I hate to tell you this, but your antivirus was created by imperfect humans, and may itself be imperfect.
Some brand-new never-before-seen nasty might get past it and disable your antivirus protection.
Or you might have an existing malware infestation that prevents installation of any full-scale antivirus.
Malwarebytes Free exists to wipe out attackers that get past your main defenses, or that had already set up shop before you could install protection.
It can't help with attacks that do permanent damage, such as ransomware, but it's a handy tool when other approaches fail.
While many security companies release product updates every year, Malwarebytes only does so when necessary.
The release of version 4 is the first whole-number update since version 3 in 2016.
Version 2 came out a couple years before that.
With the release of version 3, Malwarebytes rolled exploit and ransomware detection into Malwarebytes Premium.
The Premium edition is a suitable replacement for standard antivirus.
The free edition, reviewed here, doesn't include any real-time protection.
It does just one thing; it cleans up existing malware problems.
When you install the free edition, you can choose a 14-day trial of all the Premium features.
If you just let the trial expire without upgrading, you'll find that you lose quite a bit.
The program is full of subtle and not-so-subtle suggestions to spring for that upgrade.
New in version 4, if you're sure you just want the free edition (as many are) you can make that choice at installation, skipping the trial.
I found that the product installed very quickly, and that it has had a serious UI makeover since the previous version.
A banner across the top of the pastel-toned main window features silhouettes of mountains and a city skyline, along with a big suggestion that you upgrade to premium.
The rest of the window consists of three rectangular panels.
One displays detection history, one launches a scan, and one displays real-time protection options, all of which are disabled in the free edition.
It's an attractive presentation.
This Katana Will Get Sharper
This release includes several advances under the hood.
Its mass malware detection catches even older samples, according to the company, and its new katana engine "delivers superior detection abilities." Behavioral detection is enhanced, and it can generate its own threat signatures on encountering a zero-day attack.
However, my Malwarebytes contact informed me that the company is initially throttling the release of these new features.
Every user will get them, but not all at once.
To make sure I had access to all the new features, the company supplied me with a throttle-free special build.
I don't usually like to use a build that isn't the same as every user gets, but I made an exception in this case, to see the product at its best.
Lab Results Uninformative
Simple-minded signature-based malware detection alone isn't enough in the modern world of zero-day attacks and polymorphic malware.
Every successful antivirus adds heuristic detection, behavior-based detection, and other non-signature protection layers.
Malwarebytes goes farther than most.
My contact at the company explained that Malwarebytes maintains signatures only for malware that's currently prevalent, and that signatures play a part in less than five percent of all detections by the premium edition.
In Malwarebytes Premium, machine learning and detection of anomalous behavior catch many malware samples.
Exploit protection watches attack vectors and heads off exploits.
The anti-ransomware engine strictly uses behavioral detection.
Note that while the ransomware protection component is available separately as Malwarebytes Anti-Ransomware Beta, it can be hard to find.
You reach the download page through a blog post from 2016!
This emphasis on active, prevalent threats and advanced detection methods makes testing Malwarebytes tough.
A lab test that uses outdated samples could make the product look bad.
Malwarebytes doesn't submit even its Premium edition to most of the labs I follow.
In 2018, London-based MRG-Effitas did include Malwarebytes Free in a broad-spectrum malware protection test, but it wasn't a good fit.
For this test, products achieve Level 1 certification if their real-time protection completely prevents every malware attack, and Level 2 if they remediate any attack that got through within 24 hours.
Since Malwarebytes Free includes no real-time protection, the best it could achieve is level 2.
The lab hasn't included cleanup-only products in more recent tests.
Avira, Avast, Bitdefender, ESET, and Kaspersky Anti-Virus($29.99 for 1 Year, 3 Devices at Kaspersky) managed Level 1 certification in that 2018 test.
Another nine products, including Windows Defender, managed Level 2 certification.
Of the four cleanup-only products, only the less-known HitmanPro earned certification.
Malwarebytes was one of the three that didn't make the cut.
This one-time test just doesn't yield enough information for me to calculate an aggregate lab test score for Malwarebytes Free.
All four of the labs that I follow include Kaspersky in their test sets, and my aggregate score algorithm gives it 9.9 of 10 possible points.
Bitdefender has typically been very close to Kaspersky, and indeed it also has an aggregate score of 9.9, albeit from just three labs.
Tested by two labs, Sophos Home Free came out with a perfect 10 for its aggregate score.
But again, these scores relate to real-time malware protection, and generally aren't relevant for a cleanup-only product like Malwarebytes Free.
The Problem of Ransomware
With the rise of ransomware attacks on businesses, governments, and individuals, ransomware protection is more important than ever.
However, ransomware is intrinsically different from other kinds of malware.
Most types of malware want to use your computer's resources, whether for mining bitcoins, launching DDoS attacks, or simply stealing your personal data.
Typically, they aim to avoid notice, which means they must avoid any visible harm to the computer.
A post-infestation antivirus cleanup can winkle the malware out of your computer's crannies and crevices, restoring it to a safe, secure state.
Ransomware, on the other hand, only stays quiet until it has done its nefarious work of locking away your important files in unreadable encrypted form.
Once finished, it displays its ransom terms.
Removing the ransomware at this point doesn't help; it could even interfere with your ability to get your files decrypted, should you decide to pay the ransom.
Malwarebytes Premium eliminates ransomware before it attacks; Malwarebytes Free can't do anything after the fact.
Malware Cleanup Only
Usually I test malware protection by challenging an antivirus utility to prevent installation of my malware sample collection.
