Compare Antivirus Lab Test Results:

Malwarebytes Review 2017: Top Malware Removal & Protection

By: Ami Zivov

Malwarebytes is a relatively new and highly appreciated player in the malware protection and cyber security industry.

Prior to version 3.0, Malwarebytes claimed that they don't replace a full suite antivirus protection software; in fact, they recommended that alongside their product, one should install an anti-virus product from another vendor.

We have always had a problem comparing Malwarebytes to other end-point protection solutions, so this is the first time we are comparing Malwarebytes to other anti-virus software.

Version 3.0 has real-time virus protection, so now you can use Malwarebytes as your main standalone anti-virus software!


The company bundled everything into the Malwarebytes 3.0 version which also includes the Anti-Exploit product as part of the security package. In the past, Anti-exploit protection required a different software and a separate license.

It is important to take into consideration that although Malwarebytes is a new player in the Antivirus playground, they have a proven track record in malware removal and disinfection of 0-day malware, which relies heavily on heuristics and behavioral detection and is something that legacy anti-virus products can have difficulties with.

In fact, most computer geeks I know recommend Malwarebytes for a first aid situation when something is wrong with your PC.

Malwarebytes user interface

Malwarebytes panel interface

In this Malwarebytes review and the hands-on Lab Tests, I will inspect Malwarebytes 3.0's features and conduct performance tests to learn more about how this software affects PC usability and resources.

I will also reproduce real-life scenarios with protection tests and measure the accuracy of the anti-phishing filters.

Pros and Cons

  • Rootkit detection
  • Zero influence on computer speed
  • Excellent Performance hands-on test
  • A built-in sophisticated Anti Exploit tool
  • Active ransomware protection and detection
  • The best malware disinfection software in its class
  • Signature based protection - below average


We promise to only send really good deals and important updates. No spam.

Article Index

Background of Malwarebytes

Malwarebytes was founded in 2008 after the CEO, Marcin Kleczynski, wrote the first version in 2004.

Kleczynski has earned himself quite a name in the world of cyber security with awards like Ernst and Young Entrepreneur of the Year in 2015 and Forbes 30 under 30.

Today Malwarebytes has emerged as a formidable competitor in strong malware removal and protection software with offices in 15 countries and more than 500 employees.

The Headquarters are located in Santa Clara, California.

Malwarebytes office headquarters

Malwarebytes office headquarters design
Malwarebytes office setup
Malwarebytes office design

Malwarebytes’s claimed philosophy is that everyone deserves free malware protection, and so it is their duty to provide the best real-time disinfection and protection software on the market.

Although they offer a free version, it is limited which means that it only protects your assets when you trigger a manual protection scan.

In order for you to get the all-important real time protection, you have to buy the Premium product.

Comparison: Which Malwarebytes Product Is Right For You?

In version 3.0 the answer is very clear – if you want this software to replace the traditional antivirus, you must go with the premium version.

The free version detects malware that is installed on your PC, but it doesn't stop malware from infecting your machine in the first place.

If you will choose to stay with the free version, you will have a very sophisticated manual scanner that will clean your PC but only when you manually start scan your computer. This means there will be no real time protection or scheduled scans, not to mention that the free version also excludes Exploit and Ransomware protection.


Malwarebytes 3.0 can be downloaded for a free 14-day trial, but after the trial period it automatically switches to the free version mode. If you decide to buy the Premium version, you will have 30-day money-back guarantee.

It is also important to know that a license continues until canceled for both free and paid licenses.

My Recommendation

I recommend buying the premium software instead of opting for the free version. Free users have to manually set and schedule scans and they will not have real time protection, which stops malware before it infects a PC.

Go to

Aggregated Lab Results, Certifications and Awards

Our test score aggregation tool provides all the published lab tests related to Malwarebytes on one easy-to-use graph. However, our tool couldn’t find many tests on Malwarebytes software.

I recommend that you to use this tool in your security research!

Many external labs didn’t test Malwarebytes in the past because it wasn’t an anti-virus provider.

This will probably not change in the near future because Malwarebytes focuses on behavioral blocking and post infection disinfection and less on traditional malware file detection. As a result, the mainstream protection tests that all external labs perform can’t really measure the real protection and detection capabilities of Malwarebytes 3.0.

