When White Hats Collide
Has your security software suddenly disappeared? There's a nasty battle brewing among some popular anti-virus software vendors, and it's escalated to the point where they are classifying each others' products as malware, and deleting them on sight! Here's what you need to know...
(M)BAM! You're Dead!
The security professionals who develop anti-malware software are generally held in high esteem. They’re the good guys -- the so-called White Hats -- so of course they must be noble and honest, altruistic, and far above petty bickering. It’s called the halo effect - one good trait causes observers to assume that a person has all good traits.
But it isn’t true. The heroes who keep us (reasonably) safe from malware, ransomware, hackers, etc., are just as prone to petty human emotions as anyone else. They also have extraordinary means of exacting vengeance.
A few months ago, PC Matic, maker of PC Pitstop anti-malware, commissioned (paid) the nonprofit testing center AV Comparatives to conduct a rigorous comparison of fifteen antimalware programs. PC Pitstop was among the fifteen contenders.
You can read the detailed results here. PC Pitstop did quite well at stopping ransomware and other types of malware; in fact, it stopped 100% of both. However, five other programs also scored 100%. (see p. 4)
In last place was a surprise. MalwareBytes Anti-Malware (MBAM) stopped only 83% of ransomware attacks, and 95% of other malware attacks. MBAM has finished much higher in many other rankings of anti-malware software. Given PC Matic’s funding of the AV-Comparatives study, Malwarebytes decided that it had been unfairly targeted.
It wasn’t long before reports started coming in that MBAM was flagging PC Pitstop as a PUP - “potentially unwanted program” - similar to the annoying and often malicious browser toolbars and other programs that users may unintentionally acquire. Furthermore, MBAM was uninstalling PC Pitstop wherever the two met! (See my related article PUP ALERT: Potentially Unwanted Programs.)
Malwarebytes admitted that it is now classifying PC Pitstop as a “PUP.Optional” program, meaning it’s potentially unwanted but the user has the option to keep or remove it. So why are some users reporting that they don’t get that option?
In MBAM’s Settings, under “Detection and Protection,” is an option for specifying what should be done when a PUP is detected: ignore, warn the user, or “treat as malware.” The last option is the default. MBAM deletes detected malware by default. So by default, MBAM will delete PUPs, including PC Pitstop. Users who have changed this setting will not see PC Pitstop deleted automatically.
Malwarebytes, in a blog post, enumerated several reasons why it now classifies PC Pitstop as a PUP. I find their responses weak and debatable, at the least.
PC Matic quickly updated PC Pitstop so that it will delete MBAM when it is detected. PC Matic explains that this is simply a matter of self-defense.
Rumor has it that other anti-malware programs are falsely tagged as PUPs and may be deleted by MBAM, including Malware Hunter by Glary Utilities, Webroot SecureAnywhere, System Mechanic, and others.
Incompatibility with other security programs is a big deal for MBAM, which is designed to work with a comprehensive anti-malware suite. MBAM alone is not adequate online protection.
Overall, it seems that Malwarebytes is making enemies unnecessarily. The AV Comparatives test sponsored by PC Matic is not going to make or break MBAM, which has been highly rated by many test labs including AV Comparatives.
It certainly appears that Malwarebytes has classified PC Pitstop and other reputable products as PUPs just for spite, or to gain a competitive advantage. If that's true, it was a huge mistake. Retaliation and bad PR will hurt sales more than the unflattering AV Comparatives report ever could. I've always held MBAM in high regard, but I can no longer recommend their products until this situation is resolved.
Does this leave you with a bad impression of Malwarebytes? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 6 Jan 2017
|For Fun: Buy Bob a Snickers.|
Geekly Update - 05 January 2017
The Top Twenty
Should You Encrypt Your Email?
There's more reader feedback... See all 55 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- When White Hats Collide (Posted: 6 Jan 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved