Malwarebytes claim: IObit is stealing signature databases

Discussion in 'other anti-malware software' started by webster, Nov 2, 2009.

Thread Status:
Not open for further replies.
  1. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    The flip side to that is that every program had to start somewhere.
    And curiosity gets the best of some us on occasion.
     
  2. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    469
    Location:
    Belgium
    What a bunch of bollocks is that ?
    Does that mean noone may say something is malware unless they have been victimized by it themselves ?
     
  3. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Exactly! History have sawn that Public Opinion ia easily manipulated.
    In Mid-ages a rumor that a innocent woman was a witch, would usually had as result to be burnt alive!
    I have read it. But I prefer to investigate further or at least wait, before making a judgment.
    Haste is never a good companion to reason. ;)

    That said I do agree that iobit, have being caught stealing... big time...:p

    Panagiotis
     
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    don't think much more will happen from here on in, IObit can't really come up with any more Logical explanations/excuses etc. they will probably start to disappear and website eventually go down.
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i doubt it since they have many other products as well, maybe just their IObit 360 part.
     
  6. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    No...you misunderstood....WOT ratings and WOT comments are two different things. Ratings can only be left by people registered, with an account who are using the WOT software. This means using the slider things to rate a site on each of the categories.

    The comments are there to describe why they think a site is bad but it does not affect the site rating. I didnt mean to say only people using the scam software can rate the site.
     
  7. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    Lets say for arguments sake they dumped the IObit 360 part and kept the other products and site going.

    How long do you think they could put up with people constantly bashing them?
    Their reputation has gone and spreading. Their products are starting to be removed from all over the net, so their sales are gonna be next to nothing. IObit's days are numbered.
     
  8. 06Dolphin_Spirit

    06Dolphin_Spirit Registered Member

    Joined:
    Sep 16, 2009
    Posts:
    17
    Hi everyone,
    I'm new here (as most of you can guess) and more the reading type.

    I've been following this since yesterday when first came across the post in Malwarebytes' blog.

    I want to ask a question - please don't laugh at me about this, I'm not that tech savvy.
    In the 3rd paragraph from the bottom of the original Malwarebytes' post (blog) it says: "… we uncovered additional evidence that IOBit may have stolen the proprietary databases of other security vendors as well…”.
    And this statement was repeated today in the forum.
    How can Malwarebytes’ identify which defs in the database is of which vendor (beside its own)? I mean, since the various security vendors are rival companies, how can one have specific knowledge of another’s defs? And I'm not reffering to the common ones.
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    well Comodo seems to still be up and running with their free products... :doubt: but thats for a different discussion that we wont start here.
     
  10. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Panagiotis I can understand your point of view. I however made a choice to post my comment on WOT, because I personally believe the argument MBAM had brought forward was valid. The response of IOBIT was a joke. Banning members deleting posts didn't help. I don't believe there is or was a global conspiracy instigated by MBAM to tarnish or destroy the reputation of IOBIT.
    I made this choice, after looking at the evidence available to me.

    ~Off topic comments removed.~
     
    Last edited by a moderator: Nov 3, 2009
  11. dcrowe0050

    dcrowe0050 Registered Member

    Joined:
    Sep 1, 2009
    Posts:
    378
    Location:
    NC
    Honestly it does not matter the outcome for me, just the way that this was handled by Iobit is enough for me not to trust them anymore. Their is definitely foul play involved but for me their lackadaisical reply and some other unbelievable comments by admins on their forum is just to shady, too much like they are afraid to say something definitive or do not have much to say at all.
     
  12. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    They cannot have specific knowledge. Unless they reversed engineered iobits database and the database of the other vendors (which is illegal...).
    Probably the have confronted the online databases (iobits and other companies) malware names, and they found a lot of equal names.

    And this is the reason that MB made a "trap fake-malware".

    ps. I hope that they did not reverse engineered iobits, because if they did the whole issue gets alot more complicated...

