Malwarebytes lies and deliberately issues false/positive messages

Does the fear of "product piracy" justify false reports?

In non-legally acquired and installed versions of Malwarebytes, the hosts file is modified with entries that aim to prevent activation servers from being contacted. A common method is the use of key generators, or auto-patchers that take care of all the work for users.

Depending on the situation, this mechanism can become problematic when consumers have a legal license but still find certain entries for Malwarebytes' activation servers in the hosts file. In this case, an immediate alert is triggered, the device's security is questioned, and the hosts files are automatically modified, even though everything is fine and there is no actual danger to the user.

Malwarebytes, Inc.'s software is an example of how those who declare security and rules first enforce their own interests.

Malwarebytes modifies hosts files automatically

Unsolicited modification of personal files and settings? Weakening of one's own security settings? False reports? This can happen quicker than expected, as this behavior is often seen in "snake oil" software and various "cleaners."

In addition to Wise Care 365 (german, not translated yet) and IObit, Malwarebytes also exhibits this behavior under certain circumstances. For example, the software deletes entries from its own hosts without feedback when certain entries are present, generates error messages about alleged threats, and tries to move the corresponding files to quarantine.

In addition to this behavior, users are also subjected to a telemetry service that is routed through Amazon's AWS (Elastic Compute Cloud) and tracks individual user actions, similar to the software from Avast S.R.O. (german, not translated yet).

Intentional false reports by Malwarebytes

With the aggressive behavior of automatically modifying its own files, Malwarebytes also generates false reports that present users with a supposed threat scenario. Users who use filter lists containing entries for Keystone and Sirius are deliberately misled and confused.

Unwanted elements? The only "unwanted" items here are those from the perspective of Malwarebytes, Inc.

Always Online doesn't work without internet

Another annoyance can occur when the internet connection doesn't work. A seemingly important error message immediately appears, suggesting that the user should check their own connection. However, it also shows that (if possible) a permanent online connection is available.

Summary and file attachments

1. Keystone.txt, and Sirius.txt - The two addresses of Keystone and Sirius, which MUST NOT be in the hosts file, contain user data such as account ID, installation token, user IPv4 address, license key, timestamp of the last server contact, product version, product receipt date, license duration, subscription model, affiliate data, and more. Some of this data is, of course, necessary for registration verification.
   Sirius, on the other hand, is responsible for update routines.
2. Scanlog_Riskware.txt - Scan log from Malwarebytes with the entries for Keystone and Sirius. Result: Riskware.DontStealOurSoftware.

"Riskware.DontStealOurSoftware" indicates that the detected software, website, or file might contain features that could be misused, although these are not necessarily malicious.

3. My-Device.txt - The address in this file contains the desktop ID of the user.