Malwarebytes accuses rival of software theft

[DKT27]

Malwarebytes accuses rival of software theft

Malwarebytes is accusing China-based computer security firm IObit of intellectual property theft, but IObit denied the allegations and said there were problems with its malware submission site.

Malwarebytes claims IObit stole from its database of signatures of malicious applications that its software uses for detecting malware on customer computers.

Malwarebytes discovered that IObit's Security 360 free anti-malware software was flagging a specific key generator piece of code for Malwarebytes' Anti-Malware software and using the same naming scheme, which includes the phrase "Don't Steal Our Software," according to a blog post on the Malwarebytes.org site.

This screen shot shows IObit's product uses the same naming scheme as Malwarebytes.org.

After finding additional evidence, Malwarebytes conducted a test and added fake definitions for a fake rogue application to its database of malware. Within two weeks, IObit was detecting the fake files and using "almost exactly" the fake names, Malwarebytes said.

"We soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database," the blog post says. "They are using both our database and our database format exactly."

Malwarebytes, which said it uncovered evidence that IObit may have stolen proprietary databases of other security vendors as well, said it plans to pursue legal action against IObit

IObit denied the allegations, saying it was a "mistake," and accused Malwarebytes of spreading "malicious rumors."

IObit said it would soon release a legal letter an explanation about the technical aspects that proves its case. In the meantime, IObit temporarily deleted all disputed items in its database to avoid "dispute and possible problems" and disabled its malware submission page, the company said in a blog post.

Basically, someone submitted samples with the name used by another vendor, the post says.

"Unfortunately, IObit database analyzer carelessly used the names provided by the submission. This mistake can be understood because it is very normal--Many enthusiastic IObit users find there are samples missed by IObit Security 360 but detected by other anti-malware products, then they would submit these samples to us and provide names defined by other anti-malware vendors."

"There are holes and problems with IObit malware submission procedure and database management," the post concluded.

Malwarebyte's found that IObit's product detected the fake malware Malwarebytes put in its database as a test.

Source

[Toshiro]

Lol.. :lol:

Wth are they doing these days :P

You can't be more serious when it comes to Security suites..

[jalaffa]

interesting - thanks for the news.

[manpe]

Maybe they should all share info and data brotherly :wub: But noo... business first.

[DKT27]

@jalaffa: You are welcome.

Well if MalwareByte's is sayin this, I have reasons to believe them.

@manpe: If IOBit is doin all this in real, no way any security company should share info and data brotherly with it.

[Toshiro]

@jalaffa: You are welcome.

Well if MalwareByte's is sayin this, I have reasons to believe them.

@manpe: If IOBit is doin all this in real, no way any security company should share info and data brotherly with it.

Hmm, they could share there Databases together.. So each AV will be different, but will find the same stuff..

But like manpe said.. NOOO business first :P

[DKT27]

Lol. When one of my friend asked me what would be your dream software, I told him that a AV-AM that can download and use database signatures from all the big dog AVs-AMs, so no one says this is better or that is better.

[Toshiro]

Lol. When one of my friend asked me what would be your dream software, I told him that a AV-AM that can download and use database signatures from all the big dog AVs-AMs, so no one says this is better or that is better.

It still depends on the suite itself.. Like Eset and Kaspersky.. it got it's own methods of finding the stuff.. So it would still be "this one is better, that one is better" :P

Or I'm saying silly things.. :mellow:

[manpe]

Lol. When one of my friend asked me what would be your dream software, I told him that a AV-AM that can download and use database signatures from all the big dog AVs-AMs, so no one says this is better or that is better.

That is your dream software? Man... security is overrated. Protecting a computer is becoming a hobby, an entertainment, rather than a necessity :D

My dream soft would be something else, that brings butterflies to my tummy.. ok, here is what popped into my head: a program that would show ALL the tv channels in the world, and where you can watch all the movies even the ones that run in the cinemas. And you could listen to music from that thing and all.... basically, an universal utopic media player. In fact, it should also include an impregnable antivirus and firewall. It would optimize your system to its fullest. It would be smart enough to do all my homework. It would clock my processor 10x faster... hell, it would make an i7 out of a Celeron.

