An antivirus utility that only quarantines malware found in its signature database is as useless as a police officer who lets a robber go because his mug shot isn’t on the stationhouse wall. The smart policeman simply arrests the guy who’s throwing rocks through a jewelry store window, regardless of his identity. Modern antivirus products include many layers of protection, behavior-based detection among them. Malwarebytes 3.0 Premium has protection layers galore, some not found in competing products. It’s hard to test and verify those layers, but I’m confident they do the job. Even so, I suggest using this tool in conjunction with a traditional antivirus, as I’ll explain.
Malwarebytes Premium costs $39.99 per year, the same as Bitdefender, Kaspersky, Norton, and many others. However, if you’re already a user, with an up-to-date subscription, you get a bonus. You pay the old price of $24.95 per year for as long as your subscription is current. That’s a nice reward for loyalty.
Malwarebytes 3.0 Free is a favorite go-to when something nasty gets past your regular antivirus. The Premium edition adds real-time protection, as always. But with version 3.0, the company has added quite a bit more. Malwarebytes Anti-Exploit is no longer a separate product, as its features are rolled into Premium. The same is true of the company’s one-time standalone anti-ransomware product.
My Malwarebytes contact explained that while the current version isn’t precisely an antivirus, it’s now intended to be powerful enough to take the place of your antivirus. It’s also perfectly happy running alongside a more traditional antivirus. You can even choose whether to have it register with the Windows Action Center. Why is that important? If Malwarebytes is your only protection and you don’t register, Windows will gripe at you. If you have both Malwarebytes and another antivirus registered, Windows will also gripe. You don’t want to make Windows unhappy!
The main window is dominated by a central status panel that reports, “Awesome! You’re protected.” To the left is a simple menu; to the right, a panel reporting component status. The only visible difference from the free edition is that all of the components are enabled.
Those using the free edition have just one scan choice, the full-system Threat Scan. With the Premium edition, you can choose the ultra-fast Hyper Scan, or configure a Custom Scan to run precisely where and how you wish. However, the full scan is so fast that I can’t imagine needing something faster. On my standard clean test system, it finished in about 2.5 minutes. Given that the current average for this test is over 45 minutes, that’s really, really fast.
Layers of Protection
Malwarebytes does include signature-based detection as one of its layers. However, the company’s researchers constantly trim unnecessary signatures, to keep the product’s scan time down. If a particular threat hasn’t turned up in user logs for half a year or so, out goes the signature! Clearly they consider the other protection layers to be more important.
Web protection blocks traffic to known dangerous addresses, whether by the browser or by a malicious application. Ransomware protection watches for the behaviors that occur when an unknown program is getting ready to encrypt your files. It should catch even a zero-day ransomware attack, with no need to recognize anything but behaviors that suggest ransomware.
Exploit attacks take advantage of security holes in popular applications, using the security vulnerability to take control. Even if you keep your operating system and programs patched, there’s always a window when the vulnerability is known but not yet patched. Malwarebytes shields several dozen popular applications against attack. This is a generalized protection, not protection against specific exploits.
Click Settings on the main window, click the Protection tab, and click Advanced Settings. This opens the Anti-Exploit settings window, which warns that you should not change any settings except by instruction of a tech support expert. But go ahead and look. You’ll learn that Malwarebytes does things like enforce DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). It blocks attacks that use ROP (Return-Oriented Programming) and prevents attacks on system memory. The array of features here is dizzying.
Lab Results Limited
There’s one small problem with these powerful, focused protection layers; they’re tough to test. Exploit attacks only work on a specific program version that contains the matching vulnerability. Malwarebytes kicks in only when such a matchup occurs, because without a match no actual damage is possible. High-end features like enforcement of DEP and ASLR would only be needed if a malware sample got past other protection layers. And so on.
Many of the independent antivirus testing labs strive to create tests that emulate real-world situations, but this emulation isn’t perfect. And many of them still include simple file-recognition in their testing. My contact at Malwarebytes explained that the designers could bulk up the product with features aimed solely at passing tests, or keep it nimble and focus on actually protecting users. They chose the latter.
In terms of getting useful results from the labs, there’s another obstacle. I review products as soon as possible after release, while the labs issue their test reports every few months. In most cases, the tested product isn’t the same as what I’m reviewing. That’s no big deal for products with a gradual, evolutionary update track, which doesn’t describe Malwarebytes. The few crumbs of test data available don’t necessarily reflect the current product.
The 360 Degree Assessment test by MRG-Effitas is one of the toughest around. It hits products with various types of malware and expects perfection. A product that fends off every malware sample earns Level 1 certification. One that allows some to install, but completely cleans them up within 24 hours takes Level 2. Any product that didn’t reach either goal simply fails.
