When compared to other security tools like Spybot S&D and Ad-Aware, the advantage of Malwarebytes Anti-Malware
(MBAM) is that it uses a proprietary low level driver
similar to some anti-rootkit (ARK) scanners to locate hidden files and special techniques
which enable it to detect a wide spectrum of threats including active rootkits. IMO it has proven more effective than many of the stand-alone ARK tools which are available. MBAM intentionally does not search for and remove cookies which pose no significant threat
. The research team investigates new rogue applications and malicious files so the database is usually updated several times a day in an aggressive effort to keep it current. Scanning is performed quickly while other tools can take hours.
Malwarebytes Anti-Malware is designed to remove malware as effectively with a Quick Scan as it will with a Full Scan which takes much longer to complete. Both scans use heuristics
that bypasses polymorphic blackhat packers & encryption, MD5
, check memory (loaded .exes and .dlls), unique strings, autostart load points and hotspots (everywhere current malware is known to load from) and multiple other malware checks which are not discussed in public to safeguard the program from malware writers.
- A Quick Scan looks at the most prevalent places for active malware so scanning every single file on the drive isn't always necessary.
- A Full Scan only has the ability to catch more traces in rare circumstances but it can be used to scan every drive (including removable) on the system.
- A Flash Scan will analyze memory and autorun objects but that option is only available to licensed users in the paid version.
The above information about how the program works is general rather than specific. The reason for this is that the developers of Malwarebytes do not want to reveal all the special techniques
utilized in order to protect the integrity of the tool from malware writers who would use that information for nefarious purposes.
I recommend taking advantage of the Malwarebytes Anti-Malware (Pro) Protection Module
in the full version which uses advanced heuristic scanning technology
to monitor your system and provide real-time protection to prevent
the installation of most new malware. This technology runs at startup where it monitors every process and helps stop malicious processes before they can infect your computer
. The database that defines the heuristics is updated as often as there is something to add to it. Keep in mind that Malwarebytes does not act as a real-time protection scanner for every file like an anti-virus program so it is intended to be a supplement, not a substitute
. Enabling the Protection Module
feature requires registration and purchase of a license key
that includes free lifetime upgrades and support. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as the program utilizes few system resources and should not conflict with other scanners or anti-virus programs.
If any conflicts between Malwarebytes' and another security program are reported, suggested solutions are usually provided in the Common Issues, Questions, and their Solutions, FAQs
thread. I know and have worked with some members of the research team so I can attest that they make every effort to resolve issues as quickly as possible.
is no longer recommending
Spybot S&D or Ad-Aware due to poor testing results. See here
- (scroll down and read under Freeware Antispyware Products)
Ad-Aware has even been placed into the Installers Hall of Shame
for bundling and pre-checking Google Chrome during the installation. Also read Lavasoft Turning to the Dark Side?
writtne by a former volunteer (now a MVP) who provided support for Ad-Aware but no longer uses the program.
As for Spybot S&D, most people don't understand how to use TeaTimer
and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry
but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry
and how TeaTimer works in order to make informed decisions
to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection
of malware by those tools.
Edited by quietman7, 20 January 2011 - 06:57 PM.