Malwarebytes preps enterprise edition of PC-cleaning software

Combo of behavioral and signature detection sets it apart from antivirus products

Malwarebytes this fall expects to release an enterprise-grade anti-malware platform that it says doesn't compete directly with traditional antivirus software because it relies more on observing how the malware acts and less on seeking code signatures.

Founded in 2004, the company's roots are in malware removal, but since then it has made a name for itself with its free Malwarebytes Anti-Malware introduced in 2008 that it says can detect malicious code that antivirus software misses.

The company also sells a $24.95 Pro version of the product that it claims has been downloaded more than 100 million times.

MORE: Researcher: Threats from zero-day exploits overhyped

But now the company is developing a management platform to wrap around the product to make it more suitable for use in large businesses where deploying, managing, updating and getting reports from large numbers of machines is important.

Company executives say customers have deployed as many as 25,000 Malwarebytes clients, and written their own scripts to and tools to help deploy and manage them. The enterprise version will lift that need.

The company's core expertise is cleaning up infected computers, says Andreas Antonopoulos, an analyst with Nemertes Research. "Traditional malware systems are not very good at removing malware from infected systems," he says.

It remains to be seen whether enterprises will find that expertise valuable enough to pay for an enterprise license, Antonopoulos says. "It depends on how [each enterprise] handles infections."

Some businesses might not want to remove malware, preferring instead to wipe an infected machine clean and doing a bare-metal reinstall of the operating system and applications, he says. This option would be most attractive to organizations that are routinely building new desktops for employees anyway and have the resources to wipe and rebuild, he says. That way the organization can be sure the malware is gone, whereas removing just the malware leaves some uncertainty as to the effectiveness of the removal.

On the other hand, businesses with limited staff, money and expertise might not be able to wipe and rebuild. "The cost and time to rebuild is very, very high," Antonopoulos says.

The platform is effective enough that Kaseya, an IT SaaS provider, uses Malwarebytes to support its anti-malware module. Kaseya customers who buy the service can issue changes and monitor Malwarebytes clients via the Kaseya dashboard, says Jeff Keyes, the company's director of security.

He says customers were seeking a way to remove malware that was slowing down their corporate computers. "Their machines were loaded with crap, and they didn't want to spend time cleaning it up," he says. Once the software cleans the machines, customers leave it on to catch reinfections, he says.

Kaseya also sells antivirus services powered by Kaspersky and AVG, but Malwarebytes catches malware that the others don't, Keyes says.

That's because Malwarebytes looks not just for code signatures but also for what the malware does, says the company's founder and CEO Marcin Kleczynski. So if the code morphs, the Malwarebytes behavioral signature will still catch it. "Regardless of how the code changes, it will still detect the behavior," he says.

The company gathers samples of malware, checks whether traditional antivirus products can detect it and based on the results gives it a priority. If none do or just a few, Malwarebytes creates a signature for it right away, he says.

The software also blocks IP addresses known to spread malware, he says.

The company relies to some extent on the community of users that frequent its malware forum for finding new instances of malicious behavior, Kleczynski says.

Learn more about this topic

7 free Windows tune-up tools and tips 

Warning: Urgent Microsoft update may be Firefox malware 

Fake browser warnings dupe users into downloading 'scareware'

Join the discussion
Be the first to comment on this article. Our Commenting Policies