Malwarebytes claim: IObit is stealing signature databases

Lavasoft paid Avira for a license to their AV engine and sold it as their own and called it Anti-virus Helix. They use Outpost firewall also. That happens all the time, but this WOT guy is comparing that to what Iobit has done to MBAM. Iobit didn't pay MBAM for anything.

 

Oh. I didn't know they used that Helix name also. Can't even find it on their website.

Combined products are well known. And usually a fine thing.

 

Iobit stealing? mmm... a few days ago they were giving away free one year licenses for their product... use it or not use it? That is the question

 

To all:

A couple of off-topic posts removed.

First of all - stay on topic, which is IObit and the current set of accusations made by Malwarebytes.

Second, perform some due diligence on the topic before jumping into the discussion with both feet. Much of the recent discussion above is pure reaction to noise. That's neither needed nor desired. There's plenty of factual material to discuss, no need to embellish, extrapolate, employ over the top hyperbole, or play pundit in the legal arena.

Third, keep it civil. Many are painting an overly wide swath with that broad brush being wielded. Take stock of what you really know versus what you've informally inferred.

Finally, repeating the same thing over and over again really doesn't help...., anyone. If the discussion can't be held at a reasonable level, there's really no reason to continue on and this thread will close.

Regards,

Blue

 

Here are my views on this situation;

First if IObit is guilty then shame on them, but if they are not guilty then shame on MBAM for jumping the gun.
I don't believe it is right for a company to infringe on another vendor's work and sale that product.

Second, MBAM did have some good evidence against IOBit but now since they went public with this evidence, that gave IObit a chance to destroy it. Now all they have is images which can be manipulated with about any imaging software. I really doubt these images would stand up in a court of law.

Third, shame on MBAM for making this issue a online soap opera. That was very unprofessional of them.
If they were smart, they would have kept quite about this issue, contacted their attorneys and taking legal actions without involving all of these unnecessary online battles. If IObit was indeed guilty, then they should have to pay a license fee to MBAM and other vendor's also. They should also give credits to any vendor's database used.

Forth, it can believe how everyone on the web just takes MBAM's word and judges IObit with a guilty plea.
So far none of us really know how they got those fake detections into their database. That gives us reasonable doubt. Most of us here know that you just can't trust the word of one side, remember how MBAM went a made false accusations about other sites that tested or reviewed their product??

Other reasonable doubts, IObit 360 was becoming more popular than MBAM, many online testing sites gave IObit 360 better reviews. The detection rate was much better on IObit 360. This did cause a conflict of interest since IOBit 360 was becoming MBAM main competitor. Why did MBAM go public and allow IObit a chance to destroy the evidence?? Maybe because they knew that the evidence would be enough to use in a court of law?? or maybe since they knew IObit was located in China, they really couldn't do much legally?? maybe they were the ones that used the online submitter to frame IObit??
Who really knows for sure??


On the opposing side, I have mentioned many times how similar the detection between MBAM and IObit 360. Since I run a computer shop, I have used many free malware removal tools. The malware found by both products had the exact same malware name. Most anti-malware products will have different names for the same exact malware and the description would also be a little different. That is what made me suspicious.

I have also found similarities between IObit 360 to CA (eTrust) and a few others. I really find it very hard to believe that IObit has achieve this excellent detection with the little time that they have been in business.
I know that they have the online submitter, but still it appears to be unreasonable that they have developed their database without infringing upon other vendor's.

So these are my views in the situation, maybe the truth will come out soon.
Until then, I'm not going to pre-judge IObit.
I love their SmartDefrag, Advanced SystemCare and 360 Security and will not affect my choice to use their software for now.

Also remember this issue doesn't affect the quality of IObit's software, but if they are proven to infringe upon other vendor's work, then it will hurt their reputation and then I would change my mind about using any products that infringed upon other vendor's work.

