Iobit Battle and Drama

[chrisban35]

This is very frustrating! I'm a Malwarebytes fan, and I am certainly an Iobit fan! - Your excuse can longer be that iobit uses pup files. This is a known entity that has a long standing record of producing quality products. These exclusions should already, by courtesy, be "excluded" from Malwarebytes. 

We all know the reason they're not, and this brings up the question of ethical practices. Sure, they may be a competitor. You may already have a friendly relationship with AVG's new tools, or some other PC Fix tools provider. But in truth, aren't you just as interested in being loyal to your own base? Those who like your product, but also want to use iobit? You're not just just alienating iobit, you're alienating "your own fans(potential clients)"! 

It's not like their files are constantly changing, or their software hasn't popped up on your radar, or that people like me haven't written before about this problem... It's that you don't want to do anything about it. Which leaves me with a real problem. You want me to "trust you" as a provider of quality products, yet within your own offering you "exclude" others with a selfish intent. 

It's time to bury a hatchet and place iobit's files in exclusion of your filter search! I'm tired of my clients constantly calling me because you consistently change back to showing these files as threats, when you know they absolutely are NOT threats! Fix this! because it's more damaging to "your" image, than it is to theirs! 

 

 

[exile360]

Greetings,

First off, PUPs aren't threats, and Malwarebytes never gives the indication that they are (this is why the words Potentially and Optional are used for such detections).  As for the reason they are detected, it has absolutely nothing to do with iObit's history, otherwise their other applications would be detected as well, but they're not.  It's because of this as well as information like  this and this.  And you'll find plenty of other similar articles around the web from reputable sources saying the same thing.

Yes the only ones defending these types of apps are either users such as yourself who are convinced they have some merit, or the vendors themselves or sites created by affiliates who profit from selling them.  I have never come across even one reputable, independent source who said that these applications were recommended, useful or even just not potentially harmful.  Not one.  And that includes Microsoft, who themselves decided many years ago to discontinue their own registry cleaning application after finding that not only did it never improve system performance, but it was also potentially dangerous and could actually damage the system and/or software installed on it.

This is why this application is detected, and it's the same reason that driver updaters, PC optimizers and all other similar apps are detected as PUP, because they serve no legitimate purpose and have the potential to do more harm than good, not to mention that they often try to charge to "fix" things that aren't broken which they claim are "critical issues".

If you don't want PUPs detected, Malwarebytes has an option to disable detection of PUPs.  If you don't want this app detected, click the checkbox at the very top left of the scan results screen to uncheck all those detections, then click Next, then click Ignore Always when prompted on what to do with the remaining unchecked items and they'll all be excluded so they won't get detected again as long as your exclusions are present (if you do a clean uninstall/reinstall, or uninstall Malwarebytes from the system the exclusions get wiped out so you'll need to run a scan and do this process again, but otherwise they should remain so that it isn't detected any more).

If any organization or vendor wishes to submit their application for reconsideration to try to get it declassified as PUP they are welcome to do so by contacting Malwarebytes at the email address listed on this page and they will review it and if proven to not fit the criteria of PUP, then the detections will be removed from the database.

[AdvancedSetup]

A few recommended articles to read on registry cleaners:

Registry cleaners are not supported by Microsoft

• Microsoft support policy for the use of registry cleaning utilities
• An often posted and quoted article (Ed no longer hosts the site but did mention again on Twitter), Ed Bott's Why I don't use registry cleaners
• Older article quoting two MVPS's, but relevant still is Do I need a Registry Cleaner?
• miekiemoes' Blog Registry Cleaners and System Tweaking Tools
• Registry cleaner - From Wikipedia
• Are Registry Cleaners Safe to Use?

In most cases regardless of which Registry Cleaning tool you use it's not going to outright break Windows from booting or running. Normally the damage done is rarely seen or even attributed to the cleaning. How it can sometimes manifest itself is with an application simply not behaving as it used to, a program feature that no longer launches. In some cases on a computer with detailed auditing enabled it can show errors that were not there prior to the cleaning, but again these are typically things that would be nearly impossible to know after the fact what caused it.

Bottom line is WHY are you cleaning the Registry? The system can typically read through the entire Registry in under a minute, but that is not how software reads, writes to the Registry. It makes a specific call to a location where it expects its configuration to be or where it needs to possibly interface with other COM objects to complete an operation and can typically make that read in milliseconds. Reading all the keys for my HKCU hive took 249 ms with a total of 21047 keys. So how is removing a dozen or a few dozen going to really help speed up my computer?

If you can show proof positive 100% that some value in the Registry is actually causing an issue then change or remove THAT entry. Not hundreds or dozens of entries because someone that has been programming for a few years now somehow feels they or their team know the Billions of possible values and every single one that is good or bad and can automate fixing it. Sorry but I call BS, no one knows every single entry and what it means let alone if its good or bad.

 

While you're reading about Registry Cleaners you might also want to read the following article

The complexity of finding, preventing, and cleanup from malware

 

 

 

As for history, I won't post about it but iObit stole our database many years ago to create rules. As far as we know they've never done it since then.

