Porthos
Well-Known Member
- Reaction score
- 13,304
- Location
- San Antonio Tx
The reason Malwarebytes claims to to be an AV Replacement. I DO NOT subscribe to that line of thinking but here is a statement from MBAM staff.
"Malwarebytes 3.0 includes more modules than just the old Anti-Malware. The Anti-Exploit's Application Behavior (Layer3) module will block script malware like DOC macros, JS, HTA, etc. when these are executed through their real-world infection vector (i.e. via browser or email client). So for example an ZIP email attachment that includes a JS file that is opened by wscript.exe is automatically and proactively blocked by the anti-exploit module. A Word (DOC) Macro that tries to execute wscript, powershell, cscript, etc. will also be blocked by the anti-exploit module.
As for file infectors, Malwareybtes 3.0 will continue to detect some viruses and worms that are prevalent as it has until now. MB3 does not disinfect file-infectors that use appending, cavity, etc. techniques, but that's not relevant for a few reasons:
1- File infectors have been dead for a few years. Sure you can find recent mutations in VT but that doesn't mean they are prevalent. They are mostly just in research collections. Also many file infectors won't even run anymore on modern OS's.
2- Malwarebytes still believes in layered security and MB3 still supports running alongside any other security product of your choosing. In fact the way MB3 integrates into the Windows Action Center is by default to to run alongside Defender and other security applications. You have advanced settings to "always register" and "never register", but by default we're not hung up in the old-school mentality of traditional AV in terms of thinking a single product is a magic bullet that will protect you from every threat forever and ever. What we're saying is that, while in the past Malwarebytes was seen as a wingman to your AV, nowadays with MB3 and all its new next-gen signature-less technologies we can be your primary line of defense and AV functionality to deal with file-infectors and network worms is mostly obsolete (although we will continue running alongside your AV if you so wish).
3- Traditional AV functionality to deal with file-infectors requires an on-access emulator and a ton of irrelevant signatures, which is the reason why AV is bloated and consumes a lot of file, CPU and memory resources. By contrast Malwarebytes 3.0's on-execution is extremely light on resources and without the performance impact.
4- We have another future-proof technology in beta which we will be integrating into Malwarebytes 3.0 in the near future that will help a lot with this front. Rather than going back to the bloated and reactive AV engine approach, we are solving this problem with proactive, signature-less and lightweight technology solutions. This part is still secret for now, so please don't ask for more details yet
"
"Malwarebytes 3.0 includes more modules than just the old Anti-Malware. The Anti-Exploit's Application Behavior (Layer3) module will block script malware like DOC macros, JS, HTA, etc. when these are executed through their real-world infection vector (i.e. via browser or email client). So for example an ZIP email attachment that includes a JS file that is opened by wscript.exe is automatically and proactively blocked by the anti-exploit module. A Word (DOC) Macro that tries to execute wscript, powershell, cscript, etc. will also be blocked by the anti-exploit module.
As for file infectors, Malwareybtes 3.0 will continue to detect some viruses and worms that are prevalent as it has until now. MB3 does not disinfect file-infectors that use appending, cavity, etc. techniques, but that's not relevant for a few reasons:
1- File infectors have been dead for a few years. Sure you can find recent mutations in VT but that doesn't mean they are prevalent. They are mostly just in research collections. Also many file infectors won't even run anymore on modern OS's.
2- Malwarebytes still believes in layered security and MB3 still supports running alongside any other security product of your choosing. In fact the way MB3 integrates into the Windows Action Center is by default to to run alongside Defender and other security applications. You have advanced settings to "always register" and "never register", but by default we're not hung up in the old-school mentality of traditional AV in terms of thinking a single product is a magic bullet that will protect you from every threat forever and ever. What we're saying is that, while in the past Malwarebytes was seen as a wingman to your AV, nowadays with MB3 and all its new next-gen signature-less technologies we can be your primary line of defense and AV functionality to deal with file-infectors and network worms is mostly obsolete (although we will continue running alongside your AV if you so wish).
3- Traditional AV functionality to deal with file-infectors requires an on-access emulator and a ton of irrelevant signatures, which is the reason why AV is bloated and consumes a lot of file, CPU and memory resources. By contrast Malwarebytes 3.0's on-execution is extremely light on resources and without the performance impact.
4- We have another future-proof technology in beta which we will be integrating into Malwarebytes 3.0 in the near future that will help a lot with this front. Rather than going back to the bloated and reactive AV engine approach, we are solving this problem with proactive, signature-less and lightweight technology solutions. This part is still secret for now, so please don't ask for more details yet
