Jump to content

Malwarebytes: Difference between revisions

From Consumer_Action_Taskforce
← Older editNewer edit →
VisualWikitext
Emanuele (talk | contribs)
confirmed
598 edits
created the article
Emanuele (talk | contribs)
confirmed
598 edits
m typo
Line 3: Line 3:
| Release Year =2007  
| Release Year =2007  
| Product Type =Software  
| Product Type =Software  
| In Production =2007
| In Production =Yes
| Official Website =http://malwarebytes.com/  
| Official Website =http://malwarebytes.com/  
| Logo =Malwarebytes logo stacked PMS2728.png  
| Logo =Malwarebytes logo stacked PMS2728.png  
Line 16: Line 16:
* Market Control}}
* Market Control}}


* '''User Privacy:''' '''Malwarebytes Privacy VPN''' is a rebranded version of [[wikipedia:Mullvad|Mullvad VPN]] with privacy concerns. The main concern is that Malwarebytes Privacy VPN may compromise user privacy through its ambiguous data handling practices and ability to log user information, despite its no-logs promotion. This is a warning sign for users looking for genuine privacy and anonymity.
*'''User Privacy:''' '''Malwarebytes Privacy VPN''' is a rebranded version of [[wikipedia:Mullvad|Mullvad VPN]] with privacy concerns. The main concern is that Malwarebytes Privacy VPN may compromise user privacy through its ambiguous data handling practices and ability to log user information, despite its no-logs promotion. This is a warning sign for users looking for genuine privacy and anonymity.


==Controversies==
==Controversies==
Line 25: Line 25:
However, Malwarebytes VPN is based on Mullvad VPN and various open source tools,<ref name=":0">https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html</ref> and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner<ref>https://mullvad.net/en/help/partnerships-and-resellers</ref>. The software is based on open source code, used without contributing back:
However, Malwarebytes VPN is based on Mullvad VPN and various open source tools,<ref name=":0">https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html</ref> and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner<ref>https://mullvad.net/en/help/partnerships-and-resellers</ref>. The software is based on open source code, used without contributing back:


* <code>7z.ddl</code>,  licensed under [https://it.wikipedia.org/wiki/GNU_Lesser_General_Public_License LGPL] and [[wikipedia:BSD_licenses|BSD]].
*<code>7z.ddl</code>,  licensed under [https://it.wikipedia.org/wiki/GNU_Lesser_General_Public_License LGPL] and [[wikipedia:BSD_licenses|BSD]].
* <code>wintun.ddl</code>,  version 0.13, from the [https://www.wintun.net/ Wintun project].
*<code>wintun.ddl</code>,  version 0.13, from the [https://www.wintun.net/ Wintun project].


These are the embedded dependencies:
These are the embedded dependencies:


* [https://openssl-library.org/ OpenSSL] 1.1.0h<ref>https://www.tenable.com/plugins/nessus/96874</ref><ref>https://security.snyk.io/package/npm/openssl/1.1.0</ref>
*[https://openssl-library.org/ OpenSSL] 1.1.0h<ref>https://www.tenable.com/plugins/nessus/96874</ref><ref>https://security.snyk.io/package/npm/openssl/1.1.0</ref>
* [https://www.pcre.org/ pcre2]<ref>https://security.snyk.io/package/linux/centos%3A7/pcre</ref>
*[https://www.pcre.org/ pcre2]<ref>https://security.snyk.io/package/linux/centos%3A7/pcre</ref>
* [https://www.7-zip.org/ 7z]
*[https://www.7-zip.org/ 7z]
* [https://github.com/pocoproject/poco/releases/tag/poco-1.9.0-release Poco 1.9.0]
*[https://github.com/pocoproject/poco/releases/tag/poco-1.9.0-release Poco 1.9.0]


=== Privacy Policy ===
===Privacy Policy===
'''[https://www.malwarebytes.com/legal/privacy-policy Malwarebytes Privacy Policy]''' contains various privacy concerning points:<ref name=":0" />
'''[https://www.malwarebytes.com/legal/privacy-policy Malwarebytes Privacy Policy]''' contains various privacy concerning points:<ref name=":0" />


* Operates under the [[wikipedia:EU–US_Privacy_Shield|EU Privacy Shield]] (declared illegal by the [[wikipedia:European_Court_of_Justice|ECJ]] in July 2020)
*Operates under the [[wikipedia:EU–US_Privacy_Shield|EU Privacy Shield]] (declared illegal by the [[wikipedia:European_Court_of_Justice|ECJ]] in July 2020)
* The '''Data Retention''' section states:<blockquote>We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.</blockquote>
*The '''Data Retention''' section states:<blockquote>We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.</blockquote>
* The '''International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework''' section violates the [[GDPR]]:<blockquote>Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.</blockquote>
*The '''International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework''' section violates the [[GDPR]]:<blockquote>Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.</blockquote>


=== Data collection ===
===Data collection===
Malwarebytes is collecting the following data via its different products:<ref name=":0" />
Malwarebytes is collecting the following data via its different products:<ref name=":0" />


* A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on the IP address
*A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on the IP address
* The type of connection (dialup/broadband/satellite/mobile)
*The type of connection (dialup/broadband/satellite/mobile)
* The ISP through which the connection is made
*The ISP through which the connection is made
* The organization to which the IP address is licensed
*The organization to which the IP address is licensed
* The operating system the program is installed on
*The operating system the program is installed on
* The system language in use on that system
*The system language in use on that system
* The processor architecture (i.e., 32- or 64-bit)
*The processor architecture (i.e., 32- or 64-bit)
* The file system in use (i.e., FAT32)
*The file system in use (i.e., FAT32)
* Information from the Windows Security/Action Center, including security settings and programs installed or in use
*Information from the Windows Security/Action Center, including security settings and programs installed or in use
* Information about other Malwarebytes program settings and how they are configured
*Information about other Malwarebytes program settings and how they are configured
* Information about the use of the software or services ("Log Data")
*Information about the use of the software or services ("Log Data")


