At the age of 14, Marcin Kleczynski had a problem: After downloading video games from shady online sources, he accidentally infected his family computer with malware. Who among us hasn't faced that decidedly nerdy teenage crisis? Traditional antivirus software didn't cut it and Marcin had to dig deep to find a solution to his malware problem. But from that exploration he evidently caught a different sort of bug as well, and continued to research malware and viruses out of curiosity while collaborating with other volunteers online.
That hobby snowballed over the years as Marcin taught himself to code and what started out of necessity eventually grew to be its own product and company. Now Malwarebytes has a team of over 320 employees and its various products have been downloaded about half a billion times. Not a bad place to be for something that started on the family computer in the basement. We spoke with Marcin to learn a little more about his experience in the fight against malware.
Tell us about how Malwarebytes came about. You started back when you were a teenager and had to deal with an infection on your own system, right? Evidently you decided to take the matter into your own hands!
I was certainly young, and still living in my parent's basement. We had a shared family computer that I practically destroyed by downloading a stolen video game. We had an antivirus installed and it let the malware right through. The pop-ups wouldn't stop, and the whole family blamed me. So I took matters into my own hands and found help in the form of an online support forum. A volunteer walked me through a very manual, fifty step process to get rid of the malware. I was grateful, but after that event I decided there had to be a better way to get rid of malware.
Were you already a seasoned programmer or were you learning as you went when you decided to create your own tool?
Believe it or not, I learned how to program from a "for dummies" book. It's that yellow one that you're embarrassed to read in public. After the first version of the product shipped, I attended the University of Illinois and earned my Computer Science degree.
Why did the project continue to grow? Were you simply fascinated by malware? Or was it more of a opportunity that simply presented itself, that is, you saw a big gap in the market that traditional antivirus software wasn't effectively protecting against?
It was both. I fell in love with how malware worked but also wanted to be a superhero of sorts. I saw traditional antivirus software had failed and let malware into my computer firsthand. My partners and I set out to make the world a better place, fixing one computer at a time.
How did you choose which platforms to target and which to ignore or wait on?
We started with Windows, which was the predominant attack surface for most criminals at the time. We waited to introduce products on mobile and Mac until recently, partly because we didn't consider them as significant of a threat and also, as a startup, we simply didn't have the resources to do everything we wanted to right off the bat.
At what point did it go from a hobby to something you realised could be a business?
I think this was more gradual than most people expect. There was no single point in the company's history that I would point to, but near the end of 2008 the revenues were exploding and I think it was very sobering for my partners and I.
What was your biggest roadblock and how did you overcome it?
Being such a dispersed and remote company was a big roadblock. I wasn't even at the office while attending the University of Illinois. We had to sort through many communication issues and be mindful about how we shared information with each other.
How do you handle user requests and criticisms effectively?
I personally handled all support tickets from 2008 and so we were able to get early feedback baked into the product quickly. Today, if I receive an email from a user or customer, I will always respond to it. I even try to break into the support ticketing system to get access to tickets; the support team doesn't like that. Bottom line, I prefer getting the negative feedback because I can be opportunistic and fix it!
Now, how do you split time between developing new features and managing existing ones? You obviously need to protect against the latest threats, but how do you innovate beyond the "status quo" of what people expect from anti-malware/virus software?
I've found that having this all on one team makes it impossible to solve. There will always be a battle on splitting the time. So we built a whole separate team. Our technologies team basically plays in a virtual sandbox all day and tries ideas that may be perceived as crazy but could work. We built our anti-rootkit and anti-ransomware technologies in this lab.
What advice would you give to others that want to take on a similar project?
Build a product within a community that is passionate about what you're building. They will be your first customers, will provide you with amazing feedback that you can assess in real time, and will be your biggest evangelists who can help make your product viral.
Lifehacker's Behind the App series gives an inside look at how some of our favourite apps came to be — from idea to launch (and beyond).