4.3 / 10

Hands-On Malware Detection Test

Here's a video of the malware detection test I performed on Malwarebytes 3.0.

Despite the seemingly disappointing results of this malware detection test (only 43%), you have to bear in mind that Malwarebytes is a "next-generation" antivirus software which is focused on behavioral detection as opposed to traditional antivirus software which is more inclined to detect malware based on a signature database.

This means that it specializes in identifying malware when it's executed as opposed to laying dormant in my honeypot folder.

This is also one of the reasons that Malwarebytes doesn't participate in independent lab test results as much as other companies - it would be like comparing apples to oranges.

In fact, you can even see at what point in time they changed their approach by looking at the test scores chart I added above.

Hands-On Phishing Protection Test

Coming soon!

9.0 / 10

Hands-On Performance Impact Test

All our tests are performed with the same hardware. We also use a lower-end setup to amplify the impact of the tested software on the results. If we were to use top-of-the-line hardware with the latest CPU and a very fast SSD, it would be very difficult to measure the difference in performance impact.

I tested Malwarebytes on an open bench PC comprised of the following components:

On this hardware platform, we installed Windows 10 Pro 64-bit and applied all critical update patches effective on January 2, 2017.

I ran Malwarebytes 3.0 on a totally clean windows configuration and then disabled UAC (User Account Control); Windows Updates; screen saver and power management settings; Windows system restore; all task and scheduler events; windows notifications and Error Reporting; and taskbar notifications.

All browsers – Firefox, Chrome, and Edge – were configured to show a blank page on startup / home page.

Finally, I copied 100,000 random-generated files into a sample data folder for the scan duration test. This made up our “clean” image.

Windows only used a single account with no password to ensure automatic login after rebooting. No unknown devices were present or unrecognized in the Device Manager, and I rebooted Windows before doing the tests.

9.8 / 10

Boot Time Benchmark

I used a dedicated script (boottimer.exe) to measure time elapse across five looping boot cycles. Our score shows the average time of the five cycles.

Example: Clean Windows install boot time

Clean Windows install boot time example

Example: Post Malwarebytes install boot time

Post Malwarebytes install boot time example

  Before MWB 3.0 After MWB 3.0 Difference
Boot 1 36.39 37.00  
Boot 2 34.89 41.17  
Boot 3 34.23 36.68  
Boot 4 35.18 41.81  
Boot 5 33.95 36.15  
Average 34.92 38.56 3.63
Boot time summary (In Seconds)
9.5 / 10

CPU, Memory, and Hard Disk Benchmark

This is the bread and butter of all performance tests. But to put the results into perspective because in today's CPU intensive environment, the modern CPU and SSD disk will not feel the difference between one antivirus and other. I included this parameter because some people consider it important, and you can learn about the quality, QA level, and stability of each anti-virus software from it.

I monitor 3 parameters for a duration of 15 minutes with a windows performance monitor. The first parameter is CPU usage, the second one is memory usage, and the last one is disk transfers per second.

I conduct the same test once on a clean Windows 10 installation and a second time after I install Malwarebytes 3.0, making sure I apply all software updates and reboot the system.

Idle - Windows 10 without Malwarebytes

Windows 10 without Malwarebytes - Idle

Malwarebytes idle installation CPU and memory usage

CPU and memory usage by an idle Malwarebytes installation

Malwarebytes's System Performance Impact

System performance impact by Malwarebytes

Malwarebytes 3.0 passed the performance test with flying colors!! The increase in resources is almost non-existent, and this is exactly what one should expect from all antivirus vendors.

7.0 / 10

Browser Execution Speed Benchmark

In this benchmark, I measure the execution time of 3 major browsers (Chrome, Firefox and Edge).

I conduct the test on a clean Windows 10 installation and repeat the test after I install Malwarebytes 3.0. This test is important because most antivirus software monitors the browser internet connection in order to block phishing attempts and scans file downloads.

Post Windows 10 installation snapshot

Post Windows 10 installation snapshot

Post Malwarebytes 3.0 installation snapshot

Post Malwarebytes 3.0 installation snapshot

Malwarebytes browser execution graph

Malwarebytes browser execution graph

Because each browser was executed 3 times, I used the average value to represent the increase in execution time in the above graph.

