Some weeks ago we presented evidence demonstrating that the Chinese company IObit had stolen Malwarebytes’ database and incorporated it into their software. In the days that followed we saw a complete denial of wrongdoing by IObit. They ascribed the matches between their database and our own to anonymous sample submissions, a dubious claim which we debunked.

Nevertheless, IObit did subsequently remove all of Malwarebytes’ definitions from their database (thereby cutting their database size by ~40% in one fell swoop). Though we did not receive an apology from them, nor any official acknowledgment of their theft, this reaction speaks for itself. Removal of our intellectual property was what we wanted, and we therefore consider that we have won. We thank the community, online media outlets and our partners for their support in helping us achieve this favorable result.

We have documented here and here how IObit’s in-the-wild detection rates dropped from over 70% to under 20% overnight after removing Malwarebytes’ definitions from their database. Unsurprisingly, IObit has abruptly ended its anti-malware comparison testing program. We invite all users to continue to compare our detection rates against in-the-wild malware to IObit’s over the next several months. We know who we believe will be on top. And we look forward to continuing to improve our products and help the online community at large.

Marcin Kleczynski