Malwarebytes vs. IObit fiasco comes to a close

Last month the interwebz was jolted by Malwarebytes’ claims of IObit stealing their intellectual property and using it in IObit Security 360. Now, it seems, the fiasco has come to a happy (sort of) ending:

Some weeks ago we presented evidence demonstrating that the Chinese company IObit had stolen Malwarebytes’ database and incorporated it into their software. In the days that followed we saw a complete denial of wrongdoing by IObit. They ascribed the matches between their database and our own to anonymous sample submissions, a dubious claim which we debunked.

Nevertheless, IObit did subsequently remove all of Malwarebytes’ definitions from their database (thereby cutting their database size by ~40% in one fell swoop). Though we did not receive an apology from them, nor any official acknowledgment of their theft, this reaction speaks for itself. Removal of our intellectual property was what we wanted, and we therefore consider that we have won. We thank the community, online media outlets and our partners for their support in helping us achieve this favorable result.

Now if only Malwarebytes will redesign their interface to look half as attractive as IObit’s, all will be well. (Whattttt? I appreciate aesthetics!)

Related Posts

  • newJason

    Interesting. Still there reamains no proof that the definitions in question were in fact stolen by IOBit. IOBit has (had) a form for submitting malware definitions that was open to anyone, not just it’s users. This form, contributes definitions to IOBit’s definition database. If a person or group of people were detecting malware with MWB, and adding those detections to IOBit’s database by use of that form, How could that be considered Theft? It’s even conceiveable that MWB could have used this method to upload the definitions in question directly to IOBit’s database. The facts are not clear. IOBit has admitted no wrong doing, and after realization of the form submittals could be used for submitions regaurdless of thier source, IOBit promptly close that avenue. They even stated this is in fact how some of these defionitions were appearing in thier database. They also promplty removed said definitions, In complete compliance with MWB’s request. There is no proof of theft here. There is a lot of speculation and assumtion.

  • MikeR

    “The most remarkable thing about this paid survey program is that anyone can”
    become an affiliate in hope of raking in fees from spamming blogs and forums with junk.

  • kiramatali shah

    . Many companies all over the world need your opinions on their products. They will send you a simple online survey forms, where you need to fill it out and they pay you money.

    The most remarkable thing about this paid survey program is that anyone can make money with it.
    It doesn’t require any special skills, training, education or previous business experience. You only need access to the Internet and basic typing skills.
    It is the perfect home business for stay at home moms, students, home makers, retirees or anyone that is in need of some extra cash.

  • Nick

    Hi Ashraf!

    Thank you for this big work you’ve done for giveing us answer on our comment’s, enjoyed and appreciated it much when I returned back to read the news here!
    Really fun..Thanks for lighted up my day here in Sweden! Yes, there is many different opinion’s around IObit vs Malwarebyte, it has been a very popular discussion also here in my country.
    Hopefully the debat will calm down a bit now when we met the friendly time of the year and it’s Christmas:) Though it been interesting anyway in follow it, guess it more than often been some sort of trigger to ventilate other types of irritation’s and clean out the air between both fangroup’s and people’s from all over the world even if the main subject has been “theft” and perhaps together with, (which I imagine also been a big factor) more or less a wave of influences mixed with some pretending’s, expectation’s and personal believe’s.
    That’s what is the most scary with all this how powerful a few written line’s can make in impact on so many more than only for the publisher or the writer who made the post. And I agree with you, I have hard to believe also that it will or would make any difference for Malwarebyte to go to court after this “mudslinging”, I’m afraid it has destroyed the proof they had against IObit.
    But am no expert in United States law, right’s and sueing principle’s or Chinese. I might be wrong.

    Wish you Merry Christmas and keep on the good jobb!
    It’s a very impressing blog.

  • Nick


    Hi, regarding your question on which software is best protection. Please take a look at these links:

    Comparison between Malwarebytes’ Anti-Malware
    and A-squared Antimalware.