 

Thanks

 

Edited March 8, 2021 by AdvancedSetup
corrected font issue

[Unicore]

None of the IObit programs are safe to use on your computer.  They have a long history of producing software that causes more harm than good.

[exile360]

I'll be honest, I realize that some of iObit's apps are pretty popular.  I'm also painfully aware of their overly aggressive advertising tactics, including deceptive ads which reside on several well known/major download sites where the ad looks like the download button for the application the user is trying to get, but because of its location and appearance, they end up clicking the ad instead and unwittingly installing Advanced System Care.

I have also personally looked at several of their more popular apps and noticed a pattern of striking similarities to other, better known/more widely used freeware applications from other companies/developers, including tools like CCleaner and Defraggler among others.  That was sometime ago though, so it's possible they've made some changes and altered their offerings to make them more unique, however given their history, not just what they did to Malwarebytes and their database, but also to other well known security vendors as well as what I mentioned about the other freeware apps, I personally have a hard time trusting them.  But of course the decision to classify them as PUP or not is not mine to make either, and is completely up to Malwarebytes and their Research team, and since I know they aren't anxiously seeking any lawsuits, I'm certain they carefully weighed their decision and didn't come to it lightly when they decided to classify ASC as PUP, making sure that it fit the criteria they use when classifying applications as PUP.

Malwarebytes doesn't just target products from vendors they might consider "unfriendly"; they even block ad/tracking servers from the likes of Microsoft and Google with their new browser plugin (currently in beta), so I don't believe for one second that this PUP classification has anything to do with the history between the two companies and I am certain that if iObit were to change their application and advertising practices so that it no longer merited being classified as PUP by Malwarebytes, they would immediately remove it from their detection database without a second thought.  I've seen it happen before with plenty of other companies' products, even ones from vendors whose products were once classified as actual malware (like rogue/fake AVs etc.), but after they cleaned up their acts and stopped the malicious/unscrupulous practices, Malwarebytes removed detection for their applications because they aren't interested in using their detections as a means of lashing out at anyone, it's just there for the sake of protecting their users and customers.

[jmtces]

There is no way that MalwareBytes is not using the thinnest of reasons, spurred on by vengeance, to keep disrupting IOBit Advanced SystemCare  (ASC) and Advanced SystemCare Ultimate (ASCU) installs on our PCs.  They are singling out these products because of the Court battle they lost some time ago.  They themselves are acting as malware when they are continually looking for ways around the exclusions you set in their program to continue to isolate, block or quarantine parts of ASC/ASCU.  Every Time I install ASC/ASCU and MalwareBytes (MBAM) on a Clients PC, I have to Install MBAM first, disable Real-time protection, Install ASC/ASCU then set up all the "*\IOBit\" folder exclusions for where ASC/ASCU files are installed, run an MBAM scan so that I can add all the ASC/ASCU registry keys, Task Scheduler tasks and shortcuts in folders I don't want to exclude (desktop, startmenu, etc).  Then I'm usually sweet until ASC/ASCU next upgrades to a newer version.

After an upgrade, MBAM used to only quarantine new shortcuts in the folders not excluded (desktop, startmenu, etc) and the occasional new Registry key.  ASC/ASCU could continue to work without these shortcuts and I could easily instruct my clients to restore the shortcut from MBAM's quarantine.  It is still a hassle and with dozens and dozens of PCs to have to do this with usually during a monthly maintenance check or a call from the client about a popup message.

Now MBAM is quarantining the Definition downloader file that runs from the %TEMP% to prevent ASC/ASCU from updating definitions.  I restored one of the 17 quarantined downloader files ""C:\Users\stationary\AppData\Local\Temp\is-ASA1P.tmp\DownConfig.exe"" and submitted it to Virus Total and only 4 of the 67 virus engines reported it (MalwareBytes, DrWeb, Cylance & EGambit).  Not sure if they are in cahoots with MBAM, subscribe to some common definitions or have some legitimate concerns.  The others may provide a way to exclude ASC/ASCU E.g.

From: https://forum.drweb.com/index.php?showtopic=323196&hl=iobit 

Posted 25 November 2015 - 22:17

Dr. Web (CureIt) considers IObit as a potentially unwanted program, not a virus, because IObit misuse can cause serious problems. You may add IObit in the exceptions list of SpiderGuard/Scanner, if it bothers you.

I like both programs for their abilities but MBAM should respect my judgment on what programs , including PUPs, I want to keep on my PC if I exclude them

We should try to bring this MalwareBytes/IOBit saga to an end.  I propose that we draft a letter to both parties pointing out what we see as their bad behaviour (e.g. MalwareBytes' specific targeting of ASC, IOBit's ad Popups for the free software bundled with the paid versions - like IOBit Uninstaller) and if they don't hash this out within a set period of time, we will draft a facebook, twitter, etc post and encourage all users to put the posts out on their social media.  The Posts should warn all potential new users, of either product that refuses to make adjustments, to stay away from it and to pass it on to all their followers.  It won't take long for it to hit their bottom line!!