If I work out an average value for all browser tests together, there will be an increase of 0.54 Seconds for opening a browser window. This result is below par for this industry although most users will not feel the difference.

10 / 10

Web Page Load Time Benchmark

I used Chrome developer tools to measure 2 important parameters.

  1. Page load time (how much time the browser needs to wait for the page to load).
  2. TTFB (Time to First Byte) - Measures the duration in milliseconds from the client, which makes an HTTP request from his Chrome browser to the first byte of the page received by the browser.

I repeated this test on three real, commonly-used websites to measure the impact of Malwarebytes's installation.

Please bear in mind that a lot of variables can influence the test (network latency and load on the web server, or even the time of day), so it is important to consider all three result sets together.

Post Windows installation site load time

Post Windows installation site load time


Post Malwarebytes 3.0 install load time

Post Malwarebytes 3.0 install load time

  Before MWB 3.0 After MWB 3.0 Difference 2.30 sec  \ 301ms TTFB 2.37 sec  \ 306ms TTFB 0.07 sec  \ 5ms 1.03 sec  \ 141ms TTFB 0.96 sec  \ 135ms TTFB -0.07 sec  \ -6ms 0.84 sec  \ 158ms TTFB 0.85 sec  \ 162ms TTFB 0.01 sec  \ 4ms
Average 1.39 sec  \ 200ms TTFB 1.40 sec  \ 201ms TTFB 0.01 sec  \ 1ms
Webpage load time summary

This table is amazing!

First, you can see that on average, Malwarebytes will not delay the time you need to wait until the page is fully loaded. On the Facebook test, the load speed is even faster with Malwarebytes installed. This can be attributed to the optimization Malwarebytes performs on the http protocol, however, realistically, this is more of a glitch related to network traffic or external ISP caching.

Not all sites are fast and distributed over a large CDN network, such as google and Facebook, so by looking at data in this context, you can get more realistic and direct data, rather than having to look at average data.

7.0 / 10

Scan Speed Benchmark

Let me start by saying this:

This is a very popular benchmark performed by many labs on antivirus software, however, if this scan is performed once a day at 02:00 a.m., or at a time that no one is using the computer, why should one care whether it takes 20 minutes or 25 minutes?

Moreover, some antivirus software uses a snapshot mechanism that will make sure they scan a file only once; only if this file was changed or altered, the software re-scans it. Hence, going forward, the scan should be performed on new files only. Unfortunately, Malwarebytes doesn’t have this capability so each full scan will rescan all files on a daily basis.

This benchmark is performed on a folder with 100,000 randomly generated files and data that contains random characters.

Randomly generated file

Randomly generated file

100,000 files in the Scan folder

100,000 files in the Scan folder

The test Scan is performed on the test folder after a definition update and a system reboot.

Full Malwarebytes scan complete

Full Malwarebytes scan complete

Malwarebytes during a full scan - CPU and memory usage

CPU and memory usage by Malwarebytes during a full scan - Full scan performance monitoring

The full scan duration was 223 Seconds (3:43 min), that is an average speed of 448 files per second. You can see that during the full Scan, the CPU utilization averages on 94%. If you take into consideration the high performance toll and the relatively slow scan speed of files per second, Malwarebytes needs to improve in this area.

But then again, why would one care about the time when one has to wait for the full scan to finish?

The only real issue is that during the full scan you probably can’t do anything intensive with your PC, so you need to just sit back and relax while the process completes itself.

7.0 / 10

Customer Support Test

What happens if something goes wrong and you need some guidelines or SOS help with your PC following a Malware infection?

Malwarebytes provides several ways to contact their support team.

The first option is to open a support ticket via the website. This is available for both home user and business user customers.

The second option is dedicated phone support, but you have to buy this service separately. If you search online for Malwarebytes's corporate number, you will probably get a number of a phone support scam. If you find the real number, it will just let you leave a message.

Unfortunately, they don’t provide online chat, so in my test I will try to contact them via social media networks, specifically the Malwarebytes Facebook page.

It is important to mention that Malwarebytes has a very active and helpful forum that can help and provides first aid assistance in case of malware infections.

