Early history and background

Malwarebytes Inc. was informally established in 2004.^[6] CEO and founder Marcin Kleczynski, originally from Poland, was still a teenager attending high school in Bensenville, Illinois, and was working as a technician in a computer repair shop in Chicago.^[7] He noticed that whenever infected computers arrived, the shop would typically reformat the computer entirely, rather than combat the virus, even if the infection was only minor. Kleczynski later discovered that, when his mother's computer became infected, neither McAfee nor Symantec would remove the malware from his system.^[8] He later recalled "I've never been as angry as when I got my computer infected", and professed that his mother told him to fix it "under penalty of death".^[9]

It was only after Kleczynski posted on the forum SpywareInfo that he was able to learn how to remove the virus, which took three days. The company was unofficially founded after this, when Kleczynski conversed and became friends with several of the editors of the forum, who tempted him to buy an unused domain from them.^[8]

With one of the site's regulars, Bruce Harrison, Kleczynski wrote the inaugural version of the company's software.^[9] In 2006, Kleczynski worked with a college roommate to produce a freely available program called "RogueRemover", a utility which specialized in fighting against a type of infection known as "rogues", which scam computer users into giving away their credit card information through fake anti-virus software. RogueRemover proved instrumental in developing Malwarebytes Anti-Malware, and Kleczynski was able to set up a forum which enabled him to improve the software through feedback.^[8]

Kleczynski and Harrison formally launched Malwarebytes on January 21, 2008, while Kleczynski was studying computer science at the University of Illinois.^[8][9] Bruce became the VP of Research for Malwarebytes, and further hired Doug Swanson, with experience in freeware development to work for the new company. Marcus Chung, an e-commerce expert who formerly worked for GreenBorder, was hired as chief operating officer.^[8][10] Kleczynski and Harrison reportedly made $600,000 in their first year of selling the software, despite not having met personally at the time.^[11]

Post-2010 developments

In 2012, Malwarebytes acquired HPhosts, a website blacklisting company, which tracks blacklisted websites and ad servers, a necessary development to protect against new internet protocol addresses and web servers which distribute malware, and advise internet service providers to shut down those with malicious activity.^[12] That year, the company had claimed to have removed over five billion pieces of Malware in three years.^[10] The following year, the company launched into the corporate market with an enterprise product aimed at desktop-based anti-malware detection and protection.^[13] In 2013, Malwarebytes acquired ZeroVulnerabilityLabs, Inc., a security research and development company founded by Pedro Bustamante, which protects software applications from "known and zero-day exploits used by exploit kits, web-based vulnerability exploits and other corporate-targeted attacks".^[14] They expanded their malware removal and protection to the Android platform with the launch of Malwarebytes Anti-Malware Mobile,^[15] and launched a USB-based product called Malwarebytes Techbench aimed at helping technicians remove malware.^[16]

By 2013, it claimed to have removed five billion malware threats from computers in its first five years.^[17] In 2014, Malwarebytes received $30 million in funding from Highland Capital Partners, and by the following year, announced it had treated 250 million computers worldwide, representing about 20–25% of working business computers.^[11]

In June 2015, the company announced that it was moving its headquarters from 10 Almaden Boulevard in San Jose, California to a new 52,000 square feet (4,800 m²) office space on the two top floors of the 12-story 3979 Freedom Circle in Santa Clara, California. The company reported a growth of 10 million users in just one year, from 25 to 35 million active users, and an increase in revenue by 1653% in 2014.^[9] In 2015, Kleczynski was named one of Forbes Magazine's '30 Under 30'.^[18]

In January 2016, Malwarebytes unveiled advanced anti-ransomware package Endpoint Security,^[19] and announced that it had raised $50 million in investment from Fidelity Management and Research Company. Kleczynski stated that the funds would be used primarily for the company's hiring, product development and marketing assets.^[11] In June, Malwarebytes announced a strong growth in sales of over 75 percent in the first quarter of the year compared to 2015, with billings surpassing $100 million. The corporate subscription base for the company was reported to have grown by 90%.^[20] In September, Proofpoint, Inc. CEO Gary Steele joined the company's board of directors, with Kleczynski citing his "deep expertise in the security software industry, and his proven ability [at] increasing sales revenue" as the main reasons for his appointment.^{[citation needed]} In October the company purchased AdwCleaner, a Windows program used to clean adware and Potentially Unwanted Programs (PUPs) from computers.^[21] In February 2017 the company acquired Saferbytes, an Italian security start-up specialized in anti-malware, anti-exploit, anti-rootkit, cloud AV, and sandbox technologies.^[22]

In November 2019, the company joined forces with NortonLifeLock and Kaspersky, along with the Electronic Frontier Foundation and non-profits including the National Network to End Domestic Violence and Operation Safe Escape to form the Coalition Against Stalkerware. The coalition seeks to inform, educate and combat the use of tracking apps without consent.^[23]

Post-2020 developments

In January 2021, Malwarebytes was targeted by the same nation state actor implicated in the SolarWinds attack and suffered a limited access breach. CEO Kleczynski published a blog post detailing the company's attack and response.^[24][25]

