Pros & Cons
-
- Free for noncommercial use.
- Small download, superfast install, quick scan.
- Simple settings.
- Especially effective at removing rogue security products ("scareware").
-
- No blocking of malicious Web sites.
- Not effective against commercial keyloggers or rootkits.
- Rudimentary help system.
MalwareBytes' Anti-Malware 1.36 Specs
| Free: | Yes |
| OS Compatibility: | Windows Vista |
| OS Compatibility: | Windows XP |
| Tech Support: | and forum |
| Tech Support: | FAQ |
| Tech Support: | helpdesk |
| Type: | Business |
| Type: | Enterprise |
| Type: | Personal |
| Type: | Professional |
Not long ago I needed remote-control intervention by a
Speed, Speed, Speed
The product is a small download, under 3MB, and it installs in a flash. I timed it at 2 minutes 30 seconds, most of which was devoted to downloading the latest malware definitions. That's faster than speed-demon
The app also performs a full scan faster than most others. On my standard clean test system, Spyware Doctor's full scan took 33 minutes. On the same system, a full scan with Webroot finished in 29 minutes. When I scanned that system with Malwarebytes, it was finished in a mere 15 minutes—about half the time required by the competition. Norton 360 took over 50 minutes to make its initial full scan, though its Norton Insight feature cut that time down to 6 minutes.
The product's main page focuses on the central task of malware cleanup, offering a full or quick scan in place of the status page found in many competing products. Settings are few, and none need to be changed from their defaults (that's good, because the help system is superficial at best). As soon as you install Malwarebytes, it's ready to go. Clearly, speed is one big reason the tech-support gang likes Malwarebytes. Technicians can download it to an infested system, install, and run a full scan before most competing products are out of the gate. But is it as effective as it is speedy? I put it to the test to find out.—
New Malware Samples
This is my first review using a newly refreshed collection of malware samples, all of them real-world threats downloaded from the Internet. For testing, I use a dozen virtual machines infested with almost 40 different malware samples of all kinds: adware, spyware, rootkits, Trojans, viruses, worms, rogue security software, and more. In order to make sense of the results I also scanned the new test systems with the three top scorers from the previous test set: Norton 360, Spyware Doctor, and Webroot.
Besides switching in a new set of samples, I've also changed my scoring system. Too many products were getting a perfect 10 of 10 points the old way. It's nice for them to score high, but it makes distinguishing between the products at the top difficult. Under the old system, the product got full credit (10 points) if it detected a threat and removed all the executable files, regardless of how much file and Registry junk it left behind. If it detected the threat but didn't clear out all the executable files, it got 5 points. Of course, if it didn't even detect the threat, that was worth no points at all.
My new scoring system still gives 5 points if the product tried to remove a threat but didn't eliminate all the executables. But now that 5 points goes down to 3 if an executable file belonging to the threat is still running. If the product successfully removed all the executables, its final score depends on how much file and Registry junk was left behind. If it left 80 percent or more of the junk, that's worth 8 points. Between 80 and 20 percent left behind I give it 9 points. To get the full 10 points it has to remove almost all of the junk items, leaving behind 20 percent or less.
Besides tracking the product's ability to clean up malware-infested systems and prevent malware from attacking a clean system, I also always run a parallel test using commercial keyloggers. In the new system, I'm slicing the data a couple more ways. Rootkits are worrisome because they subvert the operating system to hide themselves, and rootkit technology is used in both malware and keyloggers. I'll be reporting a separate rootkit score.
Rogue security software, or "scareware," is a growing problem. A recent
Decent Malware Cleanup
The fast installation and quick scanning of this product made it easy to run my malware-removal tests. This new collection of sample threats combined with my new, tougher scoring system resulted in a malware-removal score that would have been dismal under the old system: 6.5 points out of a possible 10. In an apples-to-apples comparison with other products, though, it's not bad. Under this new test system Spyware Doctor scored 6.7, Webroot scored 6.8, and Norton 360 led the pack with 7.3 of 10 points.
Malwarebytes detected 83 percent of the samples, the same as Webroot. Spyware Doctor detected 78 percent of the new samples, while Norton 360 detected 92 percent. Malwarebytes did poorly against rootkits, scoring just 3.6 points, whereas Spyware Doctor, Norton 360, and Webroot scored 6.1, 6.8, and 7.1, respectively. But Malwarebytes took the top score for removing rogue security software: 7.3 points. For its rogue removal score, Webroot got 6.5 points; Norton 360, 5.5 points; and Spyware Doctor, a measly 3.3 points.
None of the products fared as well on a separate test using commercial keyloggers in place of actual malware. Spyware Doctor and Norton 360 detected 70 percent of the keyloggers, Webroot detected 90 percent, and Malwarebytes recognized only 10 percent. Webroot left several of the threats running but managed near-complete removal of quite a few, ending up with 6.8 of 10 possible points. Norton 360 got 6.1 points, Spyware Doctor took 4.8, and Malwarebytes trailed with a piddling 0.5 of 10 points. Malwarebytes does not promise to remove commercial keyloggers, of course. And fortunately for the company, I give much less weight to this test.
