PC – SOS

An Internet Security Blog

MalwareBytes Seal – Am I missing something?

Posted by Bob Zenith on October 28, 2010

First of all, let me state that I consider MalwareBytes Anti-Malware to be one of the best (if not the best) anti-malware products available, and I frequently use and recommend the free version. However, yesterday I noticed something odd:

I was browsing through the MalwareBytes online store, just to see the price of the Pro version, and I noticed that the page had 3 security seals on it. One from Comodo, one from McAfee, and one generic SSL-Secured seal.

The seal from Comodo is legitimate and clickable.

The generic “SSL-Secured” seal is not clickable (I didn’t expect it to be), but it is true; MalwareBytes’s online store is SSL secured, so there’s no problem there.

However, the McAfee Seal is NOT clickable. Odd, I thought, since a McAfee seal needs to be clickable in order to be legitimate. At first, I thought one of my security add-ons was causing issues (NoScript, RequestPolicy, etc.). So, I disabled all my add-ons and restarted Firefox, returning to the page. Alas, the seal was not clickable.

At this point, I still was giving MalwareBytes the benefit of the doubt, and I believed something was causing issues with my Firefox and the seal. So, I tried the test in Internet Explorer; same result – the seal was not clickable.

Furthermore, I went to MalwareByte’s SiteAdvisor page. If the seal is legitimate, then the scorecard will have a McAfee Secure logo on it, such as siteadvisor.com’s scorecard. Nope – MalwareBytes.org’s scorecard does not have a McAfee Secure logo on it. Neither does store.malwarebytes.org’s scorecard.

Looking at the “seal” at store.malwarebytes.org more closely, I discovered that it doesn’t share similar characteristics with legitimate McAfee seals. Normally, when you attempt to right-click a McAfee seal, you receive a warning message:

Copying Prohibited by Law – McAfee Secure is a Trademark of McAfee, Inc.

Try it yourself – right-click the McAfee seal in the top right hand corner of the site. It’ll pop-up a window. You can also try it here, except the seal is at the bottom of the page.

This does not happen with MalwareBytes’s seal…. the seal allows you to right click it, and potentially, copy the image.

…So, what gives?

\Update: MalwareBytes has removed the seal from their site until a clear policy about the seal from McAfee can be put in place.

Advertisements

7 Responses to “MalwareBytes Seal – Am I missing something?”

  1. Aaron said

    Good find. Trademark abuse is serious stuff, they could probably be sued.. You should email malwarebytes about it.

    Also, if the site is mcafee secured, it should have a page like this for it: http://www.mcafeesecure.com/RatingVerify?ref=www.flcrooks.com
    I tried all variations of the url for malwarebytes and nothing.

    P.S. Still waiting to hear if I’ve been accepted at GeekU!

    • Bob Zenith said

      Hello Aaron,

      You should email malwarebytes about it.
      I emailed MalwareBytes’s Corporate email ~26 hours ago with still no response. I’m assuming that the email is only managed on weekdays? So, if I don’t receive a reply by Monday afternoon, I’ll have to take the next step, which would probably be notifying McAfee.

      P.S. Still waiting to hear if I’ve been accepted at GeekU!
      Odd, I would have thought you’d have heard back by now. You’ll probably hear back on Monday. Good luck 🙂

  2. Aaron said

    Only sounds fair. It’s still so surprising that a trusted company like MalwareBytes would do something like this.

    It appears they are a little behind schedule because they’ve built up a backlog 10 other applications (just going by number of threads in the board) with no new responses since my app. Heh.

  3. Brian Yang said

    This is a really interesting find and I’m really surprised Malwarebytes would do this.

    After a bit of examination of their source code, I’m quite sure Malwarebytes never owned a McAfee Secure seal.

    Their online store is powered by Cleverbridge, and the seal is loading for cleverbridge.com.

    But even so, the domain name is store.malwarebytes.org and the seal is cleverbridge.com. And the fact that the seal isn’t a link makes it not legitimate.

    The seal’s image is for cleverbridge.com: https://images.scanalert.com/meter/www.cleverbridge.com/13.gif

    Like SSL certificates, if a domain is mapped to another site, I’m quite sure that they can’t use the other site’s seal.

    • Bob Zenith said

      But even so, the domain name is store.malwarebytes.org and the seal is cleverbridge.com. And the fact that the seal isn’t a link makes it not legitimate.

      Like SSL certificates, if a domain is mapped to another site, I’m quite sure that they can’t use the other site’s seal.

      Correct. MalwareBytes cannot use celeverbridge.com’s McAfee seal, just like they can’t use cleverbridge.com’s Comodo Seal, they need their own Comodo seal registered to MalwareBytes, (which they have – you can click on the Comodo seal for confirmation). They do NOT have their own registered McAfee seal, however.

  4. Aaron said

    Accepted into GeekU!

    Any updates on the McAfee seal situation?

    • Bob Zenith said

      Accepted into GeekU!

      Congratulations!

      Any updates on the McAfee seal situation?

      Unfortunately, very little.
      MalwareBytes have said that their online e-commerce retailer was told by McAfee that McAfee is starting to use a click-thru link to advertise McAfee products, rather than provide actual security information. According to the email, MalwareBytes is still in contact with their online retailer and McAfee to see what their options are, regarding the seal.
      I’ve voiced my confusion of the “click-thru” link (that only advertises and doesn’t provide security information), as I see no evidence that McAfee has any seal like that. I’ve also requested permission from my correspondent at MalwareBytes to publicly post the actual emails on my blog. I sent this email ~3 days ago, with no response. It’s frustrating how slow this is progressing, I had assumed the seal would be an easy fix…
      I know a few people that are involved with MalwareBytes, and I may contact them to try to speed the process along; I might also contact McAfee, to inquire about this “click-thru” seal that doesn’t actually display security information (which I think is bogus).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s