Malwarebytes has offered users of cracked and pirated versions of its anti-virus software the chance to go legitimate with genuine version of its software. The firm admitted that the way it generated licence keys for its products wasn't secure enough.
Many users download the free version of Malwarebytes Anti-Malware software and then opt in to trial its premium version. However, when the trial expires, this prompts some users to search online for licence keys made by keygen software or cracked versions of the software rather than downgrading to the free version. Others have sidestepped this altogether by installing dodgy versions of the software.
This has led to the firm launching its Malwarebytes Anti-Malware (MBAM) Amnesty programme. According to a webpage for the programme, the internet has its “fair share of pirates and trolls”.
“Some of those bad guys may have duped you into purchasing a counterfeit version of Malwarebytes Anti-Malware. Or perhaps we've simply detected a problem with your key. Not to worry. We're here to help,” reads the webpage.
It says that if a user has been “inconvenienced by piracy or abuse”, the security firm would give them a free replacement key. This key will be exclusive to that user while the old suspect key will “cease to work after a period of time”.
Users will choose from one of two options. If you downloaded a pirate version from the internet, a user will get 12 months' free service from Malwarebytes, whereas if you said you had purchased your key, you will get a replacement key for the remaining time left to run on the software.
On Malwarebytes' customer forum, chief executive Marcin Kleczynski was forced to admit the reason behind offering the keys was down to using a “very insecure licence key algorithm “and as such, generating a pirated key was, and is, very simple”.
“The problem with pirated keys is that they may collide with a legitimate key just by the sheer numbers,” he said.
“For example, Larry may generate a pirated key that matches the exact key that I already bought. Yes, this is silly, and yes, this is literally the first thing a professional software company thinks of when building licence key generation, but when you think you're building a product for just a few people you don't hash out these details.”
He added that the firm now has a new licencing system that it has “rolled out in stages”.
“The only problem is that we have millions of users that we've sold keys to, or a reseller has sold keys to, or we've given out keys to without keeping track. It is a mess, and you as a consumer have every right to be upset,” he said.
He said there was no way to prevent legitimate users from losing out.
"If you are a true pirate, the furthest you will get is a year's worth of Malwarebytes," said Kleczynski.
In a statement sent to SCMagazineUK.com, a spokesman for the company said that the amnesty is “separate from the core anti-malware software, so it has no impact upon the efficacy of Malwarebytes Anti-Malware."