I'm sure that if these accusations are true, then MBAM Team would really be pissed off.
They are a very loud spoken group, they hate when someone tests their product with low scores or doesn't give them an excellent review, they hate anyone making illegal cracks for their product, now if some vendor used their technology for profit without their approval would really put them on a rampage. All of this online media news is hurting both sides. If anything it is creating more interest for IObit's products. Almost everyone knows about MBAM, now they also know about IObit.

Thanks. :smile:

 

given the fact that both companies are in different countries it would be very difficult and costly with doing legal actions. seeking justice and fighting the battle online was the best way to go. I don't believe it was MBAM's intentions to make it out to be an online soap opera, what made it a soap opera was all the public spreading the word on the internet. That said I don't believe it should have only been sorted out behind closed doors because the public have a right to know the truth.

 

There are 2 considerations here:

1) You assume that MBAM has the economic means to open a legal dispute in chinese courts, even more in a period of global economic crisis.

2) You assume that since MBAM went public, Iobit got the chance to destroy the evidence. Pray tell, what would impede Iobit from destroying the evidence just in the same way (renaming or removing detections), as soon as the legal paper of the lawsuit arrived to their offices? You DO know that it takes MONTHS or even years to try a lawsuit of civil nature, don't you? Or do you think that before they even know there is a lawsuit, the People's Army of China will raid their offices, arrest them and seize all assets?

- Maybe making public the issue is the only REALISTIC way of getting back to Iobit. (See above for explanations).

- Your argument about legal battles, can work both ways you know. If Iobit is being slandered and practically destroyed (because a security company is effectively destroyed once its reputation takes such a blow) , why doesn't SHE make lawsuit against MBAM? You didn't think of that, did you?

People on the web aren't judges to give a plea. But they are persons, and as such, can form an opinion on who is more likely to be telling the truth. After all, the people of the web, are also the target audience of the 2 products.

Is there anyone impeding Iobit to counter MBAM's claims? No. Iobit actually replied. Then it all goes down to how each evaluates the 2 claims.

Does it cross your mind that "everyone on the web" is against Iobit, because ... after hearing the 2 stories, the one of MBAM is much more convincing? What do you expect for people to do? Just sit on their asses, switch off their brain and say "Oh well, i will only wait for this to go to court. If it doesn't , it never happened"?

Do you know how many real law infringements occur everyday and don't end up in courts either because it's too costly or next to impossible? That's especially true for electronic products or people who can't afford to start a legal battle, specially when the target is abroads and subject to foreign laws. MBAM's lawyes in particular, if MBAM has a fixed law service, are good to nothing against Iobit, because they don't know chinese law, which given the huge copyright infringement occuring in China (they sell in shops pirated boxed (!) Windows for 5$) , must be pretty loose. They 'd have to go to China and hire some local Chinese lawyers, specialists on copyright infringement and then open battle against Iobit, which as yourself said, would have all the time to destroy the evidence from her own database. Because as i said, you don't expect to file a lawsuit and get a trial the next day or next week do you?

You 're right. We DON'T know how these detections went there. IObit knows:

http://blog.iobit.com/archives/95.html


Then all you have to do, is think whether that explanation is enough for you or not. My opinion about that, is that even if Iobit's (improbable) explanation is true, there is STILL a very serious issue, where they practically add to their definitions any file, without controlling it and with the name you sent it to them.

- Whether the detection rate of Iobit was better than MBAM's or whether sites were giving better reviews to Iobit, is something i haven't researched enough, but specially on the 1st one i wouldn't bet anything about it. And it tells nothing to me. Even if it's true, by stealing the MBAM's defs and adding their own, it's quite probable that eventually they surpass MBAM... There's nothing weird about that. One company spends her time researching her own malware, the other takes the database of the other company and adds her own malware, probably the latter in the long run will prevail... But you know, at least currently, between a product with better detection but which resident scanner doesn't work and another with worse detection which resident's scanner actually works, i 'd choose the latter. Although i won't be buying MBAM anytime soon since i 've won a SAS Pro license some time ago and i have yet to use it.

The SPECIFIC issues raised by MBAM go beyond a casual name coincidence. Both the non malware flagged as "Don't steal our Software" and the "fake malware" detections which don't exist in the wild and were put in the MBAM database just for trap.

