My son is nine years old and in fourth grade. Imagine that he comes home from school and announces that he is super smart. “I no longer plan to take tests”, he smiles. Then, he begins to terrorize the other students preventing them from studying and taking tests. As a parent, what do you do? That’s Malwarebytes.
Hello. My name is Rob Cheng, CEO and founder of PC Pitstop, makers of PC Matic. On December 7th, we reposted a comprehensive ransomware test performed by AV Comparatives. The report included results for Malwarebytes. Prior to this report, Malwarebytes had virtually no public tests.
Reach out to our customers. Many of our customers are still unaware they have been attacked by Malwarebytes. Please share on social media to help get the word out.
Purchase and renew security software based on detection rates. Buy products with high detection rates, and avoid products with low detection rates, like Malwarebytes.
Make it stop. Inform Malwarebytes that PC Matic is not malware. Perhaps if they get a critical mass of comments, they will stop the attacks. Send an email to firstname.lastname@example.org or post on their forums. You can also reach out to Malwarebytes using their Twitter handle @Malwarebytes or reach contact them via Facebook here.
Journalists and Reporters Contact Noyd Communications at 310-374-8100 or email at email@example.com.
The next day, December 8th, Malwarebytes began attacking our customers. Malwarebytes removed PC Matic and its real time protection, Super Shield, leaving our customers exposed to viruses and ransomware.
We contacted Malwarebytes through formal and informal channels with no response other than predefined replies. The attacks continued.
Losing hope that this was some sort of mistake, we identified and contacted 52,458 of Malwarebytes and PC Matic’s mutual users. We sent them instructions urging them to uninstall Malwarebytes and reinstall PC Matic in order to stay protected. As of this writing, about a fourth have opened the email.
We now realize after one week of attacks, that we must aggressively inform our customers and the public about the dangers of Malwarebytes. We need your help. First, share this on all social media platforms – Twitter, Facebook, LinkedIn, everything. We need to find a way to get the word out that this is happening, and those impacted are losing their security protection. Second, help us make it stop. The power is in numbers. If we can get others to notify Malwarebytes of the issue, perhaps it will stop. You can send an email to firstname.lastname@example.org or post on their forums. You can also reach out to Malwarebytes using their Twitter handle @Malwarebytes or reach contact them via Facebook here.
Malwarebytes has broken a rule of security. Never remove an AV product without replacing it with another. Both Malwarebytes and PC Pitstop are Microsoft certified security partners. Up to now, a Microsoft security partner has never attacked the customers of another. It is a dangerous precedent for security vendors to compete in this manner. Ironically, one of the many requirements for becoming a certified Microsoft security partner is public testing, which Malwarebytes has basically ignored.
The saddest part of this episode is that it is a distraction from the real enemy, ransomware. Every day, millions of dollars are being extorted from American households, businesses, and government agencies. The FBI estimates that ransoms paid in 2016 will surpass one billion dollars. We believe to thwart the ransomware epidemic, the key is for buyers to consider detection rates in their security software decisions. Malwarebytes forcefully disagrees.
Unlike my nine year old, we can’t put Malwarebytes in timeout, but they sure need to learn a few lessons.
Update: Almost two weeks after categorizing PC Matic as a PUP/PUA, Malwarebytes provided an explanation why. You can read our official response to these allegations here. Since this issue continues to be unresolved, various third parties have taken the time to test and review our product. Network World recently released an article on the matter. You may read our responses, as well as find a link to their original article here. Tom Lawrence of Lawrence Systems also reviewed our product after reading Malwarebytes accusations. After doing so, he took the time to speak to PC Pitstop’s VP of Cyber Security, Dodi Glenn. You can view that conversation in its entirety here.