upon running my weekly Secunia Personal Software Inspector (RC3) scan, it picked up on zlib.dll (version 1.1.3.1), which is included with both MBAM and RogueRemover, as being "insecure, and potentially exposes your system to security threats", and it "strongly recommends... updat[ing] this program". What, if anything, should you [or we] be doing about this?

It will be interesting to see how a compression of files can be a security risk. Did Secunia describe what the file was?

Secunia referred me here: http://www.zlib.net/

hmmm seems odd. Will be interesting to see what someone that knows what is used has to say. LOL I am NOT one of the programmers, seems strange to me a new program like MBAM would have outdated stuff.

Secunia is a highly reliable scanner, so I just wanted to call the results to the attention of the MBAM/RogueRemover team. if, upon consideration, the MBAM team here tells us there's nothing to be concerned about, I will happily accept their verdict.

We use an outdated version of zlib.dll for backwards compatbility. I believe Secunia exaggerated when they said it poses a security threat. The worst that could happen is a targeted attack against Malwarebytes' Anti-Malware and it crashes.

I have been using Malwarebytes Anti Malware along with Secunia PSI for a couple of months and just yesterday Secunia flagged zlib as insecure. Should we select "Ignore Program" in Secunia for this zlib? The Secunia information page regarding this issue list it as being "Moderately critical".
As ky331 stated, I too trust Malwarebytes, but I must admit I'm a bit concerned.
Thanks and "hi everyone" as this is my first post here.
Mike

The program itself - Malwarebytes' Anti-Malwarebytes - is using Zlib as a part of it's components. But a new version of Zlib is out and the brilliant Secunia PSI RC3 is doing it's job as it's supposed to. It's telling me that my Zlib should be updated.

Will I ruin my Malwarebytes' if I update Zlib? Shouldn't Malwarebytes' act quickly on this an issue a new version?

I'm sorry - I did not see that other thread here: http://www.malwarebytes.org/forums/index.php?showtopic=5245

We will update zlib.dll to the latest version after this release.

I fully trust Secunia. It's genius piece of software. But I accept the explanation from Malwarebytes'. Quote: We use an outdated version of zlib.dll for backwards compatibility.

Will I ruin Malwarebytes' if I replace the outdated Zlib with the current version?

I must learn to type faster.

Yes, you will, it will not start. But it would be a fun experiment if you like.

It's great you brought this to us. It's been an interesting thread and we have all learned from it. Secunia is good I agree, all scanners have the ability to come up with erred results. In this case it was not, we got a good explanation as to why there was the message and it will go away soon.

No worries I merged the two now they are all one.

No thank you, Marcin I think I'll wait for the update. But thanks for merging the threads, JeanInMontana!

Hi all

I also have been using rogue remover free for awhile now.
Also i am not very computer literate

I have just got the same warning. Thinking i at last had something to report, but alas i was late again

I have read this topic with much interest, and found it to be most in lighting. Even someone like me can understand it.

Very much impressed.

Cheers

Hi again

Next question will show why i don't post very often.
I have just reread these posts and now relise that these posts are mainly about (Malwarebytes' Anti-Malwware)

Is the zlib.dll going to be updated in rogue remover free, next time there is a program update.
If i should have posted this some where else i do apologize.

Cheers

Hi roo and welcome to Malwarebytes. There is a forum specifically for RR but it's easier to just answer here. I feel safe in saying yes, when MBAM gets a new dll I'm sure RR will too.

If you need an outdated version for technical reasons, don't update zlib on my behalf. I trust your knowledge. I have already selected 'Ignore Program' for zlib in Secunia options and it no longer list zlib as being 'insecure'.

I also deleted the zlib version 1.2.3 files I had downloaded when I first tried to fix this issue (before I read this thread).

FYI; The zlib 1.2.3 install did not affect the zlib.dll 1.1.3.1 file within the Malwarebytes file in 'Program Files
Keep up the good work!

Well, we have the opportunity to update the file, so why not. It was easier to implement when we were understaffed and working for months to get this project done. Now we have more coders and more time to update potential security holes like this.

My Secunia is down and won't load. I'm almost worried - that never happened before. But it fetches definitions from some https site every time you open it. Secure https or not - could just be a server issue. Only https is not supposed to go down? It's secure. Right?

The company behind Secunia PSI is a top professional one but ever since the malware terrorists broke into Trend Micro's systems and managed to infect an absurd number of ordinary user PCs through Trend Micro's online scanner, House Call, you don't know what to think. Security is not secure anymore.

Trust is really a thing of the past, isn't it? To some degree at least. No matter what company or product. Malware ruins everything...

Hi JeanInMontana

Thanks for your reply very much appreciated.

Cheers

All is well that ends well. My Secunia is running again.

And all your work is greatly appreciated here. Thanks!

wanted to let everyone know, I just ran my Secunia scanner, and it is NO LONGER picking-up on the zlib file. Not sure if they reconsidered matters on their own, or if they were responding to the many satisfied users of MBAM/RR.

with secunia no longer objecting, should we still expect a new zlib in the next version?

Yes, already packaged and ready to go for todays release.