People write software, including antivirus software. People aren’t perfect. Ergo, your antivirus may not be perfect. Some zero-day innovative malware attack might elude your protection, and then disable it. Or you might have an existing malware infestation that prevents installation of any full-scale antivirus. Malwarebytes Free exists to wipe out attackers that get past your main defenses or that already compromised your PC before you could install protection. It can’t help with attacks that do permanent damage, such as ransomware, but it’s a handy tool when other approaches fail.
While many security companies release product updates every year, Malwarebytes only does so when necessary. The release of version 4 in 2019 was the first whole-number update since version 3 in 2016. Version 2 came out a couple years before that. The current version is 4.3.
When you install the free edition, you can choose a 14-day trial of Malwarebytes Premium. If you let the trial expire without upgrading, you’ll find that you lose quite a few features. In particular, the free edition, reviewed here, doesn’t include any real-time protection. It does just one thing; it cleans up existing malware problems. The free version is full of subtle and not-so-subtle suggestions to spring for the upgrade to Premium.
I found that the product installed very quickly. A banner across the top of the pastel-toned main window features silhouettes of mountains, clouds, and a city skyline, adorned with a big message suggesting that you upgrade to premium. The rest of the window consists of three rectangular panels. One displays detection history, and one displays real-time protection options, all of which are disabled in the free edition. The middle panel, the important one, lets you launch a scan for malware. It’s an attractive presentation.
Lab Results Uninformative
Simple-minded signature-based malware detection alone isn’t enough in the modern world of zero-day attacks and polymorphic malware. Every successful antivirus adds heuristic detection, behavior-based detection, and other non-signature protection layers. In Malwarebytes Premium, machine learning and detection of anomalous behavior catch many malware samples. Exploit protection watches attack vectors and heads off exploits. The anti-ransomware engine strictly uses behavioral detection.
This emphasis on active, prevalent threats and advanced detection methods makes testing Malwarebytes tough. A lab test that uses outdated samples could make the product look bad. In the past, Malwarebytes didn’t submit even its Premium edition to most of the labs I follow.
More recently, Malwarebytes has been showing up in reports from AV-Test Institute. Its scores have varied quite a bit, but it looks quite good in the latest report. This lab rates antivirus products in three categories, Protection, Performance, and Usability, with six points available for each. Just over half the products in the latest report scored a perfect 18 points, among them Microsoft, Norton AntiVirus Plus, and Kaspersky. A score of 17.5 points is enough to earn the title Top Product; Malwarebytes Premium and a few others scored 17.5.
Malware experts at SE Labs use a capture and replay system to hit every tested antivirus with the exact same real-world malware attack. Products can earn certification at five levels: AAA, AA, A, B, and C. A dozen products managed either AAA or AA certification, among them Avast Free Antivirus, AVG, and Avira. Malwarebytes took the only B in this report.
In any case, these tests aren’t directly relevant to the current review, because they evaluate an antivirus tool’s ability to defend against malware attack. You call on Malwarebytes Free for those occasions when your real-time antivirus failed to defend you, perhaps because you forgot to renew it. Malwarebytes Free does not offer any real-time protection itself, but the fact that its premium edition is now earning good lab scores is encouraging.
The Problem of Ransomware
With the rise of ransomware attacks on businesses, governments, and individuals, ransomware protection is more important than ever. However, ransomware is intrinsically different from other kinds of malware. Most types of malware want to use your computer’s resources, whether for mining bitcoins, launching DDoS attacks or simply stealing your personal data. Typically, they aim to avoid notice, which means they carefully avoid any visible harm to the computer. A post-infestation antivirus cleanup can scour the malware from your computer’s crannies and crevices, restoring it to a safe, secure state.
Ransomware, on the other hand, only stays quiet until it has done its nefarious work, locking away your important files in unreadable encrypted form. Once finished, it displays its ransom terms. Removing the ransomware at this point doesn’t help. It could even interfere with your ability to get your files decrypted, should you decide to pay the ransom. Malwarebytes Premium eliminates ransomware before it attacks; Malwarebytes Free can’t do anything once your files are already locked away.
Effective Malware Cleanup
When you install Malwarebytes, it insists on giving you a free 14-day trial of the Premium edition. Clearly the company hopes you’ll love the Premium features so much that you’ll pay to keep them after the trial ends. If you’re sure you don’t want the trial, go ahead with the installation, and then dive into Settings. Click the Account tab and click Deactivate to revert to the plain, free edition.
Usually, I test malware protection by challenging an antivirus utility to prevent installation of my malware sample collection. However, as noted, Malwarebytes Free doesn’t include real-time protection. With no help from the labs, I had to find some way to see the product in action. So, skipping the ransomware, I launched my samples five at a time, gave them time to finish installing, and challenged Malwarebytes to clean up each mess.
At the end of every scan, Malwarebytes displayed its findings; I used these details to identify exactly which of the samples it detected. In every case, I told it to quarantine everything it found, and in every case, it requested a reboot to finish the process. After reboot, I ran a tool that reports on any leftover malware traces.
The scans ran very quickly, much faster than when I last tested this product. Scans averaged 90 seconds, with none longer than two minutes and none shorter than one minute. Last time around the average scan time was seven minutes.
Malwarebytes reacted in some way to every sample. However, for about one sixth of them it eliminated the malware installer without doing anything about the installed malicious code. That’s not useful; I counted that as a miss.