In February 2021, Malwarebytes published its 2021 State of Malware Report which shared cyberthreat research including 30 million examples of Mac malware^[26] and a 1,055% increase in spyware detections in 2020.^[27]

In May 2021, Malwarebytes announced a collaboration with Digitunity to deliver cyberprotection to vulnerable communities underserved by technology access, expanding its portfolio of social impact work.^[28]

In August 2022, the company laid off 125 employees.^[5][29] The company announced an additional 100 layoffs in August 2023, as part of plans to separate the company into two separate business units.^[30]

Products

Malwarebytes has several products, which as of 2011^[update] were available in 36 different languages. Malwarebytes Anti-Malware offers two different versions, one for free download for home computers, and the other a professional version, with a 14-day free trial in advance, offering "real-time protection against malware, automated scanning, and automatic updating".^[12] Malwarebytes Anti-Malware Mobile is a free Android app which protects smartphones from mobile malware, preventing unauthorized access to personal data identifying tracking applications.^[31] As of April 2023, it has a rating of 4.3 on the Google Play store.^[32]

In 2014, the company launched Malwarebytes Anti-Malware 2.0 with an improved user interface and dashboard.^[33] The company also launched Malwarebytes Anti-Exploit in the same year, which shields selected applications from attacks by "exploit mitigation to protect vulnerable programs".^[6] Anti-Exploit also comes in a free and paid for version for Windows computers. The free version stops exploits in browsers and Java, whilst the paid product adds protection for a wider range of software applications.^[34] Anti-Exploit received four stars from PC Magazine in 2015^[35] and won V3 magazine's "Security Innovation of the Year" award in 2014.^[36]

In 2016, Malwarebytes Anti-Exploit was merged into the premium version Malwarebytes version 3.0, and the standalone application is now offered only as a perpetual beta.^[37]

In January 2016, Malwarebytes unveiled Malwarebytes Endpoint Security, advanced anti-ransomware technology which is described as the "first solution to offer multiple layers of protection against unknown ransomware". The company sponsored a survey with Osterman Research into 540 firms in the United States, United Kingdom, Canada and Germany and found that nearly 40% of companies had experienced ransomware incidents, of which 34 percent had accounted for loss of revenue.^[19] The Guardian reported that one-fifth of British companies had been charged over $10,000 to unlock their files and that there was an increasing demand for anti-ransomware technology.^[38] After Endpoint's inception, the beta was reportedly downloaded by some 200,000 businesses and consumers in the first six months of the year.^[19]

In 2017, Malwarebytes expanded its portfolio to include mobile products for Mac and Android including Malwarebytes for Android and Malwarebytes for Mac. Malwarebytes also can be run on ChromeOS, but mainly provides protection against Android threats.^[39] Malwarebytes also released Malwarebytes for iOS in 2018 to deliver secure and private mobile experiences for its users. Due to Apple's security restrictions, Malwarebytes for iOS can not remove malware, but does provide basic web protection and spam blocking.^[40] In 2020, Malwarebytes Privacy, a VPN offering, was launched.^[41]

In 2018, Malwarebytes expanded its business portfolio by launching Malwarebytes Endpoint Protection and Response to monitor, identify and remediate attacks. This offering was extended in 2020 to include server protection for enterprise customers with Malwarebytes Endpoint Detection and Response for Servers and Malwarebytes Endpoint Protection for Servers. In 2020, Malwarebytes also launched Malwarebytes Nebula, a cloud platform for enterprise customers to simplify endpoint management and reporting.^[42]

Malwarebytes also has numerous tools such as a Junkware Removal Tool to remove adware, an Anti-Rootkit Beta to remove and repair rootkits, StartUpLITE to boost the speed of the Windows reboot, FileASSASSIN to prevent locked files and a Malware Removal Service to support organizations under an active malware attack.^[6]

License and privacy

The software license^[43] requires arbitration "in the county where you reside", forbids class action suits, reverse engineering and sharing, and limits warranties and liability. Even the free version may not be shared, since the company tracks use of the product separately for each user.

Malwarebytes' privacy policy^[44] lists many types of information they collect and store, including, amongst other things, software running on a user's computer ("programs installed or in use"), "name, email address, mailing address, or phone number... company name, company size, business type... Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site ... operating system, date/time stamp, and/or clickstream data ... type of device you use, operating system version, and the unique device identifier... language... 32- or 64-bit... Information from the Windows Security/Action Center, including security settings and programs installed or in use... license... the number of seats being managed by that installation of the console[,] Endpoint domain information... organization to which the IP address is licensed, if any".^[45]

There are different limits on their use, sale, and sharing of data:

• No limits for what they call "non-personally identifiable information ('Non-PII')". "Non-PII ... may include... anonymously generated device identifiers",^[45] which are tied to most other data items listed above.
• Limited uses for personally identifiable information (PII), including name, address, phone, company name, size and business type, "we do not share PII with third parties" except for situations listed in the Privacy Policy, which include that they "may disclose PII to e "advertising based upon your browsing activities and interests."^[45]

In general, the company does not put time limits on how long they keep user data, except for IP address or when users ask for deletion of PII.^{[non-primary source needed]}