In the early days, antivirus products actually protected against computer viruses, programs that spread by injecting their code into other programs.
Those early viruses were predictable and easily detected using simple techniques.
In today's environment of polymorphic malware, pernicious ransomware, and other advanced attacks, recognizing malware by just looking at files is utterly insufficient.
Behavior-based analysis is a must-have in this world, and Malwarebytes Premium offers exactly that, along with other layers of protection.
It earned great scores in some of our hands-on tests, though it still doesn't get high ratings from the independent testing labs.
Some companies assign a new product version every year, others skip product version numbers completely.
Malwarebytes does use version numbers but assigns new whole-number versions sparingly.
The new version 4 is the subject of this review; I reviewed version 3 in 2016.
Like Webroot, Kaspersky, Bitdefender, Trend Micro, and several others, Malwarebytes costs $39.99 per year.
For $79.99 per year, you can protect five devices.
Sophos Home Premium goes for rather less; $50 per year lets you install it on up to 10 devices, Windows, or macOS.
And with McAfee, you pay $59.99 per year to protect every Windows, macOS, Android, and iOS device in your household.
A status panel across the top of the totally redesigned main window features a silhouette-style landscape, with clouds, mountains, and a city skyline.
When all is well, the panel reports "Awesome! Your computer is protected." Three simple rectangular panels occupy the bottom half of the window.
At left, you can view the stats for the latest scan, or click for full history.
At right, simple toggles control four layers of protection.
Clicking the middle panel launches a scan.
It's a clean, attractive layout.
When you call for an on-demand scan, you get a full Threat Scan by default, just as you do with Malwarebytes Free.
A Threat Scan on one of my clean test systems finished in four minutes.
Even scanning systems infested with malware, it averaged just seven minutes.
Given the average for current products is over an hour, that's really fast.
You can still opt for a quick scan by clicking the Advanced scanners link; but, given such quick full scans, why would you? This is also the spot to elect a custom scan, choosing just where and how the antivirus does its work.
The scan scheduler lets you run a full, quick, or custom scan on a regular basis.
You can choose an hourly, daily, weekly, or monthly scan; or you can set it to scan any time the system reboots.
Quick scan, custom scan, and scan scheduling are Premium-only features.
Plays Well With Others?
For some years, press materials from Malwarebytes have emphasized that the program is compatible with other antivirus solutions, so there's no problem using it as a companion to, say, Kaspersky, or Bitdefender.
However, the audience of consumers who want to pay for two security products isn't huge.
Malwarebytes used to perform some clever tricks with the Security Center to let it work alongside Microsoft Windows Defender Security Center, and included configuration options to let it work along with other third-party solutions.
That changes somewhat in version 4.
Now the product defaults to registering with Security Center, which means that when it comes on the scene Windows Defender goes to sleep.
If you really want to use Malwarebytes in conjunction with, say, Norton or McAfee AntiVirus Plus, you can change a setting so it doesn't register itself as the antivirus in charge.
Layers of Protection
Malwarebytes includes signature-based detection as one of its layers.
However, the company's researchers constantly trim unnecessary signatures, to keep the product's scan time down.
If a particular threat hasn't turned up in user logs for half a year or so, out goes the signature! My contact at the company noted that signature-based detection accounts for barely five percent of all detections at present.
Web protection blocks traffic to known dangerous addresses, whether by the browser or by a malicious application.
Ransomware protection watches for the behaviors that occur when an unknown program is getting ready to encrypt your files.
It should catch even a zero-day ransomware attack, with no need to recognize anything but behaviors that suggest ransomware.
Exploit attacks take advantage of security holes in popular applications, using the security vulnerability to take control.
Even if you keep your operating system and programs patched, there's always a window when the vulnerability is known but not yet patched.
Malwarebytes shields several dozen popular applications against attack.
This is a generalized protection against exploit behaviors, not protection against specific exploits.
For a view of what exploit protection means, click the settings gear in the main window, click the Security link, scroll to the bottom, and click Advanced Settings.
