More Malwarebytes: Prevention or Detection?

More Malwarebytes: Prevention or Detection?Which is better: prevention or detection of malware? At the end of my last post, For Computer Security, Can Malwarebytes Do the Job?, a client’s computer was still suffering from a bunch of infections and Malwarebytes was chugging away on it. I submitted the post while the scan was in process, but when it was finished, nothing malicious was found. That was a puzzle because I suspected there were still problems, so I did some test surfing and quickly found the Babylon Toolbar had come back in spite of having been deleted in a way that has worked in the past. Also, several suspect processes were active. In addition, operation did not seem normal. So I did what should have been done when presented with a badly infected computer: I did a full reinstall of Windows. This was not as burdensome as one might have suspected it would be; even activation went through without a hitch. But I always feel like a loser when falling back to that kind of brute force solution. Maybe that is why I wasted too much time trying to do the wrong thing. Taking pride in your work is good, but taking pride in the wrong kind of work helps no one.

The necessity for a Windows re-installation is not a putdown on Malwarebytes for not fixing everything. I hold it in the highest regard. It is one of the best available anti-malware programs in either free or paid format. The thing we have to remember is that no single program finds and cures all possible infections. For instance, here is a video showing Malwarebytes finding a Trojan after Kaspersky missed it. One could probably make a similar video with Kaspersky finding a Trojan that Malwarebytes missed.

Several organizations publish test results of competing anti-malware products. For instance, consider AV-Comparatives. This list results from 22 anti-malware companies in a comprehensive series of tests, but Malwarebytes is not among those being tested. It also lists seven different types of results including the often overlooked false alarm rate. The false alarm rate is important. After all, if you want to make an anti-malware product that is guaranteed to catch every bad thing, you can simply bias the discriminator to give more false positives as an acceptable cost of minimizing false negatives. At the limit, a 100% detection system would flag everything as bad. In this way, nothing is missed!

But AV-Comparitives does not force you to wade through all the data. Instead, it combines the results from all of its tests and, with a disclaimer saying that consumers should download trial versions first before making a decision to purchase, it recommends a best choice. The winner in the December 2011 summary was Kaspersky. This is one reason why I was interested in seeing the video of Malwarebytes finding a Trojan that Kaspersky missed.

A somewhat dated (July, 2010) video shows a brave soul deliberately infecting a computer (presumed to be a virtual machine) with a lot of nasties and then using Malwarebytes by itself to find and get rid of them. His conclusion was “It is pretty good.” Another, more recent video, posted April, 2012 tests AVG used in cooperation with Malwarebytes. The test was done on a virtual machine infected with 321 pests. AVG by itself found about 87%, but combined with the paid version of Malwarebytes, all were found. This is very impressive for the combination. This supports my contention that this dual support method is the better way to go.

After finding these videos, I naturally searched for “MSE and Malwarebytes” since that is the combination that I have been recommending for consumer use. Many studies have been done. The results are about the same as the video with AVG. The combination works well.

What I have not been able to convince myself of is why the major testing labs have not reported results with Malwarebytes. We can speculate, and perhaps some of you reading this know the insides of the business better than me (not difficult, since I know nothing). It could be because Malwarebytes is an oddball compared to the others, or it could be that money is involved, or it could be a business decision. I just do not know.

But as a result of such adventures, I have come to greatly appreciate the difference between being able to find and cure infections during a scan and preventing infections by incoming detection before the harm can be done. When a computer comes to me highly contaminated, how will we know if it is truly clean after any number of scans? The best way seems to be to recover as much personal data as can be recovered safely and then reinstall Windows. This means that all applications must be reinstalled and personal settings reconfigured. Such is life. Suck it up. This is still better than not being sure after spending hours or even days chasing ghosts only to have a recurrence of the same problems. For that reason, I prefer to concentrate on anti-malware applications that are good at intercepting incoming problems before they get established.

Malwarebytes in combination with another anti-malware application is good, but the best protection is still the user. Just as seat belts and airbags are good protection in automobiles, anti-malware is good protection, but the first line of defense in an automobile is an alert driver, and similarly the first line of defense for a computer is the user. Prevention of an accident is much better than the best seatbelt. This does not mean that I advocate driving without insurance or airbags. You still need those protections, but the emphasis should be on accident prevention. The same holds true for safe surfing and general computer usage.

Article Written by

  • Curtis Coburn

    I agree with you. If you don’t want any viruses. Then it is all up to the user. You should do regular scans a week. Typically on my Windows 7 Laptop I do about 4-5 a week. Also, you should not watch porn on your computer. Those sites are filled with viruses. I hear a roomer that’s how Macs get viruses. Also, don’t download anything, unless it is from a trusted big name company. Those illegal music downloaders, youtube converters, ect. you are just asking for it. Keep it real…

    • sdeforest

      Regular scans are good, but as I said, prevention (avoid porn, etc.) is better. I might write bout using virtual machines as a security measure.

