Kitz Forum

Computer Software => Security => Topic started by: Bowdon on January 31, 2018, 04:15:06 PM

Title: Malwarebytes Update Released to Fix High CPU & Memory Usage
Post by: Bowdon on January 31, 2018, 04:15:06 PM
https://www.bleepingcomputer.com/news/security/malwarebytes-update-released-to-fix-high-cpu-and-memory-usage-in-mbamservice-exe/ (https://www.bleepingcomputer.com/news/security/malwarebytes-update-released-to-fix-high-cpu-and-memory-usage-in-mbamservice-exe/)

Quote
An update pushed by Malwarebytes today for their Malwarebytes Anti-Malware product has caused a lot of problems for those who use their program. This new protection update caused mbamservice.exe to consume a lot of memory and upwards to 90% of the computer's CPU. A new update has been pushed that resolves these issues.

I know this story is a few days old according to the article. But when reading about the timeline the problem was discovered, I can't help but wonder why doesn't malwarebytes release updates to a set of test computers? These computers could either be in-house, or select employee computers (maybe computers they are given for this purpose).

It feels in the computing world that we are sliding backwards when it comes to being efficient. It seems hardly anyone tests software in real world conditions these days, or if they do they know its buggy so they get cheap testers. Back in the day a 'games tester' used to be a dream job for many a young lad like me.

I just find it amazing that a company the size of Malwarebytes don't do this. But I'm sure they aren't alone.

I'm assuming none of the forum members ran in to this problem? It was on the paid version and it was down to an overzealous web filtering definition. It locked the computer up on boot for many people.

I just use the free version so I can scan manually when I want.
Title: Re: Malwarebytes Update Released to Fix High CPU & Memory Usage
Post by: adrianw on January 31, 2018, 06:59:09 PM
I use Malwarebytes Pro, was bitten and very annoyed.

In https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/ they say
The root cause of the issue was a malformed protection update that the client couldn’t process correctly. We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines and will work to ensure that this does not happen again.

In their root cause analysis at https://www.malwarebytes.com/pdf/WebProtectionFP.pdf they say

Findings and Root Cause
There are detection syntax controls in place to prevent such events as the one experienced in this incident. Recently
we have been improving our products so that we can show the reason for a block, i.e. the detection "category" for
the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include
the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not
implemented in the new detection syntax, which cause the malformed detection to be pushed into production.
Corrective Action
Based on the finding listed above, the following corrective actions will be taken:
 The system that performs the syntax checking of all Web Filtering heuristics will be expanded to reject entries
that cover these wide IP ranges.
 The components within the Malwarebytes Web Filtering system that runs on customer computers will be
changed to perform stronger checking of these entries – similar to the point above – and reject any that do
not meet that criteria.
 Improve the facility within our publishing system that provides the ability for faster rollback of problematic
detections. This will reduce the window of exposure, thus reducing the number of customers impacted.
 Add many more computers to our existing testing cluster to increase the scope of our coverage.


I am somewhat mollified and impressed that they have been so open about the problem. I fear that many suppliers would have said far less.