You know what's the problem with software? It's so hard to effectively prove in court that you are right. Because as you said, it's so easy to cover your tracks in this case and it's also very costly and time consuming to start legal battle to the other end of the world and specially in China...

Then, all you can do, is make public your story and let the consumers decide if they want to buy the one or the other.

I think all of this online media is hurting only one side, that is Iobit. And if anything, it scares people away from Iobit's products, because when it comes to security software, the last thing you want is to have a security company that steals others to make their money. If i am prone to believe that Iobit did steal MBAM's database to make money, what will stop me from believing that Iobit is capable of stealing my own data for making money (example my email addresses?).

Also, for those people who use site advisors or internet reviews, this hurts Iobit only too. Because as you pointed, all the web is against Iobit. So if you read an Iobit review with these accusations and you also visit WOT and see the rating going down the drain, who's hurt? MBAM or Iobit? I 'd say Iobit.

MBAM on the other hand is gaining sympathy and if you visit various fora, including this one, it gains even new customers.

I am sure that if Iobit comes up with a better explanation, the web will turn in her favour. I mean, it's not that "all the web" are MBAM's users or MBAM shareholders and are endorsing on purpose the MBAM conspiracy, is it? They endorse it because it sounds much more credible than Iobit's position, who also shot herself on the foot by rushing to delete and ban members from her forum. When you do that, even if you 're telling the truth, you sure help appear guilty as sin.

Regards

 

Just FYI, the thread has been removed.

What a surprise !

 

@ littlebits

You've got to be kidding? MBAM is the innocent party here and MBAM has conducted itself with diligence and honor. You have forgotten that MBAM is dealing with a foreign entity, IObit. IObit is Chinese and no US court has jurisdiction over China.

Let's say for the sake of argument that MBAM decides to sue IObit in US courts, what would you think would happen? In all likelihood MBAM will win the case with a heavy monetary judgment against IObit. Then what? Well nothing will happen against IObit because the Chinese government would not allow such a judgment to take hold. The only thing that MBAM can do is to petition the US government to complain to the World Trade organization. And even that route is a long shot, because the US government would not jeopardize the relationship of its favorite trade partner (China). Other companies have tried to petition the US government to no avail.

To me, MBAM has done it right. The only way that MBAM can win is within the hearts and minds of the public at large. You also mentioned that MBAM by its actions allowed IObits to destroy its own evidences. What in the world you are talking about? You cannot destroy electronic evidence once it is published on the web with a date and time stamp on it.

MBAM has Google as a witness with respect to the time that MBAM evidences were indexed by Google and more importantly MBAM has thousands of witnesses all over the web. My conclusion is that IObit is done, their reputation is utterly destroyed, and their sale prospects are over for the rest of the computer security world.

 

I agree with you.

 

It happens that certain company just copies the name of the malware based on VT detections, but when some company includes a signature for a file that was designed inside MBAM and was NEVER released ITW with a name "Don't steal out software" (or something like that) i seriously doubt it was "just" some sort of mistake like Iobit stated. It's just impossible for them to mistakenly obtain sample of the file that doesn't exist anywhere but inside MBAM virus lab and detect it with such khm, obvious detection name.

But from my quite good software knowledge:
1. virus definitions don't just copy themself by "mistake", especially not for "ghost" files don't don't exist ITW
2. malware names like that just don't exactly grow out of nowhere
3. what exactly would MBAM benefit from random accusation of a competitor, other than from defending their own intellectual property?
4. MBAM has the reputation of it's own and doesn't really need to go the dirty way against competitors to succeed

So Iobit is pretty much guilty if you ask me.

 

I think MB's Purchasing Page is making overhours these days, and I suspect IObit's too, all of a sudden everyone knows IObit's 360.
Everytime Comodo was seen pants down, their fan- & customerbase got another serious boost.

You don't make a good sale these days by keeping your respect and manners for the end user, but from making your company's name show up on as many internet sites as possible, the average Joe doesn't care if these are positive or negative news items.

