Is IObit Security 360 too good to be true? Malwarebytes claims theft of intellectual property.
November 3, 2009 36
Email article | Print article 
You know when you have big dreams to do something, then you hear you won’t be able to attain what you want and all your hope and dreams come crashing down around you? Well this is how I feel when it comes to security software for my computer. I am on the constant lookout for *the best* free anti-spyware security supplement for my computer. I say supplement because Avira fills the spot for main security work horse for me. For the most part, my favorite had been Malwarebytes for a long time simply because it has one of the best detection rates out there. However, recently I started using IObit’s new IObit Security 360 because it has excellent detection rates, not very heavy on computer resources, and has a much more aesthetically pleasing interface vs Malwarebytes. In fact I took a liking to IObit so much, I thought it was “the one”. Today as I was reading my e-mail, Adrian crushed my hopes and dreams by informing me about possible theft done by IObit. It seems the developer of Malwarebytes is claiming IObit is stealing Malwarebytes’ intellectual property and proprietary database:
Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software. We know this will sound hard to believe, because it was hard for us to believe at first too. But after an indepth investigation, we became convinced it was true. Here is how we know.
…
The final confirmation of IOBit’s theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This “malware” does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names.
…
During the course of our investigation, we uncovered additional evidence that IOBit may have stolen the proprietary databases of other security vendors as well. We are in the process of contacting these vendors.
Malwarebytes intends to pursue legal action against IOBit. We demand IOBit immediately remove all traces of Malwarebytes’ proprietary research and database from their software. We also demand IOBit be delisted from Download.com due to Terms of Service violations. This is criminal: it is theft, it is fraud, and we will not stand for it.
More detail at: http://malwarebytes.besttechie.net/2009/11/02/iobit-steals-malwarebytes-intellectual-property/
Of course IObit has come out and flat denied this accusation:
We have never used the database of any other companies. And hope Malwarebytes stop spreading malicious rumors for hyping itself. The ridiculousness: who will trust and depend on a security product that can NOT even protect itself?
A legal letter will be released later, which will prove that there is no problem with Intellectual Property Rights.
…
Our database is from the online submission form: http://db.iobit.com/deal/sdsubmit/index.php
We also have many various sources of malware samples from warm-hearted users, computer security fans, and major security groups from all over the world. We have admitted that it’s hard to avoid mistakes, like a silly or duplicated name. But there is in no way means we steal Malwarebytes’ or any other’s database. We are investigating and tracking on those items which Malwarebytes declared stolen.
…
After carefully tracing and investigating the history of IObit’s database, we find that someone used the submission page which is disabled now (http://db.iobit.com/deal/sdsubmit/index.php) to submit samples with the same names from Malwarebytes. Unfortunately, IObit database analyzer carelessly used the names provided by the submission. This mistake can be understood because it is very normal – Many enthusiastic IObit users find there are samples missed by IObit Security 360 but detected by other anti-malware products, then they would submit these samples to us and provide names defined by other anti-malware vendors.
More detail at: http://blog.iobit.com/archives/95.html
Now I am not going to take sides yet until I find out more about this issue, but as it stands, to me it seems like Malwarebytes has a strong case. Too bad, too… I really like IObit Security 360.
Hm…it’s a shame if IObit is guilty of the accusations. IS360 is really good. MBAM is still good, but real-time protection and automatic updates is only available in paid versions.
I won’t take sides yet, but I’m just hoping this will all be dropped.
Thanks….NOT only for this posting- but for all the time you use testing and writing ……
I am a “software junky” and over time have gotten to trust your postings as “gospel” (almost :-) THANKS!!!
Interesting.
Here comes a major drama/soap opera with mudslinging ( “…based in China” , etc.),name calling and all the other fun stuff…
Just check out all the hoohah over at cnet–
http://download.cnet.com/IObit-Security-360/3640-8022_4-11116554-2.html?tag=page;page
I like iobit in general but I think I’ll wait a bit before I install their most recent update.
Thanks for bringing this information to your readers’ attention. The story has been all over the ‘net for a couple of days. If true, it won’t be the first time a software author has taken some shortcuts.
I first tried IOBit 360 when it was in beta, with a test bed composed of a laptop running XP Pro SP3, 2Gb RAM. The footprint wasn’t bed, the GUI was pretty, but I wasn’t always sure what it was doing. Since I keep MB Pro and JV 16 Power Tools 2009 on my machines, I really didn’t have a use for it.
I’m not averse to using new programs; I diligently search for alternatives to my basic Eset NOD 32, Online Armor Pro, Malwarebytes Pro configuration for the machines on my network. Even if IOBit hasn’t committed this breach of faith, it’s still not a contender for me As always, ymmv.
Dear Ashraf,
as I am a software programmer myself I can tell you from personal experience that most of the AV/AM vendors out there ‘steal intellectual property’ from each other.
Whenever one of my products (or other legit software like RAdmin, VNC etc. pp.) got a false positive detection by one AV/AM product you could count days until many others did so too.
