Subscribe To Our Daily Enewsletter:

Malwarebytes CEO Steps Up Amid Buggy Security Update

For starters, last weekend didn’t go so well for security provider Malwarebytes, widely regarded for treating its customers and channel partners right.

Let’s call this part one: On Saturday, the company pushed out heavily flawed software update that devoured memory and CPU resources and turned off web protection. To make matters worse, an initial fix left some users’ systems locked up.

The update, uploaded to users of the anti-malware provider’s subscription-based premium, premium trial and endpoint products, drew an immediate loud chorus of serious complaints. (Note: Malwarebytes for Mac, Android, AdwCleaner, Incident Response and Breach Remediation were not affected.)

Malwarebytes’ Technical Explanation

Technically speaking, here’s what happened as explained in a Malwarebytes root cause analysis issued the day of the bad update: “A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs.”

Notified of the issue by its customer service people, Malwarebytes, which had pushed out some 20,000 of the updates, tweeted that it was on it. “Please note that we are aware of the current update issues and the complete Malwarebytes team is all hands on deck to fix this ASAP. Thank you for your patience and understanding.”

Within an hour, the company had pushed out a fix to the update. But that didn’t solve the whole problem. Subsequently, it issued a second update that solved the issues. Some of the users that had flogged the company only minutes earlier rebounded with a goodly amount of praise for its super quick response. A trust building response, you might say.

A CEO Steps Up

Now for part two: In the software industry, issuing buggy updates isn’t new nor is it unusual. Regrettably, there are many more instances in which the offending vendor hedges, dodges, hides, denies, deflects or ignores until it’s backed into a corner and has to confess. Frankly, it’s a boring dance that leaves users cynical and frustrated when a quicker, responsibility-taking response would have done just fine.

Malwarebytes CEO Marcin Kleczynski

Much to his credit Malwarebytes CEO Marcin Kleczynski fessed up pretty much on the spot, issuing a blog on Saturday afternoon explaining what happened and how it happened. That’s pretty standard fare. But then came the kicker: He said he is “personally available” to users both on the company’s forum and by his email to discuss the issue.

This is what he wrote: “We test every single [update] before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement.

“We are working hard to not only triage your issues and get your computer or business back up and running but to also rebuild your trust. We are going to overhaul how we publish these protection updates so that this never happens again.

“I am personally available to discuss both on this forum via personal message or at mkleczynski@malwarebytes.com.”

No Hiding From the Issue

Think about that for a moment: The company’s leader didn’t run from the problem, he ran towards it as it was happening. He didn’t wait two weeks to do an investigation, talk to people and assess the damage. He stepped right up to help ease partner and customer pain right away. Admittedly, Malwarebytes is a small company with not nearly the number of variables of a tech industry heavyweight. But still, a step up is a step up is a step up.

As an aside: Kleczynski was named CEO of the Year at the Info Security Products Guide’s 13th annual Global Excellence Awards in March of last year.

Return Home

4 Comments

Comments

    Scott:

    So he did what users should expect a CEO to do in that situation. We’re giving special awards or recognition for doing what you’re supposed to do? Lots of CEOs and business owners do this every day. Why should he get special credit for this, especially after his company screwed up many thousands of computers and cost untold man-hours for who knows how many businesses and organizations?

      Joe Panettieri:

      Hey Scott: You raise valid points. But here’s the thing. When a company stumbles, the PR and legal teams usually jump into action. Customers can typically expect a generic apology, a YouTube video, and perhaps a 1-800 number or support@generic.com email address. In Marcin’s case, he personally jumped into forums, explained the situation and offered up his personal email address.

      Did Malwarebytes screw up over the weekend? Yup. Does Marcin deserve some sort of reward for doing the right thing? Nope. But should we mention his example so that more companies follow his lead? I believe so.

      Still, I appreciate your feedback and constructive criticism. I know Malwarebytes partners and customers suffered some serious pain with this.
      -jp

      Joe Panettieri
      Editor, MSSP Alert
      Joe@AfterNines.com

    Jeff:

    All this does is show how good of a company they are. Thet not only stood up and took blame as well as had a fix for it in record time.

    Thanks malwarebytes
    C&T Computers.

    Brian Mac Gairbhigh!:

    So this didn’t effect all Malware-bytes users just a relatively small percentage of there over all user base? 20k is a lot of briefly disappointed users but in fairness its not exactly 20 million! Well done guys for the quick response times! Great company! Storm in a tea cup! This kind of thing happens all the time with software nowadays!

Leave a Reply

Your email address will not be published. Required fields are marked *