IObit Responds to Malwarebytes' Claims of Theft
IObit has issued a statement denying claims they stole all or part of the Malwarebytes signature database. Titled "Declaration from IObit", the statement declares:
"We have never used the database of any other companies. And hope Malwarebytes stop spreading malicious rumors for hyping itself. The ridiculousness: who will trust and depend on a security product that can NOT even protect itself?"
Apparently the IObit defense is that if it's possible to steal the signatures, then the product is no good. But that logic is so flawed that it makes one wonder if there are actually any real developers behind the IObit product(s). The scanner MUST be able to read the database of signatures, hence it is impossible to make the signatures truly theft-proof. Which is exactly why legitimate vendors seed their database with dummy signatures - to catch such theft.
IObit then makes a fatal error in defending the inclusion of the Malwarebytes "to catch a thief" signatures:
"NOTSURE.dll was submitted by someone called "KXX" and described as 'Rogue.AVCleanSweepPro' detected by Malwarebytes. Our analyzer carelessly used the same name."
The fatal error? Malwarebytes explains:
"We invite you to search Google for 'Rogue.AVCleanSweepPro' or just 'AVCleanSweepPro'. See if you can find a single place where anything called 'Rogue.AVCleanSweepPro' was ever detected in the wild by Malwarebytes or anyone else. When we did this today, the only hits we got were for our own report yesterday and people talking about it. Before we published our report yesterday there was not a single hit on Google for either name. This malware name simply does not exist in reality. We made it up in-house. Only four members of Malwarebytes' management were privy to the information about the fake files and the fake names. Therefore, any suggestion that somehow someone submitted to IObit a piece of malware anyone detected anywhere as 'Rogue.AVCleanSweepPro' is simply a lie.
Just prior to this controversy, IObit also came under fire for allegedly deceptively installing the Conduit toolbar on users' systems.
Many of the comments circulating the web regarding IOBIT are mere conjecture. Many of the counter claims by IOBIT seem to have been disregarded by MalwareBytes – you should ask yourself why this is the case.
It is a fact that MawareBytes are a major competitor in the security industry, and it is they who are set to gain from the rumour mill destroying a much smaller company. IOBIT are happy to have their day in court to defend themselves, but from what I have seen written around the web, they are already presumed guilty.
I’d be more than happy for IOBIT to take this issue by the horns and pursue legal action themselves. IOBIT have defended themselves vigorously in the claim that they stole the anti-virus signature. They offer proof in the form of “NOTSURE.dll” for which, they claim has the same signatures as the offending item.
The signature was submitted manually by someone calling themselves KXX – I’m sure that IOBIT will have a IP address recorded to prove themselves. IOBIT do admit that there were problems with their database management submission procedures, but have since corrected the problems. What’s to say that the submission wasn’t by a disgruntled MalwareBytes employee?
I have had second hand experience of a ’software witch hunt’ – there are people out there that are happy to spread rumours anonymously without backing up their claims. Because they don’t like something, their view is that it must be wrong.
Take for example the Conduit toolbar system. There has been claim, upon claim about Conduit toolbars being riddled with spyware – this is simply not the case. I’ve been a Conduit toolbar publisher for near on five years – claims are frequently made anonymously about their software, but never backed up with proof.
It’s OK for someone to say it’s spyware, with no evidence – in just the same manner that many are circulating rumours about IOBIT. Conduit offered a reward of $5000 to anyone to prove that their software was malicious – the money was never claimed. It’s annoying that the harbingers of doom couldn’t prove their malicious chatter – again.. what do they stand to gain? Another competitor gaining a foothold in the market?
Over 200,000 Conduit toolbars have been published and have been installed by over 60 million users – I have to ask why should one or two people be allowed to destroy a company when millions of people are more than happy.
As for the claim that the Conduit toolbar was distributed maliciously… many software vendors do attach toolbars etc., to their offerings to expand their end user experience – look at the number of places that the Google toolbar is available!
Conduit do require that the end user should have choice regarding installation – this is also backed up by their TRUSTe certification. Conduit have given guarantees that they will look into the IOBIT toolbar issues and will act if anything untoward is discovered. As a Conduit toolbar user, I can put my hand on my heart and tell you that I am 100% satisfied with their service. I have a low number of uninstallations which also points to the fact that my users are also happy.
I should also point out my experiences of ‘false positives’ – my Conduit toolbar has been on the end of false reporting by some security vendors in the past – this false information was cascaded and shared with other vendors… are they too copying databases like MalwareBytes has claimed against IOBIT? I certainly don’t think so, especially when you look at the names involved.. AVG, Norton, etc. When these security vendors were approached by Conduit, the false positives were been removed from their offending databases – after the companies had completed their own internal investigations.
Isn’t this proof enough that Conduit toolbars are safe? Or, will some people never be happy with the proof put before them. It’s a shame that people continue to attack companies like Conduit and IOBIT without a shred of evidence. The internet is wonderful, but it can also be dangerous when people believe everything they read.
Calling Malwarebytes “a major competitor in the security industry” is like calling Soapier.com a major competitor in the soap industry. Soapier makes nice soap, but they’re no Proctor and Gamble. IObit and Malwarebytes are on equal footing competitively speaking.
Having been in the antivirus industry for over a dozen years, I’d say the evidence against IObit is very compelling. The laying of traps in a signature database is nothing new. And seldom is it wrong. In fact, to this day I have never seen a case where the sprung trap was not exactly what it seemed – stolen signatures.
I can appreciate that you feel a fondness for the Conduit toolbar, but it does enable the affiliate to push marketing and other messaging to the desktop. For most of us security-minded folks, that’s enough to not want it on our systems. This is not to say the developers themselves have bad intentions, however.
In any event, the accusations surrounding Conduit in this case have nothing to do with the toolbar per se, but rather that IObit deceptively installed it when users had specifically unchecked that option. Of course, something like this would not be the fault of the Conduit developers, but rather the distributor (in this case, allegedly IObit).
And no, I do not think install base is a measure of whether something is or isn’t safe. If it were, every malware distributor could use that argument. And yes, antivirus vendors do try to give legitimate companies the benefit of the doubt which is what they have done in the case of Conduit. That still would not cause me to want it on my system. And if I were a sysadmin, I would want my antiv-malware software to alert me to its presence. But your mileage may vary.