    Another “source” :), why not visit IObit’s forum there they recently had a competition open for member’s. There’s a lot of new published test’s between the most of the most usual antimalware and antispyware product’s, recommend it.

    Merry Christmas!

  • Ashraf

    @Bill: Thanks for the kind words.

    As for
    >>(Ever thought of a career in the diplomatic corps?)<< Not particularly. Thanks for the suggestion though.

  • Bill

    Hi Ashraf
    Appreciation for your prudent stance in pulling the above wayward and somewhat inflammatory thread into line. Cudos to you for treating all viewpoints with respect, particularly those of Doru, whom it would have been too easy merely to criticise. Everyone is trying to make a valid point, however unwelcome or wrong it might be to the ears of others. (Ever thought of a career in the diplomatic corps?)

    Adrian – (As the Chinese says, “It makes everybody happy by stopping your argument.”) – I like that saying. How much nicer if everyone adopted that as a maxim than “an eye for an eye and a tooth for a tooth”!


  • Ashraf

    @Adrian: Yes I am familiar with it. As to why Malwarebytes vs SAS: For what I hear, Malwarebytes is supposed to be *better*.

    @gary: As am I. While I think there is a big difference between being of Asian heritage and living in Asia, I totally agree with you. As I said earlier, two wrongs don’t make a right.

  • gary

    incidentally, I am of asian heritage

    I don’t subscribe to the concept of east/west as a means of justifying theft. blaming the west and those who are wealthier is a gutless and convenient way to look at life.

    if you knowingly steal you lack morals – irrespective of how you want to nationalise and rationalise the debate.

    people who defend their own lack of moral fibre by blaming others will always use others as a convenience.

    stand on your own

  • @Ashraf,

    I assume that you know about Super AntiSpyware? It is pretty good too, but I don’t know why most people prefer Malwarebytes over it.

    @Everyone this is arguing with Doru:

    I partially agree with what he says. (Coincidentally I’m also from the East :)) He is right that the west has exploited the east a lot in the past. E.g. the leasing of hong Kong, Tsingdao, etc. and also the Indian colony of Britain. Still, even if s/b did something wrong, we do not always have to avenge ourselves. As the Chinese says, “It makes everybody happy by stopping your argument.”

  • Ashraf

    @Muhammad: Let them eat cake!

    @ZionPercona: While I do like aesthetics, I prefer function over form. If given the luxury of selecting between two similarly programs of differing aesthetics then yes I will go with the one with better aesthetics. However, if an ugly UI program performs much better than a good looking program, I will go with the ugly program. Without Malwarebytes’ database, I can’t see IObit Security 360 performing very well at all, but hey we will see.

    @OldElmerFudd: I was happy with IObit Security 360 (especially considering they gave 1 year license of Pro away for free) but discovering the theft turned me off. I no longer have IObit Security 360 on my computer.

    As for Malwarebytes, yes they did tackle the problem in an intelligent manner. However, I wouldn’t say it was “clean”. They purposely used the fact that IObit was a Chinese company to sway people on their side. In my opinion, there was absolute no reason to mention the origins of IObit, especially knowing all the bias again China and Chinese products. Malwarebytes simply should have stuck to the facts and stated what is. They have a very strong case and there was no need to participate in mud slinging.

    @Refpeuk: I doubt it; I highly doubt it.

    @Sandeep: I really don’t know Sandeep. I doubt it though – at least not at the moment. Maybe later IObit can rebuild their database (legitimately) and get back to their pre-fiasco strength.

    @FallenSky: I wouldn’t completely trust those numbers. I am not saying IObit’s database did not significantly decrease. Rather I am saying you should first confirm it from an IObit source rather than Malwarebytes to be fair.

    @Adrian: Good for who? Now I need to go back to the drawing board for another sidesick =(. I will probably go back to Malwarebytes now that I no longer have IObit.

