[_xgw]

This comes at the same time that Malwarebytes starts flagging Brave as malware[1].

[1] https://twitter.com/lukesawczak/status/1039854898068815873

[sam_goody]

Malwarebytes has had a few (seemingly) false positives lately. Anecdotally, I was just hit by it falsely flagging BeyondCompare and my password manager.

I assume they have just upped the ante of their heuristics, but am still concerned about the fallout, since I am starting to ignore them.

Not related, but considering that it does not scan except on demand, why is it ALWAYS running? Who vouches for Mr. Malwarebytes?

[jonathansampson]

It was indeed a false-positive: https://twitter.com/thomasareed/status/1039939712704819200. As for vouching for MB, I know some of the people behind the project, and they're spectacular. For years I have assisted with deobfuscating malicious JavaScript and more. They seem, to me, to have the purest of intentions.

(Not an official Brave endorsement, but I personally like their team)

[whoopdedo]

Not to mention more aggressive upselling in the free version via popups. Closing the application sends it to the system tray where it will later remind you to "update" MalwareBytes by buying a license.

[styfle]

In June, I too had an auto-update from Beyond Compare failing due to Malwarebytes and it made me think their servers were compromised. Nope, false positive.

It looks like this happens often enough, there is a whole page dedicated to false positives.

https://www.scootersoftware.com/support.php?zz=kb_virus

[Drdrdrq]

That has nothing to do with Brave, it's just another failure of antivirus / antimalware approach. Nothing new.

EDIT: not sure why they prefer blacklisting to whitelisting, anyone know the reasons?

[Nasrudith]

Because if it is whitelisted then anything new or obscure is blocked. Fine with enterprise IT but not consumers.

[clear_dg]

Here is my take on it: with blacklisting, each update brings tons of new patches/signatures. It proves to users that the devs of their security suite are hard at work, and it's a neverending race. So all in all, a very good strategy for the AV industry.

[make3]

of course it has nothing to do with brave

[lima]

What kind of conspiracy are you suggesting?

It's not like false positives are uncommon.

[fixermark]

And indeed, it feels like one should assume that a program that replaces page-originated requests for web resources with requests for different web resources would look an awful lot like malware to a naive heuristic based on the design of past malware.

[jonathansampson]

Brave doesn't do that. Brave blocks ads and trackers. In some (half a dozen or so) cases, we might load an internal resource (known as a siteHack, for fixing broken experiences), but we don't substitute network requests.

[yazr]

Could this be related to some sort of bundle-ware in the Brave installer?

Or in affiliate-type linking into Brave installer ?

Google Chrome cracked down on these 2 yrs ago but making they are making a comeback ?