyboardPowerMouseAudio
QuickFire TK Cooler Master V750 Logitech G402 HD 558 
  hide details  
Reply
post #4 of 48
Thread Starter 
Quote:
Originally Posted by Kirus2012 View Post

I don't even understand the need for having such junk on a computer. I haven't used anti virus in years and I've never had an issue.

Don't click advertisements, use common sense when google searching and going to random websites, don't download random torrents...

I mean is it really that hard to not get a virus... Internet browsers themselves are fairly secure and make it easy for even the most lacking users to avoid viruses, spam and popups nowadays.


That's all very well, but your safe practices don't cover the whole spectrum of perfectly normal activities a user can do on a daily basis and still catch malware.

1. Malware injected into ad networks meaning that even your trusted sites get to unwillingly distribute malware -> you've got to have something to counter that. If not for a comprehensive AV solution, then at least extensions that block cross-site requests and ads;

2. Take the example from the OP. If you have other types of software (productivity, utilities, etc) installed that don't take that kind of security as a focus, that fetch updates over the Internet and they do it in a beginner-like fashion, how do you know they weren't subjected to a similar attack as the one described in the article?;

3. Stuff that you receive from trusted people and need to check. A pen or an e-mail with a document attached from a friend / college workgroup / co-worker / family member, etc because you need to do some work together. You need something to check those files.
Edited by tpi2007 - 2/4/16 at 7:14am
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
post #5 of 48
Quote:
Originally Posted by Kirus2012 View Post

I don't even understand the need for having such junk on a computer. I haven't used anti virus in years and I've never had an issue.

Don't click advertisements,
use common sense when google searching and going to random websites, don't download random torrents...

I mean is it really that hard to not get a virus... Internet browsers themselves are fairly secure and make it easy for even the most lacking users to avoid viruses, spam and popups nowadays.

Easier said than done when site like to fullscreen stupid ads and all you have is a tiny x somewhere hidden.
post #6 of 48
Quote:
Originally Posted by dagget3450 View Post

Easier said than done when site like to fullscreen stupid ads and all you have is a tiny x somewhere hidden.

Other thing are those "Download" buttons. If you are in a hurry and forget to check the URL, bam.
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
post #7 of 48
Quote:
Originally Posted by MadRabbit View Post

Sounds like you are an medical worker, lot of tubes and hubs tongue.gif


Trust me I'm a doctor ^_^


Also if you don't have anti virus some files will attempt to download itself and when your not paying attention your just going to press ok.
Edited by clao - 2/4/16 at 7:24am
My build
(12 items)
 
  
CPUMotherboardGraphicsRAM
8350 MSI 970 Gaming  R9 290x 4GB Evga SSC 1866 
Hard DriveOptical DriveCoolingOS
samsung 850 evo lg thermaltek nic c4 microsoft 
MonitorPowerCaseMouse
asus vq evga g2 cooler master k380 logitech 402 
  hide details  
Reply
My build
(12 items)
 
  
CPUMotherboardGraphicsRAM
8350 MSI 970 Gaming  R9 290x 4GB Evga SSC 1866 
Hard DriveOptical DriveCoolingOS
samsung 850 evo lg thermaltek nic c4 microsoft 
MonitorPowerCaseMouse
asus vq evga g2 cooler master k380 logitech 402 
  hide details  
Reply
post #8 of 48
Quote:
Originally Posted by clao View Post

Trust me I'm a doctor ^_^


Also if you don't have anti virus some files will attempt to download itself and when your not paying attention your just going to press ok.

Whats your field of...never mind biggrin.gif
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
post #9 of 48
Quote:
Originally Posted by tpi2007 View Post

That's all very well, but your safe practices don't cover the whole spectrum of perfectly normal activities a user can do on a daily basis and still catch malware.

1. Malware injected into ad networks meaning that even your trusted sites get to unwillingly distribute malware -> you've got to have something to counter that. If not for a comprehensive AV solution, then at least extensions that block cross-site requests and ads;

2. Take the example from the OP. If you have other types of software (productivity, utilities, etc) installed that don't take that kind of security as a focus, that fetch updates over the Internet and they do it in a beginner-like fashion, how do you know they weren't subjected to a similar attack as the one described in the article?;

3. Stuff that you receive from trusted people and need to check. A pen or an e-mail with a document attached from a friend / college workgroup / co-worker / family member, etc because you need to do some work together. You need something to check those files.

Never in my 15 years of personal computing has it happened. Alas, never say never....

In the event it does though, why would I trust my AV to fully handle it? I wouldn't. That's why I have all my important (known to be safe) documents on my encrypted NAS. I'd format the infected PC every time. I just don't see the need for an anti virus... don't need my PC being bogged down by anything... don't need some program to scan my stuff...

In fact, I'd be more worried about these anti virus companies planting viruses in my computer specifically for said anti virus software to find to create a need. Something to think about.
Edited by Nilareon - 2/4/16 at 7:47am
Current Rig
(9 items)
 
  
CPUMotherboardGraphicsRAM
Intel 6800k Gigabyte GA‑X99‑UD3P  Asus GTX 980ti Platinum edition 32 GB Crucial Ballistics 
Hard DriveHard DriveCoolingOS
Sandisk 512gb m.2 Western Digital reds Cooler Master 212 evo Windows 10 64bit 
Case
Fractal design define S 
  hide details  
Reply
Current Rig
(9 items)
 
  
CPUMotherboardGraphicsRAM
Intel 6800k Gigabyte GA‑X99‑UD3P  Asus GTX 980ti Platinum edition 32 GB Crucial Ballistics 
Hard DriveHard DriveCoolingOS
Sandisk 512gb m.2 Western Digital reds Cooler Master 212 evo Windows 10 64bit 
Case
Fractal design define S 
  hide details  
Reply
post #10 of 48
Quote:
Originally Posted by Kirus2012 View Post

I don't even understand the need for having such junk on a computer. I haven't used anti virus in years and I've never had an issue.

Don't click advertisements, use common sense when google searching and going to random websites, don't download random torrents...

I mean is it really that hard to not get a virus... Internet browsers themselves are fairly secure and make it easy for even the most lacking users to avoid viruses, spam and popups nowadays.

you would be surprised, I think most over here on OC.net are better than the average computer user! I see lots of companies that fall bad to cryptolocker and the likes and spammers just take the "It just takes 1" mentality, put enough malicious adds and spam out there and you are gonna catch someone in your net!

I mean just click here to see *cough* *shady look*
https://www.reddit.com/r/funny/comments/1cod9r/trust_me_im_a_dolphin/
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Inquirer] Google lumps Malwarebytes with a bad security report and a lot of homework