Malwarebytes review

Veteran malware hunter adds even more layers of PC protection

TODO alt text

Our Verdict

Malwarebytes offers some powerful features, but it isn’t yet an ‘antivirus replacement’. Use it – but make sure it’s alongside a second antivirus app with stronger definitions.

For

  • Easy-to-use
  • Powerful anti-exploit module
  • Anti-ransomware monitor
  • Works with other antivirus tools

Against

  • Below-average detection rates
  • High single user price

Malwarebytes is a Californian company best known for Malwarebytes Anti-Malware, a hugely popular tool which specialised in removing adware, spyware and similar pests.

The latest edition of the product, now simply called Malwarebytes, claims to be a "next-generation antivirus replacement" which can block malware, ransomware and malicious URLs, as well as preventing attackers exploiting vulnerabilities in key applications.

Installing Malwarebytes gets you a 14-day trial of the full version. After that it falls back to a free edition with on-demand malware, spyware and rootkit detection only.

The price is relatively high at £30 ($38) for a single computer, one-year licence. But as usual you get discounts for adding devices and extending the term, and a 10 computer, two-year licence seems reasonable at £180 ($225).

Unusually, Malwarebytes also offers business editions with push installation, centralised threat reporting and more. Prices start at £40 ($50), but you can buy licences for up to 99 systems and three years, and the per-system price can be lower than the consumer editions.

Costs can mount when you're buying licences in such quantities, but a 30-day money-back guarantee gives some protection.

Setup

Malwarebytes has years of experience in delivering free software to regular PC users, and it's easy to see the difference this makes. Trial downloads are clearly highlighted, not hidden away, and there's no need to hand over your email address. The setup program is standard, with absolutely no unusual or complicated options at all, and if you've ever installed a Windows application you'll have no difficulties here.

The opening screen is just as straightforward. The program doesn't moan about missing updates or demand you click something to grab the latest definitions. It simply displays a reassuring ‘you’re protected’ message, and if you're not interested in the low-level details you can close the Malwarebytes window and get on with your real work.

Checking the Malwarebytes installation folders showed a relatively lightweight package at around 230MB of files. Some antivirus tools require approaching five times as much space, once you factor in virus definitions.

Malwarebytes' executable files included a large number that weren't digitally signed, most relating to the Qt application framework. This doesn't represent a real security risk, but does make it more difficult to authenticate the files, and we've not seen this number of unsigned files with other antivirus tools.

Malwarebytes includes a ‘self-protection’ component to stop malware trying to disable it, but we're unsure how effective this really is. We managed to stop the main Malwarebytes service without any difficulty. Next, we tried closing the Malwarebytes tray application from Task Manager. Instead of complaining that we didn't have permission – a typical answer with other packages – the Malwarebytes process and Windows Defender services started hogging 50% of our CPU time each, and this full-on resource hogging kept going for more than 20 minutes until we gave up and rebooted.

Features

At first glance, the Malwarebytes interface seems complex. It comprises of a host of status details, multiple tiny icons, assorted buttons and five tabbed areas to explore: Dashboard, Scan, Quarantine, Reports and Settings.

In real-world use, though, the program is very straightforward. Most of the time you'll do little more than hit Scan and look at the results. The other sections are simple and intuitive (Quarantine lists quarantined files and has buttons to restore or delete them; that's it). Even the Settings dialog is mostly about turning individual program features on or off.

The baseline Threat Scan was relatively speedy, checking our PC's running processes, Registry and key application and Windows areas in two and a half to three minutes (the competition typically takes four to five minutes). Virus detection accuracy was only average, but the program showed its anti-malware heritage by picking up a host of ‘potentially unwanted program’ Registry entries.

It was a similar story when checking our sample Program Files folder. Typical scan times were four to eight minutes, Malwarebytes was always under two minutes, but detection rates remained average at best.

This isn't quite the issue it would be with other packages. Malwarebytes is more about blocking threats based on behaviour than simple signature matches, and that means static ‘did it see these files?’ style tests don't tell the whole story.

As an alternative test, we tried creating our very own ransomware-like app. It was extremely basic, just encrypting sample files in a Documents subfolder. But despite being only a few minutes old, Malwarebytes noticed and stopped it almost immediately.

Malwarebytes also runs happily alongside other antivirus tools. It typically leaves Windows Defender active, which we found caught most of the leftover threats. Or you could also install whatever other antivirus app you prefer.

Beyond the scanning, Malwarebytes provides excellent URL filtering. Whether you click a malicious link in a browser or a document, or malware tries to access a malicious web resource, the package displays a notification. 

Overall, we found that web filtering worked very well, blocking most of our test links. 

The relatively small wrinkle here was a ‘more information’ web page had a link titled "How do I stop Malwarebytes Anti-Malware from blocking a website or network program I trust?" – which pointed to a page that no longer existed. Not so professional.

Malwarebytes' most interesting feature, for experts at least, is its Anti-Exploit module. This is a powerful tool which blocks common attacks with a host of low-level techniques: DEP enforcement, anti-heapspraying, bottom-up ASLR enforcement, VBScript protection, Java monitoring, and detections for some very advanced memory attacks.

If you really know what you're doing, you can enable or disable particular techniques, decide where they can be applied, or choose to protect new applications in any way you like.

If you're not clear about ASLR, DEP or any of this, that's okay too. Malwarebytes has sensible defaults and you can usually leave the program to make the right decisions. If you do run into trouble, there's no need to understand the technicalities – Anti-Exploit can be disabled in a couple of clicks.

Protection

Figuring out just how well Malwarebytes protects your PC is difficult. It didn't do well at detecting our static malware files, but that's because its real talent is in monitoring and blocking suspect actions – and that’s much more difficult to test.

Normally we would check the opinions of the independent antivirus labs, but this isn't the type of test they often do, either. We browsed the archives without success: AV-Test, AV-Comparatives, Virus Bulletin and SE Labs have never covered Malwarebytes. 

The only assessment we could find was MRG Effitas' Q1 2017 360 Degree Assessment and Certification, a real-world test involving 17 antivirus tools. Malwarebytes failed to detect all the threats and was one of only five products classed as ‘failed’, along with McAfee LiveSafe, Windows Defender, Watchdog Anti-Malware and Zemana Anti-Malware.

Final verdict

Malwarebytes is a likeable security app with some interesting and valuable features, but it's not the full antivirus replacement claimed on the website. Grab a copy – even the free version can be handy – but add another antivirus app for extra safety.