Skip to main content

This real-time map of antivirus fails is roasting MalwareBytes’ competitors

malwarebytes laptop
Image used with permission by copyright holder
In the wake of the Equifax hack and growing mistrust of major anti-virus companies, it’s becoming harder and harder to know where to turn for your digital security. MalwareBytes believes it should be your solution in these troubled times, and has thrown down the gauntlet for other anti-virus firms with a new tool and report that highlights how they are failing their customers.

MalwareBytes is an anti-malware application that offers manual scanning in its free version, and real-time protection with its premium option. Traditionally, it’s been used as remediation tool by consumers, as a redundancy after their main anti-viral solution fails to prevent infection. But as 2017 ends, MalwareBytes is looking to step out of the toolsets of IT professionals, and into the hearts and minds of consumers the world over — by taking a swipe at its competitors.

To highlight their failings, it’s released a heat map of MalwareBytes users the world over, who have discovered malware infections using its scanning tool. The kicker is that all of those found to be infected are already running some form of security software, be it anti-virus tools like Avast, AVG or Symantec, or built-in defense systems like Windows Defender.

Regardless of the security system in place, every dot on that map is someone actively fixing their system with MalwareBytes. That’s why the company wants you to make MalwareBytes your first line of defense, not the last.

Stepping out of the shadows

First released in 2007 after co-founder and CEO Marcin Kleczynski had his own brush with troublesome malware, MalwareByres has been used as a popular “remediation,” tool ever since. That’s because many users have found it to be a more effective tool for discovering infections and attacks than existing antivirus protection. We asked  Kleczynski what makes MalwareBytes a more effective way to discover, and ultimately stop, malware attacks in their tracks.

malwarebytes art
Image used with permission by copyright holder

“A lot of traditional antivirus firms do a lot of work with signatures,” he said. “You’ve seen it before, they ship a large database of signatures [of malware]. They’re hundreds of megabytes. They update it every day or every hour. The issue with that approach is they must react. They actually have to see the malware.”

That’s no good, he says, because it’s impossible to discover every piece of malicious software out there. “You’re never going to see all of the malware, you’re not even going to see five percent of the malware. You have to look at trends and patterns,” he said.

Malwarebytes does exactly that, relying on analysis of how software is running instead of looking for specific signatures associated with known malware. “When we started in 2004, the majority of antivirus ideas were already 20 years old, so we were really able to come up with AV 2.0, and take our own approach to it. […] Even back in 2004, we were already looking at characteristics.”

Today, MalwareBytes employs numerous approaches to cover as many bases as possible. That includes using the signatures of existing and detected malware to track down known infections, and leveraging machine learning to plan. It also looks at behaviors and expected use patterns, so if certain software starts doing something it shouldn’t, it can put a block on it before it starts.

“You’re never going to see all of the malware, you’re not even going to see five percent.”

“Our anti-ransomware system which ships with MalwareBytes, it’s exclusively behavior based,” Kleczynski said. “We look for encryption events and we score them and if we see too much, we actually roll back the process and arrest it. That’s an example of a custom-built technology that we had to put together, because ransomware was such a big issue.”

Ultimately, Kleczynski said, MalwareBytes doesn’t use a “Silver Bullet” technique, claiming that no one solution works for all malware attacks. Instead, it uses a combination of systems and expertise to come at the modern world of breaches and infections with a multi-faceted approach.

Carrots and sticks

While Kleczynski talks a big game, its the company’s recent report on its competitors that is the starkest part of its recent promotional efforts. It’s not just claiming that MalwareBytes is the best. It’s showing how its competitors are failing customers.

“[We]’ve seen a lot of the AV labs putting out reports where many of them score 100 percent,” Kleczynski said. “It’s become increasingly popular with AV vendors to slap stickers on their website. Malware in a lab performs very different from malware in the wild. The only real way, I think, to compare AV vendors is to analyze the real-world data.”

malwarebytes heat map
Image used with permission by copyright holder

That’s exactly what it did with its “Mapping AV Detection Failures,” report. In it, it looked at around 10 million infected systems that cleaned themselves up using the MalwareByte scanning tool between January, and June, of 2017. Of that number, some 44 percent had two or more antivirus solutions installed — yet were infected anyway.

“Taking out all data that looks at MalwareBytes actively blocking threats, we only looked at data of the major AV companies,” Kleczynski said. “They had to be registered in the Windows security center, so had to be actually activated with Windows. If we cleaned up the mess after AV, we sent that information back to our servers. [We recorded] if we have cleaned up malware on a computer and [what antivirus] it has installed. That’s the only data we collected, no personally identifiable information. We tossed away all the IP addresses.”

Other notable stats in the report include that 52 percent of ransomware infections caused by the notorious ransomware known as Hidden Tear were discovered on systems running multiple antivirus solutions. If you eliminate Microsoft’s bundled Windows Defender from the results, some 40 percent of all malware tracked were discovered on a system with an add-on antivirus solution.

