Malwarebytes Anti-Ransomware Beta review

Malwarebytes branches out into ransomware protection

TODO alt text

Our Verdict

Malwarebytes Anti-Ransomware offers some protection, but other tools do better, detecting more threats and recovering lost files.

For

  • Successfully blocked real-world ransomware
  • Application whitelist avoids false detections
  • Familiar and straightforward interface
  • Free for all purposes

Against

  • Conflicted with Word 2016 on our test PC
  • Failed to detect one simulated threat
  • Threats may encrypt some files before detection
  • Beta status means issues are likely

Malwarebytes Anti-Ransomware is a free tool which uses behaviour monitoring to detect and block ransomware, hopefully before it has a chance to harm your PC.

The program is designed to be simple to use. Install it alongside your existing security software and Anti-Ransomware runs in the background, looking out for threats, without you having to run scans, tweak settings or take any kind of manual action. All you need to do is carry on using your PC as normal, and you'll be alerted if anything happens.

Malwarebytes Anti-Ransomware is only available for free as a beta version, but that's not quite the issue it might be with other security software. The core technology is available in a stable form as a part of Malwarebytes Endpoint Security, a commercial product priced from £40 ($55) a year.

The beta is Endpoint Security's anti-ransomware component plus some of the latest tweaks and additions, so in theory at least it's a better product, which you're able to use for no charge.

Setup

Installing Malwarebytes Anti-Ransomware is straightforward, with absolutely no complications or hassles. Download the installer, run it, follow the standard setup wizard and you'll be fully protected in just a few moments.

At first glance, the program seems bulkier than most similar tools, with a 66MB download and a hard drive footprint of more than 180MB. Browsing its executable files uncovered the reason: you're receiving the same framework that you get with Malwarebytes' full security products, including Malwarebytes' Chameleon self-defense system, the core Anti-Exploit files and the bulky QT development library.

RAM and CPU use is more important than hard drive space, though, and here Malwarebytes Anti-Ransomware scores well, with only two background processes using an average of less than 20MB RAM.

The Malwarebytes Anti-Ransomware interface is a highlight, looking and feeling much like the antivirus tools you know already. A Dashboard displays your security status and allows you to turn protection on and off. A Quarantine tab displays blocked processes and allows you to manage them, and an Exclusions tab enables whitelisting applications that should never be blocked. It's clear and simple, employing straightforward language, and most users will feel right at home immediately.

A fairly major issue cropped up, unfortunately, when we discovered that installing Malwarebytes Anti-Ransomware somehow prevented our Microsoft Word 2016 from saving documents. Disabling the protection or adding the Office folder to the exclusions made no difference – Word crashed whenever we tried to save a document. Only uninstalling Malwarebytes Anti-Ransomware fixed the problem.

We don't know how widespread this issue might be, so don't let it put you off Malwarebytes Anti-Ransomware altogether – you might not be affected. But if you try out the program and have a copy of Word installed, try opening and saving one or two documents, just to make sure this still works as normal.

Performance

We first tested the effectiveness of Malwarebytes Anti-Ransomware by pitting it against Cerber, one of the most dangerous ransomware strains around. Cerber ran for more than a minute, but then Malwarebytes Anti-Ransomware finally kicked in, closed the process and displayed an alert.

This delay seemed to be a significant problem, as it allowed Cerber to encrypt 134 files on our test system. That may not be a total disaster if it saves thousands more, but many other anti-ransomware tools can undo malicious changes to ensure you don't lose any data at all.

There was some better news. Unlike many competitors, Malwarebytes Anti-Ransomware doesn't leave the ransomware file around to try and re-infect you later. It disables the process, ensuring it can't run again.

Our next test involved RanSim, an interesting tool which runs multiple tests of ransomware-type activity and tells you how many (if any) your security software has blocked.

Malwarebytes Anti-Ransomware did relatively well, blocking eight out of ten attack scenarios. Others have done better, but we don't place too much value on the RanSim test, as it's not real ransomware and only encrypts its own test files. Security tools could ignore it in some situations without this representing a weakness.

Our final check used RanTest, a custom ransomware simulator of our own. This is much simpler than RanSim, but it's never been released and uses our own code, so it's something Malwarebytes Anti-Ransomware won't have encountered before.

We RanTest, waited for Malwarebytes Anti-Ransomware to take action – but nothing happened. RanTest was able to run to completion, encrypting more than 6,000 sample files in our test folder tree.

It's possible that there are good reasons for this. RanTest didn't reach outside its test tree, for instance, or make any efforts to hide its activities, so Malwarebytes Anti-Ransomware might not have considered it as dangerous. But most anti-ransomware tools take a more aggressive approach, blocking RanTest immediately, and on balance we think that Malwarebytes Anti-Ransomware should have done the same.

Final verdict

Malwarebytes Anti-Ransomware blocks real-world malware, but you might lose some files along the way, and it missed one of our simulated ransomware threats entirely. Factor in the Word 2016 conflict and the program is difficult to recommend.