Malwarebytes claim: IObit is stealing signature databases

Remember there is the language barrier going on here as well.....

 

The evidence collected and examined was generated by MalwareBytes, that is why I am referring to it as internal evidence. I don't know if IOBit is innocent or guilty - from the MBAM side of course they appear guilty.

I am not trying to judge who is right or wrong as far as the definition stealing - I can't make that call without of course examining the entire situation - in which all the evidence is now modified and altered - IOBit obviously changed their product database.

The point I brought up and have referenced is the way the situation was handled.

 

Surely that wouldn't be a hard thing to work around. They seem to have a fair share of supporters that are defending them around the web that seem to speak English very well. Heck if worst came to worst they could hire a PR firm to handle that I would think.

edit: I think it has less to do with language and more to do with judgment. They have decided to stay quiet for the most part and deny it. Their actions though, have spoken volumes.

 

Yep, there are ways around it - it will be interesting to see how this all ends up!

 

agreed

 

I agree that most things are best settled between two parties, but at the same time, as others have mentioned, if MBAM aren't rolling in money, and don't have the time or resources to push with legal action, given the data they uncovered and the knowledge they have of their program and how it works, you would have to lean towards their side.

And IObit taking down their previous version, and replacing it with a new version, reeks of guilt.

To me it's the same as seeing someone leave the side-gate of your house, and you notice all your tools are missing, and they respond with, 'but did you actually see me pick the items up and take them, I have done nothing wrong'.

We place our values in the court of law, but each day I see plenty of dirt-bags with the better lawyers escape conviction.

So sometimes, lawyers and courts aside, you just get that feeling someone is telling the truth, and someone isn't.

 

Please tell me who should have gathered the evidence if it is not by MBAM? Would Iobit generate it and in the process shoot itself in the foot? Is there an agency in the computer security world that MBAM would have called in order to investigate the matter without getting paid? MBAM has conducted itself with honor and its internal evidence would stand in any objective court of law.

Whose side are you on? Please state your real intention.

 

I guess that had it not been for the fact that IOBit is Chinese SUPERAntiSpy would have been right. As it is now MBAM's folks did not have much choice in the matter. They wanted the piracy stopped and this was the only way. How else do you stop a Chinese company from copying your products? The country earned itself Herostratic fame for not respecting international copyright laws.

 

I am on the side of things being done justly, that's the side I am on - the way this was handled was much like the witch trials of the 1600's where someone simply said "this person is a witch" and suddenly they are being rallied around and stoned to death because of an ACCUSATION and "proof" that was not verfied by ANYONE but the accusing party. (Yes, I know some were "tried" by "courts" - but not in a legal sense)

As I have stated in several posts, if IOBit stole the database, they deserve to have their product removed from download sites and thus have their reputation destroyed - but if by ANY chance it is not the case, they can NEVER recover.

How would everyone here feel if that turned out to the be the case - that IO Bit really "stole" nothing and someone had simply submitted those samples to them and they were added overzealously by their researchers? Would you all turn on MalwareBytes and destroy their reputation as IOBits has been destroyed? I am honestly curious about the answer to this question.

 

You're an expert, Nick and I assume that you've looked into this matter very, very thoroughly since you write the things you do. You're capable of analyzing the content of IOBit 360 as well as MBAM. Did your investigation give you any reason to doubt the claims from MBAM's staff? It's almost as if SUPERAntiSpyware now has become a third party involved in this.

 

I would feel indifferent. If IOBit did steal nothing I would say that they did a very poor job of defending themselves and actually did things that make themselves look guilty. Pulling the download of Security 360 on their own website is the obvious example of that.

In the hypothetical situation of turning on Malware Bites...Malware Bites has proven that they are capable of defending themselves, so I wouldn't worry about them.

 

I have no way of looking at the matter now - meaning, if MBAM had contacted me, as an outside party and had me/my team analyze the situation BEFORE the public announcement, then that would have built a stonger case - you never know what IOBit is going to do - I don't see how they can just "lie down" on this one.

Now, after the fact, each side has had "time" to potentially alter the "facts" of the case and there is no way to "catch" anyone in the act anymore. (not that anyone has, but I certainly would not put my reputation on the line after the fact).