Support is only available from Monday to Friday during regular business hours (09:00 - 17:00).

There is also a useful wiki that addresses common questions per product, including how-to videos and user guides.

When we check the customer service of a company in our reviews, we conduct at least 2 separate customer support tests.

One of the tests is more pre-sale oriented and the second one is more technical and requires some knowledge from the support engineer about the product.

We try to conduct these tests on a Monday morning at 09:00 a.m. to make sure it reflects the customer service workload / ticket queue that accumulated over the weekend.

For this Malwarebytes review, I checked their online ticket system, and I contacted them via Facebook.

Pre-sale chat with Malwarebytes Facebook page (Respond time: 2:22 hours)

Pre-sale chat with Malwarebytes Facebook page (Respond time: 2:22 hours)

Post-sale customer support case opened with Malwarebytes on Jan 11 09:00 a.m. PST

Post-sale customer support case opened with Malwarebytes on Jan 11 09:00 a.m. PST

Post-sale customer support case closed on Jan 12 12:31 a.m. PST (Respond time: 27 hours)

Taking into account that there is no live chat or a number which a user can use to reach a real support engineer, as well as the time it took to get an answer from the support ticket (27 hours), I would say this is a factor Malwarebytes should improve on.

They try to make up for this disadvantage with a very active forum and there are plenty of security experts who use this forum to troubleshoot and resolve malware infections.

Malwarebytes 3.0 Key Features

User interface and Scan options

Clean and easy interface on Malwarebytes

Clean and easy interface on Malwarebytes

From a user interface point of view, you get very clean and clear platform. The new version has a modern design that doesn’t chew up the resources from your PC.

Malwarebytes has 3 scan selections: 

The Threat Scan (Previously called the Quick Scan): This is a comprehensive scan because it reaches all the places where malware can hide itself, and therefore it is recommended for everyday use. This is also why the software is preconfigured with the Threat Scan as a scheduled task. (The software schedules it at 2:36 a.m. for 38 seconds. Don’t ask me why they are set it to this exact time, but my guess is that from a statistical point of view, most people are asleep at this hour.)

The Hyper Scan (Previously called the Flash Scan): It is a quick scan for active malware threats. If anything is detected, Malwarebytes will recommend the user to run the Threat Scan afterwards for better detection.

While the Threat Scan acts as a quick and full scan in one, one can run a Full Scan with what is called the Custom Scan. A user can scan everything on the hard drive by selecting the whole drive in Options.

One important thing I noticed is that the Scan for rootkits is disabled by default, probably because rootkit scanning tends to take substantially longer due to how thorough and hard disk intensive this is.

Malwarebytes even recommends creating a custom weekly scan that is rootkit enabled. So if you decide to go with Malwarebytes, don’t forget to add this to your setup. (If you need help setting this up feel free to email us and we will send you instructions.)

Behavioral Malware Blocking

This is probably the holy grail of malware protection, and this is why so many computer geeks prefer Malwarebytes over other antivirus software that is more focused on signature-based protection.

In the past year we have seen many security products that boast a “Next Gen” antivirus and malware protection who claim that this is the way to protect yourself from security hazards.

The biggest advantage of Behavioral Blocking is that theoretically it can stop 0-day malware that is still not documented and filed in a traditional signature database.

For example, if malware is trying to delete a crucial system file, the anti-malware software should red-flag and terminate this process.

Although Behavioral / Heuristics is a very powerful approach to detect new malware, the downside is that it can create a high rate of false positive alerts.

Malwarebytes tries to distinguish themselves from traditional antivirus software and not “play” the game of who has better signature based detection rates. (This is why they don't participate in all the tests by independent organizations).

Malwarebytes's “game” is more behavioral based, so much so, that older versions of the software were recommended to be installed alongside traditional antivirus software. Now, Malwarebytes has changed its position with the 3.0 version which can replace real time antivirus protection, but can still run alongside one as well.

It would be nice if the company would master both approaches and not focus on one. When both approached are merged, it will guarantee the product market domination!

Malware Removal

The hope is that users will not need the removal option because a good anti-malware software should block the malware from being installed in the first place.

But if there is a case where there is a 0-day malware that wasn’t blocked by the Behavioral blocking, or a user installs Malwarebytes 3.0 on a previously infected system, this is where the removal capabilities come into play.

