How Good Programs Go Bad -- the Fall of Malwarebytes

[DarkDaggler]

What does most malware do?  It tells you you are in sudden danger when you are not, in order to scare you into buying something. 

That by itself doesn't mean a program is malware. It takes more. Like the following: 

(1) When you install Malwarebytes Free, it defaults to the 14 day Premium Trial.

(2) When the trial runs out, a warning appears that is intended to scare users into buying the Premium version -- a warning that implies the user is in imminent danger.  

(3) If users downgrade to the Free version, it gets switched back to Premium (and re-starts the 14 day countdown to the scareware message) EVERY TIME you do a full upgrade. 

(4) Full upgrades seem to be more and more frequent...

Now this last one might be a necessity of battling modern malware. But when you combine all four you get something that looks a lot like a virus. At the very least, it's disappointing.

"HOW CAN FREE STUFF BE DISAPPOINTING?" Because we're spoiled by good free stuff. But MBAM also makes $, yeah? (You must -- I've advised many virus-prone clients to pay for MBAM.) 

And it's good to get paid. Especially if you deserve it because you made a light, fast, effective, safe cleaner and made it available for free.

But beware the road that so many have taken.  AVG --> Crapware Bloatfest.  Avast --> Turdpile Scumbladder. There's more but I'm lazy. Oh yeah -- Norton. Yes I invoke Norton, the Nazis of fake security.  Decade after decade, trusting grandpas gently shell out $50-$100 per year for one of the worst AV programs in history, just because, once upon a time, Norton was clever enough pay HP and Dell to infect countless generations of PC's with "Free 90 day trials" which ended with, you guessed it, scary warnings. (Another Norton tactic: they convince journalists that Norton is the go-to authority on malware. They conduct interviews in "war rooms" -- big darkened high-tech workspaces full of busy technicians toiling under giant screens that show the global progression of "the threat". Jesus.)

PS - How long till Adwcleaner starts having nag screens about the pro version?

[dcollins]

Step 3 shouldn't be happening. We did reset the trial notifications once last year which would cause this to happen, but if you're seeing this more frequently, can you run mb-check from https://downloads.malwarebytes.com/file/mb3_check and upload the zip file it creates? This will give us some information about your machine so we can try to see why you keep getting these notifications.

[PureCode]

Malwarebtyes is really good using it for 2 years.

[Unknowntongue]

Unfortunately, Dark is correct. Everytime I update MB I get the free upgrade trial whether I want it or not. When it gets close to expiring (within 5 days or so) I start getting popups. They appear regardless of what I'm doing (such as playing a game). I have to alt-tab out to close the little ad. Annoying as F**k. And @dcollins, Please explain why information about a person's computer would be relevant to the problem. I've installed the free version on my current computer but I did buy the premium on my last computer 7-8 ;years ago. @PureCode. Yes, It is an awesome AV app. But it has become too "in your face". The free premium is nice but if I wanted it I would have bought it. I din't ask for it to be installed on my current machine and it is really pissing me off that I can't go 30 mins without a popup that requires me to alt-tab out of whatever I'm dong to close this annoying message. I find it sad that they have resorted to such desperate means to generate money. And the link that dcollins gives (which I didn't click on). I ask again..why?

[dcollins]

@Unknowntongue we did reset the trials again for 3.4.4, but it can easily be disabled under the My Account section.

We also have plans to allow more control over the notifications so that they don't interrupt people while they're doing things like playing games or watching videos. No ETA on that yet though.

As for the logs I asked for, DarkDaggler said this was happening everytime he performed an upgrade not just when we forcefully reset the trials. If that's happening, it has to be something on the machine that's changing to make us think the machine is a different computer than what it was before, and the logs would give us an idea of that.

[chinghisskhan]

On 3/1/2018 at 8:25 PM, DarkDaggler said:

the reason that I don't renew my subscription:

In the screen of "Detected Malware" there is no way of copying the path or URL to put it into exclusion from scanning.

Malwarebytes "detects" many useful programs as "PUP" but often it is insane BULLSHIT.

The task of excluding paths or URLs is too bloody cumbersome since "copy and paste" doesn't work.

Why not include a "right click" option to EXCLUDE - it is that simple.

 

[chinghisskhan]

On 3/1/2018 at 8:25 PM, DarkDaggler said:

What does most malware do?  It tells you you are in sudden danger when you are not, in order to scare you into buying something. 

That by itself doesn't mean a program is malware. It takes more. Like the following: 

(1) When you install Malwarebytes Free, it defaults to the 14 day Premium Trial.

(2) When the trial runs out, a warning appears that is intended to scare users into buying the Premium version -- a warning that implies the user is in imminent danger.  