Shameful reality on how business, especially the Security one happens these days.

 

i guess this is the hotttest topic!

iobit isn't even guilty until they are puished by law, so idk y ~ Snipped as per TOS ~ Malwarebyte fanboys spreading it everywhere. iobit 360 is crapware anyways, only novice users would use that to scan their comp.

FREE ADVERTISING from die hard fanboys lol i mean this topic is almost everywhere online... better than a 30 secs commercial

 

I saw a few things mentioned that I can clarify .

IOBit will supply all evidence in the form of its own integrated database in previous versions of its software stored all over the web and obviously backed up by us . They themselves set this in stone . Someone mentioned doctoring pictures and destroying evidence . Again , their DB is locked in current and previous versions of their installer , in the event we need to prove something we will be using their software , not pictures and their current database .

 

So , do you plan to pursue this in the chinese courts?

Welcome to the forum and congrats for your intelligent posting (as opposed to that of ~ Snipped as per TOS ~ posters). So intelligent, that we may soon not be able to see your post i suspect. BTW, that's what fanboys are for. But how many actually manage to make their advertizing go "everywhere online"? So, you have to hand it to MBAM, in having the most efficient fanboys around.

 

As i said, start adding their files into your definitions. I doubt they can track that and they'll destroy themself if they're really stealing the base.

 

This is not my place in the company and not for me to say . All I can say is that if the need arises their own software is all that we need . The traps were to make a visual and verifiable display for our and their users . Obviously the strongest evidence is not on public forums . I don't think that this is a secret to anyone .

 

Has anyone retested samples from their tests to see if detection dropped ? Unless I am wrong here detection should have gone up by now right ?

 

In my opinion, MalwareBytes (or any company in this situation) should have had an outside authoritative company conduct the "trap" - right now all there is is internal data from MalwareBytes and they have destroyed IOBits company reputation - it's akin to accusing someone of "rape" without it being adjudicated in a court of law where is proven beyond all reasonable doubt. Once that bell has been rung, you can't unring that bell - IOBit is now forever "tainted" no matter if they are innocent or guilty.

It's being stated as "FACT" that the database was stolen by many blogs and news sites.

To play devils advocate, we receive "legit" files and "fake samples" submitted to us on a daily basis - some from competitors trying to get us to remove something that should not be removed, and some from users submitted files they just don't know the status of - if a company were to overzealously process those, they could end up in the database very easily - it would be EASY to set up another company to use "private" files "not available outside the company" - we have done tests ourselves - those samples end up in definitions rather quickly. As for naming, the names are essentially meaningless - and many companies "adopt" names other companies use - it's just part of the industry - obviously the "Fake Rogue" is suspect as to how that ended up in the database - but again it could have been submitted to IOBit and they simply used the name. SUPERAntiSpyware has been reverse engineered by several companies as certain things we pioneered appeared in competitive products shortly thereafter - again, it happens to all of us.

If the case is true, it's very unfortunate and needs to be properly handled, but if it's not true then MalwareBytes has just opened themselves up to a multi-million dollar lawsuit from IOBIT.

It's been turned into a huge publicity stunt - IOBit received a higher review on several sites that sell MBAM (undisclosed to the public) and profit from its sale - those sites are now being pressured to remove IOBits software.

What's done is done - but I think this whole situation should have been handled with a little more tact.

 

SUPERAntiSpy,

Maybe MBAM has handled this the wrong way, and as a result there has been serious damage to IObits' reputation. Who knows it may come back to bite them.

Ok that is one of the players in this, what about the other one? How has IObit in it's own defense handled this? I would say their handling of this has been unprofessional to say the least. As one of the other posters here noted: They have let their volunteer mods on their forum fight the battle for them. This should have been resolved by the senior staff. When Iobit forum members created threads to discuss this, the mods deleted the threads and started banning members. When Iobit finally issued a response it sounded weak and incomplete, it didn't give anyone that was trying to look at this issue objectively any confidence in their side of the story at all.


