Malwarebytes claim: IObit is stealing signature databases

Well, they did reply. This is a forum ,not a court, what do you expect from people? A bit of scandal is like a bit of salt for a forum.

Ok, they did reply. Does the reply sound satisfactory to you? Did you expect them to come out and say "yeah, we ripped off MBAM's database, shame on us, here's our confession, now you can drag us to court with 100% certainty of conviction"?


Their reply is highly improbable. I scan something with MBAM, it's a fake detection that MBAM calls "Don't steal our software" because it's a Keygen for MBAM. I rename this keygen into "Don't Steal our software" and upload it to Iobit. There, the samples analyst, takes the sample, classifies it as malware (while it's not) and adds it as with detection name "Don't steal our software", just because that was the name with which i uploaded it.

What are the chances that all this is true? How plausible is that explanation? I find the whole sequence very un-natural procedure.

If i upload a keygen which i will call "Iobitsucks.A" , Iobit is going to add it as malware with detection name "Iobitsucks.A"?

Even if by satanic coincidence it IS true, then it means, that IoBit is pretty much adding to detections every file you send them , without verifying it.

Either ways, this is a blow to IoBit's reputation.

I got the 1 year free license too, but didn't install it once i saw the realtime protection doesn't work. I mean, what's the point in installing a realtime software that doesn't work in realtime... After this news i am even more happy i uninstalled it, because i don't trust them. If they can steal MBAM's database today, tomorrow they may steal info and data from my PC... People tend to put over-confidence to security software companies, as if these weren't ran by other ordinary people. You don't trust a perfect stranger with the content of your PC, but most people do with security software companies, just because they think that are a special kind of superhumans, who aren't "perfect strangers", so they are trustworthy... And then this happens...

 

Hi Fuzzas,

I do not defend them neither believe they are innocent. But using WOT and similar sites for starting crusade campaings make me laugh at least.... Especially when people downloaded and installed iobit based in the opinions of the same sites (until yesterday).

Panagiotis

 

Oh, i agree about Side Advisors in general. I never use them. McAfee site advisor even had Filseclab red... It's more of a popularity contest rather than real information.

 

In my eyes it is clear IOBit is playing dirty here.

They deleted the first thread that incriminated them, heavens knows why..... then they give some kind of half hearted statements implying all their analysts are feeble minded and the naming choices/file detections were all just big coincidences. Maybe if it happened with one file we could put it down to bad luck, but the evidence here is overwhelming.

IOBit will probably start twisting the story by creating fake signatures to try and justify their inclusion of the "dummy files" and saying they detected other malware with the same name as the dummy file or whatever but it's all desperate attempts to stop the inevitable...

 

pandlouk, we can't base our downloads on clairvoyance. We can only react to facts in order of their appearance.

 

Hey! Some news here - there's quite a piece on CNET now acknowledging MBAM's claim.

Article: http://news.cnet.com/8301-27080_3-10389650-245.html

And here we have about.com: http://antivirus.about.com/b/2009/11/03/iobit-steals-malwarebytes-intellectual-property.htm

This story is really developing, I must say...

 

Sorry if this has been already posted (i don't remember), but this is also interesting:

This is an Oct 24 article-review on IobIt:

The HijackDisplayProperties detection is a registry key detection, which MBAM flags if you have changed display settings (because theoretically a malware can also do that to camouflage itself).

I have that FALSE POSITIVE , in every scan in Win7 x64 and it's a false positive because it is flagged even after a clean install.


Here's my own screenshot from MBAM Free:



Yet another satanic coincidence... I suppose by luck they decided to flag the same, generally harmless registry key, as detection and with the same name...

I suppose some user of MBAM, saw this "detection", exported the registry key, renamed it to "HiJackDisplayProperties" , sent it to Iobit, where the same samples analyst put it in the detection list with the same name.

Or, both companies had by coincidence the idea to name the same key with the same name.

The key itself, doesn't help at all the imagination to call it like that (there is no mention about Display Properties).

 

The mainstream media is picking up on this. Now ZDNet is blogging about it: http://news.zdnet.com/2100-9595_22-360170.html

 

The bad WOT rating is for ethical issues.http://www.mywot.com/en/scorecard/iobit.com

I think that is a fair assessment at this point and would not recommend anyone install the software based on what we know. As far as ratings go IMO it is better to be on the safe side than not.
I would rather have a rating system that was slightly overzealous than the other way around.

