Jump to content

I propose to replace the license activation system

Recommended Posts

I propose a new activation system, a licenseless system if you will, for all Malwarebytes products to replace the old license activation system.


Why? Because licenses are cumbersome to manage (even with the excellent My Malwarebytes management portal), and can be copied and activated without consent. The license system also doesn't have the option to use 2FA to prevent unapproved activations. A licenseless system would also make piracy somewhat more difficult and more risky, because it would kill off keygens, so that pirates would have to take other routes that involve modifying the Malwarebytes applications, potentially installing malware on their systems, which is a big scare factor.


The new activation system should enable users to sign in with their My Malwarebytes account within the Malwarebytes applications, rather than entering a license key. Then the owner of the account could see on my.malwarebytes.com how many device activation slots are taken of the total slots eligible for his account, rather than keeping track of the individual licenses that are free or occupied.

Though to note: with the above there has still to be made a distinction between lifetime and regular subscriptions, but that would be trivial to implement with a bit of creativity. Like N of N available for lifetime subscriptions, and N of N available for regular subscriptions. Then when activating within a Malwarebytes application, the account holder can select whether to apply a lifetime subscription or regular one, if the account holder has got both types of subscriptions.

Also within the Malwarebytes applications the user should be able to activate by either entering username + password + TOTP/U2F/FIDO2 (like how Dashlane offers TOTP or U2F for their locally installed password manager), or by signing in with their Google account that's bound to their My Malwarebytes.

In addition to this, users should be able to set a 2FA option on their my.malwarebytes.com account, if they don't use Sign in with Google (currently there's no 2FA option on my.malwarebytes.com, yet there is for this forum). This to homogenize the signing of my.malwarebytes.com and the applications.

Lastly, users should receive email notifications when a Malwarebytes install has been activated to premium, as well as the device name on which it has been, and the IP address it has been done on. 

Link to post
Share on other sites

  • Staff


This is actually how modern subscription licenses work.  They are multi-seat/multi-install based licenses (if purchased for more than 1 device) and the devices/installations can be managed using the My Account feature at My.Malwarebytes.com.  The problem right now is the older lifetime licenses/backwards compatibility.

I do think two factor authentication might be a good idea, however it's not nearly as bulletproof as some may believe and there have already been many occasions where 2FA has been bypassed/cracked.  No solution is perfect obviously, however it actually has already gotten to the point that keygens no longer work with Malwarebytes.  This is why all pirated versions now included a crack along with a keygen generated key as well as modifications to the system's HOSTS file to attempt to block Malwarebytes' licensing servers because keys alone no longer work (though these additional methods actually end up breaking the application's ability to update and I suspect also break its cloud detection capabilities).

I also like the idea of a notification system whenever a key/license seat is used.  That said, all lifetime licenses are only good for a single device/installation at a time anyway, so there would be no need for tracking the number of installs/activations for those keys beyond the first one, so if the user wishes to use it on a new system they first must deactivate the previous device/installation so that they can move the license over.

Signing into the software could be convenient for users with many different license keys, but ideally, with the modern multi-seat licensing system, most customers should only have a single key to keep track of for all of their devices anyway.  The situation with multiple keys that some users such as yourself are dealing with is really just the result of lifetime licenses being grandfathered into the current licensing system so most users shouldn't have to deal with that issue.  They might be able to provide such a solution eventually, but they would need to get all of the existing lifetime license users to create accounts at My.Malwarebytes.com before they could as many users are still doing things the old fashioned way and have yet to create accounts.  Malwarebytes may force the issue eventually by making everyone create an account in order to activate the software, but I don't believe they've done so yet.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.