Malwarebytes claim: IObit is stealing signature databases

That's a poor analogy for a number of reasons.
1) The defense of the non-English speaker in the USA would probably be by an attorney-a public defender at the least.
2) How do you compare a hypothetical murder (a capital offense in some states) to theft? One carries much more serious punishment. I believe that the person accused of murder has more on his/her mind than reputation.
3) How the accused are perceived is partially their responsibility isn't it?
That would fall under the Public Relations category. Guilty or not, it's normal to defend yourself and avoid taking actions that tend to indicate guilt.

 

It's really pointless with many of the group here - you don't get it - you are on the witch hunt and you can't see anything but what you want to see.

You try and spin everything I write because MalwareBytes and SUPERAntiSpyware are in the same industry. What you don't realize is that companies such as MBAM, SAS, Sunbelt (CounterSpy), etc. do communicate on a friendly basis - who cares if we are in the same industry - I don't view us as competitors - we are allies in the fight against malware - MBAM and SAS make a great combination to fight infections as we each have different strengths and weaknesses.

It's (MBAM & SAS) vs Malware, not MBAM (or another product) vs SAS (or another product)!

What you are really saying is you yourselves can't be objective and don't understant the greater problem with the situation as it was handled.

Try looking at things "out of the box" instead of following "mob mentality"!

(resume flaming)

 

Now that's an attitude that deserves a big...

 

Love your logic Nick S,

No proof or independent evidence(Try this simple test equation)

Find test bed of recent malware samples and put in static folder(= X).

Custom scan with with the previous version of IObit security 360 with default installation (no updating)database and then remove all the non detected files from the test bed.
So you have the folder containing only IObit defaultly detected malware files left in the test bed(= Y).

Now scan thoes samples(Y) with most recent IObit security 360 application with default installation database(no updating!) and allow it to remove what it finds this time.

This will leave you with samples that IObit has oddly enough dropped from their database so let call them Z testbed.

Now scan Z testbed with MBAM to get a result =The irrefutable evidence that dose'nt exist according to you

The real evidence is there, you choose not to accept it...I wonder why

 

Nick...I would agree with you in any other case, but not in this one. IOBit have incriminated themselves, and they deserved to be exposed for their actions.

They have consistently proven to be untrustworthy..advetising their products using porn on their own website, censoring questions on their forum, offering no tangiable explanations and trying to hide the evidence (they deleted most of the stolen definitions silently after the allegations surfaced), and even closed a "malware detection competition" that they themselves were running due to the fact that it would expose their theft once the stolen data was removed. (An old version of IObit which hasnt been updated now detects about fourfold more malware than a current, updated version)

I see no way that this would have made it to court...as I am sure IOBit would disappear and set up shop somewhere else with as much ease as they appeared....and malwarebytes would probably have wasted a lot of money in trying to get this court...money which we all now have less of due to the global recession.

I understand why you are concerned, and why this expose (in theory) could have gone wrong, but in this case anyone who has sufficient technical knowledge can see that the technical data is sound and that IOBit is definitely trying to erase details of its crime. They have no leg to stand on and need to be outed from the security industry. My beef with them is no witch-hunt, it is one of them trying to insult my intelligence by categorically denying the evidence presented and coming up with some half-hearted excuses that maybe a non technical user would believe.

 

You are looking out of the box here?

Yes, very much in the line of "united against malware" and objectivity.... Allies against malware, friendly communication, but hey, maybe these MBAM guys are trying to pull a pubblicity stunt , by bluffing , because they want to take down a superior product and then maybe it's MY turn coming!

"Love is in the air".

I 'd say to you to make an experiment. Take a stranger , don't tell him who you are and then tell him to read the above comment. Then ask him, what he thinks of the feelings of the author towards MBAM.




Back to the topic, an interesting article, which pretty much explains why copyright infringement in China is thriving and so many companies around the world can't stop the flooding of counterfeit products:

US lost in that part in her WTO complaint last January actually.

 

That's not irrefutable evidence - what if MalwareBytes really stole those from IOBIT? What is MBAM set up IOBIT? ( I don't believe they did, but you can't call the above "beyond a reasonable doubt" )

 

With your POV, there would be no pubblically available news/document of "accusation" or "allegedly stole" in the internet, because only a judge can pronounce a verdict on "irrefutable evidence".

Well, the reality is that we live in the age of media and they are full of news where someone makes an accusation and this makes the news without having a judge giving verdict yet or ever. This is also why conviction for slandering exists.

That's how things go. The one who moves first against the other has the initial mediatic advantage.

The difference is that you want to practically keep this all hush hush until it ends up at a judge so that then MBAM can come up and say "We had irrefutable proof and this is why now we can inform you that we won a case against a chinese company". Well, it doesn't go that way! The internet is full of news of accusations BEFORE they end up in Court. You may not like it, but that's how it happens. Think that there are even people who get convicted for murder, their face goes up in tv and then they win in appeal...

