Team OS : Your Only Destination To Custom OS !!

Welcome to TeamOS Community, Register or Login to the Community to Download Torrents, Get Access to Shoutbox, Post Replies, Use Search Engine and many more features. Register Today!

Locked Malwarebytes Corporate accesses your passwords ?

Status
Not open for further replies.

juanamm

Super Moderator
Downloaded
614.8 MB
Uploaded
86.7 GB
Ratio
144.43
The genuine MBAMService.exe file is a software component of Malwarebytes. MbAMService stands for Malwarebytes Anti-Malware Real-Time Windows Service.
The process has no visible window. It is not a Windows system file. The file has a digital signature, this is a Verisign signed file. MBAMService.exe is able to monitor applications, connect to the Internet and manipulate other programs.

So far it is nothing new, if it is an antimalware and it must protect you in real time, it must have access to the files that enter your PC over the Internet or those that we put of our own volition when downloading, copying data or installing a program, also it will need to connect to Internet to be updated or perhaps use some cloud service.


Now, what caught my attention today, was that when opening browser without even typing any URL or clicking on anything, I get an Avast Premium Security window informing me that MBAMService was trying to access my passwords and I was wondering if I allowed it access or not.
I was really stumped, I don't have any Malwarebytes plugins or add-ons in my browsers.
This is not normal, or at least unethical, I never granted it permissions, and Malwarebytes never asked me if I wanted my passwords managed.

Different is the situation with Avast Password, which is an Avast suite app that saves all passwords that we indicate, so when we enter a site or want to log into a web application, it can auto-complete the user and password fields.
But this application is paid and it works if we install it and save passwords but we allow it, not like the Malwarebytes case that didn't even inform me previously that it could access my passwords.

In short, I am a little disappointed with Malwarebytes as it was an app that I trust, but I cannot make any complaints or explanations to its developers because I do not pay for the service, I use Malwarebytes Corporate downloaded from this site.

I leave my reflections for those who have paid for their license who know that this application can access their passwords and if they have the opportunity to report it to the company to which they have paid for their services.

Author Note: Sorry for my bad English and because someone may think that I have no rights to complain since it is also unethical to use this corporate app without paying.
Also do not read as I want to advertise Avast, since I have no personal or professional relationship with this company.
 

Cyler

Moderator
Downloaded
15.8 GB
Uploaded
10.3 TB
Ratio
666.7
If you can clarify please when you say " MBAMService was trying to access my passwords " what do you mean with the word passwords? Windows passwords? Browser passwords? Avast Password? Other passwords? Asking because each one requires different access methods and credentials and has different reasons for happening.
 

Baronstragen

Verified Member
Downloaded
35.4 GB
Uploaded
529.1 GB
Ratio
14.96
I ran Malwarebytes corporate for a while. But it didn't seem to catch things defender would for malware. So I switched to ESET. I heard some stories about malwarebytes, but they were just that, stories. Anyhow, I guess it's just watching what programs do what. I check my computer periodically with process explorer especially when something "weird" happens. You know, just not what your computer normally does. I used to be a big time Avast fan until I found this out. You can probably google for the rest of it. "

Avast, the Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.

That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month, though the anti-virus provider says it's working with Mozilla to get its products back online.

But recently appointed chief executive Ondrej Vlcek tells Forbes there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts."
 

juanamm

Super Moderator
Downloaded
614.8 MB
Uploaded
86.7 GB
Ratio
144.43
@Cyler, I already have the answer.
The truth that as soon by natural impulse warning appeared, I denied access without reading the entire message.
Most likely the Avast message said: "MBAMService.exe is trying to access your passwords in Chrome"
Because now I have seen a thread in Malwarebytes forums where a user complains about same thing, but in Firefox browser.
The answer from official technical service did not convince me, but I did find last answer from a user correct.
In case you want to see it here it is: https://forums.malwarebytes.com/topic/258549-mbamserviceexe-try-to-access-passwords-in-firefox/
 

SydneyM

Registered User
Downloaded
41.8 GB
Uploaded
13.4 GB
Ratio
0.32
Thanks for the info, Juanamm. I noticed that also and automatically blocked it. But now that I am using McAfee Endpoint, the message does not appear. Regards.;)
 

