Malwarebytes


Malwarebytes Inc. is an American Internet security company with offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia and Cork, Ireland. It specializes in protecting home computers, smartphones, and companies from malware and other threats.
These three products have been incorporated into a single program called Malwarebytes 3.0 Premium.

History

Early history and background

Malwarebytes Inc. was informally established in 2004. CEO and founder Marcin Kleczynski, originally from Poland, was still a teenager attending high school in Bensenville, Illinois at the time, and was working as a technician in a computer repair shop in Chicago. He noticed that whenever infected computers arrived, they would generally reformat the computer, regardless if the infection was only minor. It was only when his mother's computer became infected that Kleczynski learned more about why the virus wasn't directly attacked, finding that neither McAfee nor Symantec would remove the malware from his system. He later recalled "I've never been as angry as when I got my computer infected", and professed that his mother told him to fix it "under penalty of death". It was only after Kleczynski posted on the forum SpywareInfo, popular at the time, that he was able to learn how to cure it, which took three days. The company was unofficially founded after this, when Kleczynski conversed and became friends with several of the editors of the forum, who tempted him to buy an unused domain from them.
With one of the site's regulars, Bruce Harrison, Kleczynski wrote the inaugural version of the company's software. In 2006, worked with a college roommate to produce a freely available program called "RogueRemover", a utility which specialized in fighting against a type of infection known as "rogues", which scam computer users into giving away their credit card information through fake anti-virus software. RogueRemover proved instrumental in developing Malwarebytes Anti-Malware, and Kleczynski was able to set up a forum which enabled him to improve the software through feedback. Kleczynski and Harrison formally launched Malwarebytes on January 21, 2008 while Kleczynski was studying computer science at the University of Illinois. Bruce became the VP of Research for Malwarebytes, and further hired Doug Swanson, with experience in freeware development to work for the new company. Marcus Chung, an e-commerce expert who formerly worked for GreenBorder, was hired as chief operating officer. Kleczynski and Harrison reportedly made $600,000 in their first year of selling the software, despite not having met personally at the time.

Post-2010 developments

In 2011, Malwarebytes acquired HPhosts, a website blacklisting company, which tracks blacklisted websites and ad servers, a necessary development to protect against new internet protocol addresses and web servers which distribute malware, and advise internet service providers to shut down those with malicious activity. That year, the company had claimed to have removed over five billion pieces of Malware in three years. The following year, the company launched into the corporate market with an enterprise product aimed at desktop-based anti-malware detection and protection. In 2013, Malwarebytes acquired ZeroVulnerabilityLabs, Inc., a security research and development company founded by Pedro Bustamante, which protects software applications from "known and zero-day exploits used by exploit kits, web-based vulnerability exploits and other corporate-targeted attacks". They expanded their malware removal and protection to the Android platform with the launch of Malwarebytes Anti-Malware Mobile, and launched a USB-based product called Malwarebytes Techbench aimed at helping technicians remove malware.
In 2014, Malwarebytes received $30 million in funding from Highland Capital, and by the following year it announced that it had treated 250 million computers worldwide, representing about 20–25% of working business computers. By 2013 it claimed to have removed five billion malware threats from computers in its first five years. In June 2015, the company announced that it was moving its headquarters from 10 Almaden Boulevard in San Jose, California to a new office space on the two top floors of the 12-story 3979 Freedom Circle in Santa Clara, California. The new office is more than twice the size of the former office. The company reported a growth of 10 million users in just one year, from 25 to 35 million active users at the time, and an increase in revenue by 1653% in 2014. In 2015, Kleczynski was named one of Forbes Magazine's '30 Under 30'.
In January 2016, Malwarebytes unveiled advanced anti-ransomware package Endpoint Security, and announced that it had raised $50 million in investment from Fidelity Management and Research Company. Kleczynski stated that the funds would be used primarily for the company's hiring, product development and marketing assets. In June, Malwarebytes announced a strong growth in sales of over 75 percent in the first quarter of the year compared to 2015, with billings surpassing $100 million. The corporate subscription base for the company was reported to have grown by 90%. In September, Proofpoint, Inc. CEO Gary Steele joined the company's board of directors, with Kleczynski citing his "deep expertise in the security software industry, and his proven ability increasing sales revenue" as the main reasons for his appointment. In October the company purchased AdwCleaner, a Windows program used to clean adware from computers. In February 2017 the company acquired Saferbytes, an Italian security start-up specialized in anti-malware, anti-exploit, anti-rootkit, cloud AV, and sandbox technologies.

