Malwarebytes Anti-Malware: Can it still be trusted?


malware - begone

Malware removal tools, or scanner/removers, have become an almost integral part of a home user’s security arsenal and we are fortunate that there are several very good freeware offerings to choose from. For some time I, among many others, have been recommending Malwarebytes Anti-Malware as top dog, albeit by a narrow margin. Malwarebytes has always ticked the boxes on three fronts; simplicity, effectiveness and low false positive rates… but now it seems, the times they are a changing. I’ve been reading reports that Malwarebytes is no longer identifying and removing PUPs (Potentially Unwanted Programs). which includes toolbars – such as Ask, Conduit, Babylon and MyWebSearch – browser hijackers, homepage hijackers and search engine hijackers.

Malwarebytes explanation for dropping these ubiquitous toolbars from the definition database is that they are classified as PUPs (Potentially Unwanted Programs) and are not actually malicious:

While these types of programs and additions are unwanted by many, they’re not malicious nor infections. We detect some as ‘PUP’ (Potentially Unwanted Programs) but cannot classify all due their actual install practices, which when inclusive of an EULA or options to not install prevents additions to the database in any way. Users are advised to always check for ‘custom’ installation options whenever adding any program to your computer as this is the best way to avoid unwanted ‘extras’.

Even though I still hold Malwarebytes Anti-malware in high regard, as a result of this rather bizarre assessment and decision I’ll no longer be recommending it as number one free scanner/remover. So, here are two free programs I suggest should be high on the list of alternatives:

Two Alternatives to Malwarebytes Anti-Malware Free

SUPERAntiSpyware Free

My top recommendation for average home users is now SUPERAntiSpyware, which has always been right up there anyway. SUPERAntiSpyware also ticks all the right boxes; it’s unobtrusive, simple to operate, highly effective and relatively safe (with a low rate of false positives):

sas free main interface

SUPERAntiSpyware is also available in a free portable edition. The portable edition is specifically designed for use on infected machines where malware is blocking internet connection and/or installation.


The SUPERAntiSpyware Portable Scanner Personal Edition features our complete scanning and removal engine and will detect AND remove over 1,000,000 spyware/malware infections. The scanner is the same as our SUPERAntiSpyware Free Edition with pre-bundled definitions and a random named installer to prevent malware from blocking the installation. The scanner contains the latest definitions so you DO NOT need Internet Access on the infected system to scan.

Emsisoft Free Emergency Kit 4.0 – Now with enhanced features

My top recommendation for more experienced to advanced users is Emsisoft Free Emergency Kit. Emsisoft has recently released an updated version of this excellent portable security package with enhanced features. It’s always been a very useful scanner/remover but now, with an improved cleaning engine which reduces the risks involved with malware removal while using far less system resources than previously, it is really coming into its own.

EEK - main interface

Weighing in at a tick under 178MB, Emsisoft Emergency Kit is certainly not a small download but the end package is well worth the bandwidth, especially for anyone habitually dealing with infected machines. The primary component is, of course, the scanner/remover itself with GUI:

EEK - scanning modes

Other tools included in the package are:

  • Emsisoft Command Line Scanner – provides experienced users with an extensive set of parameters to check for malware infections via the command line.
  • Emsisoft Hijackfree – allows advanced users to manage all active processes, services, drivers, autoruns, open ports etc. for full control across the system.
  • Emsisoft Blitzblank – assists with stubborn infections by allowing for removal of infected files, registry entries and drivers at boot time before Windows loads and existing malware has a chance to activate its self-protection mechanisms.

EEK - components

One can but speculate on the motivation behind Malwarebytes puzzling decision. Regardless, I can only perceive this new philosophy as a rather large step in the wrong direction. Users need as much help as they can get in the incessant fight against malware, adware, and insidious software off all types. Let’s hope that sanity prevails and Malwarebytes rethinks its stance. In the meantime, I trust you find the aforementioned freeware more than adequate alternatives.