This again is where Malwarebytes 3.0 shines and has a great reputation in the computer technician / lab scene.


Firstly, what is Anti-Exploit?

Hackers that build 0-day Malware use software vulnerabilities in order to penetrate and deliver the file to a user's system.

For example, if you don't update your Windows on a regular basis, you would be vulnerable to this type of attack, and the same goes for other software like Adobe reader or even the Chrome browser.

Basically, your job is to make sure all your software is up-to-date, while Anti-Exploit's job is to block attempts to use those vulnerabilities and inject malware into your system.

The easiest way to describe the difference between Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit is that Anti-Malware guards your PC against WHAT you are being attacked with (for example, “locky ransomware”), while Anti-Exploit guards against HOW you are being attacked (for example, a file was download to your computer via Adobe auto-update).

These are two entirely different approaches that will keep you safe online!

Malwarebytes Anti-Exploit

Malwarebytes Anti-Exploit

Ransomware Protection

So, if you keep up to tabs in the market of anti-malware solutions, you probably know about the new epidemic called ransomware.

We have an article about ransomware, but basically the concept is very simple: a hacker takes control of your files and encrypts all your data, and unless you pay up (in most cases via bitcoin) in a limited time frame, you will not gain back access to your original files.

Before I talk about ransomware protection, it is very important to mention that no protection is bulletproof and you should always have an active back up plan, which in this case is actually backing up all your data.

Now that that is covered, let’s have a look at how ransomware protection works in Malwarebytes 3.0:

There are basically 4 stages / engines that work simultaneously.

Step 1: Anti Exploit will try to block the infection in the first place by blocking the download and execution of the ransomware file.

Step 2: Anti Malware will try to quarantine the ransomware file by comparing against the known signature database of documented ransomware.

Step 3: Behavioral Ransomware Blocking: This uses Malwarebytes Behavioral protection to detect a process that mimics the behavior of a ransomware process.

Step 4: Trapping Ransomware: This is an active function that detects ransomware activity which can be divided into several sub approaches:

Most anti-virus software only deploys Steps 1, 2, and 3 of protection.

We grade a software as “active ransomware protection enabled” only when they use advance methods described in Step 4.

Please bear in that the bad guys are getting smarter and they are discovering ways to improve ransomware and adjust the values / threshold to bypass the active ransomware protection.

This is why it is very important to have a good backup strategy and endpoint security that blocks malware from reaching your computer in the first place.

Malwarebytes 3.0, like the majority of anti-ransomware vendors, rarely reveals details about their inner-workings and for a good reason!

I will not disclose which methods Malwarebytes uses, but I can state that they have active ransomware protection.

Anti-Ransomware is enabled by default on Malwarebytes 3.0

Anti-Ransomware is enabled by default on Malwarebytes 3.0

System Requirements

If you want to run Malwarebytes products on your systems and devices, you will need certain system requirements.

These are the minimum requirements you should have in place:

Windows versions 7-10, Vista or XP, 800MHz CPU or faster with SSE2 technology

2 GB of RAM for 64-bit OS

1 GB of RAM for 32-bit OS

250 MB of free disk space

There is nothing special here and this hardware demand is common if you take Malwarebytes 3.0's excellent performance tests into account.

Note: Ransomware protection only works on Windows 7 or higher.

What We Would Like to See from Malwarebytes in the Future

When looking at antivirus or anti-malware solutions, you have to look at the offer from 30,000 feet to see if it can be a complete & standalone end-point protection suite.

What I would like to see in Malwarebytes 4.0:

Must have:

Firewall with application security

Gamer\movie mode

Nice to Have:

Centralized management with multi device support

Sandbox Protection

Parental Control

This Malwarebytes review focuses on the home user product, and what I know to be interesting and important for the end user.

For example, I am not saying that a third party Firewall is something that will take your security to the next level (because windows has a built-in firewall), but in order to configure the Windows outbound firewall you need a good network understanding and an ongoing configuration, which is something that most endpoint solutions today have.

Most user need something that works in auto-pilot mode or something with minimal user intervention, as well as a known and maintained database of legit applications.

Malwarebytes for Business

Commercial users of Malwarebytes do not have free Anti-Malware products available. The minimum a business will need is the Premium version because of its real-time protection and automatic scanning schedules and updates.

The business products are built on Malwarebytes Endpoint Security, which offers a multi-layered platform with several technologies to safeguard computers against unknown attacks and threats. The platform is based on detection and remediation which includes malicious URL screening, ransomware blocking, and exploit protection.

Other important factors:

The products do not compromise a PC system because it frees up IT resources.

There is comprehensive reporting of vulnerable endpoints which protects every endpoint as the company grows.

The product removes malware and adware from Mac endpoints with a separate remediation-only client, while cleaning the Mac system in under 1 minute.

This technology is used by companies of all sizes because of its multi-stage protection that can remedy all sorts of malware attacks at different stages.

I noticed that the Malwarebytes business product hasn't aligned with the Malwarebytes 3.0 stand-alone solution; my guess is that this should happen soon because the old platform has not replaced the traditional antivirus which means users will have to install several products.

The main improvements I want to see in the home solution and the business products, are one central management deployment and reporting system, as well as support for server protection.


Mobile Compatibility

In this Malwarebytes review I focus on the Windows version of Malwarebytes 3.0, and therefore I can’t make conclusions about the performance / protection rates of the mobile version.

But from a first impression, I like the feature list, and judging from the quality of the Windows version, I don't think you can go wrong with Malwarebytes Anti-Malware Mobile.


This software is free of charge.

Note that the product only supports Android and there is no iOS version, mainly because Apple's "walled garden" approach.

The features of the mobile version:

Malwarebytes mobile scanner in progress

Malwarebytes mobile scanner in progress

Malwarebytes mobile scan complete

Malwarebytes mobile scan complete


Mac Compatibility

Malwarebytes's statement on the MAC product page is, “YEP, MACS GET INFECTED!"

This is true; one sees it every day, however, not at the same rate as on Windows OS.

At first glance, I noticed that the feature list is very basic and to the point, and users get Anti-Malware and a spyware scanner in a light and lean package.

Again, this version is free of charge, and it is very clear that Malwarebytes is focused on the Windows OS environment.

What makes this free tool desirable is that the scans typically take 6 seconds to run, the software is only 8.4 MB (the size of two digital music files), there is custom-built technology that detects and removes 160 adware variants, and anti-malware that removes Trojans.

Malwarebytes Mac compatilbility

Malwarebytes Mac compatilbility


Money Back Guarantee

The website currently stipulates that there is a 14-day trial of the Malwarebytes Anti-Malware 3.0 Premium product.

Once the 14 days are up, a user can purchase and upgrade to Premium or choose to use the Malwarebytes Anti-Malware as a free manual scanner.

Malwarebytes operates on a 30-day right of refund policy, the details of which are in the paragraph above Section 1 of the software license agreement.

“Your right to return the Software for a refund expires 30 days after the date of purchase.”

My Conclusion

Let’s say it loud and clear:

Malwarebytes is the first choice for first aid scenarios with malware infections and disinfection when something goes wrong.

It is true that some nifty security features, like firewall, are missing from the Malwarebytes 3.0 package, however, the most crucial thing is when something goes wrong, a user's first bet is Malwarebytes.

Users should definitely invest in this formidable anti-malware removal and protection technology to ensure everlasting safety from malware attacks.

The product is unique, strong, and easy to use with a free option for those who want to test the waters out first. Add to that the ransomware protection and anti-exploit feature, and you are surely on the road to a safety!

  • Rootkit detection
  • Zero influence on computer speed
  • Excellent Performance hands-on test
  • A built-in sophisticated Anti Exploit tool
  • Active ransomware protection and detection
  • The best malware disinfection software in its class
  • Signature based protection - below average

Go to

Malwarebytes 3.0 offers top-notch malware removal and protection products in free and premium versions. These tools are must-haves to accompany traditional antivirus software providers because of their unique ability to detect and annihilate all kinds of malware, spyware, adware, rootkits, Trojans, and more. With one-of-a-king technology, users will be safeguarded against malware with real-time protection.

Date published:March 25, 2018
9.5 / 10 stars


We promise to only send really good deals and important updates. No spam.