Sunbeltblog comments
wow, a chinese company stealing and incorporating IP into their own products. shocker!
What is also interesting is that the site for IObit appears to distribute trojans!
http://www.siteadvisor.com/sites...sites/
iobit.com
Yeah, whatever. I really doubt that, and SiteAdvisor is basically useless at this point.
Alex, will you add dection for IObit crapware in VIPRE, then?
Their reply is less than convincing....
Maybe... it's not a malicious program though.
Alex, going by most industry common standards the unauthorized use of another ones intellectual property is streight rogue status.
Are you waiting for MBAM(&others)to take the lead ?
It is stealing other peoples signatures...isnt that rogue-enough?
:|
No, it really isn't a rogue. It may be alleged to be a pile of junk, it may be alleged to be based on stolen code , but it doesn't represent a danger to the person's machine, etc.
Sorry Alex i beg to differ,ask Eric and Suzi what they think.I believe if the rogue list was still maintained @ SWW then this would be classified as *Rogue* You forget many applications got listed as rogue for being rip off on intellectual rights and not because they represented a *risk* to the end user's PC!
The old definition of "rogue" that Eric Howes and Suzi Turner came up with is different than the "rogue" moniker we attach to malicious applications these days. That definition was far broader.
Today's "rogue" often installs without consent, uses fraudulent and misleading methods, takes over the system, harasses the user endlessly to purchase a "fake" program, and so on.
The rogue's that Eric Howes was documenting were in a broader context of generally poor quality products which generally used false positives as a goad to purchase; and often questionable distribution practices. They were "junk" programs, but most of them were not clearly malicious.
This is the detection status as of right now of IOBit's program:
http://www.virustotal.com/analis...cca5-
1257272852
Alex
Folks:
Since the old SWW Rogue/Suspect Anti-Spyware Page has been invoked here, let me weigh in.
MalwareBytes has presented credible, troubling evidence that IObit has stolen their IP by reverse-engineering their malware definitions. If true, then the company ought to be shunned by users as well as the broader anti-malware industry.
Unlike the several applications listed on the old Rogue/Suspect page for ripping off others' databases, IOBit has at least offered a quick, semi-credible reply -- perhaps not completely convincing, but credible enough that I think we need to see MalwareBytes' response as well as the further evidence that I understand they have.
Thus, at this early point in the dispute, I would avoid slapping the label "rogue" -- whether used in a broad or narrow sense -- on IOBit's app just yet. Let's give a full hearing to both sides and avoid a rush to judgement.
Keep in mind that the vast majority of the apps listed on the SWW Rogue/Suspect page have never been targeted by CounterSpy or VIPRE simply because they did not represent a threat to users. They may be been complete junk, but they did not engage in malicious, deceptive, or abusive behavior, which what Sunbelt vows to protect its users against.
Eric L. Howes
Sunbelt Software
Thats a real shame, I was hoping sunbelt would lead the pack with this one...I guess not :|
Thats the equivalent of a security guard letting a known thief into a shop, without asking the owners first if they would like such people to access their store. At least add it as a PUP, that way your users are protected and have explicitly stated they want protection from tools that are questionable but not "malicious"
Bob:
Implicit in your analogy is the allegation that IOBit's sofwtare might steal something -- data? personal info? -- from users' PCs. Any app that engaged in that kind of behavior would be malware pure and simple, and we would target it as malware, not a PUP.
But there is no evidence that I've seen that IOBit's sofwtare is even remotely malicious. And it is not appropriate to use malware detections to adjudicate IP disputes between other companies or even to judge the relative effectiveness of competing anti-malware solutions.
Eric L. Howes
Sunbelt Software
Eric,
Thanks for your reply.
If they stole your signature database somehow, would you not block their application in that case, or just simply take it to court without blocking their applications?
Bob:
If we thought they stole our database, it wouldn't be my call to make, but my advice would be not to block their application and use the proper legal channels to go after them to seek redress.
