Malwarebytes Free

You expect your antivirus app to wipe out malware but leave your good, valid programs alone, and they mostly do that. But sometimes malware evades antivirus protection or weasels into the operating system in a way that makes installing or running antivirus impossible. Malwarebytes Free aims to eliminate those types of pernicious and persistent malware, though it didn’t perform perfectly in testing. In any case, it’s not meant to be your only protection. You should use it alongside a full-powered free antivirus like Avast One Essential or AVG AntiVirus Free, our Editors’ Choice winners for free antivirus protection.

Getting Started With Malwarebytes Free

When you install the free Malwarebytes app, you get a 14-day trial of Malwarebytes Premium Security. If you let the trial expire without upgrading, you lose several features. In particular, the free edition, reviewed here, doesn't include any real-time protection. It does just one thing: clean up existing malware problems. For testing purposes, I opened account settings and clicked the big button to decline the Premium trial.

(Credit: Malwarebytes/PCMag)

After a quick installation, the main window appears. A very simple menu at the left lets you switch from the main Dashboard view to Settings. At right, a large panel houses the Malwarebytes Trusted Advisor feature. Much like the AutoPilot feature in Bitdefender Antivirus Plus, Trusted Advisor reports on the status of your protection and offers advice on how to do even better.

In the middle are three large panels titled Scanner, Detection History, and Real-Time Protection. In this free edition, the Real-Time Protection component is disabled, as is the large panel below it devoted to VPN protection. Out of the box, Malwarebytes uses a light or dark theme matching your overall Windows theme, though you can override it to force one or the other.

Little Attention From Independent Testing Labs

Simple-minded signature-based malware detection alone isn't enough in the modern world of zero-day attacks and polymorphic malware. Every successful antivirus adds heuristic detection, behavior-based detection, and other non-signature protection layers. In Malwarebytes Premium, machine learning and detection of anomalous behavior catch many malware samples. Exploit protection watches attack vectors and heads off exploits. The Premium Edition's anti-ransomware engine strictly uses behavioral detection.

This emphasis on active, prevalent threats and advanced detection methods sometimes makes testing Malwarebytes tough. A lab test that uses outdated samples could make the antivirus look bad. Indeed, Malwarebytes doesn’t appear in the latest reports from AV-Test Institute or AV-Comparatives.

While most lab tests report results on a scale of one kind or another, those from MRG-Effitas lean toward pass/fail. In this lab’s assessment using all types of malware, programs that fend off all attacks immediately get Level 1 certification, while those that eliminate all malware traces within 24 hours pass at Level 2. A separate test specific to banking-related attacks is strictly pass/fail. Malwarebytes passed the latter and reached Level 1 in the former, a fine success.

Only Bitdefender and Malwarebytes managed top scores in both tests. ESET and Norton AntiVirus Plus reached Level 2 certification. Microsoft managed Level 1 but failed the banking test. Avast Free Antivirus and Avira also failed the banking test but did achieve Level 2.

Passing those scores through my aggregate lab score algorithm yields a score from 0 to 10 points, but only for those antiviruses with results from at least two labs. Fully a third of the products I track don’t hold any lab scores; roughly another quarter, Malwarebytes included, have just one score.

McAfee AntiVirus Plus, tested by three labs, holds the top aggregate score, a perfect 10—Kaspersky matches that accomplishment. Looking at antiviruses tested by all four labs, Avast tops the list with 9.6 points, followed by Norton with 9.5 and Microsoft Defender Antivirus with 9.1 points.

Remember that even if Malwarebytes Premium earned top scores from more labs, they wouldn’t directly apply to this review because they evaluate an antivirus tool’s ability to defend against malware attacks using real-time protection. You call on Malwarebytes Free for those occasions when your real-time antivirus failed to defend you, perhaps because you forgot to renew it. Malwarebytes Free does not itself offer any real-time protection.

Malwarebytes Free Can’t Help With Ransomware

With the rise of ransomware attacks on businesses, governments, and individuals, ransomware protection is more important than ever. However, ransomware is intrinsically different from other kinds of malware. Most types of malware want to use your computer's resources, whether for mining bitcoins, launching DDoS attacks, or stealing your personal data. Typically, they aim to avoid notice, which means they carefully avoid any visible harm to the computer. A post-infestation antivirus cleanup can scour the malware from your computer's crannies and crevices, restoring it to a safe, secure state.

Ransomware, on the other hand, only stays quiet until it has done its nefarious work, locking away your important files in unreadable encrypted form. Once finished, it displays its ransom terms. Removing the ransomware at this point doesn't help. It could even interfere with your ability to get your files decrypted, should you decide to pay the ransom. Malwarebytes Premium eliminates ransomware before it attacks. Like other cleanup-only antivirus tools, Malwarebytes Free can't do anything once your files are already transformed into encrypted gibberish.

Some Malware Missed

Usually, I test malware protection by challenging an antivirus utility to prevent the installation of my malware sample collection. However, as noted, Malwarebytes Free doesn't include real-time protection. With no help from the labs, I had to find some way to see the antivirus in action. So, skipping the ransomware, I launched my samples in groups, allowed them some time to finish installing, and challenged Malwarebytes to clean up each mess using its full scan.

At the end of every full scan, Malwarebytes displayed its findings; I used these details to identify which samples it detected. In every case, I told it to quarantine everything it found. It requested a reboot to finalize the cleanup process for just over half of the groups.

(Credit: Malwarebytes/PCMag)

The time to complete a scan ranged from two to four minutes, with most scans finishing in about three. Given that the current time for a full malware scan is an hour and three quarters, Malwarebytes is blazingly fast.