And would take less memory than notepad.

Now that's a dream :afro:

[shought]

I think they should indeed be working together(not like this though), but hey, who am I...

[DKT27]

@manpe: Security is indeed a hobby for me. :D

If you know what the other person said, you would be surprised, he said I would rather make a nuke missile system software. :blink:

[RadioActive]

IOBit's actions are fishy to say the least, weather it was intentional or not it still poses a concern.

Off-topic: my dream software would be Proxy Blue (hint: from Mutant-X TV series) :D

[DKT27]

It's good that I never tried it. If you think in one way the software comes from a country that has history of bad internet users/hackers, and is also known for it's cheap low quality and short lastin products.

[RadioActive]

It's good that I never tried it. If you think in one way the software comes from a country that has history of bad internet users/hackers, and is also known for it's cheap low quality and short lastin products.

My friend, that's a rather narrow-minded view to judge anything for that matter. No offense intended.

[DKT27]

@Lohengrin: No that thought was not by thinkin narrow mindedly. It was just for thought nothin else. I'm not against anyone here. But you will come to know about many things if you stays soo near to it.

[aalpha1]

Other Security Apps should also check it maybe they did not only steal bases form MBAM?

[Infinite_Vision]

It's good that I never tried it. If you think in one way the software comes from a country that has history of bad internet users/hackers, and is also known for it's cheap low quality and short lastin products.

My friend, that's a rather narrow-minded view to judge anything for that matter. No offense intended.

I think he is right for the most part. The products that China produces are low in quality. I'm not saying all of them are but it is too much to ignore. With one plus billion of people and more people having internet access, the next wave of hackers are coming from China. And I am not saying Chinese people are bad because that is not what I'm saying. To say that is to say that about myself as well. haha.

Source: http://anonymz.com/?http://www.cnn.com/2008/TECH/03/07/china.hackers/index.html

[DKT27]

Lol. That's not all. I have seen online BBC reports that state that their govt. is fundin and allowin their hackers to hack everyone. I mentioned them because the point is cyber security.

You know what, my email address has been haked 2 times(same address) both the times it was a Chinese hacker, when I traced the hacker to china and I confirmed that he didn't used a proxy, I emailed their ISP, and what I get to see is the ISP wants more proofs that my email was haked, what more proofs you want? I showed them the IP that I traced, then they started tellin me that there are no signs that my email address got hacked. I leaved them after that there was no use to contact the people who have no intention to fight crime. :bag:

I mentioned this as this is what happens with security from China's side.

Chinese have copied every original product and made a low quality copy of it and sold it at a cheap price from years.

[HX1]

Lol. That's not all. I have seen online BBC reports that state that their govt. is fundin and allowin their hackers to hack everyone. I mentioned them because the point is cyber security.

You know what, my email address has been haked 2 times(same address) both the times it was a Chinese hacker, when I traced the hacker to china and I confirmed that he didn't used a proxy, I emailed their ISP, and what I get to see is the ISP wants more proofs that my email was haked, what more proofs you want? I showed them the IP that I traced, then they started tellin me that there are no signs that my email address got hacked. I leaved them after that there was no use to contact the people who have no intention to fight crime. :bag:

I mentioned this as this is what happens with security from China's side.

Chinese have copied every original product and made a low quality copy of it and sold it at a cheap price from years.

See and all this talk.. I thought all this time is was becausa Chinese were superhumans.. longest living know civilizations..But you get a lot of software RIPS as I call them from ll over though.. I have two programs right now I can name off the top of my head that are almost identical.. and both charge money for their product.. I have seen this for a long time though..You know you would think however.. back on topic.. that there would be a centralized place for definitions .. but then each company would then only have their intuitive coding knowledge to rely on being the best of the best..LOL.. really though writing an engine that would be better at detection than a definitions database.. that would nice.. and no not just one that locks everything out from being written to your drive.. but one that could well be as smart as the worlds top coders..

But yeah I am talking silly non-sense as well..