No software is perfect; that’s why we have patches and updates. Antivirus software is no exception. Sometimes a brand-new attack gets past your antivirus; the worst of these can disable or damage your security software. And if malware has already set up shop in your unprotected PC, it may prevent installation of a traditional antivirus. That’s where Malwarebytes Free comes in. Its speedy scan seeks out attackers that got past your main defenses. Note, though, that in some cases, such as ransomware, cleanup after the fact is pointless.
With the release of version 3.0 a couple of years ago, Malwarebytes rolled exploit and ransomware detection into Malwarebytes 3.0 Premium. The Premium edition is a suitable replacement for standard antivirus, though it’s designed to work compatibly alongside more traditional antivirus tools. The free edition, reviewed here, doesn’t include any real-time protection. It does just one thing; it cleans up existing malware problems.
This product’s current version is 3.4; the company doesn’t wildly make whole-digit version number changes unless there’s a significant new technology. It doesn’t look significantly different since my last review. As before, a simple menu runs down the left, a panel on the right reports scan and protection status, and the middle panel lets you launch a scan or purchase an update to Premium. Premium features appear in the status panel, disabled and marked Premium Only.
When you install the free edition, you get a 14-day trial of all the Premium features. If you just let the trial expire, you’ll find that you lose quite a bit. The program is full of subtle and not-so-subtle suggestions to spring for that upgrade.
Lab Results Uninformative
Simple-minded signature-based malware detection isn’t much use in the modern world of zero-day attacks and polymorphic malware. Every successful antivirus adds heuristic detection, behavior-based detection, and other non-signature protection layers. Malwarebytes goes farther than most. My contact at the company explained that they maintain signatures only for malware that’s currently prevalent, and that signatures play a part in less than five percent of all detections by the premium edition.
In the Premium edition, machine learning and detection of anomalous behavior catch many malware samples. Exploit protection watches attack vectors and heads off exploits. The anti-ransomware engine (available separately as Malwarebytes Anti-Ransomware Beta) strictly uses behavioral detection. And so on.
This emphasis on active, prevalent threats and advanced detection methods makes testing Malwarebytes tough. A lab test that uses outdated samples could make the product look bad, even as it protects against the very latest attacks. Malwarebytes deliberately refrains from participating with most of the lab whose reports I follow.
West Coast Labs has awarded checkmark certification to Malwarebytes Premium, though not to the free edition. Note that this lab works with vendors who don’t pass certification, so that they all eventually succeed. It’s a different model from the labs that assign ratings to products based on their success rate in a specific test.
MRG-Effitas did put Malwarebytes Free up against a 360-degree malware protection test, but it was a poor fit. To get Level 1 certification, a product must prevent every single sample from installing on the test system. For products like Malwarebytes that don’t include real-time protection, Level 1 certification means that the on-demand scan completely remediated the malware infestation. A product that lets some samples install but remediates almost all of them within 24 hours gets Level 2 certification.
Avira, Avast, Bitdefender, ESET, and Kaspersky Anti-Virus$29.99 at Kaspersky Lab managed Level 1 certification in the most recent test. Another nine products, including Microsoft Windows Defender Security Center, managed Level 2 certification. Of the four cleanup-only products, only SurfRight HitmanPro earned certification. Malwarebytes was one of the three that didn’t make the cut. However, this one test just doesn’t yield enough information for me to calculate an aggregate lab test score.
All four of the labs that I follow include Kaspersky in their test sets, and my aggregate score algorithm gives it 10 of 10 possible points. Bitdefender Antivirus Plus has typically been very close to Kaspersky, but a recent so-so test result dragged it down to 8.9. The next closest four-lab aggregate score goes to Avast, with 9.0 points. ESET, tested by three of the labs, managed a 9.3 aggregate score.
The Ransomware Conundrum
With the rise of ransomware attacks on businesses, governments, and individuals, ransomware protection is more important than ever. But ransomware is intrinsically different from other kinds of malware. Most types of malware want to use your resources, for purposes from mining bitcoins to launching DDoS attacks to simply stealing your personal data. Typically, they aim to avoid notice, which includes avoiding any permanent harm to the computer. A post-infestation antivirus cleanup can winkle the malware out of your computer’s crannies and crevices, restoring it to a safe, secure state.
Ransomware, on the other hand, only stays quiet until it has done its dirty deed, locking your important files in unreadable encrypted form. Once finished, it displays its ransom terms. Removing the ransomware at this point doesn’t help; it could even interfere with your ability to get your files decrypted, should you decide to pay the ransom. Malwarebytes Premium protects against ransomware; Malwarebytes Free can’t do a darn thing for you.
Not Exactly Malware Protection
Usually I test malware protection by challenging an antivirus utility to prevent installation of my malware sample collection. But that requires real-time protection, which is something Malwarebytes Free lacks. Even so, with no help from the labs, I had to find some way to see the product in action. So, omitting the ransomware, I launched my samples four at a time, gave them time to finish installing, and challenged Malwarebytes to clean up the mess.
Some years ago, I used to maintain a dozen malware-infested virtual machines for testing. My notes from back then indicate that Malwarebytes did a quick, thorough job of cleaning out the infestations. It’s still quick, finishing in about five minutes, but seems not as thorough as it once was.
At the end of every scan, Malwarebytes displayed its findings; I use these details to identify exactly which of the samples it detected. In every case, I told it to quarantine everything, and in every case, it requested a reboot to finish the process. After reboot, I ran a tool that reports on any leftover malware traces.
The results were disappointing. The scan detected just 65 percent of the samples. In some cases, it didn’t remove all executable malware components. It’s conceivable that the skipped components did not themselves contain malware code, but antivirus tools with real-time protection tend to prevent installation of all components.
Not only are my results for other products based on real-time protection, I have only tested two other products with this particular batch of malware samples. IObit Advanced SystemCare Ultimate$29.99 at IObit detected 89 percent of the samples and scored 8.7 of 10 possible points. Malwarebytes Premium, which scans programs just as they try to execute, detected 86 percent and scored 8.4 points.
Tested using my previous sample set, Symantec Norton AntiVirus Basic, Webroot, and Emsisoft detected every single sample. Norton and Webroot earned a perfect 10 points.
Also tested using an earlier sample set, Avast Free Antivirus and AVG AntiVirus Free both did quite a bit better than Malwarebytes. Both managed 97 percent detection.
Admittedly, my hands-on test doesn’t precisely simulate real-world malware fighting. Normally, you’d bring in Malwarebytes to handle an attack that eluded your existing antivirus, or that put up roadblocks to installation of a more traditional antivirus. The high-tech behaviors and technologies that such an infestation requires would be a red flag for Malwarebytes. A Potentially Unwanted Program (PUP) or other less-risky sample actively launched by the user may not raise the same concerns.
Keep It in Your Toolbox
Malwarebytes Free remains a very useful tool, despite some issues I encountered in testing. If you carry a thumb drive full of security tools, do include Malwarebytes. But remember, it offers no real-time protection. In particular, it can’t help you with ransomware. Use it along with Bitdefender, Kaspersky, Webroot SecureAnywhere AntiVirus$18.99 at Webroot, or another antivirus that provides real-time protection. Bring out Malwarebytes when your regular antivirus slips up, or consider upgrading to Malwarebytes Premium.
With ransomware on the rise, a cleanup-only antivirus tool like Malwarebytes Free can’t possibly be your first line of malware defense. You need multiple layers of real-time protection. I no longer declare an Editors’ Choice in the cleanup-only category, but Malwarebytes remains my top choice.