At Malwarebytes, we take great pride in the fact that we’re protecting customers – not just from malware – but from a growing and worrisome threat known as PUPs, or Potentially Unwanted Programs. We recently strengthened our PUP detection criteria due to PUP vendors becoming more aggressive while at the same time using more polished scare tactics to push users into purchasing their products. One company that we started investigating was PC Pitstop. With transparency being important to us at Malwarebytes, the intent of this blog is to make the facts public.
PC Pitstop makes several products including PC Matic, PC Magnum, Optimize, Driver Alert, and Disk MD. As of a few weeks ago, we detect these products as PUP.Optional: the first part representing a Potentially Unwanted Program and the second your optionality, meaning we believe it is unwanted by the majority of users and yet we want it to be clear that it is your discretion as a user to remove it.
PC Pitstop triggered several of our PUP criteria, which I’ve included below.
Claiming that registry cleaning is necessary
According to Microsoft, registry cleaners are not necessary. In fact, Microsoft itself does not recommend the use of registry cleaners. Products that use registry cleaning and optimization as a feature to drive sales are considered Potentially Unwanted by Malwarebytes.
PC Pitstop’s Optimize & PC Matic products uses registry cleaning as one of its main features. They will show registry issues, even on a brand new computer. It states there are fourteen registry files which “may cause improper operation of some applications.” Based on standards from Microsoft, we believe this to be an aggressive tactic to drive sales.
Figure 1: PC Pitstop’s Optimize showing problems on a brand new machine and prompting users to “Buy Now!” in order to “fix the problems identified.”
Figure 2: PC Matic registry cleaning recommendations.
Claiming that temporary files are problematic
PC Pitsop’s PC Matic shows temporary files as urgent issues to the user, even on a brand new computer.
Figure 3: PC Pitstop’s PC Matic showing temporary files, default Operating System settings and disk fragmentation as “issues with your PC” on a brand new machine and prompting users to buy in order to “Fix All.”
Claiming that cookies are problematic
No working trial
Silent removal of necessary applications
[gallery type="slideshow" ids="15802,15801"]
Figures 4 & 5: PC Matic prompts to remove necessary components that keep applications up to date.
Figure 6: PC Matic showing the Google Chrome Media Router plugin as “Bad”. This plugin ships by default with the standard installation of Google Chrome.
Figure 7: PC Matic disabling the Google Update services, leaving the machine potentially vulnerable and out of date.
Silently disabling the Windows Defragmentation Service
Once the built-in Windows Defragmentation Service is disabled, PC Matic promotes its “SSD Optimization” feature that shows the Scheduled Defragmentation service as disabled.
Figure 8: PC Matic disabling the Windows Defragmentation Service
Figure 9: PC Matic’s “SSD Optimization” consists of disabling the Microsoft defragment service which Microsoft advises against.
Silently performing other potentially dangerous actions
Figure 10: PC Matic silently adding an administrative user account to the machine.
High risk security vulnerabilities
We use our best judgment and a list of criteria we’ve seen abused in the past to determine whether software should be flagged as Potentially Unwanted for our users. No company and no software is perfect, Malwarebytes included. We hope PC Pitstop takes action to remediate the issues listed above, at which point we will immediately stop flagging their products for potential removal. We are humbled that our users trust us to keep them safe and we will aggressively defend our stance against the detection of PC Pitstop’s products until that time.