Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California, Clearwater, Florida, Tallinn, Estonia and Cork, Ireland.
Early history and background
Malwarebytes Inc. was informally established in 2004. CEO and founder Marcin Kleczynski, originally from Poland, was still a teenager attending high school in Bensenville, Illinois at the time, and was working as a technician in a computer repair shop in Chicago. He noticed that whenever infected computers arrived, the shop would typically reformat the computer entirely, rather than combat the virus, regardless of if the infection was only minor. Kleczynski later discovered that, when his mother's computer became infected, neither McAfee nor Symantec would remove the malware from his system. He later recalled "I've never been as angry as when I got my computer infected", and professed that his mother told him to fix it "under penalty of death". It was only after Kleczynski posted on the forum SpywareInfo, popular at the time, that he was able to learn how to remove the virus, which took three days.
The company was unofficially founded after this, when Kleczynski conversed and became friends with several of the editors of the forum, who tempted him to buy an unused domain from them.
With one of the site's regulars, Bruce Harrison, Kleczynski wrote the inaugural version of the company's software. In 2006, Kleczynski worked with a college roommate to produce a freely available program called "RogueRemover", a utility which specialized in fighting against a type of infection known as "rogues", which scam computer users into giving away their credit card information through fake anti-virus software. RogueRemover proved instrumental in developing Malwarebytes Anti-Malware, and Kleczynski was able to set up a forum which enabled him to improve the software through feedback. Kleczynski and Harrison formally launched Malwarebytes on January 21, 2008 while Kleczynski was studying computer science at the University of Illinois. Bruce became the VP of Research for Malwarebytes, and further hired Doug Swanson, with experience in freeware development to work for the new company. Marcus Chung, an e-commerce expert who formerly worked for GreenBorder, was hired as chief operating officer. Kleczynski and Harrison reportedly made $600,000 in their first year of selling the software, despite not having met personally at the time.
In 2011, Malwarebytes acquired HPhosts, a website blacklisting company, which tracks blacklisted websites and ad servers, a necessary development to protect against new internet protocol addresses and web servers which distribute malware, and advise internet service providers to shut down those with malicious activity. That year, the company had claimed to have removed over five billion pieces of Malware in three years. The following year, the company launched into the corporate market with an enterprise product aimed at desktop-based anti-malware detection and protection. In 2013, Malwarebytes acquired ZeroVulnerabilityLabs, Inc., a security research and development company founded by Pedro Bustamante, which protects software applications from "known and zero-day exploits used by exploit kits, web-based vulnerability exploits and other corporate-targeted attacks". They expanded their malware removal and protection to the Android platform with the launch of Malwarebytes Anti-Malware Mobile, and launched a USB-based product called Malwarebytes Techbench aimed at helping technicians remove malware.
In 2014, Malwarebytes received $30 million in funding from Highland Capital, and by the following year it announced that it had treated 250 million computers worldwide, representing about 20–25% of working business computers. By 2013 it claimed to have removed five billion malware threats from computers in its first five years. In June 2015, the company announced that it was moving its headquarters from 10 Almaden Boulevard in San Jose, California to a new 52,000 square feet (4,800 m2) office space on the two top floors of the 12-story 3979 Freedom Circle in Santa Clara, California. The new office is more than twice the size of the former office. The company reported a growth of 10 million users in just one year, from 25 to 35 million active users at the time, and an increase in revenue by 1653% in 2014. In 2015, Kleczynski was named one of Forbes Magazine's '30 Under 30'.
In January 2016, Malwarebytes unveiled advanced anti-ransomware package Endpoint Security, and announced that it had raised $50 million in investment from Fidelity Management and Research Company. Kleczynski stated that the funds would be used primarily for the company's hiring, product development and marketing assets. In June, Malwarebytes announced a strong growth in sales of over 75 percent in the first quarter of the year compared to 2015, with billings surpassing $100 million. The corporate subscription base for the company was reported to have grown by 90%. In September, Proofpoint, Inc. CEO Gary Steele joined the company's board of directors, with Kleczynski citing his "deep expertise in the security software industry, and his proven ability [at] increasing sales revenue" as the main reasons for his appointment. In October the company purchased AdwCleaner, a Windows program used to clean adware from computers. In February 2017 the company acquired Saferbytes, an Italian security start-up specialized in anti-malware, anti-exploit, anti-rootkit, cloud AV, and sandbox technologies.
