Neil J. Rubenking of PCMag
There’s something strange ‘neath your PC’s hood. Antivirus failed, and it don’t look good. Who ya gonna call? Malwarebytes! For many years, Malwarebytes has been the go-to solution when other antivirus products drop the ball. It’s been a few years since the program’s last update. During that time, the company has focused a lot of its energy on preventing pcs from getting infested with malware in the first place, but Malwarebytes 3.0 Free is still available to clean up malware’s messes. It’s still an excellent tool, although it didn’t perform as well as the last version in my testing.
The main reason version 3.0 took so long was a total makeover of Malwarebytes 3.0 Premium$39.99 at Malwarebytes. That product now includes all the various scanning and detection technologies that previously represented separate products. Ransomware protection is built in. Exploit protection is no longer a separate product. Real-time protection watches for known malware and for malicious behaviors, and Web protection steers you away from dangerous sites. With all these layers of protection, Malwarebytes now promotes the premium edition as a suitable replacement for your existing antivirus, though it’s also designed to work alongside other products. I’ll review the premium edition shortly.
The main window of the free software looks quite a bit different from that of the previous version. A simple menu runs down the left side, and a right-hand panel reports protection status. All of the premium features are listed, but disabled and marked “Premium Only.” The dashboard tab reports your security status, with a big button to launch a scan. The layout is still simple and straightforward. Most days, you’ll just load it up and click the Scan button.
Little to Learn From Lab Results
According to my contact at the company, Malwarebytes is designed to whip malware, not to pass tests. For example, if a particular sample has zero recent sightings among the horde of Malwarebytes users, the company may remove its signature, to keep the product nimble. A test that uses that dated sample will make the product look bad. Malwarebytes deliberately doesn’t participate in testing by most of the labs that I follow for that reason.
In addition, the tests available when a new product comes out are almost invariably based on the previous version of the product. That’s not so bad for products undergoing slow evolution, but the big changes in the latest version mean that the paltry results we do have may not be meaningful.
West Coast Labs awarded checkmark certification to the previous version of Malwarebytes Premium. Note that this lab works with vendors who don’t pass certification, so that they eventually succeed. It’s a different model from the labs that assign ratings to products based on their success rate.
MRG-Effitas takes a tough stance with its all-types malware test. A product that completely prevents every single sample from installing on the test system earns Level 1 certification. A product that lets some samples install, but remediates almost all of them within 24 hours gets Level 2 certification. All others fail, and there’s no distinction between missing all samples and missing just a couple. Cleanup-only products don’t have the opportunity to block installation, but if the on-demand scan completely remediates the malware, they earn Level 1 certification.
Along with three less well-known products, Kaspersky took Level 1 certification. Five other products managed Level 2. Almost half of the products failed to reach even Level 2 certification, Malwarebytes among them. Digging in to the test data behind the certification, I found that while the other three cleanup-only products received Level 1 certification, Malwarebytes failed to remove 40 percent of the samples.
That doesn’t sound great, but there’s just not enough information to assign an aggregate lab score to Malwarebytes. Even if I had more data, with the major update in version 3 I couldn’t swear the result would still be valid.
Four of the five labs I follow include Kaspersky Anti-Virus$29.99 at Kaspersky Lab in their testing, and its aggregate lab score is an impressive 10 of 10 possible points. Norton earned 9.7 points, based on tests by three labs. And Bitdefender Antivirus Plus 2017$19.99 at Bitdefender, tested by all five labs, averaged 9.3 points.
Diminished Malware Protection
The free edition of Malwarebytes is a cleanup-only product, with no real-time malware protection. My usual malware blocking test is no use for such a product. And yet, with no real help from the independent labs, I had to do something to see the product in action. To that end, I launched the samples in batches, gave each batch time to finish installing, and then launched Malwarebytes to clean up the mess.
Giving the samples time to run proved a bit problematic. One ransomware sample had time to do its dirty deeds before the scan removed it. There’s nothing a cleanup-only product could do to prevent that. Unfortunately, it encrypted the data file used by my program that checks for known traces of my set of samples. That’s awkward, but of course I had a backup.
After each batch of malware samples, I ran my hand-coded detection tool to verify that the malware traces were present. Then I ran a standard Threat Scan with Malwarebytes. On my test system, this scan routinely finished in two minutes or less. In almost every case, it requested a reboot after the scan, to complete the cleanup process. After reboot, I ran my detection tool again to see what the cleanup did.
The results were disappointing. F-Secure and Webroot SecureAnywhere AntiVirus$18.99 at Webroot detected 100 percent of these samples in my malware-blocking test, and Webroot completely eliminated all of them, scoring a perfect 10.
Malwarebytes didn’t even recognize 33 percent of the samples. My contact at Malwarebytes pointed out that if the samples are old and no longer in the wild, Malwarebytes won’t necessarily catch them. I obtained all of the samples from live malware-hosting URLs earlier this year, but looking at the details I did find that some of them had originated several years ago.
On the plus side, Malwarebytes completely wiped all traces for 44 percent of the samples. For another 13 percent, it detected and removed some of the traces, but left behind some executable files. The samples in the remaining 10 percent are the ones that bother me the most. In these cases, I found executable files in the quarantine list that were still present in their original form. I pored over the logs, verifying that Malwarebytes thought it removed them. My company contact couldn’t immediately explain this behavior.
Like the lab tests disdained by Malwarebytes, my hands-on test doesn’t precisely simulate the product’s actual use-case. Normally you’d bring in Malwarebytes to handle an infestation that got past your existing antivirus, or that prevented installation of a more traditional antivirus. The aggressive behaviors and technologies that such an infestation requires should be a red flag for Malwarebytes. A less-dangerous sample that’s manually loaded on a test system doesn’t raise the same concerns.
Even so, the product has fared better in the past. Several years ago, I ran a test that challenged Malwarebytes and other products to remove entrenched malware from a dozen badly-infested systems. At that time, Malwarebytes outscored all competing products, with an overall detection rate of 89 percent. I hope that the current version proves effective against such real-world threats. But I can’t demonstrate that as a fact.
Keep It in Your Toolbox
All things considered, Malwarebytes 3.0 Free remains a very useful tool, despite the issues I uncovered in testing. If you carry a thumb drive full of tools, it should definitely be one of them. But remember, use it along with Bitdefender, Kaspersky, McAfee AntiVirus
Plus$19.99 at McAfee, or another antivirus that provides real-time protection. Bring it out when the going gets tough for your regular antivirus, or consider going for the full-scale protection of the premium edition.
In this modern world of ransomware and data-stealing Trojans, a cleanup-only antivirus can never be your first line of defense. You need layers and layers of protection, like what you get with the premium edition of Malwarebytes. I’m no longer declaring an Editors’ Choice award for cleanup-only antivirus, though Malwarebytes remains my first choice.
What Malware protection do you use on your device(s)? Sound off on the comments below!