For starters, last weekend didn’t go so well for security provider Malwarebytes, widely regarded for treating its customers and channel partners right.
Let’s call this part one: On Saturday, the company pushed out heavily flawed software update that devoured memory and CPU resources and turned off web protection. To make matters worse, an initial fix left some users’ systems locked up.
The update, uploaded to users of the anti-malware provider’s subscription-based premium, premium trial and endpoint products, drew an immediate loud chorus of serious complaints. (Note: Malwarebytes for Mac, Android, AdwCleaner, Incident Response and Breach Remediation were not affected.)
Malwarebytes' Technical Explanation
Technically speaking, here’s what happened as explained in a Malwarebytes root cause analysis issued the day of the bad update: “A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs.”
Notified of the issue by its customer service people, Malwarebytes, which had pushed out some 20,000 of the updates, tweeted that it was on it. "Please note that we are aware of the current update issues and the complete Malwarebytes team is all hands on deck to fix this ASAP. Thank you for your patience and understanding."
Within an hour, the company had pushed out a fix to the update. But that didn’t solve the whole problem. Subsequently, it issued a second update that solved the issues. Some of the users that had flogged the company only minutes earlier rebounded with a goodly amount of praise for its super quick response. A trust building response, you might say.
A CEO Steps Up
Now for part two: In the software industry, issuing buggy updates isn’t new nor is it unusual. Regrettably, there are many more instances in which the offending vendor hedges, dodges, hides, denies, deflects or ignores until it’s backed into a corner and has to confess. Frankly, it’s a boring dance that leaves users cynical and frustrated when a quicker, responsibility-taking response would have done just fine.
Much to his credit Malwarebytes CEO Marcin Kleczynski fessed up pretty much on the spot, issuing a blog on Saturday afternoon explaining what happened and how it happened. That’s pretty standard fare. But then came the kicker: He said he is “personally available” to users both on the company’s forum and by his email to discuss the issue.
This is what he wrote: “We test every single before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement.
“We are working hard to not only triage your issues and get your computer or business back up and running but to also rebuild your trust. We are going to overhaul how we publish these protection updates so that this never happens again.
“I am personally available to discuss both on this forum via personal message or at [email protected].”
No Hiding From the Issue
Think about that for a moment: The company’s leader didn’t run from the problem, he ran towards it as it was happening. He didn’t wait two weeks to do an investigation, talk to people and assess the damage. He stepped right up to help ease partner and customer pain right away. Admittedly, Malwarebytes is a small company with not nearly the number of variables of a tech industry heavyweight. But still, a step up is a step up is a step up.
As an aside: Kleczynski was named CEO of the Year at the Info Security Products Guide’s 13th annual Global Excellence Awards in March of last year.