Malwarebytes Blocks Registry Reviver as an Infection and PUP with False Positives
Posted by: Timothy Tibbetts on 12/30/2017 11:58 AM [ Comments ]
Malwarebytes has blocked Registry Reviver and their website for as a PUP system optimizer.
Only one problem. It's not a PUP. Malwarebytes has hopped on the PUP bandwagon years back flagging anything with third party-software included. A PUP is potentially Unwanted Programs, and Malwarebytes has broadened the term to sell more software.
According to Malwarebytes researcher "MetallicaMVP:"
The Malwarebytes research team has determined that Registry Reviver is a "system optimizer." These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
We decided to run Registry Reviver against CCleaner. Registry Reviver is aggressive while CCleaner is notoriously conservative. Registry Reviver found 152 and CCleaner found 55. We then began randomly searching for invalid entries against the additional 97 registry entries Registry Reviver found. We discovered the first ten we choose at random were indeed invalid registry entries. Now, we can argue, and we'd probably agree, they are useless or empty keys, but we would then have to ask you what exactly did you expect a registry cleaner to do?
So we tweeted a reply and asked if they were false registry entries and Pieter admitted they "probably" weren't false positives yet didn't modify this article. They also call it an infection while again admitting that to get Registry Revier you have to download it yourself. That's bad business.
Now we still use and like Malwarebytes, but we think there are enough real world problems to deal with rather than hunting for problems. Registry Reviver is a shareware product. Malwarebytes isn't much different trying to get you to hand over your money by tricking you into thinking you're installing a 30-day trial.
Maybe we're splitting hairs? We just don't think you should block a program because it's too good at what it does. And, you certainly don't call it an infection. They should be embarrassed.
According to Malwarebytes researcher "MetallicaMVP:"
The Malwarebytes research team has determined that Registry Reviver is a "system optimizer." These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
We decided to run Registry Reviver against CCleaner. Registry Reviver is aggressive while CCleaner is notoriously conservative. Registry Reviver found 152 and CCleaner found 55. We then began randomly searching for invalid entries against the additional 97 registry entries Registry Reviver found. We discovered the first ten we choose at random were indeed invalid registry entries. Now, we can argue, and we'd probably agree, they are useless or empty keys, but we would then have to ask you what exactly did you expect a registry cleaner to do?
So we tweeted a reply and asked if they were false registry entries and Pieter admitted they "probably" weren't false positives yet didn't modify this article. They also call it an infection while again admitting that to get Registry Revier you have to download it yourself. That's bad business.
Probably not false, they are too smart for that, but flagging entries that are nothing to worry about.
— Pieter Arntz (@MetallicaMVP) December 14, 2017
Now we still use and like Malwarebytes, but we think there are enough real world problems to deal with rather than hunting for problems. Registry Reviver is a shareware product. Malwarebytes isn't much different trying to get you to hand over your money by tricking you into thinking you're installing a 30-day trial.
Maybe we're splitting hairs? We just don't think you should block a program because it's too good at what it does. And, you certainly don't call it an infection. They should be embarrassed.
Comments