Latest Version of Malwarebytes

Well, there are my results in living color mate.
NIS does use Trust Control, it doesn't re-scan a file found to be OK from a previous scan. 55% of mine are trusted. If there is any type of change to a file it will trigger a new scan.

Britton30 said:

Well, there are my results in living color mate.
NIS does use Trust Control, it doesn't re-scan a file found to be OK from a previous scan. 55% of mine are trusted. If there is any type of change to a file it will trigger a new scan.

I don't know about you, but that sounds like a dangerous way for an antivirus to work. Just because a file is trustworthy one day does not mean it stays that way. No wonder they no longer participate in av comparatives and av test.

If it is based on the hash it should be OK. Not sure if a hash can be faked? Besides, if the file is changed, it is scanned again. A Guy

andrew129260 said:

Britton30 said:

Well, there are my results in living color mate.
NIS does use Trust Control, it doesn't re-scan a file found to be OK from a previous scan. 55% of mine are trusted. If there is any type of change to a file it will trigger a new scan.

I don't know about you, but that sounds like a dangerous way for an antivirus to work. Just because a file is trustworthy one day does not mean it stays that way. No wonder they no longer participate in av comparatives and av test.

Note this.

I did see that, but there are ways for a file to be changed and hashes to be faked and not detected. The worst of malware does preciously that. I know most AV's do this now, its just something I am not comfortable with the new practice of this. I know why it was done, to speed us scan time and grow a database of safe files. But it's risky to me. But unfortunately I cannot change the way anti-malware software works.

AdvancedSetup said:

Yes it was and there are now several users that have posted that that time has decreased by 50% or more and in some cases has gone from several hours to less than an hour.

I have not had any major issues with my testing Mbam 2, but it would be negligent for me not to state observed scan times (my pet peeve). These are not exact, but hopefully give you an idea of what one end user sees.

2.0.0.x: 9-11 mins Threat scan - no options - all options
2.0.1.x: 22-29 mins (same test set)
2.0.2.x: 8-12 mins (added initial scna without changing settings)

This tells me that there really wasn't any gain - the scan times were out of whack in 2.0.1.x and the next version 2.0.2.x fixed what 2.0.1.x 'broke'. It happens, but v1 was about 5 mins.

I understand that v2 does more, so if 10 minutes for 250,000 files is what v2 ends up running - that's ok
30 mins was not OK. I'm sure Malwarebytes wants better times too.

There were a few very minor glitches (update screen popped up between inistall and initial scan - most likely an artifact of the change to automatically update instead of depending on the end user to update. A momentary screen flicker isn't a deal breaker. It was introduced between 2.0.1 and 2.0.2 though.

I'm glad they toned down the screaming screens, I asked nicely if they could tone down and consolidate the marketing.

I plan on joining their forum and participating directly if there is a short 2.0.3.x beta. It doesn't help posting here.

I have a full plate the next two weeks (daughter#3 getting married, daughter# 2 / son-in-law arriving from the Philppines, daughter# 4 buying a house). I think I can sneak in a few hours though, to run four scans and document/analyse the findings.

Here are avast times on my machine to use as comparison
- the quick scan uses cached results, the full scan does not use the cache, it builds the cache

@SlartyBart

For many users there is little change in times as you noted, but for others there is a huge change. There were some hardware and software issues involved that "some" users have that caused very slow scans. This was hopefully corrected for at least most of those users. Myself I have similar fast scan times in all versions with my hardware/software mix.

The Full Scan time by Avast is more in range with what I would expect. Wife is on the computer I was going to test NIS on but seeing that it is now reported that they're fingerprinting that makes sense as you can read the hash much faster than you can read properties and analyze a file. I'll still try to do one myself but guessing my times will be pretty quick too. My 48 hour scans were from last year over a UNC path to a mapped server drive that had millions of files.

andrew129260 said:

I did see that, but there are ways for a file to be changed and hashes to be faked and not detected. The worst of malware does preciously that. I know most AV's do this now, its just something I am not comfortable with the new practice of this. I know why it was done, to speed us scan time and grow a database of safe files. But it's risky to me. But unfortunately I cannot change the way anti-malware software works.

Howe may I change/fake a has so it matches a previous one? As far as I know for a given file MD5 uses one algorithm to calculate the hash, if the file is changed in any way so does the has.

Say you have 1000s of images (I do) they don't need to be scanned more than once. Videos are in the same boat along with audio files. Those 3 classes of files can comprise 100s of GB on users' systems.

Thanks UNI, I did not know that.