My reasoning: anti-malware applications are uniquely powerful consumer applications inasmuch as they have the power to rip out and even block other apps. Moreover the nature of anti-malware apps is that users are conditioned to trust the "judgement" of such apps. That kind of power and trust must be not be abused or misused.
If we were to retaliate by blocking and removing the offending app, we would be putting average users into the middle of a dispute they likely have no knowledge of. I expect quite a few of them would be miffed that we removed an app they installed on their PCs just because we had a beef with the company that made it. And they would be justified in feeling miffed.
That would be my advice at any rate.
Eric L. Howes
Sunbelt Software
^ I agree. To "detect" IOBit's stuff would distort the intent of Vipre, as it would any other anti-malware solution. Vipre is there to detect, report, and remove malware. Reporting non-malicious software (from a behavior point of view) would greatly corrupt the trustworthiness of Vipre's results, in my opinion, as such program is not really malicious.
I want my anti-malware solution to detect and remove malware. I DON'T want it to detect and remove benign stuff, even if it may or may not contain stolen components. It's just not the job of an anti-virus, nor should it be.
I and other users bought an antivirus+antispyware tool. That's how it was labeled. We didn't buy an antivirus+antispyware+antistolenware tool. 
Does my viewpoint sort-of make sense? Or, am I totally crazy? Feel free to disagree...
If IOBit's was using data out of your definition database would you act any differently?
I'm tend to agree with Sunbelt on not marking this just wondering how they would react if this was being done to them.
I'm surprised this isn't happening on a much bigger scale.
I understand Sunbelt's argument but let me suggest a different analogy. Suppose Sunbelt's in the business of rating/recommending the safety of commercial businesses (like the BBB), i.e., is Business X a safe company to deal with? X is a car rental company and Sunbelt discovers from a good source that X is renting stolen cars. Not their whole fleet but say a substantial fraction like 1/3. Obviously, in addition to renting, X would also have to be buying/selling said stolen cars, not to the renting customers but to the dark side. What would Sunbelt's recommendation be for X?
Jason:
> just wondering how they would react
> if this was being done to them.
That question was already asked and answered above.
@Michael:
The premise of your analogy is flawed. We're not in the same rating/recommending business as the BBB. We're in the malware detection and removal business.
Moreover, detecting, blocking, and removing software off users' PCs is a whole different ball game than simply publishing a recommendation that consumers shun XYZ business for unethical/illegal behavior.
In fact, I've already recommended that, if the charges prove true (as they increasingly look to be), then consumers ought to avoid IOBit.
Eric L. Howes
Sunbelt Software
@ Eric: Thanks for replying. You chose to avoid answering my question which was based on a supposition which is OK. Narrowly defining Sunbelt's position (no malware, therefore no problem) is the safest thing to do. I'd suppose if a division of IObit, as long as it's not engaged in distributing malware, was engaged in other criminal activity. e.g., phishing via social engineering, Sunbelt would have no problem with it then? No malware, no problem, right?
Michael, if IOBit was involved in criminal activities, then obviously that would be a different story.
But if we were to blacklist every product based on allegations that they stole code, we would have some interesting issues.
As an example, we would start blocking all versions of Linux, based on the fact that SCO had claimed that parts of Linux contained stolen code.
It's a slippery slope.
If IOBIT is found by a court to be guilty of theft, then that's an entirely different story.
Notwithstanding my statements above, we do believe that IOBit has quite a bit of explaining to do, but that doesn't change the overall point.
Michael:
Earlier you were offering a flawed analogy that likened Sunbelt to a consumer rating/recommending business. Now you're offering a hypothetical -- a very different kind of animal -- that has IOBit engaging in criminal activity that overlaps with what all the major malware gangs are engaged in -- online fraud.
As Alex said, that's a different story. As with your earlier analogy, though, I don't see that this hypothetical is at all relevant because no one has even accused IOBit of phishing via social engineering.
Eric L. Howes
The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names.
Commenting by HaloScan
