Malwarebytes gets tougher on PUPs

CEO announcements | Malwarebytes news | PUP

Malwarebytes gets tougher on PUPs

Posted: October 5, 2016 by Marcin Kleczynski
Last updated: May 8, 2017

Several years ago, I blogged that we would be increasing how aggressive we would be in detecting Potentially Unwanted Programs (PUPs) and our fantastic malware intelligence and research teams have delivered on that promise. Last year, we removed approximately 500 million traces of PUPs per month!

In response, a lot of the PUP developers are making efforts to circumvent our criteria and continue distributing their damaging software to users. This is why we are getting even more critical about what we call a PUP, and what we are going to be detecting and removing from user systems.

Earlier this morning, Malwarebytes posted a revision to the criteria that we use to identify PUPs. These changes are to help continue that fight against products and companies that scam users on the Internet.

Our efforts have resulted in making users’ systems safer and more productive by removing these kinds of software. Unfortunately, we have also received a lot of negative attention from the PUP developers. This has resulted in backlash ranging from nasty blog posts and comments from fake profiles defending the products to, of course, a mountain of letters with legal letterheads demanding that we stop.

Now some people might think of this as something that would slow us down, but we see it as proof that we are making a dent in the development and distribution of PUPs.

You can learn more about our new PUP criteria here.

COMMENTS

Mike Yanczysin

Marcin: Good post, but I am wondering – during your long walks on beaches, how do you avoid the fish?
Uncle_Al

Marcin, I have never understood why security companies avoided dealing directly with PUPs. They are infections and instead of being PUPs, I have always viewed them as PUSS. Instead of Potentially >> Positively Unwanted Surreptitious Software or whatever one may feel fits best. I, however, hope you not are limited by law with respect to any of the definitions you posted in the explanation. Otherwise, you have certainly bitten off a big chunk. I will recommend that all of my friends, relatives, and those who ask me about security, buy your product if I am convinced it meets the tests. Over the years I have dealt with PUSS – starting with Windows 3.0. I think that it is more insidious than the more – uh – nefarious programs, including ransomware.
Marcin Kleczynski

It’s complicated.
Chas4

I reported a big developer who has been abusing their Developer ID and has 7 pieces of Malware in their 2 macOS apps (the malware changes Safari homepage, search and adds extensions, and displays ads, does it to other browsers also) and they have been doing so for a few years now, the malware, Malwarebytes for Mac detects
virus.exe

To me this is where Malwarebytes exceeds (in pup detection) keep up the good work!!!
Feriss.H

I have some five PCs (all windows 7) and a Notebook in a WORKGROUP. Workgroup works well, all PCs visible in a Network Explorer except the ONE. It was connected with others, only not shown in the Network. Tried all possible to make it appearing, but to no avail. Then I initiated Malwarebytes and it found SpyHunter as a PUP. I let it remove it and voila – PC immediately popped up in the Network Window.
Nonie Maus

the difference between malware and PUPs from a legal standpoint is that the person installing has an option to not install the program, even if that option is obfuscated or hidden within a “custom installation” menu.
Naked Chicken

Hello. I have been a subscriber to USTechSupport for a few years as well as Malwarebytes and the two never had a problem with each other until tonight. Malwarebytes is telling me that USTechSupport is a PUP and has blocked it several times. For now it’s quarantined. Does anyone know anything about this? What should I do? Any info would be appreciated. Thanks in advance.
Draco

And this has nothing to do with the lawsuit Spyhunter made against Malwarebytes? ……I’m getting sick of Malwarebytes digging to deep. They could have easily made an exception but they haven’t so I think I’ll uninstall Malwarebytes. I’d been thinking about it for a while now anyway.
615Keith

I am having the same issue and just complained to Malwarebytes. My Spyhunter gets deleted every scan. This is defensive anti-competitive behavior and reflects very badly on the CEO. Malwarebytes is a great program. So is Spyhunter. They should battle it out on their own merits. The deceptive letter from the CEO is the worst kind of business practice: It assumes that his customers are idiots. It inconveniences his customers. It creates bad will. And, unfortunately, it is his employees who suffer and look bad. Silicon Valley started out as a playing field of the best people in the United States: open and giving. It has become the last refuge to which a scoundrel clings.
Draco

I have been waiting for Malwarebytes for many weeks now to do something about it.
Rita

MBAM keeps finding:
Registry Keys: 1
PUP.Optional.SlimCleanerPlus, HKLMSOFTWAREWOW6432NODESLIMWARE UTILITIES INCSlimCleaner Plus, , [156cae0d9cfe23135987ea3725e0ee12],

Windows 10 cannot find any such program or service to unistall. MBAM removes it and the next time I restart the computer it is back. How do I remove it?
ShariPDX

The “auto update” called WINDOWS 10 was a PUP to my little notebook that essentially couldn’t handle 10 and went berserk. It cost me $125 to undo the damage that Microsoft did to my notebook.