I would have been more than happy to assist MalwareBytes in this situation. Companies, even if competitive in nature, have to stick together - if this happens again, and it will, my hope is that people lock down the case more, form a plan to handle it, then take it public if necessary.

 

As an analogy - if someone who spoke little english in another country was accused by an english speaker in the USA of murder and didn't do a great job of defending themselves in a different country, you would feel ok that they were accused of murder and everyone thought that they were murders, even if they were not? That's just scary.

 

You haven't looked into the matter, you say. I'm disappointed and very surprised. This sort of closes this part of the discussion. At least for me.

 

I don't have access to MalwareBytes, nor IOBits private data - if someone would like to provide that information, I'd be happy to analyze it.

 

Wow. I don't understand why some are going after Nick now. All he is doing is speculating: what if MBAM is wrong, then they could have a mess on their hands because they decided to handle it the way they did.

That's it. I don't think he's debating the facts, and frankly I don't think it's too hard to understand his point. But I guess that as soon as you get the yellow color, you forfeit all rights to express yourself as a normal poster; instead your every comment is taken as one from a professional or a company executive.

 

This could only happen on the web and is wrong , to have the accusing company supplying all the evidence is crazy.If there is more than one company affected by this then they have stayed strangely silent

 

So you say that MBAM could have given access to her database and source of contractors/transactions with her sources to your company, who is also a competitor... I mean, i do understand that you love MBAM , but let's put the hypothesis that MBAM is secretive (because even though all security companies are good people occasionally one reverse engineers the other, steals ideas, etc) and doesn't love you and doesn't want in general another company with no legal juristiction to peek in her in-house affairs.

If 'd have to put someone to peek in my company's data, i 'd certainly wouldn't ask a competitor to do that. I 'd do that in case i ended in court and i 'd wait a for Court's appointed or accepted investigator (expert) to do that. Because you know, even 3rd party experts in a court case must be first approved by the judge (neverminding the fact that their testimony is of reduced weight).

Please DO cite ONE (1) case example of case in your line of business, where between 2 disputing competitors , 1 of the 2 used a 3rd , also competing company giving her access to her company's data WITHOUT Court's order or approval of that appointed that 3rd company as investigating 3rd party expert.

You sound like this is the "normal" procedure. So , with your experience you will be able to show us such a case, right?

Let me present it from another angle. MBAM , if decided that the best and most realistical attack on Iobit is going public, doesn't HAVE to do what you say. The public is already on her favour in majority. The ball is in Iobit's court. What you say would be a requirement if this does end up in Court. But until it does (if it does), MBAM has no reason to use you or any other company for PR. Their PR is working fine as it is.

You missed the part where Iobit's (and MBAMs) database is in every "old" installer and all you have to do is have the installer (hash checks allow for originality verification as you know). As for MBAM they pubblished their samples.

With which of the 2 competitors do you wish to stick together though? Because there are 2 here.

A few samples may have been submitted and an overzealus analyzer may have incorporated them (i can analyze like that too). Let's also say that MBAM is lying about the "in-house" detection which does not exist in the wild. What about the rest of the database?

And since you have a lawyer in your company, ask him this one. Under US law, even if say a contractor "fooled" Iobit into incoroporating a chunk of MBAM's database without them realizing that, does a judge:

1) Automatically grant "good faith" to Iobit? Or in such a case "good faith" must be proven to the judge?
2) Even if Iobit was in good faith, the fact that she gained direct profit out of this and that MBAM on the other hand was receiving economical damage (unfair competition), frees Iobit out of any responsibility towards MBAM?

My prediction is that your lawyer will tell you that if Iobit proves good faith (not automatically granted) , they will pay a lower fine, but they will pay. On their part, Iobit can reclaim their loss by pursuing the party that fooled them.


But of course under chinese law, all this may be different. An example:

http://silkroadintl.net/blog/2009/02/24/third-party-contracts-by-matt-kawalak/

I think there is also another analogy. You 've some pretty solid evidence that someone murdered your wife and that murderer has gone to a country where he is outside your own country's law and no extradiction agreement. What do you do?

And who's impeding Iobit to defend herself better? Don't have a lawyer too? They do.

http://blog.iobit.com/archives/95.html

Don't you think that MBAM has a lawyer too? Don't you think that they ask their lawyer before going public and what risks this would imply?