Malwarebytes ignored most of the commercial keyloggers, even those using rootkit technology to hide themselves. However, it is reasonably strong against actual malware and especially against the growing group of rogue anti-malware products. I can see how a tech-support agent would be tempted to ring in some help from Malwarebytes if the product being supported failed to remove a rogue.—
Pay for Protection
The basic Malwarebytes package is free for noncommercial use. For $24.95, you can upgrade to the Pro edition, which adds real-time protection against malware as well as automatic updates and scheduled scans. I tested the Pro edition also and concluded that you should save your money and stick with the free edition.
In many products, the first line of defense against malware trying to invade a clean system involves diverting the user away from known malware-hosting Web sites. To check that feature, I tried to re-download my latest crop of samples onto test systems protected by Malwarebytes and the others. Some of the URLs had already gone bad, of course—these sites don't stick around for long. Norton 360 blocked access to 59 percent of the still-valid URLs, Webroot blocked 58 percent, and Spyware Doctor blocked 47 percent. As for Malwarebytes, it simply doesn't attempt to turn users away from dangerous sites.
On-access scanning is the next line of defense, but this feature's implementation varies from product to product. When I opened a folder containing already downloaded instances of my malware samples, Norton 360 started scanning them immediately. Apparently the minimal access required for Windows Explorer to list the files was sufficient to trigger a scan. Norton 360 started quarantining those it recognized and wiped out over 80 percent of them on sight. Spyware Doctor didn't perform its on-access scan until I actually selected each file in Windows Explorer, but it wiped out over half of them at that point. Both Webroot and Malwarebytes don't apply real-time scanning to a file until it tries to execute. And all of the products detected some of the threats later in the install process, or at the point when the installed threat itself launched.
Norton 360 won this match, scoring 8.7 of 10 possible points. It kept over 80 percent of the threats from installing even a single file on the clean test system. Spyware Doctor and Webroot did well, too, both scoring 8.3 points. Not so Malwarebytes. It detected only 61 percent of the malware threats and allowed over half of those to install at least one executable file. In several cases, the malware sample was actually running despite the product's efforts to prevent its installation. The final score for Malwarebytes was a dismal 4.3 of 10.
As in the removal test, Malwarebytes was especially effective against rogue security software, scoring 9.2 points against these. Webroot hit a perfect 10 at blocking rogues from installing, and Norton got 8.3 points. Spyware Doctor tanked on this test: It missed half the rogues and let some of the others install executables, earning just 3.3 points.
Rootkits are tough to remove once they've weaseled into the system, because they subvert the Windows file system and Registry to hide their components. Typically it's much easier to block installation of a rootkit than to remove it. And, indeed, for three products the rootkit score proved this point. Looking only at rootkit samples (both malware and keyloggers) Spyware Doctor scored 8.9 points, Webroot scored 8.3, and Norton 360 scored 7.0. As for Malwarebytes, it rated just 2.0 of 10 possible points, even lower than its score for rootkit removal.
This low score against rootkits happens in part because Malwarebytes ignores most commercial keyloggers, even those using rootkit technology. On a separate test using just commercial keyloggers, Malwarebytes eked out 0.5 of 10 possible points. Spyware Doctor detected 100 percent of the keyloggers and successfully blocked almost all of the installations, scoring 9.0 of 10 points. Webroot got 8.5 points on this test, and Norton 360 managed 6.8 points. Of course, if an industrial spy is sitting in your desk chair installing a keylogger, there isn't anything your security software can do about it. Lock the door next time!
Although the extra-cost real-time protection successfully blocked most rogue security applications, that's about the only thing that Malwarebytes is actually good at. It doesn't divert your browsing away from dangerous Web sites; it doesn't use real-time scanning until a malware process actually launches; and when its protection does kick in, it's just not as effective as that of other products. Real-time protection is not this product's strong suit.
The free (for noncommercial use) Malwarebytes' Anti-Malware scanner can be a great help if your existing anti-malware protection lets something slip through. It's especially effective against the growing category of rogue security products. The rating I've given it—3.5 stars—is specifically for the cleanup skills of this free scan-only edition. However, the real-time protection in the $24.95 Pro edition just doesn't do the job. If I were rating the Pro edition, which promises both cleaning and protection, I'd probably give it 2.5 stars. Go ahead and add the free scanner to your security arsenal and run it any time you suspect your primary security software has missed something.
More Antispyware Reviews:
Final Thoughts
MalwareBytes' Anti-Malware 1.36
Malwarebytes' Anti-Malware does a good job of cleaning up malware, especially those annoying rogue security programs, though it's not effective against commercial keyloggers or rootkits. And the real-time protection in the extra-cost Pro edition isn't worth the money. But be sure to add the free edition to your security arsenal.