  • Pingback: More Malwarebytes: Prevention or Detection? | Pink Case Iphone

  • http://www.facebook.com/brad.tomlinson Brad Tomlinson

    I have MSE on my laptop, and I just installed Malwarebytes. After a quick scan, Malwarebytes found one piece of malware (pup something). That malware has now been removed by Malwarebytes. Thanks for the recomendation.

    • sdeforest

      You are welcome, and thanks for the comment. That was probably adware, not a serious Trojan since Malwarebytes would have flagged it as such, but it is could to know

  • Cameron Ryan

    I prefer Microsoft Security Essentials but Malwarebytes is certainly just as good.

    • sdeforest

      I do not advocate using either. I suggest using both. Together they are stronger.

      • http://www.facebook.com/profile.php?id=583179686 Chris Smith

        Yes, put on both. There is no noticeable performance hit unless your computer is 5+ years old.

  • chiefnoobie

    Malware bytes pro comes with HIPS protection, so using this along side say Comodo internet security would give you a very good level of protection.

  • sdeforest

    I agree from seeing similar installations. For some reason, I have just not invested in the paid version. Maybe I will now.

  • Noodle

    Just another teaser software that pretends to be free and then spams the heck out of you after first use, is harder than heck to ever finally get rid of, and then when you finally do, it screws up your registry.
    No thanks, will stick with something I have to pay for up front, has support, and I know what I’m buying into.

  • http://www.facebook.com/profile.php?id=583179686 Chris Smith

    I’ve recently begun putting the paid version of Malwarebytes on all of the computers I’m responsible for, in combination with MSE. To wit, I haven’t had a single computer hit with that combination in place. Highly recommended.

    • sdeforest

      From the responses, I must give up my desire for free things and pony up the fee for paid version. I have heard nothing but good.

  • ky331

    AV Comparatives compares Anti-VIRUS programs. MBAM is NOT an anti-VIRUS, rather, it is an anti-MALWARE program — which is specifically intended to COMPLEMENT (but NOT TO REPLACE) other anti-VIRUS programs.

  • guygo

    Five days a week I am a malware-removal professional. MBAM is my bread-and-butter tool. It gets a lot but not not always everything. My personal system’s use MS Security Essentials with MBAM’s resident protection module (best $25 you can spend on security!). With the WIndows 7 firewall, I feel very secure, but then I know what to click and what not to click. Two of the most important tools for me to do my job are Sysinternals ProcessExplorer (my eyes into the system) and Autoruns (the knife I use to excise malicious startups). Another excellent tool is Kaspersky’s TDSS Killer; it gets most of the common rootkits (more than just TDSS). There are some rootkits like ZeroAccess/Sirefef that need special steps to remove and I strongly revcommend you leave those to us professionals (or fall back on re-format and re-install). After time I have also gained a knowledge of what SpyWare/JunkWare apps (like the bleeping Babylon toolbar and ALL other “Community toolbars”) to remove from the system alltogether. I also use a CMD window to check out what’s in %appdata%, %temp%, ProgramData (or Docs&SetsAll UsersApplication Data), and Temporary Internet Files. Stuff can hide in those places, some of which have permissions that make it impossible for any app to remove it without going to realtime mode. Learning to use icacls (or cacls), attrib, takeown, taskkill, and the other CMD cli apps. AS always, be sure you know what you’re doing BEFORE you do it and backup, backup, backup.

  • ‘Tis Moi

    I use Malwarebytes in tandem with Superantispyware. Best duo going (as far as malware).

    Like you, Sherm, I usually take a bit long on trying to clean a system – really don’t like a bug to get the best of me to the point of a reinstall (even though it’s generally the best option). Most of my clients haven’t ever reinstalled & they’re actually thrilled to get back a fast machine. At that point, I tell them to go out & pick up two, cheap external drives and do a weekly or monthly back up. If they provide me a drive when I reinstall, I’ll also do a system image to boot.

    • sdeforest

      Good advice! And I still do not know when to give up. I have wasted more hours than I care to think about chasing bad guys. But it is fun to win. Years ago my wife caught something and there was no tool to kill it. I went into the registry and found it manually. I deleted it and proudly called her to come get her clean machine back. But while I was watching, it came back! Later I learned about evil twins that look out for each other–but that is another story. I did win that one.

  • sdeforest

    If you have read my older posts, you know what I think about Babylon, and it sounds like we are in agreement. Unlike you, I am a reluctant malware-removal person. I fall back on re-formatting and start from scratch more than you might. That said, I use Malwarebytes and MSE and am pleased so far.

  • sdeforest

    Fair enough. I have never had complaints, but that is why they offer 31 flavors of ice cream.

  • sdeforest

    Good point. I tend to be a bit sloppy on nomenclature. However, the paid version of MBAM seems to do a pretty good job of general protection by itself.

  • http://www.facebook.com/profile.php?id=100000592179233 Miguel Victor

    Does this program work has as a antivirus or just a scan program and is not going to get in conflit with my anti-virus?

    • sdeforest

      Malwarebytes will not conflict with other anti-malware applications.

  • http://www.facebook.com/carrdarius Darius Carr

    A good article. I tend to agree…if in doubt “Take off and nuke the site from orbit, its the only way to be sure”