(3) If users downgrade to the Free version, it gets switched back to Premium (and re-starts the 14 day countdown to the scareware message) EVERY TIME you do a full upgrade. 

(4) Full upgrades seem to be more and more frequent...

Now this last one might be a necessity of battling modern malware. But when you combine all four you get something that looks a lot like a virus. At the very least, it's disappointing.

"HOW CAN FREE STUFF BE DISAPPOINTING?" Because we're spoiled by good free stuff. But MBAM also makes $, yeah? (You must -- I've advised many virus-prone clients to pay for MBAM.) 

And it's good to get paid. Especially if you deserve it because you made a light, fast, effective, safe cleaner and made it available for free.

But beware the road that so many have taken.  AVG --> Crapware Bloatfest.  Avast --> Turdpile Scumbladder. There's more but I'm lazy. Oh yeah -- Norton. Yes I invoke Norton, the Nazis of fake security.  Decade after decade, trusting grandpas gently shell out $50-$100 per year for one of the worst AV programs in history, just because, once upon a time, Norton was clever enough pay HP and Dell to infect countless generations of PC's with "Free 90 day trials" which ended with, you guessed it, scary warnings. (Another Norton tactic: they convince journalists that Norton is the go-to authority on malware. They conduct interviews in "war rooms" -- big darkened high-tech workspaces full of busy technicians toiling under giant screens that show the global progression of "the threat". Jesus.)

PS - How long till Adwcleaner starts having nag screens about the pro version?

YEAH, you are RIGHT. Additionally, MB detects a lot of good programs as "PUPs" because of being a product from competitors.

The very reason tat I don't renew my subscription is simple: In the detection screen, there is NO copy and paste to exclude paths and URLs.

Why not make a right to click action to EXCLUDE.

Bloody cumbersome to look at the path or URL, then manually type it. BS

[dcollins]

@chinghisskhan on the detection screen, if you simply uncheck the item you want to exclude and click Next, you will be asked if you want to ignore the item once or always. If you choose Ignore Always, it adds the item to your exclusions.

[exile360]

If there are many detections you wish to exclude you may click on the checkbox in the column header on the top left beside where it says Threat Type as shown and highlighted in red below:

Also, if there is a particular process you wish to exclude from Web Protection (other than your web browser of course as that would not be safe) then you may do so by following the steps found on this page beneath the section where it says Exclude an Application that Connects to the Internet and use the Browse... button to navigate to the program's folder to select the executable being blocked (if, for example you wish to exclude a process belonging to an item Malwarebytes has classified as PUP for a case where it is connecting to its website for updates etc. if Malwarebytes also blocks the website it connects to).  Optionally, whenever a website is blocked by Malwarebytes you should be able to exclude it by right-clicking on the Malwarebytes tray icon and clicking on the Add Web Exclusion for name of site that was just blocked as illustrated in the image below:

Also, when updating a product which is detected as PUP by Malwarebytes you may need to either exclude the installer for it if you downloaded it from the web manually or temporarily disable the Malware Protection component in Malwarebytes until the new version is installed.

Optionally you may modify how Malwarebytes handles PUPs in general if you would rather it not detect them or would prefer Malwarebytes ask you how to handle any PUP detections.  To do so, open Malwarebytes and navigate to Settings>Protection and use the drop-down menu under Potentially Unwanted Programs (PUPs) located in the Potential Threat Protection section and choose either Ignore Detections if you would prefer Malwarebytes to not detect PUPs at all or Warn User if you would prefer to be prompted on how to handle any PUP detections (this will also change scan results so that any PUP detections are unchecked in the scan results screen by default, which will make the procedure above for excluding all items belonging to a single PUP program much easier).  If configured to warn, real-time protection will display a notification asking you how to handle any PUP it detects and you may select Ignore Always for any item you wish to add to exclusions to prevent future detections of that item.

Specifically with regards to what Malwarebytes detects as PUP and why, please refer to the information in the following links:

https://www.malwarebytes.com/pup/
https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/
https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/
https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/
https://blog.malwarebytes.com/cybercrime/2015/07/pup-makers-digital-snake-oil-part-3/
https://blog.malwarebytes.com/malwarebytes-news/2017/11/winning-the-battle-against-pups-on-your-computer-and-in-u-s-district-court/