This should be dealt with in a class action lawsuit for damages. I’m sure I’m not the only victim. I have since stopped all auto updates on both computers and the notebook.
George Spelvin

*excels
404 Unable to execute

You might try a scan with malwarebytes when booted in safe mode.
Make sure after scan the file is marked for deletion / quarentine.
Doing this in safe mode might prevent the malwares capability of reinjecting itself.

If that doesn’t help there are other programs within Malwarebytes to deal with more nefarious infections. You might get assistance on the Malwarebytes forum for desinfection.
Bon Scott was a Leaf fan

I have been using Iobit’s Advanced System Care for many years and trust it completely. Now Malwarebytes flagged over 1000 files/folders on my system thereby deleting ASC and forcing me to reinstall. Many people use Advanced System Care to maintain their rigs. MWB aren’t the only malware program around. In fact Iobit has their own malware program. Malwarebytes may want to rethink their position here or lose subscribers.
Ann Tobin

the same with me. i have ASC 10 pro, and malwarebytes finds it as pups, i added to exclude it but malwarebytes still finds it..why is asc considered pups..anyone know?
StormwolfKy

I’m also a long-time Malwarebytes Pro and Advanced SystemCare Pro user. I PAID for both of these programs…and now one of them is treating the other as a hostile competitor? No warning even. And MWB’s advice on how to “exclude” IObits ASC from being deleted every 24 hours ISN’T WORKING! After each scan, I tell MWB to “always ignore” all “PUP’s” from IObits, and after each reboot, IObits ASC has been deleted. In desperation, I’ve had to tell MWB to exclude my entire userdata folder from any further scans…which pretty much defeats the entire purpose of having MWB.
D_the_FactMan

You’ve gotten way too aggressive because Malwarebytes 3.0.6 keeps identifying Uniblue’s Registry Booster 2017 as a PUP and even though I tell Malwarebytes to “Always ignore” the program, it does not ignore it and it somehow uninstalls it from our computers — and we have to keep reinstalling it. We’ve been using Registry Booster for at least 7 years and it is a legitimate program — Malwarebyte’s treatment of it is puzzling and unwarranted. Malwarebytes is also incorrectly identifying Iolo’s System Mechanic and IoBit’s Driver Booster as PUPs, which they most definitely are not. At least the “Always ignore” worked for them.
Stu Mountjoy

So do the latest versions of Auslogic Defrag contain malware itself or not?
Pieter Arntz

Hi Stu. There’s a big difference between malware and PUPs. You definitely do NOT want malware, but PUP stands for Potentially Unwanted Programs.
CJ Cline

i’m sorry, but I do not consider Advance System Care to be a PUP
NOTHING about it is potentially Unwanted and they have never forced installations on anyone.
It is a LEGIT Performance and Security enhancing program.

The only possible reason for MB to consider it a PUP is for the definition stealing bs that happened a few years back, but that is NOT a good enough reason to consider a program that is actually helpful to many to be a PUP.

While I love the work MB does, this is as mentioned ANTI COMPETITIVE BEHAVIOR.
I shouldn’t have to Ignore or deselect a program that gets detected as a PUP just because the company has a problem with another company.
Maynard G Krebs

I agree 100%. My ASC 10.2 was working perfectly one day, and the next was listed as over 900 PUPs. When I tried contacting MB I was simply told if I wanted I could have my money back for MalwareBytes if I wanted… That is corporate hostage taking… I have TWO programs I have paid money for, I like them both, but now because YOU decided it was a PUP you are making ME make a choice? If one of your kids was born autistic would you just ask the doctor for your money back? They did not explain their reasoning, just basically said take it or leave it. As soon as I can find an alternative I think I will switch..
Maynard G Krebs

Agree 100%
rooscow

Perhaps, in the quest to pump up your statistics, your war on Advanced System Care is an ill advised and counterproductive use of your programmer’s talents. If you can’t play nice with well established reliable products, maybe we will just have to scrap your product and use one, of which there are others, that doesn’t try to sabotage other vendors in the marketplace.
OldTulsan

This behavior started in the last month, on my wife’s Windows 7 laptop.

The comments here show it’s not unique to our laptops.
LightningJoe

About time we got more aggressive with them.