My perspective on this is a little different than yours. The way this whole deal has evolved surrounding this issue, and how it has been handled by the parties does not leave me feeling sorry for IObit and seeing them as the poor victim. I also would like to add that IMO just because Superantispyware has been reverse engineered before does not make it ok for IObit to reverse engineer MBAM.

Edit: BTW I like your product.

 

I completely agree with you, to myself it is NOT a proven fact that IObit infringed on MBAM database, yes the evidence is strong but still NOT proven.

IObit is a wealthy company and probably has more revenue to spend on legal actions than what MBAM has, if they take this action to court, all they have to prove is reasonable doubt then they can take legal actions against MBAM for slander of false accusations. Because this issue could backfire on MBAM.

Before all of this happened, IObit was a respected company that makes many free products. Almost all download sites gave their products 5 stars.

I'm NOT trying to imply that MBAM is making false accusations against IObit, but their statements are just accusations, NOT proven facts.

I believe that many of these download sites should have waited before removing IObit's software.

I'm just hoping MBAM is right with their claim and it can be proven.
If NOT then a good company has taking a bad hit for no reason.

Thanks.

 

Almost sounds like you volunteered .

OK , I believe you will see the logic in what I am going to propose . Install an archived copy of IOBit 1.1 , they are all over the web . I don't think their after install update has a prompt so disable networking before install . Next take a pile of max 4 month old samples and filter by detected by IOBit . Re-filter by detected by MBAM . Update to IOBit 1.2 and scan the same samples . Report the final scan log and samples for independent confirmation .

I think we can all agree that Malwarebytes only has only one way to influence these results .

 

A little update, IObit has removed 360 Security from their homepage and all download sites. http://www.iobit.com/security360.html?Str=download

They replaced the download link with "Updating... New Version Available Soon!"

This doesn't look good at all, why would they remove their download unless they have something to hide?


Thanks.

 

Yes this does seem a little unorthadox doesn't it?

 

Hello Nick.

As a general principle, i would agree in the concept of putting a 3rd party "authoritative" company to do the entrapment. However, a doubt comes to my mind. Who this "authoritative" company might be? Does it exist? Is there such an authority that does this kind of entrapment without being paid? Because, once you pay a company, excuse me, but all you have is like the tests sponsored by Norton that by coincidence every time rank Norton first. What i mean is, once you pay someone, he ceazes to be "authoritative". What would stop IoBit and any other "devil's advocate" to say "Well, they hired a company to get their job done"?

There is also a bit of difference with the simple rape case. In a rape case, the supposed victim and the supposed offender, are both subject to local legislation. In this case, IoBit, is subject to chinese law. All a US judge can do, is in case they have any US based assets, and the judges condemns them, if Iobit refuses to pay, the judge can order to cease Iobit's US based assets, liquidate them and thus compensate MBAM.

If Iobit has no connection to US whatsoever (which is the most probable), then a US judge can't do anything. MBAM has to hire Chinese lawyers and move to Chinese courts, which means 2 things:

- MBAM must have the financial ability to do that.
- The chinese legislation must be tough enough on copyright infringement as to make MBAM's money and time spent worth the effort. I mean, if the fine for such an infringement under chinese law, equals to a "slap on the wrist", MBAM will end up losing money out of this.

The same applies to Iobit. Iobit can do nothing to MBAM, unless MBAM has a Peking office for example and does business in China based on their local branch. Iobit would have to move to US Courts. On the bright side, i am pretty sure that US courts in cases of slandering make your time worth if you win.

It's not a fact, it just seems very probable. But that's the internet. People write all kind of inaccuracies

To play here the devil's advocate too, how do you know that it's your competitors trying to get you to remove files? Did you hire a 3rd party authoritatve company to do an investigation? Which one?

Theoretically everything is possible. However, this comes back again to the other problem. Isn't a vendor supposed to test if submitted files are real malware before adding them to their database? Iobit maybe didn't steal, but sure doesn't help admitting that they put innocent files in their definitions either.

