When anti-malware vendors get into a slap fight, users lose

No one should disable another vendor's protection, regardless of reason

When anti-malware vendors get into a slap fight, users lose

All is quiet on the Microsoft front, but there are other technology issues to address, which I will be doing in the next few blogs. The first is about a battle between two anti-malware vendors: PC Pitstop and Malwarebytes. 


Most software markets tend to consolidate around a handful or even one or two vendors. How many competitors are there for Photoshop, after all? But there are two markets that thrive and have a large number of players: gaming and anti-virus/anti-malware. 

It started about a month ago. On Dec. 7, PC Pitstop, maker of the PC Matic repair software and those obnoxious TV commercials, posted a ransomware test performed by AV Comparatives that included its PC Matic product and its many competitors, including Malwarebytes, the latter included for the first time. 

The next day PC Pitstop claims Malwarebytes "began attacking our customers." Malwarebytes removed PC Matic and its real-time protection, Super Shield, as a Potentially Unwanted Program (PUP). PC Pitstop says it made numerous attempts to contact Malwarebytes through formal and informal channels with no response other than predefined replies. 

Never disable a competitor’s anti-malware product 

PC Pitstop made a semi-valid point when it says Malwarebytes broke a rule of security: Never remove an AV product without replacing it with another. I agree—an anti-malware product should never, ever disable a competitor. I dinged Microsoft in another blog for doing just that

But the fact is Malwarebytes is an AV product. It just removed PC Matic but left itself running. And Malwarebytes is a far superior product than Windows Defender. But then again, looking at those AC Comparatives results, that's not saying much. 

Both Malwarebytes and PC Pitstop are Microsoft-certified security partners. The idea that one Microsoft security partner would attack another is unprecedented, as far as I know, especially in the security arena. I've seen some products warn of incompatibilities or problems if a certain competitor is also running, but they never disabled the other product. 

Is PC Matic a PUP? 

Malwarebytes responded with a lengthy blog post detailing why it considers PC Matic a PUP. It said it detects PC Matic as PUP.Optional, meaning it's a Potentially Unwanted Program but you have the option to remove it or leave it. 

PC Pitstop was considered a PUP for a few reasons, some of which are trivial (claiming that registry cleaning is necessary) and for more logical reasons, such as silent removal of necessary applications, including Chrome’s updater and Java’s updater. 

The most damning claim was that Malwarebytes has found "a series of critical vulnerabilities in PC Pitstop’s products that can allow any attacker to take control of your machine." It advises all PC Matic users to immediately uninstall any and all PC Pitstop products from their computers until the vulnerability is resolved and says it has sent details of the vulnerabilities found to PC Pitstop. 

+ What do you think? Share your thoughts about the dispute between PC Pitstop and Malwarebytes on our Facebook page. +

Have you noticed something missing in all of this? Like, all of the other anti-malware competitors. Why haven't Symantec, McAfee, ESET, Kaspersky, Trend Micro and Microsoft labeled PC Matic a PUP? Why aren't they disabling PC Matic? This really does smack of sour grapes on the part of Malwarebytes simply because PC Pitstop pointed out their lousy performance.

If you look at the performance chart PC Pitstop posted in their Dec. 7 blog post, there is no question that Malwarebytes performed badly. And a few months back, Flexera listed Malwarebytes as one of the top 10 most out-of-date apps, the only anti-malware product on the list. So, Malwarebytes has some issues to address. 

Picking a fight with someone as aggressive as PC Pitstop CEO Rob Cheng isn't a smart move because he will go blabbing to everyone about it. If you've seen those annoying PC Matic TV ads, you know what I'm talking about. I'm probably going to get a half dozen tweets thrown at me for this alone. 

People put their faith and PC security in these two companies. They deserve better than this.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2017 IDG Communications, Inc.