This opens the Anti-Exploit settings window, which warns that you should not change any settings except by instruction of a tech support expert.
But go ahead and look.
You'll learn that Malwarebytes does things like enforce DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).
It blocks attacks that use ROP (Return-Oriented Programming) and prevents attacks on system memory.
The array of features here is dizzying.
New since my last review, Malwarebytes offers the free Browser Guard security plug-in for Chrome and Firefox.
When I tested it with Malwarebytes Free, it didn't have much success against malware-hosting URLs or phishing sites.
It did point out on every warning page that you should upgrade to Premium for full protection.
As you'll see below, I found that Browser Guard integrates with Malwarebytes Premium and gives this product's protection a boost.
If you use Chrome or Firefox, be sure to install Browser Guard.
Lab Results Limited
There's one small problem with these powerful, focused protection layers; they're tough to test.
Exploit attacks only work on a specific program version that contains the matching vulnerability.
Malwarebytes kicks in only when such a matchup occurs, because without a match no actual damage is possible.
High-end features like enforcement of DEP and ASLR are only relevant if a malware sample got past other protection layers.
And so on.
Many of the independent antivirus testing labs strive to create tests that emulate real-world situations, but this emulation isn't perfect.
And many of them still include simple file-recognition in their testing.
My contact at Malwarebytes explained that the company's developers could bulk up the product with features aimed solely at passing tests, or they could keep it nimble and focus on actually protecting users.
They chose the latter.
I do notice that some companies seem to do both.
Lab Test Results Chart
I follow the regular test reports from four labs: AV-Test, AV-Comparatives, SE Labs, and MRG-Effitas.
For a long time, Malwarebytes didn't participate with any of them.
More recently, it has begun showing up in reports from AV-Test Institute.
AV-Test reports on each product's capabilities in three areas: good protection against malware, small performance impact, and minimal effect on usability.
That last item means the antivirus doesn't freak out users by flagging valid websites or programs as dangerous.
A product can earn up to six points in each area, for a maximum of 18 points total.
In the latest test, Kaspersky, McAfee, and Symantec Norton AntiVirus Basic earned a perfect 18.
Another eight products managed 17.5 points, enough to earn the label Top Product.
As for Malwarebytes, it took four points for protection, five for performance, and five for usability.
Its total of 14 points is the lowest of any product in the latest report.
That one test score isn't enough input for my aggregate test score algorithm.
In any case, per its creators, Malwarebytes isn't designed to pass tests, and they don't care if it doesn't, as long as it protects their users.
Asked about these results, my contact at the company had quite a bit to say.
He pointed out, among other things, that a false positive result on eight non-prevalent samples (out of half a million) lost Malwarebytes a full point for usability.
He also noted that the protection test uses URLs that point directly to the malware.
In a real-world attack there would be other elements such as a drive-by download, a phishing email, or other techniques.
Malwarebytes takes the full breadth of the installation process into account, and the test misses some of that breadth.
That said, other products do manage high scores.
If numerous excellent labs scores fill you with confidence, you'll be thrilled with Kaspersky Anti-Virus($29.99 for 1 Year, 3 Devices at Kaspersky).
My aggregate lab results algorithm maps scores from all four labs on to a scale from 0 to 10, to derive a combined score.
Based on results from all four labs, Kaspersky gets 9.9 out of 10 possible points.
SE Labs didn't include Bitdefender in its latest round of testing.
With results from three labs, Bitdefender also stands at 9.9 points.
And Sophos has a 10-point aggregate score, though that's derived from just two tests.
Effective Malware Protection
For most products, my malware protection test begins the moment I open the folder containing my current collection of malware samples.
The minor file access that occurs when Windows Explorer reads a file's name, size, and attributes is enough to trigger a real-time scan for some.
For others, clicking on the file or copying it to a new location triggers a scan.
To maintain compatibility and avoid stepping on the toes of such programs, Malwarebytes waits until the malware attempts to launch.
