This real-time map of antivirus fails is roasting MalwareBytes’ competitors

malwarebytes laptop
In the wake of the Equifax hack and growing mistrust of major anti-virus companies, it’s becoming harder and harder to know where to turn for your digital security. MalwareBytes believes it should be your solution in these troubled times, and has thrown down the gauntlet for other anti-virus firms with a new tool and report that highlights how they are failing their customers.

MalwareBytes is an anti-malware application that offers manual scanning in its free version, and real-time protection with its premium option. Traditionally, it’s been used as remediation tool by consumers, as a redundancy after their main anti-viral solution fails to prevent infection. But as 2017 ends, MalwareBytes is looking to step out of the toolsets of IT professionals, and into the hearts and minds of consumers the world over — by taking a swipe at its competitors.

To highlight their failings, it’s released a heat map of MalwareBytes users the world over, who have discovered malware infections using its scanning tool. The kicker is that all of those found to be infected are already running some form of security software, be it anti-virus tools like Avast, AVG or Symantec, or built-in defense systems like Windows Defender.

Regardless of the security system in place, every dot on that map is someone actively fixing their system with MalwareBytes. That’s why the company wants you to make MalwareBytes your first line of defense, not the last.

Stepping out of the shadows

First released in 2007 after co-founder and CEO Marcin Kleczynski had his own brush with troublesome malware, MalwareByres has been used as a popular “remediation,” tool ever since. That’s because many users have found it to be a more effective tool for discovering infections and attacks than existing antivirus protection. We asked  Kleczynski what makes MalwareBytes a more effective way to discover, and ultimately stop, malware attacks in their tracks.

malwarebytes art

“A lot of traditional antivirus firms do a lot of work with signatures,” he said. “You’ve seen it before, they ship a large database of signatures [of malware]. They’re hundreds of megabytes. They update it every day or every hour. The issue with that approach is they must react. They actually have to see the malware.”

That’s no good, he says, because it’s impossible to discover every piece of malicious software out there. “You’re never going to see all of the malware, you’re not even going to see five percent of the malware. You have to look at trends and patterns,” he said.

Malwarebytes does exactly that, relying on analysis of how software is running instead of looking for specific signatures associated with known malware. “When we started in 2004, the majority of antivirus ideas were already 20 years old, so we were really able to come up with AV 2.0, and take our own approach to it. […] Even back in 2004, we were already looking at characteristics.”

Today, MalwareBytes employs numerous approaches to cover as many bases as possible. That includes using the signatures of existing and detected malware to track down known infections, and leveraging machine learning to plan. It also looks at behaviors and expected use patterns, so if certain software starts doing something it shouldn’t, it can put a block on it before it starts.

“You’re never going to see all of the malware, you’re not even going to see five percent.”

“Our anti-ransomware system which ships with MalwareBytes, it’s exclusively behavior based,” Kleczynski said. “We look for encryption events and we score them and if we see too much, we actually roll back the process and arrest it. That’s an example of a custom-built technology that we had to put together, because ransomware was such a big issue.”

Ultimately, Kleczynski said, MalwareBytes doesn’t use a “Silver Bullet” technique, claiming that no one solution works for all malware attacks. Instead, it uses a combination of systems and expertise to come at the modern world of breaches and infections with a multi-faceted approach.

Carrots and sticks

While Kleczynski talks a big game, its the company’s recent report on its competitors that is the starkest part of its recent promotional efforts. It’s not just claiming that MalwareBytes is the best. It’s showing how its competitors are failing customers.

“[We]’ve seen a lot of the AV labs putting out reports where many of them score 100 percent,” Kleczynski said. “It’s become increasingly popular with AV vendors to slap stickers on their website. Malware in a lab performs very different from malware in the wild. The only real way, I think, to compare AV vendors is to analyze the real-world data.”

malwarebytes heat map

That’s exactly what it did with its “Mapping AV Detection Failures,” report. In it, it looked at around 10 million infected systems that cleaned themselves up using the MalwareByte scanning tool between January, and June, of 2017. Of that number, some 44 percent had two or more antivirus solutions installed — yet were infected anyway.

“Taking out all data that looks at MalwareBytes actively blocking threats, we only looked at data of the major AV companies,” Kleczynski said. “They had to be registered in the Windows security center, so had to be actually activated with Windows. If we cleaned up the mess after AV, we sent that information back to our servers. [We recorded] if we have cleaned up malware on a computer and [what antivirus] it has installed. That’s the only data we collected, no personally identifiable information. We tossed away all the IP addresses.”

Other notable stats in the report include that 52 percent of ransomware infections caused by the notorious ransomware known as Hidden Tear were discovered on systems running multiple antivirus solutions. If you eliminate Microsoft’s bundled Windows Defender from the results, some 40 percent of all malware tracked were discovered on a system with an add-on antivirus solution.

Live tracking success and failure

MalwareBytes is aware of the potential for perceived bias in such a report. After all, its own report claiming it’s better than the competition is hardly surprising. That’s where the live heatmap comes in. Available now for anyone to view, it tracks live MalwareBytes scans across the world, highlighting that often these systems have third party antivirus installed — which failed.