Kudos!
Dave N ellis

I bought and paid for SpyHunter. It is not a PUP. I’ve tried to work with the Malwarebytes program
to try to get it to ignore SpyHunter to no avail. After each activation of Malwarebytes I’ve had to uninstall the program so it will not interfere with SpyHunter. Enough is enough. Malwarebytes is never to be reinstalled.
elbmek

been there done the uninstall, waiting for T shirt.
elbmek

spywareblaster is on my pc, but does seem to miss ‘tracking cookies’ ….
WibuPertamax

i think malwarebytes still can not forgive what iObit done to them at 2009
Tom Wright

“This has resulted in backlash ranging from nasty blog posts and comments from fake profiles defending the products to, of course, a mountain of letters with legal letterheads demanding that we stop.” Ummm this is a statement I take personally as a customer of Mbam. I am not a fake account, I am also aware of thousands, likely tens of thousands of users just like myself who take this arrogant stance by Mbam as insulting. I am an expert user and have for many years used MBAM, as well as Advanced System Care. The latter is now being marked as a PUP by Mbam, apparently,according to Malware bytes, I and 1000’s of others of their customers are to **** stupid to know a quality program from a turd. Well I just identified a turd. Mbam is a good program, but certainly not the best nor the only game in town. Adios, your stupid customers are leaving your arrogant program.
luciu_t

What is the difference in behavior between Advanced System Care and CCleaner? Both are PC optimization software, but ASC is classified as PUP while CCleaner is not.
TinStarred

………………I already did, …………I finally uninstalled Malware bytes, I’m tired of fooling with it. I have used it for many years but feel I can no longer trust it not to create problems for me. I use ASC for things other than malware, but Malware bytes made that impossible ……………so it’s adios……………. I am now using a combo of ASC, Super AntiSpyware, and Panda AV.
Jhja

This is from PC Advisor three years ago. I don’t know Advanced System Care and have never used it and don’t know how it is today. Maybe it’s the reason Malwarebytes mark it as PUP.

“Warning; if you download IObit’s Advanced System Care you are very
likely to download with it the Yahoo Re-direct Rootkit virus. There is
no indication and it’s downloaded whether you download from CNet or
IObit. The virus takes over all your browsers and redirects them to
Yahoo. All the browser resetting in the world will not get your browsers
away from Yahoo. It’s very difficult to eradicate. None of the
anti-virus products work. Norton Internet Security missed it and
Malwarebytes, Hitman, Stinger & Spybot didn’t get rid of it. If you
have a System Restore prior to downloading, that might work. It did once
for me. The only other way I eradicated it was to use disc imaging
software and to re-install an earlier image of the disc. For me, I shall
never go anywhere near ASC ever again.”
Friar Pan

I think it’s good that Malware Bytes identifies ASC as PUP. If you want to keep it, just un-check it. ASC is not innocent and defaults to auto-load with windows as well as running multiple programs in the background. I suspect many of the ‘ahem’ commentators here are actually interested parties connected to ASC in some way.
Mike

Like many others here … I do not appreciate you deciding that ASC (Adv System Care PRO) is a PUP. I do not agree that a competitor product should be flagged and NOT an easy way to 1 time PERMANENTLY remove it from your list as a user. I have written about this numerous times over the past year and I have read your response and how you close the subject – time after time.

An inexperienced novice would believe their machine is infected with 883 (as reported) PUPs when all are ONE PROGRAM – a paid program named Advance System Care. Then you expect them to know to PRESS next (without selecting any of the alleged PUPs) to see a menu allowing complete ignorance of ASC, in the reported list of PUPS.

THIS IS, in my personal opinion, A SERIOUS breach of etiquette and showmanship on your part – to decide what is best for the user of your program without LETTING the customer decide if a PAID program is usable by them (on top of it partially a competitor) and that you automatically flag it MULTIPLE TIMES as a PUP.

You need to correct this problem ….

I have called and left emails requesting my money be refunded for your program with I purchased and still have approximately 700 days before renewal on several computers.

I have received nothing back in the form of communication. OTHER than your referencing myself and others to your PUP site on the issue.

THIS IS A SPECIFIC ISSUE FOR ADVANCED SYSTEM CARE ONLY.

I have used your product of years. I have recommended your programs to hundreds of people over the years. But with your current attitude toward ASC, I am left with no other avenue except to ask for a refund and I will remove your program from all of my computers NOW and forever.

It is a shame that you consider ASC such a threat (especially a paid PRO version of ASC) that you have to scare others into thinking that it is a danger.

Oh and don’t give me the line that Microsoft doesn’t like it (ASC) either. I am an MS professional partner and have been since certifications began years ago. I have advised MS on many database issues and even sat on advisory boards for them.