The following links should also prove informative as to the reasoning behind the detection assuming the product you're referring to includes a registry cleaner and/or PC optimizer and/or driver updater:

https://decentsecurity.com/#/registry-cleaners/
https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities
https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/
https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/
https://lifehacker.com/5482701/whats-the-registry-should-i-clean-it-and-whats-the-point
https://lifehacker.com/5033518/debunking-common-windows-performance-tweaking-myths
http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html
https://www.howtogeek.com/198758/never-download-a-driver-updating-utility-theyre-worse-than-useless/
https://www.howtogeek.com/233115/the-only-way-to-safely-update-your-hardware-drivers-on-windows/
http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html
http://www.tomshardware.com/answers/id-1974868/trusted-driver-updater.html
https://www.howtogeek.com/172839/10-types-of-system-tools-and-optimization-programs-you-dont-need-on-windows/

Edited September 22, 2018 by exile360

[exile360]

By the way, after adding a web exclusion using the right-click tray icon function I mentioned above, you should see the following notification confirming that it has been added to exclusions (it will list the website you excluded, obviously; I used the one shown in the image as a test):

If you then click the View Exclusions button shown it will open the Malwarebytes UI to the Exclusions tab so that you can see that the site is now included in Malwarebytes' list of exclusions for your installation.

If after doing this you still cannot connect to a previously blocked address then you may need to restart your browser or clear your DNS cache.  Tools like CCleaner can accomplish this or you can use a command prompt by executing the ipconfig /flushdns command (more info about DNS caching can be found on this page).

[kmdnur]

How can you be so stupid as a company as to automatically activate premium trials? I am totally stunned. Came here to sign up just to rant about that and found someone already has.

Get your act together! AVG is just a 2 second download away...!

 

[exile360]

You can easily disable the premium trial in just a few clicks as shown in this support article.  While my personal preference would be to continue to offer an option to opt-out of the trial during installation, I do understand why this option was removed; the simple fact of the matter is that the vast majority of users do not pay attention to the text and checkboxes/controls presented to them during installations of software so they will generally just click through the installation wizard to complete the installation process, meaning whatever the default is, that's what they're likely to go with (and Malwarebytes has likely collected telemetry data on user-selected options during install that support this hypothesis which may well be why the option was removed in the first place, though that is just speculation on my part).

[TechTalkWithKevin]

First off hats to Malwarebytes for such a great product.  The Malwarebytes Toolset is just awesome.  I have no ill will towards anyone's opinion but thought I would share a second one.  As Malwarebytes has grown in people so does the bills.  I think we all get that, to make a great product you need great people.  The only reason that I dislike the addition of the premium support 14 day trial is because I, the family/friend computer support guy, is simply downloading Malwarebytes to clean a problem.  I don't need the premium version, my family/friend have no clue what all is going on so it's an annoyance. 

But now that Malwarebytes has name....as a leader in malware removal, as a top hit when you search for "remove malware"…..what about the family/friend that wants to take the malware problem in their own hands.  Just as you teach your child to look both ways before crossing the street for their safety, the premium version honestly knows what's best of the non technical family/friend that DIDN"T call you for help (that could be a good thing).  The 14 day trial is a warning....and my goodness everyone....malware is malicious software.  There is nothing malicious about Malwarebytes.   You give them money....they give you a great product, for a whole year.  Ture Malware takes your money and might plant a virus to take more money down the road.  Malware may even force someone to go to a store and have to pay to get their computer cleaned.  

Now what would be cool is a technician copy that may still have a button/banner to add the Premium but by default it will only be the free scanner.  You could have this tucked away in support/downloads somewhere.  Trust me, once we find it we will share it.  That way the main website will always advertise the version that will keep non technical family and friends safe from crossing the road but keep the technicians happy while still performing a service to the family and friends that rely on them.  

[AdvancedSetup]

Thank you for your input @TechTalkWithKevin and

We do have a version for Tech Shops

Malwarebytes Techbench
https://www.malwarebytes.com/techbench/

 

[TechTalkWithKevin]

Yes Sir.  I have it, but not free =)  Worth it but not free.

[NikiP]

Yes you guys deserve money.  Yes you deserve to charge for it.  You have been brilliant in the design and implementation of this product.  But what a shame that in the end you let it be at the cost of selling out to pirates from a private equity firm who force you into destroying your reputation with what used to be a virtually adoring customer base for the purpose of squeezing out any possible dollars.  The hoops I had to jump though to get out of your 'premium trial' make AVG look like a non-profit org. And I am sadly looking for your replacement since your  'evolution' has shown that while you -  the developers, the geeks, the artists behind this -- used to have a purpose and a soul...you now just have money.  

 

 

[exile360]

Greetings,

You should be able to deactivate the trial by following the instructions found in this support article.  If you go to the Malwarebytes support knowledgebase, it is the first entry that shows up when search for the term "trial".

I would like to see an option in the installer to opt-out of the trial, however at least it is easy enough to deactivate it once Malwarebytes is installed.