Cheers… Jim


About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

18 Comments

  1. Sorry Jim.Just can’t agree with you on this one.
    Even with the exclusion of PUP detection/removal,SAS can’t even begin to hold a candle to MBAM.
    I’ve used time and again (for years) on infected systems only to have it find “Adware Tracking Cookies”
    I will thank you for pointing out the offering from Emisoft,as I left them many years back when they totally mucked up the original A Squared on demand scanner.
    A nice little program I’ve had sucess with is Norman Malware Cleaner.Check it out if you haven’t.

    Cheers!!

    • Hey detailer – I’ve always found SAS as reliable and effective as MBAM. Neither finds 100% of malware all the time and, more often than not, one will find malware that the other misses. There are secondary considerations for the less experienced among us too, such as ease of use and low FP rates. That’s why I am recommending SAS for those users, it ticks all the boxes.

      Thanks for your comments and recommendation, always appreciated.
      Cheers… Jim

  2. I have to agree with you Jim. With a client of mine who had the insidious Ask and Conduit’ toolbars and Incredimail.
    Malwarebytes Pro did not remove the toolbars, and I contacted Malwarebytes to ask, “Why?”.
    The response was, that when downloading the program, everyone had the choice of unticking the box.
    I was p**d-off with the comment and replied that paying for a program, the purchaser should be given a choice of extras, and advised that the a toolbar will take control of existing browsers before the fact, not after missing a a tiddly-bitsy-witsy square with an approval tick in it. I also said that they were receiving money under false pretenses by supplying a product which they knew did not remove certain PUPS.
    After reading that Cloudeight did not receive a response from Malwarebytes over the same issue, they no longer recommend the program.
    I removed my paid version of Malwarebytes and installed Emsisoft Anti-Malware on two computers at the start of this week, and after extensively checking their performance, I am pleased with the result.

    Hoo Roo …. 🙂

  3. I was wondering why the ASK toolbar started appearing in my small user base when I cheaked for other problems. Historically I was able to tell my users to periodically run MBAM to minimize malware and PUPS. This was much easier than instructing them and relying on them to uncheck the “YES, I want the benefits of the such-and-such toolbar” option that insidiously appears in many “free” software apps. One user had 11 toolbars installed (yes 11, its not a misprint). Not all were active (visible) but they were installed.

    MBAM does have PUP action option in the Settings menu but if it no longer considers PUPs like the ASK Toolbar to be a PUP because the user did not opt out of it during another program’s install/update then I will have to explore other options.

    • You have just highlighted the problem Muad Dib. Even if Malwarebytes still found PUPs like with any security program it will never be truly 100 percent reliable, especially considering people are trying to find ways around these programs. Having security suites will never be a 100 percent guarantee of protection and until people realise this they’ll continue to keep getting infected. What it really comes down to is a users own safety. Going on virus ridden dangerous sites with a security suite is asking to be infected just like sleeping around with multiple people while using protection can still be risky, the more the riskier.

      I use Eset Smart Security 6 however as well as Malwarebytes Pro, noting that Malwarebytes is designed to work with a main security suite, Antivirus etc and never designed to actually replace one. Eset will spot something like the Ask Toolbar because it offers PUP detection and Malwarebytes is there to spot anything Eset might miss.

    • Toolbars are not all bad – in fact there are some that I like to use. They are relatively easy to manage and/or uninstall and in most cases are obvious. In fact one reason I dislike Chrome is that it doesn’t display toolabars. In the old days IE used to let you have several toolbars on one line which was an excellent standard – you could remove the buttons you didn’t want from a toolbar and keep the few you did, without them taking up much real estate.