Live tracking success and failure

MalwareBytes is aware of the potential for perceived bias in such a report. After all, its own report claiming it’s better than the competition is hardly surprising. That’s where the live heatmap comes in. Available now for anyone to view, it tracks live MalwareBytes scans across the world, highlighting that often these systems have third party antivirus installed — which failed.

While MalwareBytes goes out of its way to avoid naming and shaming anyone in its aggregated report, the live data does not. Microsoft tops the list, suggesting the Windows Defender tool that comes installed by default with Windows 10 is the most popular antiviral solution around. Still, big names like Avast, AVG, McAffee, Symantec, Kaspersky, and many others make the list. They all fail to pick up malware that MalwareBytes ultimately cleans up.

“They might have Windows Defender installed, and then add in Avast, but they’re still getting infected.”

If nothing else, the heatmap shows that a lot of people are using MalwareBytes, and they’ve having success with it. Within just a few minutes of viewing the map, hundreds of success “blips” appear across it. Scrolling through the list, just about every mainstream consumer and business antivirus has been thwarted by an infection that MalwareBytes ultimately cleans up.

“This map shows when remediation cleans up the malware on the devices as its happening,” Kleczynski said. “[We’re] not claiming we’re the best, but […] we’re looking at a lot of consumers who use multiple solutions. They might have Windows Defender installed, and then add in Avast, but they’re still getting infected.”

Building trust in a world full of breaches

Along with its more varied approach to malware detection and prevention, MalwareBytes also employs several practices to keep its own code secure. Competitors like of Ccleaner and Symantec have faced security concerns at the very core of their service, so MalwareBytes thinks this could help build trust among consumers who find it increasingly hard to know where to turn for protection. It’s especially important now that security researchers have highlighted how some antivirus software can introduce more security vulnerabilities than they protect against.

“We have internal security teams – I just hired a new information security officer myself a year ago – and we do a lot of code audits, third party audits,” Kleczynski said. “We have a bug bounty where we pay up to $5,000 for a bug discovered and are thinking about raising that to raise interest. We’re partnered with HackerOne, too.”

This is something all companies should be doing though, he thinks. Highlighting how some of the recent debacles with security at major firms have impacted the public’s opinion of them and data collection services in general, Kleczynski highlighted that ultimately, it’s the way that companies respond to issues that defines them most.

“People will try to find vulnerabilities in your software and it’s how you respond. No programmer is perfect, and I don’t think AV [introduces] more vulnerabilities if done right.”

And his idea of what antivirus (or anti-malware) “done right,” — is MalwareBytes of course.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
This Asus laptop handily beats the XPS 13 — and it’s cheaper
The Zenbook S 14 on a table in front of a grass lawn.

Windows manufacturers have been hungering for a chipset that can keep up with Apple's very fast and efficient M3 architecture. Enter Qualcomm with its Snapdragon X and Intel with iLunar Lake. Each aims at providing better battery life with good performance, as well as adding faster on-device AI speeds to support Microsoft's Copilot+ PC initiative.

The XPS 13 9345 is among the first Qualcomm laptops and the Zenbook S 14 is the first Lunar Lake laptop that we've reviewed. This makes it an important battle to see which platform can make it to our list of the best laptops.
Specs and configurations

Read more
Here are the 10 best gaming keyboards I’d recommend to anyone in 2024
A custom keyboard sitting among keycaps and switches.

Whether you want to gain a competitive edge or just mess around with some RGB lighting, you'll need one of the best gaming keyboards. Although the old guard of brands like Corsair, SteelSeries, and Razer still make some excellent gaming keyboards, the competition is fierce in 2024, with smaller brands rising up to push the market of gaming keyboards forward.

An excellent example of that is our top pick, Asus' ROG Strix Scope II 96, which elevates gaming keyboards to an enthusiast level while maintaining a mainstream price. Although it's the top gaming keyboard for most people, it isn't the best for everyone. After putting our fingers on dozens of different gaming keyboards, these 10 are the only ones you should keep in mind.

Read more
Nvidia’s CEO — yes, one person — is now worth more than all of Intel
Jensen Huang at GTX 2020.

Nvidia is one of the richest companies in the world, so it's no surprise that the company's CEO, Jensen Huang, is quite wealthy. The most recent net worth numbers from Forbes puts into context just how wealthy the executive really is, though. Huang has an estimated net worth of $109.2 billion, which is around $13 billion more than the market cap of Intel across the entire company.

Although Nvidia makes some of the best graphics cards, the obscene amount of money the company has racked up over the past two years stems from its AI accelerators. In 2020, Forbes estimated that Huang was worth $4.7 billion, and even in 2023, after ChatGPT had already exploded onto the scene, the executive was worth $21.1 billion. Now, Huang is the 11th richest person in the world, outpacing Bill Gates, Michael Dell, and Michael Bloomberg.

Read more