Services and products

CEO Marcin Kleczynski states that the Malwarebytes engine has an advantage over many of the traditional antivirus programs because it was developed in 2008, when many of the others were developed in the late 1990s and had little idea of what malware would look like 15 years down the line. He states that this makes it "easier for us to adapt as malware evolves". The New York Times describes their system as a "hybrid of heuristics, behavior and a signature engine that is designed to detect and block malware that other vendors can't detect". According to Dean Takahashi of VentureBeat, Malwarebytes complements other antivirus software from vendors such as Symantec and McAfee, with the anti-malware working with the anti-virus software to attack the problem from "different directions". He remarked that Malwarebytes "cleans off machines that are already infected", while "the pro version stops your machine from getting infected in the first place".
As in the early development days with RogueRemover, Malwarebytes thrives on community feedback. It runs two sub-forums complementing the main forum, known as "False positives" and "Malware contribution", with the false positives being reported allowing the company to update its database within just hours, and the Malware contribution allowing for them to quickly report what is missing and download it. Kleczynski had been quoted as saying, "We still try to work like a bootstrapped company. We'd rather build products that our customers buy rather than we sell to them something they may not need."

Products

Malwarebytes has several products, which as of 2011 were available in 36 different languages. Malwarebytes Anti-Malware offers two different versions, one for free download for home computers, and the other a professional version, with a 14-day free trial in advance, offering "real-time protection against malware, automated scanning, and automatic updating". Malwarebytes Anti-Malware Mobile is a free Android app which protects smartphones from mobile malware, preventing unauthorized access to personal data identifying tracking applications. It has a rating of 4.4 on the Google Play store. In 2014, the company launched Malwarebytes Anti-Malware 2.0 with an improved user interface and dashboard.
In 2014 the company launched Malwarebytes Anti-Exploit, which shields selected applications from attacks by "exploit mitigation to protect vulnerable programs". Anti-Exploit also comes in a free and paid for version for Windows computers. The free version stops exploits in browsers and Java, whilst the paid product adds protection for a wider range of software applications. Anti-Exploit received four stars from PC Magazine and won V3 magazine's "Security Innovation of the Year" award. In 2016, Malwarebytes Anti-Exploit was merged into the premium version Malwarebytes version 3.0, and the standalone application is now offered only as a perpetual beta.
In July 2015, Malwarebytes acquired AdwareMedic and released Malwarebytes Anti-Malware for Mac, which detects malware, adware, and potentially unwanted programs on Macintosh computers.
In January 2016, Malwarebytes unveiled Malwarebytes Endpoint Security, advanced anti-ransomware technology which is described as the "first solution to offer multiple layers of protection against unknown ransomware". The company sponsored a survey with Osterman Research into 540 firms in the United States, United Kingdom, Canada and Germany and found that nearly 40% of companies had experienced ransomware incidents, of which 34 percent had accounted for loss of revenue. The Guardian reported that one-fifth of British companies had been charged over $10,000 to unlock their files and that there was an increasing demand for anti-ransomware technology. After Endpoint's inception, the beta was reportedly downloaded by some 200,000 businesses and consumers in the first six months of the year.
Malwarebytes also has numerous tools such as a Junkware Removal Tool to remove adware, an Anti-Rootkit Beta to remove and repair rootkits, StartUpLITE to boost the speed of the Windows reboot and FileASSASSIN to prevent locked files.

License and privacy

The software license requires arbitration "in the county where you reside", forbids class action suits, reverse engineering and sharing, and limits warranties and liability. Even the free version may not be shared, since they track use separately for each user.
Malwarebyte's privacy policy lists many types of information they collect and store, including other software running on a user's computer. Malwarebytes says they collect "name, email address, mailing address, or phone number... company name, company size, business type... Internet protocol addresses, browser type, Internet service provider, referring/exit pages, the files viewed on our site... operating system, date/time stamp, and/or clickstream data... type of device you use, operating system version, and the unique device identifier... language... 32- or 64-bit... Information from the Windows Security/Action Center, including security settings and programs installed or in use... license... If it represents a console system, the number of seats being managed by that installation of the console Endpoint domain information... organization to which the IP address is licensed, if any".
There are different limits on their use, sale, and sharing of data:
In general they do not put time limits on how long they keep data, except for IP address or when users ask for deletion of PII:
While the above text says that Malwarebytes saves locations of IP addresses, including for mobile devices, they do not go further and get GPS locations from mobile devices, "We do not ask for, access or track any location based information from your mobile device at any time while downloading or using our Mobile Apps or Services." They do not say if they get antenna locations.
They also collect detailed information on malware and exploits they find, tied to the user's license number and device identifier, "vendor... File path of exploit process... Command-line arguments passed to the exploit... a copy of the exploit executable itself". They do not list the license number as PII.
They have a certificate from TRUSTe, which among other things certifies the company "Limits the information collected and limits use to what is specified in the privacy notice."

Personnel

As of 2018, key individuals working for Malwarebytes included: