Thanks, that's interesting about the MS blacklist capability I'd assumed the CA would need to revoke. As I understand it the root certificate allows malwarebytes or anyone that infiltrates malwarebytes to MITM all your encrypted communications, which makes it relatively attractive to target that one thing (injecting something malicious into the malwarebytes product) in order to spy on all traffic for every customer of Malwarebytes. You'd think that if it was really that trustworthy, that they could have convinced MS to add them to the list of trusted root certs. MITM through voluntarily allowed root certs is absolutely routine (almost every company, school, etc. does this for deep inspection of SSL traffic) but also not something I want on my own network when it's someone else holding the keys to the castle.