Endpoint security firm Malwarebytes has launched a new VPN offering targeting work from home and consumer markets, featuring AES 256 encryption, WireGuard VPN protocol, no logging, and virtual servers in more than 30 different countries.
Santa Clara, CA-based Malwarebytes has introduced Malwarebytes Privacy, a VPN it promises will be the first of an emerging suite of privacy products.
“Today you can’t go online without corporations, advertisers, and hackers trying to eavesdrop on you, and it’s feeling increasingly invasive for consumers,” said Akshay Bhargava, CPO at Malwarebytes. “With a single click, Malwarebytes Privacy gives you the power to protect your online privacy by masking your IP address and online activity. As more and more people are utilizing home networks today, it’s increasingly imperative that we extend security to each and every person — no matter where they are or what network they are using — so that they can protect themselves and exert control over who gets their data, and for what purpose.”
Of course, the need for and piquancy of VPNs has received a massive spur from the current pandemic and the increase in working from home. Larger corporations will have a company VPN they can use for their home workers, but smaller companies may not. “The initial release of the product is targeted at consumers and self-employed micro-businesses,” Malwarebytes told SecurityWeek. “However, it is entirely appropriate for corporate workers who do not already have a corporate VPN solution to also use Malwarebytes Privacy while working from home.”
Key features of the VPN are speed, security and privacy. The speed comes from its use of the open-source VPN protocol called WireGuard which, says Malwarebytes, “is more efficient and streamlined than traditional VPNs.” Malwarebytes is not alone in this assertion: an August 2018 review by Ars Technica includes, “an OpenVPN connection from my Xeon E3 workstation to Linode’s cheapest VM offering takes more than eight seconds. Connecting the two via WireGuard takes barely over 100 milliseconds.”
Security comes from the use of AES 256 encryption, which cannot be brute forced by current classical supercomputers. That may change at some time in the future after the introduction of powerful quantum computers. In the meantime, however, it has been estimated that it would take a supercomputer a billion, billion years to brute force even AES 128.
Malwarebytes VPN is safe from being cracked — provided that attackers cannot get hold of the relevant keys. “The private key used for encryption is stored as an RC4-encrypted hex-encoded string in the local configuration file,” Malwarebytes told SecurityWeek. “RC4 encryption with a Malwarebytes secret key is used to encrypt the private key. The private key pair is rotated on a regular basis. The public key is stored in a secure cloud-based storage system.”
The privacy element comes from Malwarebytes’ decision not to log any VPN traffic. There is nothing for hackers to steal, nor governments to demand — even if armed with national laws such as the PATRIOT Act. “Malwarebytes complies with all applicable laws,” said the firm. “Just like any vendor of VPN services, we would comply with such a request only to the extent legally required. Where such data does not exist, we would not have anything to provide.”
The VPN is offered as a stand-alone product at $59.99 covering five Windows devices, or bundled with Malwarebytes Premium currently at $89.99 per year for five Windows devices.
Malwarebytes was founded in 2008 by Bruce Harrison (VP Research), Doug Swanson (board member), Marcin Kleczynski (CEO), and Marcus Chung. In January 2016, it raised $50 million in a Series B funding round, bring the total raised to date to $80 million.