Malwarebytes Accuses, IObit Plays Dead

Exclusive interview with Malwarebytes

By Lucian Constantin on November 8th, 2009 11:51 GMT
Malwarebytes burst the bubble this week and came out accusing IObit of copying their database, thus providing through their IObit Security 360 product the same protection as Malwarebytes' Anti-Malware. The copyright infringement implications led to DMCA serving of the latter to a number of software download websites in US.

Both security vendors have engaged in a war of statements on their respective blogs, stirring up heated discussions among users on their forums. Speculations have been made, opinions expressed, but no official answer to clear all haze has been given. We tried to learn about the sparks that lit the scandal and the elements fueling it.

Before we begin, we'd like to note that, in order to be fair and give everyone involved a chance to express their point of view, we also sent a set of questions to IObit for a similar interview. We have received a short response from one of the company's representatives, making it clear that the vendor had more important software development-related tasks on hand than to continue responding to Malwarebytes' accusations.

From the reply we got, we conclude that IObit's position regarding this issue remains unchanged. The company describes Malwarebytes' claims as mere rumors and its actions as unwarranted attacks.

On the matter of other antivirus vendors possibly making similar accusations in the future as a result of this incident, the IObit spokesperson stressed that the company did not steal signatures from anyone and noted that everyone was encouraged to test their database.

Here is how Malwarebytes CEO Marcin Kleczynski responded:

Softpedia: How did you learn about IObit's inclusion of Malwarebytes signatures in their database in the first place? Should you have missed the post on their forum showing IObit 360 flag the Malwarebytes keygen under the name you gave it, would all this have been blown to the public?

Marcin Kleczynski: We began to suspect IObit had stolen Malwarebytes' database when we noticed a pattern of similarity between IObit scan results and our own Malwarebytes' Anti-Malware scan results. One clear example of this pattern of similarity occurred when IObit flagged a key generator for our own Malwarebytes' Anti-Malware software under the same name "Don't.Steal.Our.Software.A" we use to flag such keygens. Why would IOBit detect a keygen for our software and refer to it using our database name? If we had not noticed this particular incident, we are confident we would still have uncovered the theft with time, but it might have taken a little longer.

Softpedia: What are the legal actions you are willing to take against IObit, considering that they are based in China? Also, United States Digital Millennium Copyright Act covers only websites in US, do you think other websites in the world will join your fight?

Marcin Kleczynski: While we are not going to comment on our legal strategy, we can tell you we are taking every measure within our power to enforce our intellectual property rights. IObit is hosted by a number of American website including CNET's and; we have served DMCA infringement notices to both of these websites and they have removed IObit files already. IObit's website is also hosted by an American company (Softlayer Technologies), who we have also served with a DMCA notice. We have seen an incredible outpouring of support for Malwarebytes from the security community around the world and are confident the situation will be resolved.

Softpedia: Did you receive any official explanation from their camp, except from the public declaration on their blog?

Marcin Kleczynski: We have no comment on that at this time.

Softpedia: How do you cope with their statement that "Until now, Malwarebytes cannot provide any convincing proof to support its fallacy. We hope Malwarebytes immediately stop spreading malicious rumors for hyping itself. We have many independent and objective reviewing tests and reports from users. You can download and view them from this link. We believe that, after viewing these test reports, you can judge - we never stole database from Malwarebytes." and "In consideration of Malwarebytes’ fallacy and calumniation, and its terrible effect to our company, products and reputation, we hereby demand that Malwarebytes immediately discontinue to spread all rumors regarding this issue. Otherwise we will consider all appropriate action to protect our rights."

Marcin Kleczynski: We issued a reply statement explaining precisely how IObit's denials have failed to explain the evidence presented. We invite you to consider the arguments we presented; we believe the evidence to be incontrovertible.

Softpedia: The average user may think that it was simply human error from IObit's part ("a mistake that one of our analyzer [IObit's] carelessly and directly used the sample “Don’t.Steal.Our.Software.A.” submitted by the user"), although you managed to prove quite the contrary. How do you feel about IObit's response?

