Malwarebytes claim: IObit is stealing signature databases

Discussion in 'other anti-malware software' started by webster, Nov 2, 2009.

Thread Status:
Not open for further replies.
  1. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Well, they did reply. This is a forum ,not a court, what do you expect from people? A bit of scandal is like a bit of salt for a forum. :D

    Ok, they did reply. Does the reply sound satisfactory to you? Did you expect them to come out and say "yeah, we ripped off MBAM's database, shame on us, here's our confession, now you can drag us to court with 100% certainty of conviction"?


    Their reply is highly improbable. I scan something with MBAM, it's a fake detection that MBAM calls "Don't steal our software" because it's a Keygen for MBAM. I rename this keygen into "Don't Steal our software" and upload it to Iobit. There, the samples analyst, takes the sample, classifies it as malware (while it's not) and adds it as with detection name "Don't steal our software", just because that was the name with which i uploaded it.

    What are the chances that all this is true? How plausible is that explanation? I find the whole sequence very un-natural procedure.

    If i upload a keygen which i will call "Iobitsucks.A" , Iobit is going to add it as malware with detection name "Iobitsucks.A"? :D

    Even if by satanic coincidence it IS true, then it means, that IoBit is pretty much adding to detections every file you send them , without verifying it.

    Either ways, this is a blow to IoBit's reputation.


    I got the 1 year free license too, but didn't install it once i saw the realtime protection doesn't work. I mean, what's the point in installing a realtime software that doesn't work in realtime... After this news i am even more happy i uninstalled it, because i don't trust them. If they can steal MBAM's database today, tomorrow they may steal info and data from my PC... People tend to put over-confidence to security software companies, as if these weren't ran by other ordinary people. You don't trust a perfect stranger with the content of your PC, but most people do with security software companies, just because they think that are a special kind of superhumans, who aren't "perfect strangers", so they are trustworthy... And then this happens...
     
  2. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Hi Fuzzas,

    I do not defend them neither believe they are innocent. But using WOT and similar sites for starting crusade campaings make me laugh at least.... Especially when people downloaded and installed iobit based in the opinions of the same sites (until yesterday).

    Panagiotis
     
  3. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Oh, i agree about Side Advisors in general. I never use them. McAfee site advisor even had Filseclab red... It's more of a popularity contest rather than real information.
     
  4. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    In my eyes it is clear IOBit is playing dirty here.

    They deleted the first thread that incriminated them, heavens knows why..... then they give some kind of half hearted statements implying all their analysts are feeble minded and the naming choices/file detections were all just big coincidences. Maybe if it happened with one file we could put it down to bad luck, but the evidence here is overwhelming.

    IOBit will probably start twisting the story by creating fake signatures to try and justify their inclusion of the "dummy files" and saying they detected other malware with the same name as the dummy file or whatever but it's all desperate attempts to stop the inevitable...
     
  5. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    pandlouk, we can't base our downloads on clairvoyance. We can only react to facts in order of their appearance.
     
  6. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    Last edited: Nov 3, 2009
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Sorry if this has been already posted (i don't remember), but this is also interesting:

    This is an Oct 24 article-review on IobIt:


    The HijackDisplayProperties detection is a registry key detection, which MBAM flags if you have changed display settings (because theoretically a malware can also do that to camouflage itself).

    I have that FALSE POSITIVE , in every scan in Win7 x64 and it's a false positive because it is flagged even after a clean install.


    Here's my own screenshot from MBAM Free:

    1.png

    Yet another satanic coincidence... I suppose by luck they decided to flag the same, generally harmless registry key, as detection and with the same name...

    I suppose some user of MBAM, saw this "detection", exported the registry key, renamed it to "HiJackDisplayProperties" , sent it to Iobit, where the same samples analyst put it in the detection list with the same name. :D

    Or, both companies had by coincidence the idea to name the same key with the same name.

    The key itself, doesn't help at all the imagination to call it like that (there is no mention about Display Properties).

    2.png
     
  8. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
  9. JohnnyDollar

    JohnnyDollar Guest

    The bad WOT rating is for ethical issues.http://www.mywot.com/en/scorecard/iobit.com

    I think that is a fair assessment at this point and would not recommend anyone install the software based on what we know. As far as ratings go IMO it is better to be on the safe side than not.
    I would rather have a rating system that was slightly overzealous than the other way around.
     

    Attached Files:

  10. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Agree.
    I've removed their Defragmentation tool after the evidence of stealing.
    I hate freeware that becomes shareware. That was what they did with the old Advanced Windows Care.
    No iObit products until we get sure they're clean.
     
  11. Malkiller

    Malkiller Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    6
    Location:
    UK
    I used to use Iobit 360 but since i have been using Malwarebytes database without knowing it in 360 i have uninstalled all iobit software and bought Malwarebytes' Anti-Malware...looking forward to using it for a long time........
     
  12. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
  13. BrendanK.

    BrendanK. Guest

    Well from what I was told, IObit was putting a lot of resources (money and staff) into Security 360. They were developing an anti-keylogger, and a means of collecting large amounts of malware off the web. I was not part of the development so information like this was very scarce to me.
     
  14. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Well, that's certainly a way to put it! MBAM's database has large amounts of malware! ROFLMAO! :argh: :D
     
  15. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    I can,t understand why this would make you laugho_O
    Yesterday IOBIT was assumed to be a reputable security software vendor, yes WOT was green.
    Today we know they are criminals and users have informed the WOT community of there concerns, now rated yellow, and hopefully soon red.
    Trustworthiness = Poor (surely they cannot be trusted especially with your private data)
    Vendor reliability = Poor (Who is to say they wouldn't thieve data from my machine)?
    Privacy = Poor (For the reasons mentioned above)

    WOT is doing exactly that what it is meant to, that is help the user make a decision on the TRUSTWORTHINESS of web sites;)

    Yesterday trusted, today they are not:shifty:
     
  16. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    Thanks for the explanation. I am sorry that you are found in such situation to give explanations. The fact that you are not simply disappeared from the Forum, but to carefully read our posts and you are ready to brought some explanations tell me that you are responsible and fair member of this Forum.
     
  17. BrendanK.

    BrendanK. Guest

    Thank you :) Yes, I am being heavily scrutinized by everyone at the moment for something I had no knowledge about o_O But I am not going to hide from it as I have nothing to hide for :D

    By use of honeypots and honeyclients :p
     
  18. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Exactly that, is what makes me laugh!
    The same people that until yesterday reccomended it as safe (simple because they had no evidence of the opposite), today ban it as unsafe based only on a blog.
    I really wonder how many of them have really run that simple test, to confirm MB accusations before making an opinion? (have you run that test yourself?)
    Probably a very small part of those users. Their judgement is based only in another ones word, even if it is is a valid one.
    And what if tomorrow MB (hypothetically speaking) make another blogpost saying "oops we made a mistake, sorry about the confusion"; because they got to an aggreement with iobit or for another reason? Are they going to haste in marking iobit's site as safe again?

    Panagiotis
     
  19. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    In that case users can change their ratings and it would balance out. The system is based on a smart algorithm, not just a "500 bad comments=red" type system.
     
  20. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    I know, and this is the problem. Iobit's site during the WOTs period of green -> yellow -> red -> yellow -> green, won't have actually changed at all...

    Panagiotis
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Yeah i bet. 500 - 500 = 0. Wow, what an algorithm :D
     
  22. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    :D :D :D ROFLMAO :D :D :D
     
  23. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
  24. JohnnyDollar

    JohnnyDollar Guest

    I understand where you are coming from. I try to look at things objectively, and will not sit here and say "They are guilty thieves". I am also not naive either, and I think it is prudent to suspect that there exists some foul play involved here. I admit that users have gotten pretty hasty with their ratings and comments regarding IoBit. Site ratings are certainly not perfect, just like everything else. One must keep in mind though, that we are not in the court of law, but in the court of public opinion. Regardless of whether Iobit is guilty of this or not, users blackballing them on forums and site ratings will hopefully send a deterring message to any would be organizations looking for easy money that their actions will be publicized and scrutinized.
     
    Last edited by a moderator: Nov 3, 2009
  25. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,489
    Location:
    Paris
    Panagiotis- If you read the initial MB release, it is stated that there is much evidence that they won't disclose prior to legal action. The dummy.exe file was only one example.

    With this in mind I think it is well beyond any here to verify or refute anything.

    I do however agree with you that many at Wilders are a bit faddish with new toys. Formerly was a love affair with Rising.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.