Skip to main content

This real-time map of antivirus fails is roasting MalwareBytes’ competitors

malwarebytes laptop
Image used with permission by copyright holder
In the wake of the Equifax hack and growing mistrust of major anti-virus companies, it’s becoming harder and harder to know where to turn for your digital security. MalwareBytes believes it should be your solution in these troubled times, and has thrown down the gauntlet for other anti-virus firms with a new tool and report that highlights how they are failing their customers.

MalwareBytes is an anti-malware application that offers manual scanning in its free version, and real-time protection with its premium option. Traditionally, it’s been used as remediation tool by consumers, as a redundancy after their main anti-viral solution fails to prevent infection. But as 2017 ends, MalwareBytes is looking to step out of the toolsets of IT professionals, and into the hearts and minds of consumers the world over — by taking a swipe at its competitors.

To highlight their failings, it’s released a heat map of MalwareBytes users the world over, who have discovered malware infections using its scanning tool. The kicker is that all of those found to be infected are already running some form of security software, be it anti-virus tools like Avast, AVG or Symantec, or built-in defense systems like Windows Defender.

Regardless of the security system in place, every dot on that map is someone actively fixing their system with MalwareBytes. That’s why the company wants you to make MalwareBytes your first line of defense, not the last.

Stepping out of the shadows

First released in 2007 after co-founder and CEO Marcin Kleczynski had his own brush with troublesome malware, MalwareByres has been used as a popular “remediation,” tool ever since. That’s because many users have found it to be a more effective tool for discovering infections and attacks than existing antivirus protection. We asked  Kleczynski what makes MalwareBytes a more effective way to discover, and ultimately stop, malware attacks in their tracks.

malwarebytes art
Image used with permission by copyright holder

“A lot of traditional antivirus firms do a lot of work with signatures,” he said. “You’ve seen it before, they ship a large database of signatures [of malware]. They’re hundreds of megabytes. They update it every day or every hour. The issue with that approach is they must react. They actually have to see the malware.”

That’s no good, he says, because it’s impossible to discover every piece of malicious software out there. “You’re never going to see all of the malware, you’re not even going to see five percent of the malware. You have to look at trends and patterns,” he said.

Malwarebytes does exactly that, relying on analysis of how software is running instead of looking for specific signatures associated with known malware. “When we started in 2004, the majority of antivirus ideas were already 20 years old, so we were really able to come up with AV 2.0, and take our own approach to it. […] Even back in 2004, we were already looking at characteristics.”

Today, MalwareBytes employs numerous approaches to cover as many bases as possible. That includes using the signatures of existing and detected malware to track down known infections, and leveraging machine learning to plan. It also looks at behaviors and expected use patterns, so if certain software starts doing something it shouldn’t, it can put a block on it before it starts.

“You’re never going to see all of the malware, you’re not even going to see five percent.”

“Our anti-ransomware system which ships with MalwareBytes, it’s exclusively behavior based,” Kleczynski said. “We look for encryption events and we score them and if we see too much, we actually roll back the process and arrest it. That’s an example of a custom-built technology that we had to put together, because ransomware was such a big issue.”

Ultimately, Kleczynski said, MalwareBytes doesn’t use a “Silver Bullet” technique, claiming that no one solution works for all malware attacks. Instead, it uses a combination of systems and expertise to come at the modern world of breaches and infections with a multi-faceted approach.

Carrots and sticks

While Kleczynski talks a big game, its the company’s recent report on its competitors that is the starkest part of its recent promotional efforts. It’s not just claiming that MalwareBytes is the best. It’s showing how its competitors are failing customers.

“[We]’ve seen a lot of the AV labs putting out reports where many of them score 100 percent,” Kleczynski said. “It’s become increasingly popular with AV vendors to slap stickers on their website. Malware in a lab performs very different from malware in the wild. The only real way, I think, to compare AV vendors is to analyze the real-world data.”

malwarebytes heat map
Image used with permission by copyright holder

That’s exactly what it did with its “Mapping AV Detection Failures,” report. In it, it looked at around 10 million infected systems that cleaned themselves up using the MalwareByte scanning tool between January, and June, of 2017. Of that number, some 44 percent had two or more antivirus solutions installed — yet were infected anyway.

“Taking out all data that looks at MalwareBytes actively blocking threats, we only looked at data of the major AV companies,” Kleczynski said. “They had to be registered in the Windows security center, so had to be actually activated with Windows. If we cleaned up the mess after AV, we sent that information back to our servers. [We recorded] if we have cleaned up malware on a computer and [what antivirus] it has installed. That’s the only data we collected, no personally identifiable information. We tossed away all the IP addresses.”

Other notable stats in the report include that 52 percent of ransomware infections caused by the notorious ransomware known as Hidden Tear were discovered on systems running multiple antivirus solutions. If you eliminate Microsoft’s bundled Windows Defender from the results, some 40 percent of all malware tracked were discovered on a system with an add-on antivirus solution.

Live tracking success and failure

MalwareBytes is aware of the potential for perceived bias in such a report. After all, its own report claiming it’s better than the competition is hardly surprising. That’s where the live heatmap comes in. Available now for anyone to view, it tracks live MalwareBytes scans across the world, highlighting that often these systems have third party antivirus installed — which failed.