Most AV/AM vendors are IMHO clueless, unscrupulous people just wanting to make money. In my experience the bigger the company the worse the work.
I personally wasted hours to ask for removal of proved false positives.
Besides: The high rate of false positives lately makes the AV/AM products more or less useless as a detection doesn’t mean anything anymore.
I don’t give a *** for any of them crying “Mooomiii, that other has stolen my idea”. They don’t care about our needs for real security, I don’t care about their needs.
I wouldn’t stop using a ‘stolen’ product just because another thief complains.
Frank
Ashraf, This kind of finger pointing in software is not new.This time I must disagree with you sorry.I’m a big fan of IObit and will keep and pass on their software to others.too many folks are sue happy so till proven don’t buy the hype
I am only an amateur teche so can not comment on the details of any program, but i would like to say thank you for this article, and that i will be following any updates on this story, i was warned of this by an internet friend, as i am an affiliate of 10bit and if this proves true i will be removing their programs from my websites, Malwarebytes is on all four of my computers and has never let me down, so as they say “watch this space” Mike.
MmM I think I agree with Frank, no matter what business your in competition is ugly. No matter the trade there is always stealing of some kind happening. I wonder if malwarebytes is finger pointing free…
Ashraf, thanks for pointing out this to the public. As Ron pointed out, the story has been over the net in a few days, and even one of the most experienced tech bloggers, such as the authors of What’s On My PC, Ghacks, Bill Mullin’s Weblog and even 4 Free on internet have written about this problem, because they are convinced of the evidence.
I like your approach for not taking sides until absolutely proven of the theft. I think that the defense IObit has made to be convincing, but anyway I still love their Advanced System Care, either way this is your blog, so you can do what you want with it, right? :)
I had already read the facts, but as you waiting confirmation.
For your info, the link for a free license of IObit Security 360 Pro no longer works for several days already.
Ashraf:
Thanks for the heads-up. I wasn’t aware that the two publishers were locking horns, though I had heard of some allegations flying around CNET. Unfortunately, where the latter’s concerned, the allegations seemed often to have been made by half-wits incapable of even installing anything properly, thus the various slanders about ‘this software fills your computer with junk that you can’t ever get rid of’.
What utter tripe.
I’m not sure why Malwarebytes has elected to go this particular route given that iObit is a well-heeled outfit and has plenty of “wiggle room” when it comes to accusations such as this: it’s not alone in taking in user feedback to update its own database.
Of course, that practice can indeed mask software piracy — but, if it does, then proving it is going to be well-nigh impossible.
iObit has invested some time and effort in authoring a user friendly GUI and incorporating features in its freeware version that are only available in Malwarebytes’ paid-for.
iObit’s decision to do so wasn’t based on any charitable desire to help the needy. It was purely commercial.
Against it, the smaller Malwarebytes could only respond by turning its paid-for version into freeware (and doing something about its aesthetic appeal.)
Had I been advising Malwarebytes, that’s the route I’d have suggested long since, copying iObit’s own freeware and “PRO” commercial ware as its business model.
But it hasn’t, and is now in a lose-lose situation because I simply cannot see how it can sustain any legal case against iObit (and, more to the point, defend itself against any counter action by iObit.)
Bottom line: the “truth”, such as it might be here, is never going to be known: Malwarebytes is not going to be able to prove, beyond a shadow of doubt, that iObit “stole” anything — whether iObit did so or not. (And Malwarebytes hasn’t done itself any favours, either, with its idiotic allusion to iObit’s geographical provenance: the reference to China was as gratuitous as it was transparent.)
I’m delighted to see that, as ever, your objectivity remains intact. There’s no *proven* case for slagging off iObit at this time or for joining in the kind of infantile comment seen on the all-too-often infantile Cnet.
I actually noticed that their fingerprint count fell recently (by 1000 I think)… maybe this is why.
Well, who really knows anyway. The entire software industry stinks of stolen copyrighted material anyway.
# Jeanjean
The link works just fine and it claims till 11 Nov.
@ jumbi
Thanks for the answer.
Must have Windows 7 on the PC maybe !?
I get the download on the free version on this page.
Upvote for so everyone can know the story:
http://www.reddit.com/r/WTF/comments/a0zuh/wtf_iobit_stealing_malwarebytes_database/
Malwarebytes could have more accurately determined if IOBit was stealing by putting the fake stuff in their database but including a program update that causes their program to ignore the fake entry. That would have prevented Malwarebytes users from detecting the faked files and submitting them to other vendors.
theres one….And another..hmmm a 3rd?….Damage control he he he
Iobit didn’t just ripoff Malwarebytes, they falsely claimed that Iobit Security 360 was featured in Bizjournals, AOL, Reuters, HooVers, and Forbes. When you do a search on any of those websites, nothing concerning Iobit Security 360 can be found. Also, if you look on Iobit.com, there is no information provided as to the location of the company. Why would they not want people to know where they are located in China? Check the grammar and spelling on the website. If they were a professional company, they would have someone who could speak and read English well enough to proof read the website. Sometime on Nov. 3, Iobit removed the icons for Bizjournals, AOL, Reuters, Hoovers, and Forbes. I think it is easy to come to the conclusion, that Iobit cannot be trusted.
