Q&A Wanted or Unwanted program [Malwarebytes VS Reviversoft]

BoraMurdar

Super Moderator
MalwareTips Staff
Verified
Joined
Aug 30, 2012
Messages
6,071
OS
Windows 10
Antivirus
Emsisoft
#1
One word - Commercialisation
It's just that different companies use different tactics to hide what they think it should be hidden or transparent. I am for bundled software, but against deceives and installation tricks, I am for programs that say what it will do to your system and take all precaution measures and give you all detailed information and explanation what it will do if you click Clean or Optimize. But against vice versa ones.

Potentially unwanted program - Wikipedia

What is your opinion on this theme?

Interesting article
Malwarebytes Blocks Registry Reviver as an Infection and PUP with False Positives - MajorGeeks
"Malwarebytes has blocked Registry Reviver and their website for as a PUP system optimizer.

Only one problem. It's not a PUP. Malwarebytes has hopped on the PUP bandwagon years back flagging anything with third party-software included. A PUP is potentially Unwanted Programs, and Malwarebytes has broadened the term to sell more software.

According to Malwarebytes researcher "MetallicaMVP:"

The Malwarebytes research team has determined that Registry Reviver is a "system optimizer." These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.


We decided to run Registry Reviver against CCleaner. Registry Reviver is aggressive while CCleaner is notoriously conservative. Registry Reviver found 152 and CCleaner found 55. We then began randomly searching for invalid entries against the additional 97 registry entries Registry Reviver found. We discovered the first ten we choose at random were indeed invalid registry entries. Now, we can argue, and we'd probably agree, they are useless or empty keys, but we would then have to ask you what exactly did you expect a registry cleaner to do?

So we tweeted a reply and asked if they were false registry entries and Pieter admitted they "probably" weren't false positives yet didn't modify this article. They also call it an infection while again admitting that to get Registry Revier you have to download it yourself. That's bad business.

Now we still use and like Malwarebytes, but we think there are enough real world problems to deal with rather than hunting for problems. Registry Reviver is a shareware product. Malwarebytes isn't much different trying to get you to hand over your money by tricking you into thinking you're installing a 30-day trial.
 
P

plat1098

Guest
#2
What is up with Malwarebytes lately? This is not the first incident where one can look a little funny in that direction. There was a discussion elsewhere recently concerning a "blog" of Mbytes with a sort of "world threat map" that purported to show Mbytes picking up all the infections the resident antivirus had "missed," thus claiming to justify the catchphrase on its downloads page. There were discrepancies about "PUAs" and what were counted, etc. Long story short: we had gotten a solemn avowal from Mbytes staff that no telemetry was ever to be used for advertising/revenue purposes just several months before this so-called "blog" hit the scene. I used to respect Malwarebytes a lot, even though I very seldom used the products. Now....?
 
D

Deleted member 65228

Guest
#4
Here are some of my thoughts, this is simply my opinion.

If you haven't looked at the original source which @BoraMurdar kindly linked us to, you won't know the full response from the Malwarebytes employee. Below is a quote which is what the response said in full.
Probably not false, they are too smart for that, but flagging entries that are nothing to worry about.
Now we know that the detection's were "probably" not false, but likely nothing to worry about. This changes the entire situation, because it isn't a case of "Malwarebytes lied about false detection's to add a new software to their list of PUP detection's", but it is a case of, "Malwarebytes believed that the detection's were inaccurate, or that the software was behaving in a deceiving manner due to flagging objects which were not of a problem to anyone, as an attempt to gain more purchases and generate more income".

Now from my point of view, software behaving in a deceiving manner as an attempt to generate more profit, means it is a Potentially Unwanted Program... Most of the time. Below is an image from the article.



We can see the User Interface of Registry Reviver, and we can also see the red banner about the potential registry issues. Notice the keyword "Potential", it never mentions that the detected objects were "truly" issues. However, the red banner will grip attention of the user, and the button in Green saying "Fix All" will also grip attention to the user considering it is on a red background with a warning icon.

Now if Registry Reviver found objects which were not "real" issues but "potential" issues, and those detected objects were really nothing for someone to worry about, then I personally would consider the software to be unwanted. My reasoning behind this opinion is that an average user who downloads and installs the software may not focus on the wording entirely as much as I have, and may believe that the "issues" need to be resolved. Despite whether the flagged objects are real issues or not, the average user may then be convinced that the software has been of a genuine benefit to them, and may even keep them secure - this can lead to a new premium customer, splashing money for software which in actual fact did not benefit the user in a genuine way, because the flagged objects were not a problem/needed to be removed to solve/improve something in the first place.

Based on this, I agree with the decision made by Malwarebytes. However whether someone else will agree will depend on what they classify as potentially unwanted (what a software has to do to be seen as one for them). Malwarebytes have their own guidelines for this, therefore if the software violated them... Then Malwarebytes will add them as a detection. I don't use Malwarebytes so it doesn't matter to me, but those are just my personal thoughts.

Therefore if Registry Reviver is flagging registry keys/key name values which are not actually a genuine deal to the user and truly are issues, then I would make this very clear to the user if I was the developer, because the wording "Potential Registry Issues Found" is not so clear to an average user in my opinion. Mixed with the background color, warning icon and the green fix button, I'd hit it and believe they were genuine issues and miss the "Potential" keyword if I was an average user.

I have never used the software and never will, but if it is clean then it is clean and if it isn't then it isn't. Potentially Unwanted doesn't mean that it is malicious, that's why it's been given the detection name it has. The whole "PUP" detection scenario is opinionated by the AV vendors, so I don't see why it wouldn't be fair for the detection to be justified a bit further, to give average users an accurate explanation that it was opinionated and the software in itself is not necessarily harmful (to help prevent damage to the software vendor being flagged under these circumstances).

On the contrary though, Malwarebytes should verify findings before adding detection's. So make it clear by checking if the detection's were not in-existent, or truly nothing to worry about. And detection's which are nothing to worry about, can also be opinionated. Then again, the software is designed to clean the registry so... It is a tricky scenario.

With all of this in mind though, those who understand how the Windows Registry works and also have hands-on experience working with it, will know that a majority of the time registry cleaning is absolutely unnecessary and can lead down a path to more bad than good a majority of the time. Aggressive registry cleaners can mess a lot up if you don't know what you are doing and go through, checking every single detected object before allowing a clean.

Everyone will have a different take on it, that's normal. These are just my thoughts :)
 
Last edited by a moderator: