[BreachExchange] PC Matic… Is It As Amazing As Seen on TV?

[Inga Goddijn]

https://www.riskbasedsecurity.com/2016/03/pc-matic-is-it-as-amazing-as-seen-on-tv/

If you have ever been up late at night, you might have seen an infomercial
about a product called PC Matic
<https://www.youtube.com/user/pcpitstopvideo/videos> and been intrigued by
the exceptional claims being made about the capabilities of their security
solutions.

PC Matic is a combined security and system performance optimization solution
<http://www.pcmatic.com/> provided by a company called PC Pitstop, LLC and
they claim to provide “*superior security protection over all security
products, free or otherwise, on the market*”. On the security side, the
product offers anti-malware and anti-adware protection along with patch
management by “*automatically [closing] security holes in commonly used
free software.*”

Recently we were approached by a third party asking what we thought about
PC Matic and suggested that we look into the product.  Based on the
combination of the claims made by the vendor and the negative feedback on
the Internet about the company and their products we decided to further
research PC Matic.

The following are some of the significant points uncovered by our analysis:

   - PC Matic was discovered to have many serious vulnerabilities. These
   allow a malicious website to retrieve various information from a user’s
   system without the user’s knowledge or even compromise it.
   - PC Pitstop states that PC Matic won first place
   <https://www.youtube.com/watch?v=CWJj_qwxmsE> in the April 2014 Virus
   Bulletin RAP test and detected more malware than the competition
   <http://techtalk.pcpitstop.com/2014/07/31/pc-matic-breaks-virus-detection-record-virus-bulletins-rap-test/>.
   According to Virus Bulletin
   <https://www.virusbulletin.com/virusbulletin/2014/04/comparative-review-windows-7#id3161066>,
   due to the instability and many false positives, they stated “there is no
   VB100 award for PC Pitstop this month, despite an interesting effort.”
   - PC Pitstop claims that PC Matic protects systems running Windows XP,
   so they can safely be used even if “*abandoned*” by Microsoft. However,
   PC Matic is not able to properly protect these systems. .
   - PC Pitstop claims that PC Matic closes security holes. However, the
   patch management capabilities were determined to be limited at best.
   - PC Pitstop claims that PC Matic is 100% made in USA and that they do
   not believe in outsourcing. While the intent of their statement may refer
   to internally developed code, a significant part of the functionality
   provided by PC Matic comes from third party components not developed
   internally at PC Pitstop.

We have published a whitepaper which details our findings
<https://www.riskbasedsecurity.com/reports/PC_Matic_-_Is_It_As_Amazing_As_Seen_on_TV_-_03-02-2016.pdf>
including serious vulnerabilities discovered in PC Matic. It is intended
to, hopefully, answer questions and concerns that existing and potential
customers of PC Pitstop may have when evaluating, if PC Matic is the right
security solution for them.

At Risk Based Security we have discussed previously the concept of software
liability.
<http://www.rsaconference.com/videos/webcast-software-liability-the-worst-possible-idea-except-for-all-others>
  Most consumers and businesses are not in position to verify themselves if
a product is performing the way that it has been advertised.  We continue
to focus on providing easy to understand ratings about vendors, how they
protect customer data and the security of software products they produce.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160302/148ff4ef/attachment.html>