This is MY speculation about this:

- For either economical reasons or because of too soft chinese law on the matter (why doesn't MS pursue Chinese shop owners that sell boxed pirated Windows inside SHOPS? Why doesn't Lacoste/Armani/L' Oreal not sue chinese suppliers and factories that produce counterfeit products with their logo and cost 1/100 of the original?) MBAM saw that their means of a moving to China for legal action was insufficient.

- Their lawyer agreed to go public. The reputation hit would be the "compensation".

- Iobit replies that they are innocent and threat with lawsuit and proceed with "cleaning" of their database.

- Nobody goes to court, at best after an exchange of letters or meeting of representatives they agree on that: "You stop it , we clean our database".

Well, for someone with language barrier, their english seems better than mine... In the worst case they can have the person that wrote their announcement talk to MBAM.

http://blog.iobit.com/archives/95.html

 

Oh, Nick, i know that this may be of little consolation, but if MBAM tries to pull a slandering bluff against SAS (or Adware) too, at least you can drag them to US court and make them go bankrupt.

So, MBAM will think it 2 and 3 times before attempting something against SAS. After all, they do want to stay in business, that's why they would try to slander in the first place, right?

Against you, they won't stay in business. At best you will both go down. But they 'd have to really hate you to try that.

 

If they 're wrong , i suppose US law is harsh enough to make them go bankrupt. Right? I suppose they knew that before going public. I mean, they must have asked their lawyer before going public and of the potential risks.

I agree that Nick has a right to an opinion, as everyone else. But do give the people the attentuating factor, that in Nick's case, there may be also a "conflict of interests". I mean, on his own he stated that he worries about his own company falling victim of calumniation. That's the only difference. (He said: "I wonder if forcing out a higher rated product helped MBAM's sales? Of course it does. Who's gets accused next? SUPERAntiSpyware? AdAware? CounterSpy? AVG?").

"Normal people" also have the right to an opinion, even without being judges. If you want to avoid normal people forming an opinion about your case, either you defend yourself publically better too or you move to court and destroy your slanderer. I am sorry but that's how things are. It's the same for every type of presumed crime. Theoretically one is only officially guilty only after a hudge pronounces verdict.

That is true for the law. It's not true for the media part of the case until that verdict is out. You get arrested by the police for any charges and the TV is out there shooting? People will form an opinion. They may think you 're guilty even if eventually you get assolved.

You can't change that. The only way to change that would be to apply censorship law forbiding any discussion about any case that has not reached final verdict worldwide.

 

I think your example has a difference with the current situation.

In this case the "witch" isn't automatically "stoned". After hearing the 2 versions, the mob is convinced more from the 1 version and "spits" at the witch.

The witch has then the option to drag the accusator to a very severe Court and have the accusator "stoned to death" if proven right.

It's the 2009 version of witch hunt.

 

Fuzzfas, do you have any evidences show that IOBit is a China company?

 

Google is your friend?

Malwarebytes accuses Chinese antivirus vendor IObit
http://news.softpedia.com/news/Malwarebytes-IObit-Stole-Our-Signatures-Database-125928.shtml

Also whois is your friend?

IOBIT.COM WHOIS
Updated: 3 seconds ago
Registrant:
IObit
1st floor of 8th building, No 16, Lansiduan, Erhuanlu
High-tech R&D district
Shanghai, 200000
CN

Domain name: IOBIT.COM


Administrative Contact:
IObit, IObit @iobit.com
1st floor of 8th building, No 16, Lansiduan, Erhuanlu
High-tech R&D district
Shanghai, 200000
CN
+86-10-852722386 Fax: +86-10-852270825

Technical Contact:
IObit, IObit @iobit.com
1st floor of 8th building, No 16, Lansiduan, Erhuanlu
High-tech R&D district
Shanghai, 200000
CN
+86-10-852722386 Fax: +86-10-852270825



Maybe that's why the mods in Iobit forum have so often chinese scripture in their avatar or signature and the Iobit com has links to Naruto Hentai porn.

 

Naruto Hentai is from Japan anyway

 

Right about that.

Anyway, my brother told me that probably a lawsuit could be held in USA too, if Iobit on her own will would be willing to be subject to US law. Practically agree with MBAM to accept a lawsuit and try it to US courts.