      There are toolbars out there that don’t provide anything useful and are only there to gather data though most offer you something you might need in return for your data. Also they do help support the development of freeware and I for one would much rather pay for my software with shopping data than with hard cash. I also keep several toolbars disabled, but enable them when I want to use them, I don’t think 11 is a huge number to have installed unless more than three or four of them were enabled.
      Malwarebytes, and the like, needs to sort out the good from the bad and not indiscriminately identify all toolbars as PUP

      • Hi GBS – There are certainly those who do appreciate some of the toolbars, such as yourself. There would not be an issue if all bundling was totally transparent with opt-in rather then opt-out. Unfortunately that is seldom, if ever, the case.

        They are relatively easy to manage and/or uninstall

        For you maybe, perhaps not so for less experienced users. And if you can “easily” get rid of the insidious Babylon Toolbar for example, you’d probably be one of the few on the planet who could.

        Cheers… Jim

  4. Hi Jim, thanks for the recommendation of SAS, just downloaded and run.
    I’ve found that Malwarebytes Anti-Malware Free hasn’t found anything for months, which I thought was a good thing.
    SAS found a few potentials and dealt with them.
    Therefore Malwarebytes Anti-Malware Free will now be relegated to the “Once thought marvellous, now not impressed bin” where AdAware and Spybot have resided for a year or two.
    As for “Going on virus ridden dangerous sites with a security suite is asking to be infected . . . .” statement, I am careful, I have WOT and BitDefender TrafficLight active on my browser(s).  But I still got a bad dose of the”Delta-Search Bars.
    I uninstalled, purged folders and files and the registry, but I still had a problem with Firefox.  Every time I tried open a new blank tab, it came loaded with a delta-search url which drove WOT and BitDefender into a frenzy.
    I’ve cured it now and if anyone else has this sort of problem, give me a shout and I will detail the simple cure.

    • Hey JST – Thanks for your input here, appreciated as always.

      And I agree, some of these toolbars hook deep into the system and can be a nightmare to get rid of.

      Cheers… Jim

    • Well that’s a complete about face. Power to the people!!

      Malwarebytes is now saying that they are leading the fight against PUPs and inviting other security companies to join in with them… I find that all a tad hypocritical.

      Thanks for the heads up Peter, much appreciated,
      Cheers… Jim

  5. I’m definitely going to give SAS a go having read this Jim.
    What often puzzles me about MBAM is, after it’s finished scanning and you see the results, almost all PUP’s found are not checked for deletion. If it’s ‘potentially’ unwanted, it’s unwanted in my book.
    Also, it was never easy to discover how to select ALL the PUP’s for deletion, but if you right click on one, a menu comes up where you can scroll down to check all items.
    Cheers
    Marc

    • Marc, apparently the Malwarebytes people had a rethink after so many negative stories hit the internet, and those in charge have since reported that support for PUPs has been reinstated. However, I have not checked this myself and subsequent responses from security experts have been mixed… some say all is now good again, some say MBAM still does not flag PUPs.

      I still regard MBAM very highly, I just wish the powers that be would stop messing with it and just give the users what they want (need?),

      Cheers mate… Jim

  6. Emsisoft, SuperAntiSApyWare, Avast or paid Kaspersky, nothing more is required. I had MWB, used it for ages, purposely downloaded PUPs, sent emails’ to MWB, please explain, no answer………………final assessment, money speaks and can turn nice people into ‘nastie pasties’.
    I rate MalwareBytes as a swamp dweller along with Incredimail.

    It’s amazing how the pot-holes are highlighted on the 30 year computer road.

    Cheers,

    Jonno.

  7. I just used Malwarebytes to try to get rid of websearches.com (or whatever it’s called). I’ve managed to get my homepages back, but even while Malwarebytes was running the second time (to detect threats), two times a webpage just opened up on my computer. I had no windows open, just the Malwarebytes running, and at the bottom of my screen I saw a new webpage open – some garbage game page or something. I closed it. A few minutes later – another one. By the time the scan finished – finding no problems – three pages had opened. I’m still getting pop-ups.

    Now what?