While MalwareBytes goes out of its way to avoid naming and shaming anyone in its aggregated report, the live data does not. Microsoft tops the list, suggesting the Windows Defender tool that comes installed by default with Windows 10 is the most popular antiviral solution around. Still, big names like Avast, AVG, McAffee, Symantec, Kaspersky, and many others make the list. They all fail to pick up malware that MalwareBytes ultimately cleans up.

“They might have Windows Defender installed, and then add in Avast, but they’re still getting infected.”

If nothing else, the heatmap shows that a lot of people are using MalwareBytes, and they’ve having success with it. Within just a few minutes of viewing the map, hundreds of success “blips” appear across it. Scrolling through the list, just about every mainstream consumer and business antivirus has been thwarted by an infection that MalwareBytes ultimately cleans up.

“This map shows when remediation cleans up the malware on the devices as its happening,” Kleczynski said. “[We’re] not claiming we’re the best, but […] we’re looking at a lot of consumers who use multiple solutions. They might have Windows Defender installed, and then add in Avast, but they’re still getting infected.”

Building trust in a world full of breaches

Along with its more varied approach to malware detection and prevention, MalwareBytes also employs several practices to keep its own code secure. Competitors like of Ccleaner and Symantec have faced security concerns at the very core of their service, so MalwareBytes thinks this could help build trust among consumers who find it increasingly hard to know where to turn for protection. It’s especially important now that security researchers have highlighted how some antivirus software can introduce more security vulnerabilities than they protect against.

“We have internal security teams – I just hired a new information security officer myself a year ago – and we do a lot of code audits, third party audits,” Kleczynski said. “We have a bug bounty where we pay up to $5,000 for a bug discovered and are thinking about raising that to raise interest. We’re partnered with HackerOne, too.”

This is something all companies should be doing though, he thinks. Highlighting how some of the recent debacles with security at major firms have impacted the public’s opinion of them and data collection services in general, Kleczynski highlighted that ultimately, it’s the way that companies respond to issues that defines them most.

“People will try to find vulnerabilities in your software and it’s how you respond. No programmer is perfect, and I don’t think AV [introduces] more vulnerabilities if done right.”

And his idea of what antivirus (or anti-malware) “done right,” — is MalwareBytes of course.

Product Review

Microsoft’s Surface Laptop 2 launched last year, but already feels old

Released in fall of 2018, the Surface Laptop 2 was competitive at the time but now must deal with new competitors that were announced at CES 2019. How does the popular Surface Laptop 2 hold up six months later?
Android

Here are some common Kindle Fire problems, and how to fix them

Is your Amazon tablet giving you grief? Is it refusing to behave the way you expect? Take a deep breath -- everything will be fine. Here are some widely reported Kindle Fire problems and a few possible solutions to go with them.
Computing

Whether you want to edit, sign, or append, PDFs, these are the best PDF editors

While there are plenty of PDF editor options online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or operating system.
Business

The 15 best tech jobs boast top salaries, high satisfaction, lots of openings

Late spring weather isn’t the only thing heating up. The technology sector offers some of the hottest jobs in the country, and talent and experience are in high demand. May is blooming with thousands of high-paying positions all over the…
Mobile

The 100 best Android apps turn your phone into a jack-of-all-trades

Choosing which apps to download is tricky, especially given how enormous and cluttered the Google Play Store has become. We rounded up 100 of the best Android apps and divided them neatly, with each suited for a different occasion.
Computing

Cybercrime gang that stole $100M busted in international effort

A major cybercrime gang that used powerful malware to steal an estimated $100 million from bank accounts has been dismantled following an international effort that spanned six countries.
Product Review

Looking for discrete graphics on the cheap? The Acer Swift 3 will do the trick

The Acer Swift 3 is a tweener laptop that’s not quite budget and not quite premium – and it feels and performs accordingly. It manages to hold its own, though, thanks to its discrete GPU.
Computing

G-Sync is a game-changer. These are the best monitors with Nvidia's display tech

Looking for a monitor that plays well with Nvidia GPUs? You need G-Sync and we have picked the best G-Sync monitors available. Take a look and find out which monitor works best for your PC upgrade.
Computing

Microsoft is discounting this Surface Laptop 2 by a sweet $300

Microsoft is offering a nearly 14-inch Surface Laptop 2 with 256GB of storage at a $300 discount until May 18, 2019. The laptop comes with a PixelSense display, and Intel Core i5 processor and a 720p HD camera.
Computing

The Razer Core X Chroma is the best external GPU you can buy

The third entry in Razer's lineup of external graphics card enclosures, the Core X Chroma, brings together the best of its previous options in a single package. With RGB lighting and extra USB ports, is this the best you can buy?
Computing

Google recalls Titan Security Key due to hijack risk

Google is offering a free replacement for the Bluetooth Low Energy version of the Titan Security Key. A misconfiguration was discovered in the device, though hackers looking to exploit the vulnerability will find it difficult to do so.
Computing

Give your PC a new lease on life by upgrading its core components

Older PCs can still be great tools for work and play, they just need a little upgrade now and then. Here are the best upgrades you can make to your PC to make it feel fresh and fast once again.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Insect drones and kinetic sculpture robots

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it's fun to gawk!
Computing

The best software for filing your taxes — because you can never be too early

The best tax software offers a variety of services for saving money, completing your taxes at top speed, or getting advice for more complex tax scenarios that you haven't had to deal with before.