There is IMHO a difference between naming the same Malware as "ZLbot.A" and naming the same NON malware as "Don't Steal Our Software" or even the "HiJack.DisplayProperties" for a registry innocent string.

To do the devil's advocate too, do you have any proof about that? Do you have the results of an authoritative 3rd party company? Because there are all kind of products which come up with similar features, it doesn't automatically mean that they reversed engineered yours. Think of how many AVs came with HTTP scanner, how many are currently coming up with behaviour blockers, technology that flags already scanned files so that they won't be scanned again unless modified etc. Getting ideas from others is common. It doesn't necessarily mean they reversed engineered someone else's product.

I would expect that MBAM, when got out with this, was conscious of what she is going up against and that IoBit is probably a wealthier company than MBAM itself (since IoBit is selling more products for quite some time). So i don't think they don't know that they expose themselves to a multi-million lawsuit nor that the US Courts can come up heavily on your in slandering cases.

It is in deed a huge pubblicity opportunity. However, how many companies do you know, which would risk so much in a BLUFF? Because as you said, if IoBit moves against them, it will be multi-million case, which means that if Iobit wins, MBAM may very well close and go bankrupt. Yes, MBAM maybe a desperate poker player i suppose, going "ALL IN" with 7-2 offsuit. But it's also probable that MBAM isn't on a suicide mood and went "ALL-IN" with A-A and that's why thinks that the risk is worth it. (Aka, i don't have the money to pursue Iobit, but i know my position is solid enough to be able to beat Iobit in a US court or deter Iobit alltogether from trying to bring it to US court).

I would agree if a) there was a 3rd party authority which does entrapments WITHOUT being paid by one party (trully indepenent authority, otherwise, it's "money talks"- authority) and IF Iobit was a US based company, so automatically subject to US Courts.


For example, if i buy a Software which is from USA and after 1 month the owner of the software company violates the EULA and i can't use my program, i could a) Accuse him pubblically or b) Open a legal battle against him.

But, i am a student and i am not even in USA. I can't afford to start a legal battle against the US vendor. So all i have left is option a.

I don't know how MBAM's economics are, but in the middle of the crisis and considering it's a small vendor, i don't think they are floating in $ right now. And since my brother is a lawyer, i know very well, that starting a legal battle like that, costs A LOT, specially when it's not conducted in your own country.

So, saying "all must end up to court", is theoretically a very correct motto, as long as both sides have the power and opportunity of enough compensation to bring it to power. If not, then it's another game.

For example, suppose i am in Groenland and i own a site that daily slanders SAS. I have no connection to US whatsoever so you can't touch me through US courts. I am also a student with no personal property at all and winning in a Groenland court would give you 1000 $ compensation , while hiring a lawyer for would cost you 5000$. Would you pay 5000 to win 1000? Or would you settle with replying to me pubblically with compelling evidence that i am in deed slandering you and punish me like that?

What i mean by that. If copyright infringement in China is punished loosely and Iobit ends up paying less than what you will pay for moving against them in China (assuming you can spare the money to move the battle to China to start with, because it's money you won't be getting back for more than 1 year and if they appeal you will have to keep paying the lawyers while waiting the day that you will finally get the final verdict and get some money back), what's the gain for MBAM if really got ripped of? Getting ripped off plus paying more?


All this isn't purely theoretical. I will remind that in this very forum, in the discussion about Matousec, almost everyone agreed that Mamutu had no business being put up against "firewalls" in a "firewall challenge" and by doing this, Matousec was effectively badmouthing Mamutu unfairly and causing economic and reputation damage to Emsisoft , which had also called Matousec that she does NOT wish to be included in that test. I remember one Emsisoft representative, saying that moving legally against Matousec, simply isn't something they could not afford (They are in Austria, Matousec is in USA? It would mean for them to "invest" money for US lawyers and forget about that money for a couple of years or more, depending on how fast justice is in USA). So, was Matousec causing effectively damage to Emsisoft? According to the concept of "Let a judge decide, the web should have no opinion", Matousec wasn't...


So "bring me to court if you are right", is a fine concept, but not always realistically applicable.