Services and products
Kleczynski has stated that Malwarebytes, first developed in 2008, has a competitive advantage over many other traditional antivirus programs, many of which were developed in the late 1990s, before the development of many later forms of malware. The New York Times has described Malwarebytes as a "hybrid of heuristics, behavior and a signature engine that is designed to detect and block malware that other vendors can't detect". According to Dean Takahashi of VentureBeat, Malwarebytes complements other antivirus software from vendors such as Symantec and McAfee, with the anti-malware working alongside other anti-virus software to attack the problem from "different directions", remarking that the software both removed infections from infected machines, whilst preventing others from becoming infected in the first place.
As in the early development days with RogueRemover, Malwarebytes continues to support community feedback on its products, and runs two sub-forums complementing the main forum, known as "False positives" and "Malware contribution", with the false positives being reported allowing the company to update its database within hours of posting, and the Malware contribution allowing for users to quickly report malware missed by the software.
Malwarebytes has several products, which as of 2011Malwarebytes Anti-Malware offers two different versions, one for free download for home computers, and the other a professional version, with a 14-day free trial in advance, offering "real-time protection against malware, automated scanning, and automatic updating". Malwarebytes Anti-Malware Mobile is a free Android app which protects smartphones from mobile malware, preventing unauthorized access to personal data identifying tracking applications. It has a rating of 4.4 on the Google Play store.
were available in 36 different languages.
In 2014, the company launched Malwarebytes Anti-Malware 2.0 with an improved user interface and dashboard. The company also launched Malwarebytes Anti-Exploit in the same year, which shields selected applications from attacks by "exploit mitigation to protect vulnerable programs". Anti-Exploit also comes in a free and paid for version for Windows computers. The free version stops exploits in browsers and Java, whilst the paid product adds protection for a wider range of software applications. Anti-Exploit received four stars from PC Magazine in 2015 and won V3 magazine's "Security Innovation of the Year" award in 2014.
In 2016, Malwarebytes Anti-Exploit was merged into the premium version Malwarebytes version 3.0, and the standalone application is now offered only as a perpetual beta.
In January 2016, Malwarebytes unveiled Malwarebytes Endpoint Security, advanced anti-ransomware technology which is described as the "first solution to offer multiple layers of protection against unknown ransomware". The company sponsored a survey with Osterman Research into 540 firms in the United States, United Kingdom, Canada and Germany and found that nearly 40% of companies had experienced ransomware incidents, of which 34 percent had accounted for loss of revenue. The Guardian reported that one-fifth of British companies had been charged over $10,000 to unlock their files and that there was an increasing demand for anti-ransomware technology. After Endpoint's inception, the beta was reportedly downloaded by some 200,000 businesses and consumers in the first six months of the year.
Malwarebytes also has numerous tools such as a Junkware Removal Tool to remove adware, an Anti-Rootkit Beta to remove and repair rootkits, StartUpLITE to boost the speed of the Windows reboot and FileASSASSIN to prevent locked files.
License and privacy
The software license requires arbitration "in the county where you reside", forbids class action suits, reverse engineering and sharing, and limits warranties and liability. Even the free version may not be shared, since the company tracks use of the product separately for each user.
There are different limits on their use, sale, and sharing of data:
- No limits for what they call "non-personally identifiable information ('Non-PII')". "Non-PII ... may include... anonymously generated device identifiers", which are tied to most other data items listed above.
In general, the company does not put time limits on how long they keep user data, except for IP address or when users ask for deletion of PII:
- "we do not retain the IP address... However, we do use it to gather ... continent, country, city, and approximate latitude/ longitude ... The type of connection (dialup/broadband/satellite/mobile) The ISP... The organization to which the IP address is licensed, if any".
- "You may access and modify the PII [personally identifiable information]... If you want us to delete your PII... We will delete your information as soon as possible; however, some information may remain in archived/backup copies for our records or as otherwise required by law. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements." They define PII to exclude device identifiers, so they do not promise to delete these identifiers and user history.
While Malwarebytes saves locations of IP addresses, including for mobile devices, the company has stated that this information is not used to extract GPS locations from mobile devices: "We do not ask for, access or track any location based information from your mobile device at any time while downloading or using our Mobile Apps or Services." The company has not stated if they track antenna locations.
The company also collects detailed information on malware and exploits they find, tied to the user's license number and device identifier, "vendor... File path of exploit process... Command-line arguments passed to the exploit... (Potentially) a copy of the exploit executable itself". The company does not list the license number as PII.
Malwarebytes has a certificate from TRUSTe, which among other things certifies the company "Limits the information collected and limits use to what is specified in the privacy notice."