    But ya, I see what you are saying =P.

    @Llulu: I did too – heck I took extra advantage since I had 300+ extra licenses =P. However, a-squared doesn’t play well with Avira – it slows down my computer – so I am not using it.

    @gary: Well if you want to think about it like that, you need to give IObit a fair trial where all the facts are stated before a jury and let them decide. However, I do agree with your later point: we shouldn’t support corporate theft by turning a blind eye.

    @Pseudo: All I gotta say is: o_0. =P.

    @kim Michelsen: Indeed.

    @Scanner: Thanks for the comparison.

    @MikeR: What I did not understand about this whole fiasco is why IObit, a respected and well known software developer, would risk it all by stealing from another? However, you said “delve deeper into IObit’s shrouded background, obscured ownership, and marketing practices.” Is there more about IObit I don’t know about?

    @Doru: I do agree there have been many wrongs committed by Western nations and people against the East but as the old saying goes, two wrongs don’t make a right.

    @WECH: While I agree with your general viewpoint that stealing is wrong no matter who does it, I think you have to understand where Doru is coming from. He is right to say that the West has exploited African and Asian nations in the past and continues to do so (to an extent). People from developing nations tend to have different viewpoint than people from developed nations. For developing nations, it is a free for all, feed your family how you can. For the developed nations we have more rules that govern us because we have the luxury to follow these rules.

    It is part of the natural growth process of a nation to go through with what China, for example, is in industry. Don’t forget here in the USA we didn’t enforce or follow copyright laws for a long time. Often times British intellectual property would be stolen and resold in the USA without permission. Then there came a time when intellectual property was actually being designed in the USA. In other words, Americans where creating their own things. At that point it made sense to start respecting copyright because otherwise we would be hurting our selves. China is going through something similar. The government is trying to move from “made in China” to “designed in China”. As part of that natural transition, China will have to start observing and enforcing copyright laws of they will start hurting themselves.

    @Doru: I agree with you there. There are huge double standards in politics currently. In the name of non-intervention and economic cooperation, many developed nations indirectly fuel and encourage questionable labor practice, laws, human rights violations, etc. developing nations.

    @Nick (^c^): I agree with you that we don’t know “what is behind closed doors” and the true intentions of companies. And while I agree Malwarebytes could have been more professional (i.e. no mudslinging about the origin of IObit), I disagree that Malwarebytes had any other course of action. Assuming Malwarebytes was even able to attain a legal proceeding, I have doubts that the outcome of it would have gotten anywhere. The best Malwarebytes could do given the circumstances, in my opinion, is exactly what they did.

    @Nick (^c^): Agreed. It is hard to define who is the true “owner” of definitions. However in this case it is fairly clear a large chunk of IObit’s database came from Malwarebytes – just look at how swiftly, and without a fight, IObit removed Malwarebyte definitions once they were exposed.

    @jumbi: I disagree that new security software can’t be as good as old ones. A new one can be just as good as an old one if proper time and effort is put into development and research of definitions, methods, procedures, etc. However, as you can see, it is so easy to cut corners many companies don’t do it.

    I agree the free live protection – and the fact that Security 360 works so well with other security software – was very attractive.

    @kimotheraphy: Okay, that isn’t fair. Doru, I am assuming, is from another part of the world than you or me. It is not that he doesn’t have “morals or ethics” but rather that they are different than ours. We can disagree with him, and his values/morals/ethics, but insulting him – especially about his English – is showing we are the ones without proper ethics.

    @Doru: Okay I am cutting off this conversation right now. If everyone wants to discuss about Malwarebytes vs IObit that is fine. However, if everyone just want to insult each other, I will censor all comments from now on. Furthermore, discussion on politics can be taken to the forum.

    @Everyone: In the end, while I believe Malwarebytes could have handled the situation a bit better, it does seem like IObit is guilty of what they are accused of and it seems Malwarebytes is happy with the resulting outcome. Case closed?

  • Doru

    Yes if i’m stolen by others,i’m not moral and i have this right.I don’t care what say:Papa,religions,politicians and others.All are bla,bla,bla.You say about ethics or good and noble in life.In the next seconds i will demonstrate that you are hypocrite.I don’t thankful anyone for my job.Maybe you want to change our job.Thank me for my english bad that if i wrote in my language what i want it will be in more free version.

  • kimotheraphy

    Doru, you should be thankful that you even have a job… And you have no sense of morals, ethics or anything good and noble in life… And your English is sooooo bad…

  • jumbi

    I had reported that the size difference of versions 1.1 and 1.2 (IObit) in a couple of days, was very “strange”…
    Now its obvious what has happened.

    Anyway, my opinion is that a new security software (apart from looks) generally is not as reliable and effective as older trusted solutions.
    The whole catch though, is that IOBIT offered free real time guard while for the other softwares around, you have to pay for that…

    Somehow the old saying that you get what you pay for seems to apply here.

    Perhaps we should be more careful with our security choises.

  • Nick (^c^)

    Stealing database hmm?

    1. What is this data made of in the first place?
    It would be wrong to say that this signatures is only one companys property inside a software.
    Before it can become a new signature, it must be a sample taken from somewhere.
    Many times these samples are barrowed from other vendors software which has found something during a scanning process in a computer somewhere. Lets say the user could’nt delete and repair this new founded threat, instead they check this “file” on one of all this onlinescanner’s or with another software installed on their computer. So who has the legal right to say that all these “files” are only ours.
    That’s bullshit! should the owner be the last one who touched the “file” or Microsoft who developed the whole tech in the first moment?
    Nothing of this is realistic or logical.
    How about me then who installed the software in my own computer and paid for it and helping them get new signatures? Is’nt that to rob and steal?

  • Nick (^c^)

    This story is a big mess!

    Why care?

    I don’t know what happened inside these companys.
    Neither do You or anyone else who don’t work there.
    So then why participate in IObit’s blog’s or in Malwarebyte’s blog’s when it’s nothing more than a bunsch of roumers and nothing concrete of proof.

    Both sides has been hideing their own intentions against the other part and it should’nt suprise if they also did it against their readers and users of their software as the third part.
    Want to say that I do not trust no one of these vendors anylonger after this.

    Malwarebytes did not act in a professional legal way when they began to tell their users of this problem on open blogs.
    That’s intentional instigation in try force user’s and reader’s make a bad climate for the other part.
    That’s not good proof of leadership and therefor not a good example in have responsible of takeing care of other people’s protection.

    IObit in the other hand should be more aware of western principles in how to act before they became engaged in people’s computers. It’s clear that this company has influences from China where it is ok to make copys of other brands and barrow copyrights.
    By the way, it is not unusual in west either among company’s in many different types of brands.
    Ok it’s awefull and not fair-play but in the other hand it’s a very clever way in receive new idéas and make development go faster in make new security software for all our good in the end.

    So what was wrong and what was right here?
    And who’s to blame for what.

    I’m without opinion and stay neutral.
    Merry Christmas!

  • Doru

    Ha,Ha,HA-Human Right,what a good joke.I work for others to be happy and they leave my country for more money and they don’t pay nothing .Because i work for their happines and you say that is normal to not have a compensation for my work, bla bla bla with human right.This is only a fake point of view.Yes,stolen is normal and everything is normal.The univers work in compensation not with fake.History not depend of who wrote it,it depend from reality.People judge me from the pack who you with-i don’t care how others believe about me.If you are rich is normal to pay.If you are poor is normal that all to be free for you.

  • WECH

    @Doru: Who wants live where and pursue happiness is their own business. And it is our(some West country) believe basic human right. what are you talking about stolen!

    and “I don’t care if they stolen entire world” ?
    are you saying you knew it’s ‘stolen’ and it’s wrong and you want to benefit the freebie? or you don’t think stolen is wrong, the taker is the king?