This lab included the free Malwarebytes cleanup tool, which clearly didn’t have an opportunity to block attack using real-time protection. A cleanup tool that wipes out every sample earns Level 1 protection. Three of the four cleanup tools tested managed that feat; Malwarebytes failed.
Really, though, there’s just not enough information from the labs. I can’t give Malwarebytes an aggregate lab score based on so little. In any case, per its creators, it’s not designed to pass tests, and they don’t care if it doesn’t, as long as it protects their users.
If you really want an antivirus with certifications and commendations, look to Bitdefender and Kaspersky Anti-Virus. These two routinely get top or near-top scores, across the board. Norton also gets very good marks from the labs that include it.
Tough to Test
When I don’t have much to go on from the labs, my own hands-on tests become more important. However, my simple tests definitely didn’t put this all of product’s high-end protection layers to work.
This test starts when I open a folder containing my malware sample collection. For many antivirus products, the minimal access that occurs when Windows Explorer displays a file’s details is enough to trigger on-access scanning. Naturally that scan relies on signature-based detection, and naturally Malwarebytes doesn’t attempt it. Rather, Malwarebytes checks files just as they launch, wiping out any it recognizes and keeping the rest under observation.
One problem with testing behavior-based detection is that the samples simply may not exhibit malicious behaviors. Some may refrain if they detect antivirus software, others may wait a while after installation. That probably explains why Malwarebytes detected just 62 percent of the samples during or just after launch.
I ran a modified version of this test on the free Malwarebytes, installing a batch of samples and then running a scan to see how well it cleaned up. With the scan, it detected 67 percent. Given that Malwarebytes is famous for its malware cleanup scan, I reran the malware blocking test for all those samples that Malwarebytes missed, throwing in a full scan after every few samples. The scan takes just a couple minutes, so this was no big effort.
With the addition of the scan, this utility’s detection rate rose to 77 percent, and it earned 7.2 of 10 possible points. That’s nothing to write home about. Among products tested using this same sample set, only Microsoft Windows Defender scored lower. Webroot SecureAnywhere AntiVirus, which also emphasizes behavior-based detection, managed a perfect 10. But again, Malwarebytes isn’t designed to pass tests.
Given that the samples in my collection are more than six months old, Malwarebytes probably purged the signatures for at least some of them. My malicious URL blocking test uses URLs captured by MRG-Effitas in the last day or two, so I anticipated a better showing.
For this test, I simply try to launch each URL in the browser, noting whether the antivirus prevented all access by the browser, wiped out the malicious file on download, or sat idly like a bump on a log. A product gets equal credit whether it blocks the URL or smashes the download.
Web protection kicked in for just 3 percent of the URLs, and since Malwarebytes doesn’t automatically scan downloaded files, that 3 percent could have been the total score for this product. Given its emphasis on behavior, though, I bent the rules a bit and launched each of the downloaded malware samples, noting which it identified and blocked. That brought the total score up to 55 percent protection. Symantec Norton AntiVirus Basic holds the top score in this test, with 98 percent protection. Here again, it’s possible that some of the samples simply hadn’t yet exhibited their nasty behaviors.
I ran my antiphishing test on Malwarebytes, while waiting for confirmation from the company as to whether they intended the product to block phishing (fraudulent) websites. My contact responded that it might sometimes block a site that shares an address range with a known malware hosts, but it isn’t meant to detect and block phishing. That completely jibes with my tentative test results, so I abandoned this test. Norton is a reliable protector against these frauds, but at present Bitdefender Antivirus Plus 2017 holds the top score.
See How We Test Security Software
Trust, but Supplement
Malwarebytes 3.0 Premium includes layer upon layer of protection against malicious attacks, many of which are not found in competing products. At the same time, its makers eschew the concept of adding code solely to pass what they consider to be outdated tests. Users just have to trust that the product is doing what it should. Fortunately, Malwarebytes has a sterling reputation, one that merits such trust.
The company describes it as an antivirus replacement, and many users treat it as exactly that. I recommend using it in conjunction with a more traditional antivirus, though. We’ve identified quite a few good choices. Bitdefender Antivirus Plus and Kaspersky Anti-Virus earn top scores from the independent labs. Webroot SecureAnywhere AntiVirus is tiny, both on disk and in memory, and uses its own take on behavior-based detection. Symantec Norton AntiVirus Basic gives you Norton’s malware-fighting power along with useful, security-related bonus features. And a single license for McAfee AntiVirus Plus lets you install protection on every device in your household. Using Malwarebytes along with one of these Editors’ Choice products should be enough to protect you against any kind of threat.