Do you see in US news about someone who is described by locals about someone allegedly robbing a bank or a company that accuses some other of intellectual theft? What if it's not true?! What if the man that the police divulges the portrait is actually innocent who happened to be in the wrong place in the wrong time? What if there was no intellectual theft? The answer is simple. You install a "Media Censorship Comittee" who reviews all news that aren't about cases where the accused is convicted "beyond any doubt". Then go make company to the Chinese.

I would have liked to see what have SAS would done, but mind you, with MBAM's budget, if YOU were certain that you are getting ripped off by a CHINESE company. It's all nice and pretty when your other opponent is in USA or say Europe (where laws are more or less similar), within your grasp or if you are rich enough. Maybe if you didn't have the money or the belief that chinese law will protect you, you 'd rather stay quiet and accept your fate and accept the fact that you can't do anything about it. Well, MBAM has another CEO, who's not you.


I know 1 thing. If i were Iobit and i was feeling this is an unjust Witch Hunt or that i was setup or that MBAM stole actually from ME and i was getting the reputation hit i am, because my version of the story doesn't seem to cut it for pubblic opinion, i would a) divulge on my turn my evidence that show that MBAM set me up or stole from me (the product with the older installer containing the same defs is the original, right? So pretty easy to prove who stole who). and b) sue MBAM since like yesterday and destroy them financially.

I would also not change my database.

But that's just me, not being objective.

 

Yes, you are correct [said in robot voice]. Is that better?

You aren't objective, so I completely understand your point of view.

 

Maybe i am not objective. But at least, i use arguments to reply, not fireworks.

 

I have stated my opinion very clearly. I am not using fireworks - they are fireworks to you because it goes against the mob mentality that you are wrapped up in here.

 

Whatever. Both you and i have stated our opinions alright and people can judge on their own... Or, wait... do you have irrefutable proof that i have mob mentality By whose judge verdict? Maybe i should sue you.

Nah... Internet would be too dull if it was all about irrefutable proof, wouldn't it... (Half of Wilder's threads saying "this products sucks" would be censored).

Fortunately i don't have a product to sell, so even if people think in here that i have mob mentality, in the worst case, they won't talk to me again or will tell me that i am an idiot. I can live with that.

 

As in all things in life ,i am against someone being accused of something serious without irrefutable proof,especially when it comes from the accuser.Maybe someone independent will back it up

 

I wonder why IOBit won't agree to that in order to clear their name

 

Dear Fuzzfas,

I guess that the frase "Anyone is innocent until is proven quilty beyond a reasonable doubt", has no significant to you.

Let's assume the opposite scenario:
A company (that stole the database of MB) created some internal not malicious files that trigger the "don't.steal.oursoftware" definition of MB.
And had accused MB for stealing their own database. Can you imagine how hard would have to be for MB proving that they are innocent?

Panagiotis

 

Dear Pandlouk, you confuse public opinion about news with actual law verdict. The "innocent until proven guilty" is before a judge. Not before public opinion. I myself, don't pronounce "guilty" Iobit, nor have i such power. But between the 2 stories, i am much more prone to believe the one of MBAM. Do i have the right to do so? When you watch tv and you hear about someone accusing someone else , in your mind, do you have the right to believe one more over the other? What if i were wrong? Fortunately i am not a judge! That what are judges for, in that you can overturn public's opinion's wrong impression if you are innocent.

You confuse again ME (or various blogs/media) with a judge. You also confuse the specific case, with yours, an imaginary case. Pray tell, how is the Windows registry key Hijack.Display settings trapped by MBAM to trap Iobit? What about Anar's comment that there are portions of identical database , while himself tried to propose a contractor as the cause? What about Iobit removing signatures en masse from her database? What about Iobit admitting it was "analyzer's error" and not a setup as you imply? It's a CHAIN of events and behaviour here, not just ONE episode.

To come to your example though, since you don't want to speak of the specific case other with the motto "innocent until proven guilty, so shut the internet down":

1) A company steals "MB's" database, creates an internal false positive with triggers "MB" and has the bold face to accuse the "victim". Basically a huge bluff, where the "offender" wears "sheep's skin" and tries to appear as the "offended", do i got this right?

I think you omit some passages here:

- The "stolen database" will have appeared first on the product's installer from which the database originally comes. I mean, the one who first makes the signatures, will have the signatures first, right? So this would give the ability to the "bluffed" to initially counter the attack by actually exposing that the other has stolen his database first.