    People judge you from the pack who you with.

    ps: history is his-story, depend on who wrote it. sometimes you need to read different stories to find the fact, sometimes you never know.

  • Doru

    I like Iobit and i don’t care if they stolen entire world.Why?.Because for example many country from West they stolen our peoples with high study after peoples from East work hard to make possible to study this peoples.Also West have many actions for stolen from East from his history(see the numerous wars for economical resources).So what the problems.West stolen from East(see miserable pay for workers)and East stolen from West.This is a natural compensation.I don”t care for your intelectual property.Bla,bla,bla.

  • MikeR

    @ gary, #9 :

    Well said!

  • MikeR

    Thanks for the update, Ashraf.

    I’m glad it’s all over.

    As a former IObit enthusiast, I found the whole sorry saga an eye-opener — literally: because it made me delve deeper into IObit’s shrouded background, obscured ownership, and marketing practices.

    I’ve now stripped all IObit software from my computers and am happy I did — I actually DL’d and reinstalled ASC to test against jv16 Power Tools PRO (as flagged up here) and really, there’s no comparison: ASC is a pretty-pretty face that promises to have done such-and-such, but jv16 eschews the prettiness and actually completes the job.

    As for IObit 360, I’ve now no idea if it ever did what it promised because without it, my computers continue to be problem-free.

    Moral: those enamoured of a product’s gift-wrapping may find themselves more often disappointed than those whose only concern is what’s in the box.

    PS: I now have the paid-for Malwarebytes version — a small price indeed. . . for software with integrity.

  • Scanner

    Malwarebytes Database is about 3,3 MB (rules.ref), IObits about 2,86 MB (core.def).

  • kim Michelsen

    God knows where they have got the last 60% from:)

  • Pseudo

    When people who are honestly mistaken learn the truth, they either cease being mistaken or they cease being honest!

    – Anonymous

  • gary

    why would anyone continue to use a product where the developer has admitted by proxy to committing larceny? Its theft. plain and simple. continuing to use products where the developer is nothing but a corporate kleptomaniac just endorses their behaviour and trivialises the issue.

    don’t support corporate theft by turning a blind eye.

    if it was your intellectual property you’d be up in arms, so treat them like you’d expect if you were malwarebytes.

  • Llulu

    Well, I’m glad I too advantage of the a-squared promo when I did.

  • Well, then this is good.

  • FallenSky

    I had a question along the lines of Refpeuk’s as well.

    If IObit had stolen Malwarebytes database and incorporated it into there own, and now by removing “all” of malwarebytes database and cutting IObit’s database down “Down to 40% in one fell swoop”; does that mean that IObit still has 60% of their own database? which is 20% more than Malwarebytes database????

    Do not get me wrong, it was not right that they stole their database and I am glad it is resolved. Just confuzzled over the numbers and which one truly is better with the remaining database.


  • Sandeep

    No comments as i really like IOBIT products and have their all products installed on my every PC.

    But it’s not good stealing other developer’s code.

    By the way Refpeuk asked a good question, what you say Ashraf??????

  • Refpeuk

    is iobit as good as it was after such a significant chunk was taken out of it’s database?

  • OldElmerFudd

    I have yet to try any IOBit software that truly impressed me. Security 360 was particularly unsatisfying. Finding out about the intellectual property theft after I’d put it through an examination and rejected it as an alternative software did nothing but reinforce my opinion.

    It’s truly a shame when things like this occur. I commend Malwarebytes for their persistent, even-handed approach to this sorry mess.

  • ZionPercona

    If IObit did use MBAM’s databases, I’d go back to them, but I kind of appreciate the free real-time guard.

    I’m with you, Ashraf. Nice UI+functionality , is kind of hard to pass over anyway.

  • Muhammad

    so what shall we do next!