Malwarebytes: Difference between revisions

Line 1:

{{InfoboxProductLine

| Title = ~~{{PAGENAME}}~~

| Title = Malwarebytes

| Release Year =

| Release Year =2007

| Product Type =

| Product Type =Software

| In Production =

| In Production =2007

| Official Website =

| Official Website =http://malwarebytes.com/

| Logo =

| Logo =Malwarebytes logo stacked PMS2728.png

}}

}}'''[[wikipedia:Malwarebytes_(software)|Malwarebytes]]''' is an anti-virus software for Microsoft Windows, macOS, ChromeOS, Android, and iOS, developed by '''[[wikipedia:Malwarebytes|Malwarebytes Corporation]]'''. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.{{Placeholder box|Add a 2-3 sentence introduction starting with "'''{{PAGENAME}}''' is a ...<ref name":0">ref goes here</ref>".}}

{{Placeholder box|Add a 2-3 sentence introduction starting with "'''{{PAGENAME}}''' is a ...<ref name":0">ref goes here</ref>".}}

$1

Line 17:

Line 16:

* Market Control}}

$2

* '''User Privacy:''' '''Malwarebytes Privacy VPN''' is a rebranded version of [[wikipedia:Mullvad|Mullvad VPN]] with privacy concerns. The main concern is that Malwarebytes Privacy VPN may compromise user privacy through its ambiguous data handling practices and ability to log user information, despite its no-logs promotion. This is a warning sign for users looking for genuine privacy and anonymity.

==Controversies==

This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

=== Privacy VPN ===

===Privacy VPN===

~~Reskinned Mullvad~~ VPN ~~without giving credit~~. ~~Added concerning~~, privacy ~~compromising telemetry~~ on ~~the backend without informing consumers.~~<ref>https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html</ref><~~blockquote~~>"~~You~~'~~d be better off using Mullvad directly~~: it's the ~~same price~~, ~~without invasive telemetry~~ and ~~useless risky sugarcoating~~ on ~~top of~~ it." - ~~Julien Voisin~~</blockquote>

In April of 2020, Malwarebytes Labs introduced their Privacy VPN, emphasizing the importance of using a VPN that respects user privacy:<ref>https://www.malwarebytes.com/blog/malwarebytes-news/2020/04/introducing-malwarebytes-privacy</ref><blockquote>One important note we consistently emphasize is that it’s important to choose a VPN that does what it promises and doesn’t abuse your data. To make that choice a little easier, we’ve developed our own VPN that Malwarebytes users can trust to protect your data and privacy every time you go online.</blockquote>

However, Malwarebytes VPN is based on Mullvad VPN and various open source tools,<ref name=":0">https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html</ref> and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner<ref>https://mullvad.net/en/help/partnerships-and-resellers</ref>. The software is based on open source code, used without contributing back:

* <code>7z.ddl</code>, licensed under [https://it.wikipedia.org/wiki/GNU_Lesser_General_Public_License LGPL] and [[wikipedia:BSD_licenses|BSD]].

* <code>wintun.ddl</code>, version 0.13, from the [https://www.wintun.net/ Wintun project].

These are the embedded dependencies:

* [https://openssl-library.org/ OpenSSL] 1.1.0h<ref>https://www.tenable.com/plugins/nessus/96874</ref><ref>https://security.snyk.io/package/npm/openssl/1.1.0</ref>

* [https://www.pcre.org/ pcre2]<ref>https://security.snyk.io/package/linux/centos%3A7/pcre</ref>

* [https://www.7-zip.org/ 7z]

* [https://github.com/pocoproject/poco/releases/tag/poco-1.9.0-release Poco 1.9.0]

=== Privacy Policy ===

'''[https://www.malwarebytes.com/legal/privacy-policy Malwarebytes Privacy Policy]''' contains various privacy concerning points:<ref name=":0" />

* Operates under the [[wikipedia:EU–US_Privacy_Shield|EU Privacy Shield]] (declared illegal by the [[wikipedia:European_Court_of_Justice|ECJ]] in July 2020)

* The '''Data Retention''' section states:<blockquote>We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.</blockquote>

* The '''International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework''' section violates the [[GDPR]]:<blockquote>Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.</blockquote>

=== Data collection ===

Malwarebytes is collecting the following data via its different products:<ref name=":0" />

* A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on the IP address

* The type of connection (dialup/broadband/satellite/mobile)

* The ISP through which the connection is made

* The organization to which the IP address is licensed

* The operating system the program is installed on

* The system language in use on that system

* The processor architecture (i.e., 32- or 64-bit)

* The file system in use (i.e., FAT32)

* Information from the Windows Security/Action Center, including security settings and programs installed or in use

* Information about other Malwarebytes program settings and how they are configured

* Information about the use of the software or services ("Log Data")

The '''Functional Data''' section of the privacy policy states:<blockquote>We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.</blockquote>Malwarebytes website also contains ads trackers and third party cookies.<ref>https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false</ref> Also, on each webpage, a seemingly harmless GIF file (<code><nowiki>https://genesis.malwarebytes.com/api/v1/wai.gif</nowiki></code>) is being loaded. The GIF returns JSON data, which is probably being used for fingerprinting.<ref name=":0" /> [[wikipedia:Fingerprint_(computing)|Fingerprinting]] is a method to identify and track users uniquely based on the characteristics of their device and browser, which raises additional privacy issues regarding Malwarebytes' behavior.

==See also==

@@ Line 1: / Line 1: @@
 {{InfoboxProductLine
-| Title = {{PAGENAME}}
+| Title = Malwarebytes
-| Release Year =
+| Release Year =2007
-| Product Type =
+| Product Type =Software
-| In Production =
+| In Production =2007
-| Official Website =
+| Official Website =http://malwarebytes.com/
-| Logo =
+| Logo =Malwarebytes logo stacked PMS2728.png
-}}
+}}'''[[wikipedia:Malwarebytes_(software)|Malwarebytes]]''' is an anti-virus software for Microsoft Windows, macOS, ChromeOS, Android, and iOS, developed by '''[[wikipedia:Malwarebytes|Malwarebytes Corporation]]'''. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.{{Placeholder box|Add a 2-3 sentence introduction starting with "'''{{PAGENAME}}''' is a ...<ref name":0">ref goes here</ref>".}}
-{{Placeholder box|Add a 2-3 sentence introduction starting with "'''{{PAGENAME}}''' is a ...<ref name":0">ref goes here</ref>".}}
 $1
@@ Line 17: / Line 16: @@
 * Market Control}}
-$2
+* '''User Privacy:''' '''Malwarebytes Privacy VPN''' is a rebranded version of [[wikipedia:Mullvad|Mullvad VPN]] with privacy concerns. The main concern is that Malwarebytes Privacy VPN may compromise user privacy through its ambiguous data handling practices and ability to log user information, despite its no-logs promotion. This is a warning sign for users looking for genuine privacy and anonymity.
 ==Controversies==
 This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
-=== Privacy VPN ===
+===Privacy VPN===
-Reskinned Mullvad VPN without giving credit. Added concerning, privacy compromising telemetry on the backend without informing consumers.<ref>https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html</ref><blockquote>"You'd be better off using Mullvad directly: it's the same price, without invasive telemetry and useless risky sugarcoating on top of it." - Julien Voisin</blockquote>
+In April of 2020, Malwarebytes Labs introduced their Privacy VPN, emphasizing the importance of using a VPN that respects user privacy:<ref>https://www.malwarebytes.com/blog/malwarebytes-news/2020/04/introducing-malwarebytes-privacy</ref><blockquote>One important note we consistently emphasize is that it’s important to choose a VPN that does what it promises and doesn’t abuse your data. To make that choice a little easier, we’ve developed our own VPN that Malwarebytes users can trust to protect your data and privacy every time you go online.</blockquote>
+However, Malwarebytes VPN is based on Mullvad VPN and various open source tools,<ref name=":0">https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html</ref> and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner<ref>https://mullvad.net/en/help/partnerships-and-resellers</ref>. The software is based on open source code, used without contributing back:
+* <code>7z.ddl</code>,  licensed under [https://it.wikipedia.org/wiki/GNU_Lesser_General_Public_License LGPL] and [[wikipedia:BSD_licenses|BSD]].
+* <code>wintun.ddl</code>,  version 0.13, from the [https://www.wintun.net/ Wintun project].
+These are the embedded dependencies:
+* [https://openssl-library.org/ OpenSSL] 1.1.0h<ref>https://www.tenable.com/plugins/nessus/96874</ref><ref>https://security.snyk.io/package/npm/openssl/1.1.0</ref>
+* [https://www.pcre.org/ pcre2]<ref>https://security.snyk.io/package/linux/centos%3A7/pcre</ref>
+* [https://www.7-zip.org/ 7z]
+* [https://github.com/pocoproject/poco/releases/tag/poco-1.9.0-release Poco 1.9.0]
+=== Privacy Policy ===
+'''[https://www.malwarebytes.com/legal/privacy-policy Malwarebytes Privacy Policy]''' contains various privacy concerning points:<ref name=":0" />
+* Operates under the [[wikipedia:EU–US_Privacy_Shield|EU Privacy Shield]] (declared illegal by the [[wikipedia:European_Court_of_Justice|ECJ]] in July 2020)
+* The '''Data Retention''' section states:<blockquote>We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.</blockquote>
+* The '''International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework''' section violates the [[GDPR]]:<blockquote>Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.</blockquote>
+=== Data collection ===
+Malwarebytes is collecting the following data via its different products:<ref name=":0" />
+* A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on the IP address
+* The type of connection (dialup/broadband/satellite/mobile)
+* The ISP through which the connection is made
+* The organization to which the IP address is licensed
+* The operating system the program is installed on
+* The system language in use on that system
+* The processor architecture (i.e., 32- or 64-bit)
+* The file system in use (i.e., FAT32)
+* Information from the Windows Security/Action Center, including security settings and programs installed or in use
+* Information about other Malwarebytes program settings and how they are configured
+* Information about the use of the software or services ("Log Data")
+The '''Functional Data''' section of the privacy policy states:<blockquote>We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.</blockquote>Malwarebytes website also contains ads trackers and third party cookies.<ref>https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false</ref> Also, on each webpage, a seemingly harmless GIF file (<code><nowiki>https://genesis.malwarebytes.com/api/v1/wai.gif</nowiki></code>) is being loaded. The GIF returns JSON data, which is probably being used for fingerprinting.<ref name=":0" /> [[wikipedia:Fingerprint_(computing)|Fingerprinting]] is a method to identify and track users uniquely based on the characteristics of their device and browser, which raises additional privacy issues regarding Malwarebytes' behavior.
 ==See also==