On December 8th Malwarebytes began removing our products as potentially unwanted programs. Earlier today, December 22nd, we received their explanation why.
In a blog post published on their website, Malwarebytes listed several claims to explain why they chose to classify our products as PUP/PUA. All of this despite nearly a decade of PC Pitstop/PC Matic products and Malwarebytes coexisting on systems all over the world. None of the concerns outlined by Malwarebytes justifies their classification assigned to our products. Malwarebytes’ reclassification of our products are in response to our recent article that noted the AV Comparatives test that highlighted poor detection rates for Malwarebytes.
1. Malwarebytes concern: “Claiming that registry cleaning is necessary”
Our product does not claim that a user is infected because of registry issues, it clearly states “these may cause improper actions by some applications.” There are also several applications that clean the registry just as PC Matic does that are not classified as PUP/PUA, including BitDefender, AVG, CCleaner and System Mechanic.
2. Malwarebytes concern: “Claiming that temporary files are problematic”
Our detections of temporary files do not claim that they are in some way urgent issues, the red dot next to them simply designates an automatic fix being available by our program. Solid State Drives are typically more limited in space than their cheaper and more expansive hard drive counterparts. Our user base welcomes any area where we can free up space on the drive by removing unnecessary files. Additionally, many vendors offer disk cleanup tools to remove unnecessary files and free up disk space, including: Kaspersky, Norton, Webroot, BitDefender and others that are not labeled as PUP/PUA by Malwarebytes.
3. Malwarebytes concern: “Claiming that cookies are problematic”
It is well known that cookies can and do cause privacy issues. Closing this security hole for our customers helps ensure their privacy is protected. Most recently, reports have been released that malicious cookies may have played an integral part in the Yahoo security breach. The removal of cookies is not unique among comparable industry products and these products are not labeled as PUP/PUA by Malwarebytes.
4. Malwarebytes concern: “No working trial”
It is our own business decision to not have a full trial available for our product. This certainly does not mean a product is a PUA/PUP. Additionally, our product PC Matic Home Security is completely free security for up to three computers. This can be used as a great way to trial our product’s whitelist protection without the optimization features that are included in the full version. Malwarebytes also chose to highlight the high price of our product stating that it can cost “up to $150” which is the price for a lifetime license. PC Matic is $50 per year for 5 computers, which is cheaper than Malwarebytes Premium at $79.99. The lack of product trial is not unique among comparable industry products and these products are not labeled as PUP/PUA by Malwarebytes.
5. Malwarebytes concern: “Silent removal of necessary applications”
PC Matic includes an application update function therefore rendering these applications unnecessary. With that said, in the time since their blog went live, we have adjusted our program to accommodate the two Chrome applications in question- further strengthening protection for our customers. We still plan to remove the unnecessary Java Tray Application.
There are several good reasons why we remove this application. Java is updated by our PC Matic application as well as our real time protection SuperShield, so leaving the Java Tray application running simply for updates is an unnecessary waste of system resources. Our update process is also seamless and more effective than the Java Tray app. Because the Java app requires user approval and can be skipped it leads to a lower percentage of updates. Our process is automatic and done in the background so it leads to a higher percentage of users updating and being more secure. Additionally Java updaters can sometimes install toolbars and unneeded applications, which we strip out. We also make sure that version updates are handled properly so as to not disrupt the experience of customers that use older versions of Java. Our process best maintains consumer efficiency and system security.
6. Malwarebytes concern: “Silently disabling the Windows Defragmentation Service”
Our program intentionally disables the Windows Defragmentation Service due to the way the operating systems identifies solid-state drives. PC Matic’s SSD identification rules are more accurate and defraging reduces the life of solid-state drives. Our customer’s drives are not left without disk defragmentation, as it is included within PC Matic. We do not remove our customer’s ability to defragment their drives.
7. Malwarebytes concern: “Silently performing other potentially dangerous actions”
PC Matic adds an administrator account to the computer in order to increase protection on the system. This account is used only by PC Matic to ensure that persistent malware can be removed. These accounts don’t perform dangerous actions, but rather increase system protections in real time.
8. Malwarebytes concern: “High risk security vulnerabilities”
These claims were shared with us on December 22, hours before the Malwarebytes blog was posted. The 2 vulnerabilities cited were patched within minutes of notification. PC Pitstop/PC Matic are committed to going above and beyond to protect our customers. There is zero evidence that any of the security issues cited – ever impacted our customers. Similar claims of vulnerabilities in other industry products have not lead to those products being similarly classified as PUP/PUA by Malwarebytes.
With transparency being equally important to us at PC Pitstop/PC Matic, the intent of this response is to make ALL of the facts public. Given the weak rationale behind the concerns outlined here and the fact that similar products are not labeled as PUP/PUA – we are lead to believe that the Malwarebytes classification of our products was actually motivated by our recent article that noted the AV Comparatives test that highlighted poor detection rates for Malwarebytes.
These accusations have also led to third parties testing and/or reviewing our product, to either confirm or reject Malwarebytes claims. One of these individuals was Tom Lawrence of Lawrence Systems. He reviewed the information provided by Malwarebytes, and compared it to information he found from PC Matic. Following a fair evaluation, he agreed to speak with Dodi Glenn — Vice President of Cyber Security for PC Matic. You’re able to view the full conversation here:
Network World also posted an article regarding this issue. You can read our follow-up statements to that article here.