Sunday 29 November 2015 10:17 pm

The self-made mastermind: Malwarebytes founder Marcin Kleczynski on giving away software and what it’s like making half a million bucks at 18

After I’d met Marcin Kleczynski, I came across someone who has known and worked with him for several years. A few seconds in and he said to me: “when you meet Marcin, the first thing you think is ‘I might be talking to the next Mark Zuckerberg… but this one’s a lot nicer’”. It’s hard to disagree.
Kleczynski started what became his company Malwarebytes, the expert malware removal company, in October 2003, aged 14. “I loved playing video games but hadn’t the money to buy them, so I pirated every one I played.” Unsurprisingly, it didn’t take long for his computer to become infected with malware so, as any of us would do, he googled his problem, landing on a support forum. “Here was a group of volunteers from all over the world helping people like me clean up their computer for free. I couldn’t grasp that. Selfish young high school kid, and people were giving hours of their time. It made me want to stick around the community.”


Armed with a Visual Basic 6.0 for Dummies (which by then was 10 years out of date), Kleczynski started learning how to programme, building tools that automated some of the process people  he’d met online were using to help others. Their popularity grew, and a kindly soul donated the name Malwarebytes to him. “I actually hated the name! It was – not even .com – but I had no money, I didn’t know how to run a website, so I took it.” A few years down the line, he bought .com and .org. “I guess I’ve stuck with .org because my whole mission in life is to help people, in the same way I was helped – a karma train, if you will.” 
Now, one computer science degree and many very supportive people later, Kleczynski is the chief executive of his company, and his main product is downloaded 400,000 times a day. “Our process to remove the malware is completely free.” A no strings attached approach is crucial for him. The company only charges $25 a year for a long-term solution (compare that with an anti-virus firm charge of around $100), and a third of people uninstall the software within an hour of downloading it, but Kleczynski is “perfectly okay with that. It drives people to go into work, often using their personal computers, and say something. Business has the same problems with malware as people at home – people still surf.” In 2010, Malwarebytes started building a product for companies. In the UK, it counts Imperial College, Sotheby’s and Hogan Lovells among its clients. 
And the firm itself now employs 300 people across the globe. It’s headquartered in San Jose, but offices span from Florida to Estonia, because Kleczynski opens them where the talent is. One of his top researchers joined six years after they first met – and she’s the lady who spent a month walking him through the fixes for his computer back in 2003. He even met his head of research, Bruce Harrison, online, back in 2007. “We didn’t stick a sword in the ground and shout ‘we wanted to change the world!’ – it was actually very anti-climatic.” Harrison ran a computer store in the Massachusetts hinterlands, and the pair didn’t meet, or even speak on the phone. But by the end of 2008 – the year Kleczynski founded the firm – they’d made half a million dollars. “We were starting to change the security industry without knowing anything about it; we just wanted to help people out. The anti-virus industry is one of the most broken in the world. Symantec, McAfee – all of these company built their engines in 1985 and haven’t updated them much since. Criminals are increasingly agile and, frankly, younger. They’re fooling these anti-virus companies that are making billions every year from customers.” But Kleczynski is building his own army – of malware warriors. “Actually, when I first came across Bruce, I thought he was working for the bad guys – it was scary how much he knew about malware.” 


Of course, the bad guys pour thick and fast into this industry. “Breaches are becoming more sophisticated all the time. ‘Interesting’ is the wrong word to use, but they are innovative. Look at Ashley Madison. These criminals – and that’s what we should be calling them – are coming up with new indirect monetary strategies all the time. In that instance, it was to extort cheaters. There have been so many hacks in the last year that it’s almost impossible to keep track of them all.” 
But businesses are finally realising that they need to start thinking about security 24/7. “A lot are still hesitating. But responsible disclosure early on is a lot more helpful for everyone than an article in the news saying ‘they knew about this two years ago’. We could sit all day and dive into each breach and work out what went wrong where. But ultimately, it’s obvious that this is a trend.” 
Something Kleczynski highlights is the increase in vulnerability attacks. That’s when an attacker sends, say, a spoof email to the chief executive of a company from the chief financial officer, with a PDF attachment and a message that says “here are the financials for the year”. The attacker is betting on the person opening the attachment not having the latest version of Adobe – because Adobe patches vulnerabilities weekly. Acrobat will try to read the PDF as per usual, so the malware gets in by making the legitimate application do the legwork. This has given rise to “bug bounties”, where large firms pay out enormous sums to people who can find vulnerabilities in applications. Apple and Google, for instance, will pay up to $1m a pop. 
For most people, says Kleczynski, the way to safeguard yourself comes in most part down to common sense: don’t share your data where you don’t need to, and never assume that it’s going to be safe. There are some areas likely to be hit more soon. Healthcare, for example, is now worth about 10 times more than financial data. “Once healthcare data goes out the door, you’ve got a problem. These criminals are building a picture of our lives. What bank we use, what school we went to, our orientation. How much do you need to really hurt someone?” And there’s fallout for firms like Malwarebytes: “the credit card companies have become very agile. My credit card was replaced four time last year. But that level of change can hurt legitimate businesses that have auto-subscription, because customers now have to update their information far more frequently.” 
But hiccoughs aside, Malwarebytes is now helping 250m people every year – and Kleczynski won’t let his teams forget it. Plastered all over its office walls are notes (“actually, often two-page long essays”) of thanks. “In the end, we’re working with ones and zeros on a computer. There are people out there curing cancer. But we know that we’re helping save a thesis, a family computer, a small business. And I think – I hope – that we’re doing some good in the world.”


Company name: Malwarebytes
Founded: 2008
Number of staff: 300
Job title: Founder and chief executive
Age: 26
Born: Poland
Lives: Palo Alto, California
Studied: Computer Science at the University of Illinois
Drinking: Coffee 
Eating: Chicago deep dish pizza
Reading: The Martian, by Andy Weir 
Favourite business book: Managing Humans, by Michael Lopp
Talents: Fully qualified pilot
Heroes: Elon Musk
Motto: “Marry the believers, divorce the naysayers.”
Most likely to say: Coffee, black!
Least likely to say: Yes
Awards: Regional EY Entrepreneur of the Year 2014; Forbes’ 30 under 30; Silicon Valley 40 under 40; Deloitte 2015 Technology Fast 500; and V3’s Technology Hero of the Year last Friday!