    Panagiotis
     
  13. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i never said anything about their toolbar, but lets leave it at this since this isnt the thread for it...
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    119,201
    Location:
    Texas
    Some comments and posts removed.

    Let's not drag other programs or vendors into this thread.

    The best approach would be to let things settle out a bit in this matter before posting.
     
  15. Malkiller

    Malkiller Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    6
    Location:
    UK
  16. JohnnyDollar

    JohnnyDollar Guest

    Thought this was interesting, I had not heard of this before. Can't say I am surprised though:

    http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes

     
  17. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    164
    Malwarebytes really has quite alot forum posts everywhare nearly at every security forums. After all, both Malwarebytes & IOBit will be killed, slowly, by the successful of Microsoft Security Essentials, together with other small players.
     
  18. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Update on this topic ..

    More on this topic plus screenshots – CNET News - http://news.cnet.com/security/
     
  19. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    Saw this in that story-

    Does this explanation hold much water? Seems like if a malware were submitted to Iobit there would still have to be some confirming the submission was not a false positive- even if it was flagged by another vendor. There would have to be some oversight between the submission and actual entry of the sig to Iobit 360.
     
  20. Fuzzydice45

    Fuzzydice45 Registered Member

    Joined:
    May 13, 2009
    Posts:
    108
    Location:
    Australia
    Well the problem with that explanation is that someone would have to actually have the file so they could scan it, realise MBAM could detect it and IObit360 couldn't, then submit it.

    But the MBAM team never released the file to the public.

    What few excuses we are getting from IObit are immediately thrown out of the window due to the evidence supplied by the MBAM team.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    Just because IOBit will be killed doesn't mean to say Malwarebytes will also be killed. since when has microsoft been able to provide bullet proof security on pc's? there will always be market for other security apps.

    MOST IMPORTANTLY.I just wanna say. I have noticed people bashing china on various forums. STOP thinking and acting with your emotions. this does not mean to say that all chinese vendors are evil, good remarkable original products have come from china. So please lets not get into the mindset that all chinese vendors are untrustworthy.
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ahh, besides not publicing it to the public they also covered every scenario

    MBAM, planned it very well. They must have had some scenario's ready depending on IOBits's reaction of their first claim, as explained in MBAM's follow up post and follow up proof http://www.malwarebytes.org/forums/index.php?s=&showtopic=29772&view=findpost&p=153225

    A new - new combo can slip through (not analysed by a IObit person, submitted by a IObit customer), although normally AV/AS comanies are keen on bragging new-new combo's on their blogs, but these combination is so unlikely to be submitted by a client (becuase it involves classifying the new samples)

    a) the new variants have not been referred to in the wild before MBAM own follow up post (as Fuzzy pointed out)
    b) a fake new class name for an existing signature (exact match)
    c) a fake new signature was made for an existing class name (exact match)

    Somebody (a person) at IObit should have noticed, classifying them, while an automated classification process should not make such a mistake
     
    Last edited: Nov 4, 2009
  23. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    How does IObit get signatures from MBAM that were never released to the public? Is this MBAM database somehow accessible from the outside? Or is MBAM suggesting this was an inside job- someone inside MBAM sending the signature database to IObit?
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    No these signatures where hidden fonies in the data base (poisened trap), which were reversed engineered by Iobit, besided the time element they covered all combo's which more or less prooves an automated reverse engineering process.

    When you are not having a pure "in the cloud AV/AS", you update/download the blacklist data base on your PC's harddisk every day, when you know how it is structured (what field names are in it, in what format), you can reverse engineere it and 'read the info'. So it is not nessecary an inside job.

    Regards Kees
     
    Last edited: Nov 4, 2009
  25. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    in 5-10 years when 64-bit becomes the main stream there will probably be a 128 bit and all security vendors will then have apps for 64 bit but not 128 bit ? that's what I think will happen .
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.