The '''Functional Data''' section of the privacy policy states:<blockquote>We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.</blockquote>Malwarebytes website also contains ads trackers and third party cookies.<ref>https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false</ref> Also, on each webpage, a seemingly harmless GIF file (<code><nowiki>https://genesis.malwarebytes.com/api/v1/wai.gif</nowiki></code>) is being loaded. The GIF returns JSON data, which is probably being used for fingerprinting.<ref name=":0" /> [[wikipedia:Fingerprint_(computing)|Fingerprinting]] is a method to identify and track users uniquely based on the characteristics of their device and browser, which raises additional privacy issues regarding Malwarebytes' behavior.
The '''Functional Data''' section of the privacy policy states:<blockquote>We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.</blockquote>Malwarebytes website also contains ads trackers and third party cookies.<ref>https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false</ref> Also, on each webpage, a seemingly harmless GIF file (<code><nowiki>https://genesis.malwarebytes.com/api/v1/wai.gif</nowiki></code>) is being loaded. The GIF returns JSON data, which is probably being used for fingerprinting.<ref name=":0" /> [[wikipedia:Fingerprint_(computing)|Fingerprinting]] is a method to identify and track users uniquely based on the characteristics of their device and browser, which raises additional privacy issues regarding Malwarebytes' behavior.

Revision as of 21:32, 22 February 2025

Malwarebytes
Basic Information
Release Year 2007
Product Type Software
In Production Yes
Official Website http://malwarebytes.com/

Malwarebytes is an anti-virus software for Microsoft Windows, macOS, ChromeOS, Android, and iOS, developed by Malwarebytes Corporation. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.

Add a 2-3 sentence introduction starting with "Malwarebytes is a ...[1]".

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

$1

Consumer impact summary

Overview of concerns that arise from the conduct towards users of the product (if applicable):

  • User Freedom
  • User Privacy
  • Business Model
  • Market Control

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

  • User Privacy: Malwarebytes Privacy VPN is a rebranded version of Mullvad VPN with privacy concerns. The main concern is that Malwarebytes Privacy VPN may compromise user privacy through its ambiguous data handling practices and ability to log user information, despite its no-logs promotion. This is a warning sign for users looking for genuine privacy and anonymity.

Controversies

This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the Malwarebytes category.

Privacy VPN

In April of 2020, Malwarebytes Labs introduced their Privacy VPN, emphasizing the importance of using a VPN that respects user privacy:[2]

One important note we consistently emphasize is that it’s important to choose a VPN that does what it promises and doesn’t abuse your data. To make that choice a little easier, we’ve developed our own VPN that Malwarebytes users can trust to protect your data and privacy every time you go online.

However, Malwarebytes VPN is based on Mullvad VPN and various open source tools,[3] and nothing is properly disclosed on the official website. On Mullvad site, Malwarebytes is mentioned as partner[4]. The software is based on open source code, used without contributing back:

These are the embedded dependencies:

Privacy Policy

Malwarebytes Privacy Policy contains various privacy concerning points:[3]

  • Operates under the EU Privacy Shield (declared illegal by the ECJ in July 2020)
  • The Data Retention section states:

    We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.

  • The International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework section violates the GDPR:

    Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.

Data collection

Malwarebytes is collecting the following data via its different products:[3]

  • A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on the IP address
  • The type of connection (dialup/broadband/satellite/mobile)
  • The ISP through which the connection is made
  • The organization to which the IP address is licensed
  • The operating system the program is installed on
  • The system language in use on that system
  • The processor architecture (i.e., 32- or 64-bit)
  • The file system in use (i.e., FAT32)
  • Information from the Windows Security/Action Center, including security settings and programs installed or in use
  • Information about other Malwarebytes program settings and how they are configured
  • Information about the use of the software or services ("Log Data")

The Functional Data section of the privacy policy states:

We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.

Malwarebytes website also contains ads trackers and third party cookies.[8] Also, on each webpage, a seemingly harmless GIF file (https://genesis.malwarebytes.com/api/v1/wai.gif) is being loaded. The GIF returns JSON data, which is probably being used for fingerprinting.[3] Fingerprinting is a method to identify and track users uniquely based on the characteristics of their device and browser, which raises additional privacy issues regarding Malwarebytes' behavior.

See also

Link to relevant theme articles or products with similar incidents.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


References

  1. ref goes here
  2. https://www.malwarebytes.com/blog/malwarebytes-news/2020/04/introducing-malwarebytes-privacy
  3. 3.0 3.1 3.2 3.3 https://dustri.org/b/malwarebytes-privacy-vpn-is-mullvad-in-a-shady-trenchcoat.html
  4. https://mullvad.net/en/help/partnerships-and-resellers
  5. https://www.tenable.com/plugins/nessus/96874
  6. https://security.snyk.io/package/npm/openssl/1.1.0
  7. https://security.snyk.io/package/linux/centos%3A7/pcre
  8. https://themarkup.org/blacklight?url=malwarebytes.com&device=mobile&location=us&force=false
Retrieved from "https://consumerrights.wiki/index.php?title=Malwarebytes&oldid=9637"