- The "internal non-malicious" file, would have to be somehow delivered to the "victim" (MB). Even if we suppose that this was successful (passing analysts' analysis) and tracing (who submitted it and when), MB has still point no.1 as defence. I guess this is also a good reason to actually hire analysts that do analyze samples before just throwing them in the database (i can do that too!). If something is not malware, don't put it, specially since all vendors use "poisoned" definitions-traps.

In any case, the company "MB" would have some cards to play in her favour, even for PR, not conceeding total mediatic victory to the "bluffer". And i wouldn't be prone to believe either side's story.

 

That doesn't make sense...how can malwarebytes be accused of stealing their own database....if the files are manufactured to trigger a signature a quick static analysis of the file would be enough to uncover any deception...unlike in this case where IOBit pretty much cast their guilt in stone by removing a large chunk of stolen definitions in their panic not to get caught.

 

Fuzzfas, I do not confuse anything.

I am talking about how MB handled the matter. They used the public opinion/impression for making "justice".
This, for a serious company, is simple unaccetable, at least for me...

- And in the example only MB would know the date they released the database signature (good luck in proving that to the public).
- No it would not. The signature is already there for that keygen. The other company would have only to create files to trigger it.

Panagiotis

 

but its not about the keygen detection....the keygen is what alerted them to the fact that IOBit may be stealing signatures....and the trap definitions and subsequent actions of IOBit prove that they really were stealing the database.....

I am still shocked how many people are willing to have the wool pulled over their eyes and still side with IOBit.

 

Are we nuts?
I do not side with Iobit.

But this does not mean that MB or any other company/person has the right to take justice in their own hands.

Panagiotis

 

That's easy to say for you, i suppose. If you were believing that you were a victim in deed and your opponents were either economically or legally out of reach, what would you have done? Of course it's your right to have done something else, but it's also MBAM's decision here.

You also forget that Iobit has the same opportunity to address the public opinion. And that also has the chance to address a legal system (the american one), which, unlike the chinese one, doesn't go light in slandering and reputation destruction.

Ah, "MB" is actually MBAM? I thought it was an imaginary company you made up, just for an imaginary case!

To the public i think you can prove the following:

- The date of installer release and its detection compared to when the same detections appeared to the installer of your accuser.
- If you got them from a contractor, the data (documents) of when and from whom you got them.
- Probably more that i don't know.
- If all this results insufficient and want to protect your reputation against public opinion, you stop worrying about satisfying public opinion and you proceed to satisfy a judge.

I suppose that you mean that MBAM's database will have a real malware detection which will be used to "craft" a signature that will also trigger an in-house detection of a "non malware"-trap signature? Excuse me, isn't that called false positive? I had Twister flag real alternatives at Trojan XYZ. This only means that Twister's detection for real malware, got a cross-reaction for real alternative's detection , which is not malware. In this case, Iobit doesn't say that this is cross-reaction with one of her legit signatures. She says that this is a signature sent to them and added "carelessly" in their database.

Now back to the REAL case , i believe more the version of MBAM, because it's not the case you try to propose...

 

I 'm also not sure i got the way in which Iobit's trap signature would force MBAM to detect it as "Don't.Steal Our software". I mean, the name. If you would be so kind to explain it to me more simply, because i don't study IT here.

 

In this case yeah, I hold out as much hope of a chinese company being pursued through the courts for IP theft as being announced the heir to a large estate in the middle of the countryside. MBAM did nothing wrong. They outed a rogue outfit, and rightly so.. They did not go public with an assumption, but with solid proof, proof that IOBit isn't attempting to seriously challenge because there is no way to wriggle their way out of this now.

 

What if MBAM (or another party) set up IOBit and submitted all those definitions and names through IOBit's web interface and the IOBit researchers simply put those definitions in without complete analysis? Sloppy, but not malicious. Now they pulled the product as they are embarassed and have to reevaluate all of their definitions and submissions.

I can GUARANTEE you this happens, and in FACT, with all the parties mentioned here in this thread - why do I know this? Because we have conducted our own tests just to "see" what happens over the years - it happens - submit a fake file that "looks" like a threat by characteristic and most companies don't run it, break it down, and do a full analysis - they just pop it into their definitions - companies don't have the physical time to fully analyze each and every file that comes through.

I know other companies/people have done the same with us, you would be surprised at the stuff that gets submitted - we have had a false positive before because of that exact situation - we fix it and move on - but the point is that it happens and it would be quite easy to set up a company - and once the giant press campaign like this has taken hold the other company would never recover and there would be no way to "prove" anything as the "facts" would appear as such - with electronic "data" it's quite easy to doctor up the results and make anything appear as you want it.

I am NOT saying this "is what happened" here, but there are always two sides to every story and certainly more than one possibility of how things could have happened.

 

At least someone understands what I'm trying to say...

MBAM's reaction seems like "pandora's box" that just got opened...

Panagiotis