For just under a quarter of the samples, Malwarebytes detected the installation and removed some traces, but left one or more executable files behind. Even when it did wipe out all the executable files, it often left behind non-executable traces, sometimes hundreds of them. Admittedly, those traces can’t actively harm your system, but gunking things up with malware-related files and Registry entries can’t be good for performance.
For a different sort of test, I rolled back the virtual machine testbed to a snapshot before any malware samples were launche
d and ran a full scan. Malwarebytes detected and quarantined every single one of the malware installers, including the dozen or so ransomware samples.
I maintain a second set of malware samples that I’ve created by hand-modifying the basic collection. For each sample, I change the filename, append nulls to give it a different file size, and overwrite some non-executable bytes. Malwarebytes detected most, but not all, of these. It missed a quarter of the hand-modified ransomware samples, which is a bit alarming. About 18% of the modified non-ransomware samples slipped past the scan.
Admittedly, my hands-on tests don’t precisely simulate the real-world malware cleansing that is this product’s specialty. Normally, you’d bring in Malwarebytes to handle an attack that eluded your existing antivirus or that put up roadblocks to installation of a more traditional antivirus. The high-tech behaviors and technologies that such an infestation requires would be a red flag for Malwarebytes. A potentially unwanted program (PUP) or other less-risky sample accidentally launched by the user might not raise the same concerns.
See How We Test Security SoftwareSee How We Test Security Software
Browser Guard for Online Protection
When you install Malwarebytes, it prompts you to add the free Browser Guard extension for Chrome, Edge, and Firefox. Even if you skip this step at installation, you can download the extension later. Browser guard aims to protect against phishing and malware-hosting URLs, ads and trackers, tech support scams, sites with bad reputations, and more. I put those aims to the test.
As far as ad-blocking goes, it seemed to do the job. I installed Browser Guard in Chrome, then visited several ad-laden sites in both Chrome and an unprotected browser. The extension visibly removed ads. By clicking its toolbar icon, I could view specifics about ads and trackers on the current site or check statistics of past activity. The list of trackers is interactive—if you trust any of the tracking sites you can click it so Malwarebytes will stop blocking it. I doubt many will take advantage of this fine tuning, though.
My malicious URL blocking test uses a feed supplied by London-based testing lab MRG-Effitas, consisting of malware-hosting URLs discovered in the last few days. Most antivirus tools get two chances to fend off a malware download. First, they can divert the browser away from the malware-hosting URL. Second, they can eliminate the malware payload. With no real-time protection, Browser Guard only has the one opportunity.
Out of about 100 samples, Browser Guard blocked 98%. In most cases it replaced the page in the browser with a message that the site was blocked due to a Trojan. In a few cases it gave the reason as riskware, phishing, or a suspicious download. It also blocked some sites based on reputation, which it explains means sites with light traffic for which malicious activity has been reported. This result is a huge improvement over testing during my last review, in which Browser Guard caught just 9% of the samples.
Very few full-scale antivirus products have done better in this test. McAfee AntiVirus Plus leads the pack with 100% protection. Bitdefender, G Data, and Sophos scored 99%. No other recent products scored better than the 98% achieved by Malwarebytes.
I also put Browser Guard through my standard phishing protection test. Phishing sites don’t try to infest your computer with malware. Rather, they masquerade as popular secure sites, hoping they can entice you to log in. If you do, you’ve given the fraudsters your login credentials. Whatever the account was, whether for online banking, gaming, email, or some other purpose, you’ve given it away to the creators of the phishing page.
For this test I scrape hundreds of recently reported fraudulent URLs from pages that collect and analyze such things. I make sure to include both verified phishing pages and pages that haven’t yet been analyzed and blacklisted. I use a hand-coded tool to launch each URL simultaneously in four browsers, one protected by the product under test and the other three by the built-in protection of Chrome, Edge, and Firefox. The testing tool also lets me record how each testbed handled the URL.
If any of the four browsers couldn’t load a page, I discard it. If any alleged phishing page doesn’t truly fit the profile, meaning it doesn’t try to steal your login credentials, I discard it. After processing all the URLs, I calculate the scores.
Malwarebytes scored an impressive 95%, better than two-thirds of recent products. It beat out Edge and Firefox handily, though it came in a couple percentage points behind Chrome. To be fair, Chrome’s score varies a lot in these tests. At 97%, this was its best score, with other scores as low as 66% and an average of 88%.
My Malwarebytes cautioned me that Browser Guard doesn’t have phishing protection as its primary focus, so it might not do well. He needn’t have worried; 95% is a fine score. At the very top, F-Secure and McAfee managed 100% protection in their respective tests, with Bitdefender Antivirus Plus and Norton close behind at 99%.
Keep It in Your Toolbox
Malwarebytes Free remains a useful tool, despite some issues we encountered in testing. If you carry a thumb drive full of security tools, do include Malwarebytes. But remember, it offers no real-time protection, so it can’t help you with ransomware. Use it along with Bitdefender, Kaspersky, Webroot SecureAnywhere AntiVirus, or another antivirus that provides real-time protection. Bring out Malwarebytes when your regular antivirus slips up, or consider upgrading to Malwarebytes Premium.
With ransomware on the rise, a cleanup-only antivirus tool like Malwarebytes Free can’t possibly be your first line of malware defense. You need multiple layers of real-time protection. We no longer declare an Editors’ Choice in the cleanup-only category, but Malwarebytes remains a top choice.