Connect with us

Hi, what are you looking for?


Endpoint Security

Malwarebytes Replaces Antivirus with New Version 3.0

Antivirus is a misnomer. Antivirus companies are no longer just antivirus; but the name has stuck. Everybody accepts that antivirus alone is no longer enough to keep computers and networks safe — but because of the misnomer, new next-gen machine learning endpoint protection vendors have been able to take center stage as antivirus replacement products.

Antivirus is a misnomer. Antivirus companies are no longer just antivirus; but the name has stuck. Everybody accepts that antivirus alone is no longer enough to keep computers and networks safe — but because of the misnomer, new next-gen machine learning endpoint protection vendors have been able to take center stage as antivirus replacement products. Legacy antivirus vendors, like Symantec, Sophos and McAfee have been compelled to release new products to rid themselves of the legacy association. Today Malwarebytes became the latest with the launch of Malwarebytes 3.0.

This new version combines the market preference for a single all-in-one product with the security expert’s preference for layered security. Even the free consumer version has been amalgamated into the single build 3.0, and differentiated from the enterprise version by the product’s license key. It is the consumer version that is launched today. This will give Malwarebytes, which raised $50 million in series B funding in January 2016, the experience and feedback from millions of users before launching the enterprise version in early 2017.

“The consumer version will always be free with the same remediation capabilities as the enterprise version,” CEO Marcin Kleczynski told SecurityWeek. “It goes back into the deep roots of where the company came from. I was infected with malware back in 2003 and was completely helpless. The only thing that saved me was the free tools that were out there. Unfortunately there were many that I had to run — so MalwareBytes was an attempt to bring everything together in one product; and we will always offer that free for consumers.”

The layered protection available in the new version is through the combination of different components. “The first layer is web blocking,” explained Kleczynski. “We’re looking to block any connection to a malicious host so that the user cannot even pull down the malware. The next layer is anti-exploit: here we’re looking for things like malvertising or anything that comes in through Flash or Java browser exploits. Then we’ve got the payload analysis (the anti-malware component); so if the user has malware on the machine, perhaps through email, we do pre-execution analysis on the file before it can run. Next we have an anti-ransomware layer based on behavior. And finally we have a remediation layer so that, if everything else has failed, we can get the user back to a clean environment.”

The anti-ransomware layer is really a behavior blocker tuned to anti-ransomware simply because of the magnitude of the threat. “The anti-malware side of the product is a pre-execution component, meaning it will try to detect malware before it can actually run on the machine,” explained Kleczynski. “It will probably detect a big chunk of ransomware as well. The anti-ransomware component is completely signature-less; it’s a behavioral blocker. This means that the malware has already got through and has started running — which is unfortunate — but it also means we can watch what it is doing. It’s the last layer of defense.” 

Kleczynski claims that the anti-malware component will catch 99.99% of all ransomware before execution, but the anti-ransomware will catch anything that gets through by analyzing its behavior. “Ransomware encrypts files. So if files start to get encrypted, you know there may be ransomware. We don’t like to see more than 2 to 3 files being encrypted before we make a go/no go decision on whether this is ransomware or not. With just 2 or 3 files, we’ve stored a lot of the information in memory and can potentially reverse the changes, thus leaving the machine completely unharmed.”

Behavior blocking is a bit like machine learning without the machine. It uses manually generated rules rather than machine generated rules. But Kleczynski said that its product will be enhanced by machine learning proper in the near future.

“We’ve seen enough malware in the world to have a machine learn on that malware and predict the future — we’ve seen so many malware files that we can look at individual characteristics and learn about and from them,” Kleczynski  said. “So we have some stuff in beta that we’ll come out with by the end of the year around machine learning; not just in anti-ransomware and behavior but in pre-execution. A couple of companies are already doing some interesting stuff in this area, and we want to make sure we’re ahead of that game as well.”

Advertisement. Scroll to continue reading.

But he’s not an out-and-out fan of machine learning, and it will never be more than part of the Malwarebytes mix. “My issue with the new next-gen companies that have emerged over the last few years,” he told SecurityWeek, “is that they try to be a silver bullet, a one-trick pony. Several of them just do machine learning — which is good; but you won’t detect more than 95% of malware and the false positive rate will go through the roof. Our approach,” he continued, “which we think is the right approach, is to layer components. I don’t need 95% detection with 1% false positive in a layered solution — I’ll take 50% detection with 0% false positives. This beefs up my overall security without much overhead at all. I can use the other components, like the behavior and web blocking and anti-exploit and anti-malware that we already have, to get to the remaining 50%. The aim is to aggressively detect malware without incurring a high rate of false positives.”

The consumer version of Malwarebytes 3.0 is available now. The enterprise version will be launched early in 2017.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...