However, Malwarebytes Free doesn't include real-time protection.
With no help from the labs, I had to find some way to see the product in action.
So, skipping the ransomware, I launched my samples five at a time, gave them time to finish installing, and challenged Malwarebytes to clean up each mess.
At the end of every scan, Malwarebytes displayed its findings; I used these details to identify exactly which of the samples it detected.
In every case, I told it to quarantine everything it found, and in every case but one, it requested a reboot to finish the process.
After reboot, I ran a tool that reports on any leftover malware traces.
The scan speeds varied wildly, though they were all fast.
The quickest finished in less than three minutes, the slowest took nearly 20 minutes, and they average about seven minutes.
Malwarebytes reacted in some way to every sample.
However, for a fifth of them it eliminated the malware installer without doing anything about the installed malicious code.
I'd count that as a miss.
For another third, it managed a partial cleanup but left behind one or more malware-related executable files.
It's possible those files by themselves couldn't do any harm; my analysis doesn't go that deep.
I definitely consider it more of a problem when an antivirus with real-time protection detects malware installing but fails to prevent it from placing executable programs on the test system.
For one final test I rolled back the virtual machine to an earlier state, before I had launched any samples, and turned Malwarebytes loose with a scan.
Some of my samples are themselves malware, while others simply install the malware.
All were totally inactive for this test, so I included the ransomware installers.
Malwarebytes wiped out 98 percent of them with its scan.
I can't directly compare that with results from other products, since my test normally relies on real-time protection only, but 98 percent is undeniably good.
Using their real-time protection, Sophos Home Free and Microsoft Windows Defender Security Center also managed 98 percent against this set of samples.
I maintain a second set of samples that I've modified by hand, so they don't match simple-minded file signatures.
I append nulls to change the filesize, give the files a new name, and modify a handful of non-executable bytes.
Malwarebytes also eliminated 72 percent of these, which is quite good given that it got no chance to exercise behavioral detection or other advanced techniques.
Admittedly, my hands-on test doesn't precisely simulate the real-world malware cleansing that is this product's specialty.
Normally, you'd bring in Malwarebytes to handle an attack that eluded your existing antivirus, or that put up roadblocks to installation of a more traditional antivirus.
The high-tech behaviors and technologies that such an infestation requires would be a red flag for Malwarebytes.
A potentially unwanted program (PUP) or other less-risky sample accidentally launched by the user might not raise the same concerns.
See How We Test Security Software
New Browser Guard
When you install Malwarebytes, you may be prompted to add the free Browser Guard extension for Chrome and Firefox.
Even if you don't get that prompt, you can just grab the download and install it.
Browser guard aims to protect against phishing and malware-hosting URLs, ads and trackers, tech support scams, sites with bad reputations, and more.
It's not precisely part of Malwarebytes Free, but it's easily added, so I put it to the test.
As far as ad-blocking goes, it seemed to do the job.
I installed Browser Guard in Chrome, then visited several ad-laden sites in both Chrome and Edge.
The extension visibly removed ads.
By clicking its toolbar icon, I could view specifics about ads and trackers on the current site, or check statistics of past activity.
My malicious URL blocking test uses a feed supplied by MRG-Effitas, consisting of malware-hosting URLs discovered in the last few days.
Most antivirus tools get two chances to fend off a malware download.
First, they can divert the browser away from the malware-hosting URL.
Second, they can eliminate the malware payload.
With no real-time protection, Browser Guard only has the one opportunity.
Out of about 100 samples, Browser Guard blocked just 9 percent.
It identified some as having a bad reputation, some as containing Trojans, and some as having a suspicious TLD.
Here TLD means top-level domain, like .com, .org, .info, and so on.
Just about every suspicious TLD warning involved .info domains, and I found that Browser Guard also blocked legitimate .info domains.
In their own tests, Sophos, Vipre, and McAfee AntiVirus Plus all scored 100 percent, each with its own distinctive mix of URL-blocking and download-squashing.
I also put Browser Guard through my antiphishing test, using hundreds of reported phishing scam URLs, many of them too new to have hit the blacklists.
Browser Guard detected just 28 percent of them, lagging way behind the protection built into Chrome, Edge, and Firefox.
By contrast, Kaspersky and Trend Micro scored 100 percent, with Bitdefender Antivirus Plus($29.99 for 3 devices / 1 year at Bitdefender) and McAfee close behind at 99 percent.
It's true that the top of every Browser Guard warning exhorts you to "Get Malwarebytes Premium for comprehensive protection." Based on my experience, that's good advice indeed.
Malwarebytes Free remains a very useful tool, despite some issues I encountered in testing.
If you carry a thumb drive full of security tools, do include Malwarebytes.
But remember, it offers no real-time protection.
In particular, it can't help you with ransomware.
Use it along with Bitdefender, Kaspersky, Webroot SecureAnywhere AntiVirus($18.99 for 1-Device on 1-Year Plan at Webroot), or another antivirus that provides real-time protection.
Bring out Malwarebytes when your regular antivirus slips up, or consider upgrading to Malwarebytes Premium.
With ransomware on the rise, a cleanup-only antivirus tool like Malwarebytes Free can't possibly be your first line of malware defense.
You need multiple layers of real-time protection.
We no longer declare an Editors' Choice in the cleanup-only category, but Malwarebytes remains a top choice.
The Bottom Line
Malwarebytes Free does a good job of wiping out aggressive malware that gets past your regular antivirus, but its lack of real-time protection means it should only be a secondary line of defense.