I have no intention of getting into a ‘theoretical’ argument with others about the PUP status of ASC – simply how does ASC become a PUP – SPECIFICALLY, why is Advance System Care a Potentially Unwanted Program – not generalities. SPECIFICALLY … other than possibly partially a competitor product.
Speedy Gonzales

true
Advanced System Care is not an unwanted program!
Connor McMahon

Yep
Neil Frandsen

Folks, I was running Malwarebytes, as one of the programs which keeps covering WinXP machines, as an Experienced-user-friendly Program. I even paid for the advanced version!
Then My much longer-on-site Advanced System Care suddenly was listed as a “PUP”.
??? {insert mountain-born, high-plains-raised scatology here}???
After fighting with Malawrebytes’ programming-experten???’s ideas of a helpful way to unPUP one of my favorite Security Programs, I opened IObit’s powerful Uninstaller, and scrubbed Malwarebytes out of my machine’s memory, and hard-drives. Since I run 2.25TB of external hard drives, the Uninstaller got quite a workout, eh?
Now, IObits’ Malware Fighter 5 Pro is happily working alongside Avast’s excellent Avast Premier, and alongside SuperAntiSpyware Professional, with Advanced System Care Ultimate 10 Pro humming into action whenever I wish to use some more scrubbing! Oh yes, I also use System Mechanic, another program that is compatible with its hard-working neighbours!
:
Note: I am a retired Seismic Surveyor, from the 4-leveling-screw K&E Transit days (yes, the one that screwed onto the top of its’ solid-legged tripod, just like George Washington’s slightly older Transit…), who graduated from log-log-Duplex Versalog sliderules, thru the hand-crank calculator, to the electric-motor-does-the-cranking, to the first double-memory Nixie-tube Display calculator, to the TI58, the TI59, and the ultimate unit, the HP41CX (a very versatile computer hidden inside a hand-held calculator case). My Scrapshack Model 100 _did_ have 2 more places of decimals available, for slightly higher accuracy results when riding the Degrees-Minutes-Seconds ranges, but for StarShot recordings, the HP41CX, with a program that used the on-board clock to record times of each shot, then allowed entering the Azimuth, and the altitude, of the Star (remember, our Sun is just another star, from the viewpoint of Spherical Trig).
And on to the various programs optimized to the various flavours of Windows (after DOS)…
Therefore, I am very capable of using a Program that is willing to work with me, not fight me.
:
Malwarebytes must have an attitude adjustment, ere I spend more good money on it.

RELATED ARTICLES

CEO announcements | Malwarebytes news

Welcome to Malwarebytes Unpacked

April 20, 2012 - Malwarebytes was founded with the community in mind. Facebook, Twitter, our forums, and countless other outlets have allowed us to communicate with you, our community. We felt a major piece was missing. Welcome to Malwarebytes Unpacked. Malwarebytes Unpacked is the official Malwarebytes blog providing you with the latest exciting news and cutting edge research directly...

CONTINUE READING 6 Comments

CEO announcements | Malwarebytes news

Yesterday’s Database Update Issue

April 16, 2013 - It saddens me to report that at around 3 PM PST yesterday, Malwarebytes released a definitions update that disabled thousands of computers worldwide. Within 8 minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix. I want to offer my sincere...

CONTINUE READING 5 Comments

CEO announcements | Malwarebytes news

Improvements to our Updating Process

April 18, 2013 - It’s been a rough week here at Malwarebytes, and I’m sure for many of you as well. We’ve spent the entire week focused on supporting the users affected by Monday’s false positive, as well as implementing systems to prevent this type of problem from ever happening again. If you have not yet received help, please route...

CONTINUE READING 2 Comments

CEO announcements | Malwarebytes news

Vulnerability Bounty Hunting In Action

July 23, 2013 - Last week, security researcher Roy Castillo posted a recount of interactions with Facebook about a bug that he had found. Will bug bounty hunting become the norm?

CONTINUE READING No Comments

CEO announcements | Malwarebytes news

Malwarebytes Adopts Aggressive PUP Policy

July 26, 2013 - Malwarebytes Anti-Malware previously detected only harmful or deceiving PUPs. Today, We're revising our policy to include PUPs that our users find annoying or misleading.

CONTINUE READING 10 Comments

ABOUT THE AUTHOR

Marcin Kleczynski
CEO and Co-Founder of Malwarebytes

Likes long walks on the beach and hates fish.

CATEGORIES

101 Cybercrime Malwarebytes news PUP Security world

TOP POSTS

Malwarebytes gets tougher on PUPs

Welcome to Malwarebytes Unpacked

Yesterday’s Database Update Issue

Improvements to our Updating Process

Vulnerability Bounty Hunting In Action

Malwarebytes Adopts Aggressive PUP Policy

Cybersecurity info you can’t do without