 

Agree.
I've removed their Defragmentation tool after the evidence of stealing.
I hate freeware that becomes shareware. That was what they did with the old Advanced Windows Care.
No iObit products until we get sure they're clean.

 

I used to use Iobit 360 but since i have been using Malwarebytes database without knowing it in 360 i have uninstalled all iobit software and bought Malwarebytes' Anti-Malware...looking forward to using it for a long time........

 

Read post #5
http://www.malwarebytes.org/forums/index.php?showtopic=29681&pid=152610&st=0&#entry152610

 

Well from what I was told, IObit was putting a lot of resources (money and staff) into Security 360. They were developing an anti-keylogger, and a means of collecting large amounts of malware off the web. I was not part of the development so information like this was very scarce to me.

 

Well, that's certainly a way to put it! MBAM's database has large amounts of malware! ROFLMAO!

 

I can,t understand why this would make you laugh
Yesterday IOBIT was assumed to be a reputable security software vendor, yes WOT was green.
Today we know they are criminals and users have informed the WOT community of there concerns, now rated yellow, and hopefully soon red.
Trustworthiness = Poor (surely they cannot be trusted especially with your private data)
Vendor reliability = Poor (Who is to say they wouldn't thieve data from my machine)?
Privacy = Poor (For the reasons mentioned above)

WOT is doing exactly that what it is meant to, that is help the user make a decision on the TRUSTWORTHINESS of web sites

Yesterday trusted, today they are not

 

Thanks for the explanation. I am sorry that you are found in such situation to give explanations. The fact that you are not simply disappeared from the Forum, but to carefully read our posts and you are ready to brought some explanations tell me that you are responsible and fair member of this Forum.

 

Thank you Yes, I am being heavily scrutinized by everyone at the moment for something I had no knowledge about But I am not going to hide from it as I have nothing to hide for

By use of honeypots and honeyclients

 

Exactly that, is what makes me laugh!
The same people that until yesterday reccomended it as safe (simple because they had no evidence of the opposite), today ban it as unsafe based only on a blog.
I really wonder how many of them have really run that simple test, to confirm MB accusations before making an opinion? (have you run that test yourself?)
Probably a very small part of those users. Their judgement is based only in another ones word, even if it is is a valid one.
And what if tomorrow MB (hypothetically speaking) make another blogpost saying "oops we made a mistake, sorry about the confusion"; because they got to an aggreement with iobit or for another reason? Are they going to haste in marking iobit's site as safe again?

Panagiotis

 

In that case users can change their ratings and it would balance out. The system is based on a smart algorithm, not just a "500 bad comments=red" type system.

 

I know, and this is the problem. Iobit's site during the WOTs period of green -> yellow -> red -> yellow -> green, won't have actually changed at all...

Panagiotis

 

Yeah i bet. 500 - 500 = 0. Wow, what an algorithm

 

ROFLMAO

 

Actually comments dont affect the rating of a site, only real ratings, from real people using the program count.


Anyway, Malwarebytes CEO responds to iobit statement:

http://www.malwarebytes.org/forums/index.php?showtopic=29772&view=getnewpost

 

I understand where you are coming from. I try to look at things objectively, and will not sit here and say "They are guilty thieves". I am also not naive either, and I think it is prudent to suspect that there exists some foul play involved here. I admit that users have gotten pretty hasty with their ratings and comments regarding IoBit. Site ratings are certainly not perfect, just like everything else. One must keep in mind though, that we are not in the court of law, but in the court of public opinion. Regardless of whether Iobit is guilty of this or not, users blackballing them on forums and site ratings will hopefully send a deterring message to any would be organizations looking for easy money that their actions will be publicized and scrutinized.

 

Panagiotis- If you read the initial MB release, it is stated that there is much evidence that they won't disclose prior to legal action. The dummy.exe file was only one example.

With this in mind I think it is well beyond any here to verify or refute anything.

I do however agree with you that many at Wilders are a bit faddish with new toys. Formerly was a love affair with Rising.