Malwarebytes reported a vulnerability existent in WinRAR

Security companies are not omnipotent, and not know everything. Obviously also make mistakes, although, to tell the truth, there are few times that come to light. One of these errors public what has just committed Malwarebytes, since it reported a vulnerability in WinRAR that was not such. As it is natural, has had to apologize for this gaffe.

The rush to be first often take many times to blunders. We have seen it many times in the press and in many other aspects of life. And you must be careful, especially when you can damage to a third party, if your information is not true. Well, it seems that a lot of care not to put Malwarebytes when informed that WinRAR, the popular program understanding, had a bug that made vulnerable to millions of users.

Obviously they are in the obligation to warn users, since they live of it, but also not to send false messages that can seriously impair a company. And were not sufficiently diligent to check to see if your information was correct.

RARLAB answered them

When the company that develops WinRAR learned of this allegation tried to explain the reason that neither they, nor anyone else considered it a vulnerability. It seems that the problem arose when Microsoft released a patch in 2014. Well, according to Malwarebytes, the vulnerability that came with that patch that was causing users to be unsure.

But this was not entirely true, according to RARLAB without this patch any program that uses components of Internet Explorer was vulnerable, including Internet Explorer and of course WinRAR. “The whole attack is based on vulnerabilities in Windows OLE MS14-064 mended in November 2014. The systems with the patch installed are safe. Systems without a patch must install it. Without this patch all the software that is used by components of MS Internet Explorer, including Internet Explorer itself can be vulnerable”.

However, Malwarebytes was thought that the patch contained a hole, something true, but it was necessary too much cooperation of the user to consider it a vulnerability. In the end, the security company had to rectify and he has already apologized: “We would like to apologize with WinRar as this is not a vulnerability in your software. It takes a lot of cooperation of the user, and even then does not run the resulting code in a high way”.

Surely in a future Malwarebytes will be more careful at the time of launch warnings of this type.