While MalwareBytes goes out of its way to avoid naming and shaming anyone in its aggregated report, the live data does not. Microsoft tops the list, suggesting the Windows Defender tool that comes installed by default with Windows 10 is the most popular antiviral solution around. Still, big names like Avast, AVG, McAffee, Symantec, Kaspersky, and many others make the list. They all fail to pick up malware that MalwareBytes ultimately cleans up.

“They might have Windows Defender installed, and then add in Avast, but they’re still getting infected.”

If nothing else, the heatmap shows that a lot of people are using MalwareBytes, and they’ve having success with it. Within just a few minutes of viewing the map, hundreds of success “blips” appear across it. Scrolling through the list, just about every mainstream consumer and business antivirus has been thwarted by an infection that MalwareBytes ultimately cleans up.

“This map shows when remediation cleans up the malware on the devices as its happening,” Kleczynski said. “[We’re] not claiming we’re the best, but […] we’re looking at a lot of consumers who use multiple solutions. They might have Windows Defender installed, and then add in Avast, but they’re still getting infected.”

Building trust in a world full of breaches

Along with its more varied approach to malware detection and prevention, MalwareBytes also employs several practices to keep its own code secure. Competitors like of Ccleaner and Symantec have faced security concerns at the very core of their service, so MalwareBytes thinks this could help build trust among consumers who find it increasingly hard to know where to turn for protection. It’s especially important now that security researchers have highlighted how some antivirus software can introduce more security vulnerabilities than they protect against.

“We have internal security teams – I just hired a new information security officer myself a year ago – and we do a lot of code audits, third party audits,” Kleczynski said. “We have a bug bounty where we pay up to $5,000 for a bug discovered and are thinking about raising that to raise interest. We’re partnered with HackerOne, too.”

This is something all companies should be doing though, he thinks. Highlighting how some of the recent debacles with security at major firms have impacted the public’s opinion of them and data collection services in general, Kleczynski highlighted that ultimately, it’s the way that companies respond to issues that defines them most.

“People will try to find vulnerabilities in your software and it’s how you respond. No programmer is perfect, and I don’t think AV [introduces] more vulnerabilities if done right.”

And his idea of what antivirus (or anti-malware) “done right,” — is MalwareBytes of course.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
This Dell 2-in-1 laptop is over $1,100 off right now (seriously)
Dell Latitude 9330 tent view showing display and hinge.

If you're looking at 2-in-1 laptop deals because you like the versatility of these devices, you're going to love this opportunity to get the Dell Latitude 7430 2-in-1 laptop with a discount of $1,118. It's currently available from Dell for $1,009, for savings of $1,018 on its original price of $2,027, but you'll get an extra $100 off with the code SAVE100, which pulls its price down even further to $909. That's an absolute steal for this machine, so you better hurry with your purchase because we're not sure when the bargain will disappear.

Why you should buy the Dell Latitude 7430 2-in-1 laptop
The Dell Latitude 7430 falls under the convertible category of 2-in-1 laptops, according to our laptop buying guide. That means you can quickly and easily switch from laptop mode to tablet mode by folding its 14-inch touchscreen with Full HD resolution all the way back to below its keyboard. Not only is the device portable, but it's also capable of matching your needs at any given moment. You'll be able to use the keyboard for typing documents in laptop mode, and maximize the touchscreen for using apps in tablet mode, for example.

Read more
Usually $995, this Dell work-from-home laptop is $449 today
Dell Latitude 3420 on a desk hooked up to a monitor.

One of the best laptop deals comes courtesy of Dell and is perfect for anyone on a budget. Currently, you can buy the Dell Latitude 3420 laptop for $449 saving you $545 off the regular price of $995. It's currently on the Dell website for $499 but if you use the code SAVE50, you save an additional $50 bringing it down to its excellent new price. If you're in the market for a cheap laptop, take a look at what it offers below.

Why you should buy the Dell Latitude 3420
With Dell being one of the best laptop brands, you can be safe in the knowledge you get good value for money with the Dell Latitude 3420. It has an 11th-generation Intel Core i3 processor along with 8GB of memory and 256GB of SSD storage. Alongside that is a better screen than you'd normally get at this price. It has a 14-inch full HD display with 1920 x 1080 resolution and 250 nits of brightness.

Read more
Holy smokes! This HP 17-inch is an absolute steal at just $260
A woman video chats with her friends on an HP Envy laptop.

HP frequently has great laptop deals for anyone on a tight budget but in need of good quality. Right now, it has an HP 17-inch laptop for just $280 so you save $220 off the regular price of $500. Ideally suited for a student on a budget or someone who needs a laptop for occasional use rather than a powerhouse, let's take a look at what it offers.

Why you should buy the HP 17-inch laptop
With HP being one of the best laptop brands around, you get decent quality for the price, even if that price is low. With this HP 17-inch laptop, you get an AMD Athlon Gold processor along with 8GB of memory and 128GB of SSD storage. That's basic stuff that won't compete with the very best laptops but it'll do the job well enough for anyone who needs something basic for typing up documents or browsing online.

Read more