Cyler

Moderator
Downloaded
15.8 GB
Uploaded
10.3 TB
Ratio
666.7
@Cyler, I already have the answer.
The truth that as soon by natural impulse warning appeared, I denied access without reading the entire message.
Most likely the Avast message said: "MBAMService.exe is trying to access your passwords in Chrome"
Because now I have seen a thread in Malwarebytes forums where a user complains about same thing, but in Firefox browser.
The answer from official technical service did not convince me, but I did find last answer from a user correct.
In case you want to see it here it is: https://forums.malwarebytes.com/topic/258549-mbamserviceexe-try-to-access-passwords-in-firefox/
Sorry for the late answer, real life happens. That answer you linked is right and I would also post a similar answer for your case which is why I asked first what type of passwords did it try to access. You did a great job researching it tho my friend. Kudos

Also for you and everyone, take good note of what @Baronstragen said.
Avast, the Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.
Each one of us can draw their own conclusions.
 

juanamm

Super Moderator
Downloaded
614.8 MB
Uploaded
86.7 GB
Ratio
144.43
Thanks for the info, Juanamm. I noticed that also and automatically blocked it. But now that I am using McAfee Endpoint, the message does not appear. Regards.;)
Perhaps the message does not appear with McAfee, because you are not using Avast Password browser plugin to encrypt and save your passwords.
I suppose for that reason, having no add-ons to store your passwords, Malwarebytes has no place to stick his nose. :)
 

Alessia_Amelia

Verified Member
Downloaded
135.5 GB
Uploaded
1.1 TB
Ratio
8.15
Just a comment in regards to this thread. We have been paying customers of Norton Deluxe with Internet Security and Lifelock /Dark Web Monitoring. which monitors our online activities very thoroughly yet maintains its "distance" with add-on / plugins like Safe Search and Password Manager. We encrypt our online and system passwords which it helps generate, with nothing less than 12 mixed characters and such. Yet in our use, we too have experienced this exact same occurrence in the Opera and Comodo and Chrome browsers. And we also have the Corporate version of Malwarebytes from here. Reporting to Norton tech support, it was explained it was an overall security issue of a majority of the online browsers such as the one you stated coming from Malwarebyte's unseen installed configurations. We've uninstalled it since then reluctantly and are searching for a viable solution. Our privacy and security is important to say the least. But at least now the alerts have stopped from Norton on all three browsers.
 

skip1

Uploader
Donor
Verified Member
Downloaded
91.9 GB
Uploaded
1.8 TB
Ratio
19.51
It goes without saying this is concerning even if the browser passwords that MBAM service is "scanning" are encrypted (gathered from the malwarebytes thread @juanamm posted). I have been using Emsisoft for a few reasons: the malware engine uses not only their own database but also bitdefenders', their privacy policy is stellar, their program does't get in the way (unless it needs to or the user set it to). Not trying to sell anything here, just saying might be worth a look. Glad that @juanamm brought this to attention. With corroborating stories from other power users here it might be a worthy task to start looking elsewhere for that thin line of security vs. human stupidity and impulsiveness...
Asking those who know is this behavior from Malwarebytes warranted to do its job, or am I missing the point? (@Cyler @juanamm )
 
Last edited:

Cyler

Moderator
Downloaded
15.8 GB
Uploaded
10.3 TB
Ratio
666.7
...is this behavior from Malwarebytes warranted to do its job, or am I missing the point? (@Cyler @juanamm )

Apologies for the long post/wall of text but some things are not easy to explain in a couple of lines only.

Personally I did some tests in an isolated environment and I need to test it more, but to be honest, I think the truth is somewhere in the middle, leaning more for Mbytes. From one side we may have an "overzealous" Scanner like malware looking where it's not supposed too on the other we may have an "overprotective" Avast (or even Norton) thinking everything is a threat.

I will try to oversimplify some facts: We know that there are malicious extensions for browsers that do data acquisition and tracking among other things. The difference of an extension from a plugin is that the extension is mostly source code that runs within the browser and therefor NOT detectable from antiviruses that scan for compiled code unless they are built to scan for those threats specifically. But to be able to detect the malicious activity of an extension you need access to the browser too, which in the eyes of the antivirus will make it look like suspicious activity.

(a bit older from 2019) case and point: Firefox had again issues with the avast password (without the help of malware byte this time). Some users began noticing that the browser had stopped automatically filling in their saved logins. Even worse, when they tried to access their saved logins using the Firefox password manager, they noticed that the list was empty. Firefox saves login information, in a file called logins.json that is stored in the profile folder for the Firefox user. When users checked to see if this file existed, they found that it was renamed to logins.json.corrupt. AVG Password Protection program blocked any process' access to saved logins unless the process is signed by a known and valid certificate source. Firefox had updated their certificates but AVG didn't and AVG thought that Firefox itself didn't have a valid certificate (I'm not making this up)

Ocams razor also leads me to think... For argument sake, let's say they do collect passwords, what is the company going to do with all the username/passwords? if we assume that they get 20mil passwords (out of the 200 mil users they have), are they going to log 20 million times, 1 for each user, and companies like Google or Microsoft or any other company won't detect that the same location/range of IP, logged several thousand times with different user credentials? Would a company risk massive lawsuits? It doesn't make sense to me.