[exile360]

Greetings,

I think you might have a few of the facts mixed up here which may be contributing to your idea that Malwarebytes is somehow singling out iObit when in fact ASC is classified as PUP for very legitimate reasons.  First, Malwarebytes never lost any court case against iObit.  In fact, the only outcome of any grievances between any of these vendors and Malwarebytes in court has been a victory for Malwarebytes with the court systems/legal systems siding with Malwarebytes, including with regards to classifying apps as PUP.

Second, Malwarebytes isn't seeking ways around exclusions.  They have ASC's files and entries in their PUP detection database and have for a very long time now.  The entries in the above image show that the items being detected are in a temp location, which is where ASC has placed them during install which explains why they would be detected if that location is not excluded.  A simple solution would be to temporarily disable Malwarebytes protection during installation/upgrades of ASC (and in fact, the image above is of a Malwarebytes scan which would have had to have been run either during an ASC installation/upgrade, or else it is detecting leftover temp files after the fact, but either way, as long as you proceed to complete the installation/upgrade of ASC, those detections will have no impact on ASC and the normal exclusion of ASC's program files will be sufficient to prevent ASC from being blocked or removed by Malwarebytes).  You can also easily change how Malwarebytes handles PUPs in its settings which again makes it very easy to prevent ASC (or any other product detected as PUP by Malwarebytes) from being detected.  Just set it to either "Warn User" or "Ignore Detections" and this too can be done on a temporary basis when installing/upgrading ASC to prevent these temp detections.

And finally, with regards to Malwarebytes reasoning for detecting ASC and apps like it as PUP, it has absolutely nothing to do with the history between the two companies, otherwise Malwarebytes would be classifying all iObit apps as PUP, yet they do not.  Below is a list of links explaining exactly why Malwarebytes detects ASC and similar programs from other vendors (not just iObit) as PUP:

https://decentsecurity.com/#/registry-cleaners/
https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities
https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/
https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/

And from Malwarebytes themselves (there are many more entries if you search for "registry cleaners" on Malwarebytes blog in addition to the items below but you get the idea):

https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/
https://blog.malwarebytes.com/threats/registry-cleaner/
https://blog.malwarebytes.com/cybercrime/2015/07/pup-makers-digital-snake-oil-part-3/
https://blog.malwarebytes.com/puppum/2016/12/why-malwarebytes-detects-pc-pitstop-as-potentially-unwanted/
https://blog.malwarebytes.com/puppum/2016/07/pup-friday-cleaning-up-with-5-star-awards/
https://blog.malwarebytes.com/puppum/2016/08/systweak-redux-our-response/
 

I hope that this information has helped to clear things up as to why the above detections were made as well as why Malwarebytes Research team is justified in classifying applications like Advanced SystemCare as PUP.  If any vendor wishes to dispute a PUP detection they may do so by reviewing the information on this page

[ericb]

I didn't know about the MBAM vs ASC thing, nor do I care.  I am mostly self taught but did get an AS degree in Information Systems Tech later on on Trade Act (mainly to use the free education to finish an incomplete Engineering degree)  I know a little, wish I knew what some of you know, and would be a genius if I knew half of what some of you claim to know. (Who is whom, right?)  I relied on Advanced Windows Care long ago, thought it was good and I thought ASC was still relevant and useful.  I've never experienced anything bad that I could trace back to ASC.  Keep in mind, I do know a little and when you play in poop, it is likely gonna make you stink (I feel that I am careful = I stay away from sites that throw up 30 pop-ups, where some morons think that blocking the pop-ups instantly makes the first site safe)  I stopped here because MBAM quarantined all my ASC and I wanted to read why.  Found a great deal of interesting talk, opinions, crap, etc.  Are Registry Cleaners really bad? I don't know now.  I've used them in the past with success, usually to easily remove a rouge process that tries to run in the background when the parent software is long gone.  Also, because I don't trust myself to manually remove the registry value that calls it up.  You know, family member wants you to fix their PC .... after pre-installed McAfee expired, they installed Norton and didn't like it, then bought Trend-Micro or something and the BSOD appears when they try to install it.  This is one true example, though the order and program names may not be accurate.  None of the software was ever UNinstalled, yet each package after the first removed what it needed to install itself, leaving a mess. ASC Registry fixed all the leftover remnants but the first preinstalled garbage (finally reinstalled that one using Dell Service Tag to get the correct version with proper uninstaller) I'm sure one of you could offer a much easier process, which might help me in the future.  Point of my rambling .... thought registry cleaning was okay.  Thought ASC was okay.  Always use MBAM first when I suspect malware .... this is the first time I had it attack ASC but I get it (understand the potential thing by definition) .... guess I have always just used the free version. I do networking for an ISP now and run away when family mentions a computer problem.  Thank you for the detailed fix and humorous back and forth debating in this thread and others.