Al:
Thanks for that post. I know it doesn’t touch directly on the specific issue, but it does add to the uneasiness IObit enthusiasts, such as myself, must now be feeling.
In the past day or so I’ve delved into IObit’s user forums and though there’s been plenty of static, some posts have given legitimate cause for concern:
http://forums.iobit.com/showthread.php?t=4799&page=33
I checked out post 322. It’s valid. And it raises a serious question:
do I really want to be associated, as a user, with a company which is marketing its products as pornography download accelerators. . ?
There’s something distinctly wrong with a corporate psyche when this kind of sales approach is embraced in so deliberate and systematic a fashion.
And if there’s something wrong in that respect, then the question is inevitably begged: what else may be wrong with IObit’s mind-set?
What other practices may also be deemed to be perfectly acceptable? — and not merely in the marketing of its products, either: once one question is raised in one area, it spreads like a flash-fire to others.
Thus. . . what else might IObit deem acceptable in the actual creation of its products?
I’m not sure.
But my unease isn’t helped by the fact that those behind IObit cling to an anonymity that could as well be a cover for a fiction as a fact: the use of a stock photograph on the comnpany’s “About Us” page is as blatant as it is absurd.
Slowly, then, yet remorselessly, that flash-fire seems to be taking hold, with IObit’s troubles only deepening by the day:
http://www.freewarebb.com/IObit-Security-360-Pro-t50236.html
Bottom line: here we have a company in which many thousands, possibly millions of computer users, invest their trust because they’re trusting their computers to that company’s offerings.
Yet it is also:
* a company actively targeting harvesters of online pornography;
* a company whose website has now managed to earn itself the distinction of a negative rating from SiteAdvisor and another negative rating from WOT;
* a company whose “unique” malware expertise seems so inadequate its “highly skilled development team” couldn’t even properly analyse the signature strings devised by Malwarebytes;
* a company which holds an all too obvious contempt for the truth: the excerpted review it ran on its IObit Security 360 web page —
Forbes says:
“Cleans up infected systems better than any product we’ve tested”
– is a fiction because Forbes doesn’t do software reviews and so could never have written the article from which IObit says it is quoting.
http://cc.bingj.com/cache.aspx?q=iobit+forbes&d=4631606872573747&mkt=en-US&setlang=en-US&w=7794a0b0,50d1b238
* a company whose provenance is anything but transparent, and which bedecks its ‘About Us’ page with a stock shot from an image library;
* a company now accused of theft by Malwarebytes.
Like dear Ashraf, I’m not going to rush to judgment where that particular matter is concerned.
But in all truth, the more that I look into IObit, the less that I like.
And now, the fact that I appear to be using, and recommending to others, software which its own creators say is the ideal helper for downloading pornography, is more than enough.
There’s just too much hard-fact evidence out there to make me feel that IObit is not a company I can trust to behave ethically: if it will lie about a non-existent Forbes review, then what lies might it say to me to persuade me to use its products?
I’m uninstalling all IObit software, and will no longer recommend IObit or its products to anyone else.
There’s porn on this here web. I had no idea. I have used Iobit products for a few years now and their stuff usually does what it says it will do and pretty well, to my thinking. I’ll wait for the validity of
the charge to be substantiated
here! here!
MikeR, I’m no IOBit fan, but your post reeks of a somewhat well-crafted anti-IOBit crusade from a non-user…not an IOBit user questioning his own choices. You do a disservice to your cause by disguising yourself that way. Come out of the closet, it’s nice out here in the fresh air.
Personally, the slick over-prettied interface on their products combined with the overzealous promises of their software’s ability keeps me away from wasting my time with their stuff.
Ashraf specifically pointed out that IOBit’s product “has a much more aesthetically pleasing interface vs Malwarebytes”, but in my experience a pretty facade is usually there to distract users from what’s going on behind the scenes…or they’ve blown their whole budget on making it pretty instead of effective. The most effective software I’ve ever found has also been the ugliest 90% of the time. SysInternals is a good example of ugly and effective.
@16Rick:
You are absolutely 100% right. And again in your last comment.
It is almost frightning to see how some people overreact and love to smear and slander.
Nobody will win when things get faked,like those ridicoulous files.
From this there will only be loosers.
BTW,dear MikeR….what is going on in your mind..??Please do get things in perspective again.
Rick: I’d be a pretty darn poor false flag sailor if I went to the trouble of attacking IObit without sticking in some gushing mention of the software publisher whose products I’m really trying to push.
Your reference to hiding in closets is silly.
I’ve used and endorsed all IObit software since Advanced Windows Care was launched. I’ve endorsed IObit software products on various threads here ever since dot.tech started.
Ashraf and MikeR.. I think both of you are taking the right stance… choosing what’s honorable and righteous over the temptation of a great freebie…