By my usual metric, Malwarebytes detected 97% of the malware samples. However, on closer examination I identified a problem. In some cases, the scan detected and removed the malware installer, but didn't do anything about the installed, active malware. That's not useful in a cleanup tool, so I counted those instances as misses, which dropped the detection rate to 83%.

On my 0 to 10 scale, Malwarebytes scored 6.7 points. That low numeric score comes because the antivirus scan left behind tons of malware-related files, both executable programs and data files. In my usual test, which involves blocking malware activity rather than removing active malware, detecting an attack but still letting it install executable files gets half credit.

But this isn't a malware blocking test. As a cleanup-only tool, Malwarebytes can be forgiven for eliminating the essential, active malware files, leaving the rest to be swept away by your regular antivirus.

(Credit: Malwarebytes/PCMag)

For a different sort of test, I rolled back the virtual machine testbed to a snapshot before any malware samples were launched and ran a full scan. Malwarebytes detected and quarantined 97% of samples and also wiped out every ransomware sample. If you’re lucky enough to run a scan between the time ransomware enters your system, and the time it springs into action, the free scan could help, at least in theory.

Browser Guard for Online Protection

When you install Malwarebytes, whether Free or Premium, the app prompts you to add the free Browser Guard extension for Chrome, Edge, and Firefox. If you skip this step at installation, you can download the extension later. Browser Guard aims to protect against malware-hosting URLs, ads and trackers, tech support scams, sites with bad reputations, and more. I put those aims to the test.

As far as ad-blocking goes, it seems to do the job. I installed Browser Guard in Chrome and then visited several ad-laden sites in both Chrome and an unprotected browser. The extension visibly removed ads. By clicking its toolbar icon, I could view specifics about ads and trackers on the current site or check statistics of past activity. The list of trackers is interactive—if you trust any of the tracking sites, you can click it so Malwarebytes will stop blocking it. I doubt many will take advantage of this fine-tuning, though.

(Credit: Malwarebytes/PCMag)

My malicious URL blocking test uses a feed supplied by London-based testing lab MRG-Effitas, consisting of malware-hosting URLs discovered in the last few days. Most antivirus tools get two chances to fend off a malware download. First, they can divert the browser away from the malware-hosting URL. Second, they can use real-time protection to eliminate the malware payload. With no real-time protection, Browser Guard only has one opportunity.

I found that when Browser Guard blocked dangerous pages, it explained why it did so, stating that the page contained a Trojan, or riskware, or a suspicious download, for example. However, after that initial screening, it couldn’t actively check the downloaded file for malware. With this limited detection, Browser Guard fended off just 75% of the malware-hosting pages.

To be fair, Avast One also scored 75% in its latest run of this test. That score is in the bottom quarter among recent products. Five antivirus tools have scored 100% in their latest tests, among them Sophos Home Premium, Trend Micro Antivirus+ Security, and the Chrome-specific Guardio.

(Credit: Malwarebytes/PCMag)

In the earlier malware removal test, I noticed that Malwarebytes did a better job recognizing and eliminating malware installers and startup files than it did removing active malware. Just to see what would happen, I ran a scan on the Downloads folder. That scan detected and quarantined them all. On-demand scanning isn’t normally part of this test, but Malwarebytes put on an encouraging performance.

Browser Guard Detects Phishing Frauds

I also put Browser Guard through my standard phishing protection test. Phishing sites don’t try to infest your computer with malware. Rather, they masquerade as popular secure sites, hoping they can entice you to log in. If you do, you’ve given the fraudsters your login credentials. Whatever the account was, whether for online banking, dating, email, or some other purpose, the creators of the phishing page own it now.

For this test, I scrape hundreds of recently reported fraudulent URLs from pages that collect and analyze such things. I make sure to include both verified phishing pages and pages that haven’t yet been analyzed and blacklisted. I use a hand-coded tool to launch each URL simultaneously in four browsers, one protected by the antivirus under test and the other three by the built-in protection of Chrome, Edge, and Firefox. The testing tool also lets me record how each browser handles the URL.

Keep in mind that every time I run this test, I necessarily use a different set of test URLs. But in each case, they're the freshest ones available.

If any of the four browsers don’t load a page, I discard it. If an alleged phishing page doesn’t truly fit the profile, meaning it doesn’t try to steal your login credentials, I discard it. After processing all the URLs, I calculate the scores.

Malwarebytes treated the phishing pages in much the same way it did malware-hosting pages, offering various reasons for blocking access, including Phishing, Malware, and Reputation.

(Credit: Malwarebytes/PCMag)

Malwarebytes scored a very good 95% on this test, the same as Sophos and Total Defense scored in their latest phishing challenges. Only five programs reached 100% detection, including McAfee, Norton Genie, and ZoneAlarm Free Antivirus.

I tested Malwarebytes Premium Security for Mac with this same set of samples at almost the same time. Specifically, I finished the all-Windows testing first and then ran my test on the macOS edition. I was surprised to find that the Mac version scored better, 99%. My Malwarebytes contact explained that the Browser Guard component updates every 20-30 minutes. Testing on Windows took about three hours, so when I started testing on the Mac, Browser Guard had received six or more updates, explaining its improved score in the later test.

Verdict: Keep Malwarebytes Free in Your Toolbox

Malwarebytes Free remains a useful tool. If you carry a thumb drive full of security tools, do include Malwarebytes. But remember, it offers no real-time protection, so it can't help you with ransomware. And based on our tests, it may not catch every infestation. Use it along with Avast One Essential or AVG AntiVirus Free (both Editors’ Choice winners for free antivirus) or another antivirus that provides real-time protection. Bring out Malwarebytes when your regular antivirus slips up or when you need to help a friend. We no longer declare an Editors' Choice winner in the cleanup-only category, but Malwarebytes remains a top option.