Honestly, I think It's shared blame here but Avast is to be blamed more for false positives. IF Avast wanted to do it right, they could/should have tested Mbytes for outgoing transmission of passwords (that's what I did and saw none in the short test I did) and either make an exclusion or reveal Mbytes as bad actors. Seeing past behaviors and knowing those two are competitive companies I don't think they will treat each other fairly but rather try to throw mud to each other. Unless one wants to think that avg (and Norton because those 2 are the only ones that cause such issues) figured something that no other AV including ESET, BitDefender, etc didn't even see. Cause I'm 100% positive if Mbytes even thought of stealing username/passwords every other security research and AV company would be on their case if anything to eliminate competition.

Never be 100% sure and always have eyes open and use reason and logic.
 
Last edited:

Nic410

Verified Member
Downloaded
37.5 GB
Uploaded
3.1 TB
Ratio
84.35
..so..., what about using the computer without an antivirus. I don't see much need for one.
A popup blocker ( uBlock Origin, etc. ), yes. Other than that, I don't see it. Do backup and be happy. ( my 2 cents. )
 

skip1

Uploader
Donor
Verified Member
Downloaded
91.9 GB
Uploaded
1.8 TB
Ratio
19.51
@Cyler Can't thank you enough for the reasonable and understandable approach. I'm glad you are able to discern the difference between something that is "overzealous" and something that is mischievous. I also think your logic is on point (as usual...), if MB were doing something of this nature every AV in the industry would pounce on the chance of exposing and "kick mud" in said face, among other horrendous damage mainly the lawsuits brought on by not only individual users via class action but by corporate clients whose lawyers would have a field day to say the least (more so in the EU with GDPR requirements/restrictions in which case add state government prosecution). When it comes down to it I think there are tools available to us that are completely sufficient for the tasks we normally face, and there are products that sell and profit from proliferating fear through users who are approaching computers and the internet for the first time and want an insurance policy. Not saying that MB is unnecessary, but nothing will replace a users brain, intuition and knowledge (from both experience and study).
Good research on the AVG piece btw that is pretty unbelievable...Swing and a misssssssss. Woooof AVG...:fubar:
 

juanamm

Super Moderator
Downloaded
614.8 MB
Uploaded
86.7 GB
Ratio
144.43
I totally agree with the explanation provided by Cyler and the responding user on the Avast forums.
In addition to the competition of both companies, it turns out that the extension that MBAM was going to analyze, in my case, is owned by Avast.
Since I authorized Avast Password to encrypt some browser passwords, Avast informed me that Malwarebytes was going to analyze that extension.
It may be a matter of zeal, now that I've read more about it, I don't think MB is going to misuse my passwords, but I feel more confident that Avast will inform me about the intended analysis.
Each user using logic and reasoning will decide if they want MB to analyze that extension or not.
In my case it was fast reasoning, almost impulsive, since I do not want MB to carry out that specific analysis because I trust Avast Password since it promises that my passwords are encrypted locally on my PC, they will not be stored on any Avast server or from third parties and undertake not to use or share them.
I have already entrusted some of my passwords to Avast, I do not want to entrust them to any other application, even if they use them well or directly they don't use them.
 

Victor24

Young Guns===)>™
Uploader
Verified Member
Downloaded
52.3 GB
Uploaded
1.3 TB
Ratio
24.81
just a little note for you, I don't trust any apps to handle my passwords. :D
As I understand, these two anti virus thing are competing in business aspect. In business, there is nothing impossible. ;) Everything is put on the line,, ethical, unethical.....so on...
For that matter, its hard to judge who/whom telling the truth
 

juanamm

Super Moderator
Downloaded
614.8 MB
Uploaded
86.7 GB
Ratio
144.43
just a little note for you, I don't trust any apps to handle my passwords. :D
...
That would be ideal, when you access few sites. :D
But when I access many sites with many different users and many different passwords, I have to trust something.
Leaving my passwords in the browser is a very insecure option.
And having to save them in a txt file (or on paper) and copying them manually is a very tedious task. :whew:
I currently access +200 sites :)

I think that the subject of this thread has already been sufficiently debated and the causes and motives of it have been identified.
I close this thread, but not before thanking everyone who has helped and contributed their comments here. :clap:
 
Status
Not open for further replies.
Loading...
Top