Cylance, Emsisoft, and McAfee Gamer Security are among the other programs that wait until launch to scan for malware.
Skipping mere on-access scanning saves time and resources, no doubt.
However, wiping out known threats on sight means you're protected even if the antivirus crashes or stops working.
To test this product's malware protection, I launched each of my samples in turn.
Looking at Task Manager, I could see that Malwarebytes didn't let suspect processes execute until it could finish its analysis.
Sometimes this took as long as 20 seconds, though it reached a verdict for most in three or four seconds.
Don't worry; I saw no such delay in the execution of innocuous programs.
Malwarebytes detected and quarantined 98 percent of my samples before they ever got to launch.
Windows Defender and Sophos share this test's top score with Malwarebytes, 9.8 of 10 possible points.
Webroot detected 100 percent of this same sample set, but minor imperfections in blocking detected malware cause it to come in second place, with 9.7 points.
Tested with my previous sample set, Norton also scored 9.7 points.
Since the samples aren't the same, the tests aren't directly comparable, but these are all very good scores.
Malware Protection Results Chart
Malwarebytes focuses on prevalent malware, which made me think it would do well in my malicious URL blocking test.
On the other hand, this is exactly like the direct-to-malware URL lab test that my Malwarebytes contact described as problematic.
I needn't have worried, as it turns out.
This test starts with a feed of real-world malware-hosting URL, kindly supplied by MRG-Effitas.
Typically, I use URLs captured just a few days before, so they're very fresh.
The structure of this test is simple.
I go down the list of URLs, launching each and noting whether the antivirus kept the browser away from the dangerous location, quarantined the malware download, or did nothing at all.
I keep up this process until I have about 100 data points, then run the numbers.
Malwarebytes blocked access to 94 percent of the malware-hosting URLs.
For most, it popped up a notification saying the website was blocked due to a specific type of malware.
In many cases, Browser Guard kicked in to provide information even after the disappearance of the transient notification popup.
Just seven recent products have done better.
McAfee, Sophos, and Vipre Antivirus Plus all managed 100 percent protection, using various combinations of URL-blocking and malware-quarantining.
Malwarebytes doesn't automatically scan downloaded files, so any case where it didn't block URL access resulted in a malware file landing in the Downloads folder.
Launching those files isn't part of this test, but I did it just to see what would happen.
Malwarebytes took down all of them.
Phishing Protection a Bit Better
Malwarebytes doesn't claim to offer full-scale phishing protection, though the same component that blocks malware-hosting URLs does also detect phishing attacks.
New in this edition, phishing protection gets a boost from Browser Guard.
To test a product's ability to detect and fend off phishing attacks, I use the newest sample URLs I can find, often only hours old, many of them too new to be on any backlists.
I launch each URL in four browsers, starting with one that's protected by the antivirus I'm testing.
The other three rely on the phishing protection built into Chrome, Edge, and Firefox.
If any of the four browsers can't load a given URL, I discard it.
Also, if the resulting page isn't clearly an attempt to steal user credentials, I discard it.
After processing a few hundred samples, I run the numbers.
Phishing Protection Results Chart
In many cases, Malwarebytes popped up a notification saying it blocked the website due to phishing, often with Browser Guard echoing that information.
However, Browser Guard alone handled about a quarter of the detections that Malwarebytes managed.
Here again, if you use Chrome or Firefox, be sure to install Browser Guard.
When last tested, Malwarebytes detected just 29 percent of the verified phishing URLs, putting it very close to the bottom.
This time around, that number rose to 51 percent.
That's a decided improvement, but it barely drags Malwarebytes out of the cellar.
The built-in protection in all three browsers soundly trounced Malwarebytes.
Kaspersky and Trend Micro detected 100 percent of the frauds in their latest test runs, while Bitdefender and McAfee spotted 99 percent.
If you insist that your antivirus provide effective detection of phishing websites, one of these might be a better choice.
Mixed Ransomware Protection
You don't really expect ransomware to get past...