Marcin Kleczynski: Again, we issued a reply statement explaining precisely how IObit's denials have failed to explain the evidence presented. We invite you to consider the arguments we presented. There is no way human error can explain how IObit detected an in-house dummy tool we built, never released to the Internet, and added as a trap definition to our own database.

The only explanation is that IObit must be stealing the definitions directly from our database. In the case of the keygen detected as "Don't.Steal.Our.Software.A", perhaps if this were a single isolated match, perhaps it could be written off as a coincidence, a mistake, an accident. But this is a repeated pattern, as we have demonstrated in our reports. It is no accident.

Softpedia: As some security professionals have pointed out, the theft of virus signatures is not really new to the antivirus industry, with other similar incidents having transpired in the past. Granted, maybe they were not as obvious as this one, but the vast majority of them were settled privately by the involved parties. Did you attempt to contact IObit and sort this out before going public with it? If yes, what was their response and if not, what determined you to conclude that this is the best approach?

Marcin Kleczynski: A theft of this magnitude, where tens of thousands of definitions were lifted from Malwarebytes' database and added literally byte-for-byte verbatim to IObit's, is unprecedented. We do not take such abuse lightly! We pour our heart and soul into making Malwarebytes Anti-Malware the best security software we can, and it makes us angry to see our hard work ripped off. IObit's actions are unethical and criminal and we thought it was relevant for the public to know that.

Softpedia: Both MalwareBytes and IObit are financially involved with download websites, which, in spite of all the evidence you provided, still promote IObit. How would you comment their decision?

Marcin Kleczynski: As we mentioned above, CNET and have both removed IObit files from their servers. Softpedia has removed them as well. These are the major hosts we and IObit use, and we view these removals as constructive first steps. IObit have also themselves removed the installer for IObit Security 360 from

Softpedia: What is your goal in this matter? What exactly do you hope to gain by taking legal action? It's obvious that immediate take-down from download portals and removal of stolen signatures will not be enough.

Marcin Kleczynski: We want our software to be our software. Malwarebytes is run by ethical people who want the security software world to be an ethical place. We have strong senses of right and wrong, and what IObit did was wrong. They stole our intellectual property. They damaged our business and our reputation. We want that to be remedied.

Softpedia: Do you suspect IObit of cheating their way through other obstacles as well? In-depth analysis has demonstrated a much lower quality in IObit products but, still, their security solutions are often a match for your own when it comes to user download numbers and ratings.

Marcin Kleczynski: We are not going to comment on any other unethical behavior by IObit. We can only comment on what we researched ourselves thoroughly, which is the theft of our database.

Softpedia: In light of recent events, have you considered implementing in MBAM other, more efficient ways of detecting this type of theft?

Marcin Kleczynski: We are exploring ways to ensure this does not happen again in the future.

Softpedia: Did you receive any serious negative feedback from IObit users and fanboys? How would you comment the impact your declaration had on the “masses”?

Marcin Kleczynski: The response has been almost entirely positive, from Malwarebytes and IObit users alike. We have witnessed an incredible outpouring of support for Malwarebytes and the hard work we put into our research and products, and we are humbled and grateful for it. We presented our case objectively and clearly, laid out all the evidence, and people have responded to that. In our view the evidence is incontrovertible and readers have agreed.

Softpedia: You pointed out that during your investigation you uncovered evidence of IObit stealing the signatures of other antivirus vendors as well. You also mentioned that you have contacted these companies. We understand if you cannot gives names, but can you tell us how these affected companies reacted in general and if their response was favorable to your cause or not? Is any of them preparing to take actions?

Marcin Kleczynski: We will let the other companies comment on that.
Exclusive interview with Malwarebytes CEO, Marcin Kleczynski
   Exclusive interview with Malwarebytes CEO, Marcin Kleczynski