Back when the idea of running an antivirus utility on your computer was novel, the simple-minded programs spotted malicious files by matching patterns of bytes. Modern malware has better disguises, so modern antivirus tools like Malwarebytes Premium Security employ heuristic detection, behavioral analysis, and other advanced techniques. Unlike Malwarebytes Free, which only scans on demand, the Premium edition is a full-scale antivirus with all expected features. Malwarebytes earns excellent scores in some of our tests, but Editors’ Choice winners Bitdefender Antivirus Plus and Norton AntiVirus Plus score even higher and offer more advanced features.

How Much Does Malwarebytes Premium Security Cost?

Just under $40 per year is a common price for a single year’s antivirus subscription, for Windows and macOS editions both. Webroot SecureAnywhere AntiVirus, Kaspersky, Bitdefender, and Trend Micro Antivirus+ Security are among the antivirus utilities that fit this profile. Malwarebytes starts a bit higher, at $44.99 per year for one license, but its multi-license packs align with the competition. For example, a three-license subscription costs $59.99, and you pay $79.99 to protect five devices.

Where most antivirus apps come in packs of one, three, five, and possibly 10 licenses, Malwarebytes is more flexible. You can choose from two to 20 licenses at a price of $29.99 plus $10 per license. So, for example, a two-pack costs $39.99 and a 20-pack runs $229.99.

For subscriptions up to five licenses, you can add the Malwarebytes Privacy VPN (powered by Editors’ Choice Mullvad VPN) for another $20 per year. For six to 20 licenses, the price with VPN is $34.99 plus $13 per license, topping out at $294.99 for 20 licenses.

With Norton AntiVirus Plus, you pay $84.99 per year for five licenses. That gets you an array of suite-level features including online backup, firewall, a vulnerability scan, and more. McAfee AntiVirus Plus used to offer unlimited cross-platform licenses for $64.99 per year, but the current McAfee AntiVirus covers just one PC. You get it through third-party retailers, where it typically costs about $49.

No money in the budget for antivirus? No problem! You can install Avast, AVG, or a dozen other free antivirus utilities at no charge.

Simple Interface, Speedy Scan

After a quick installation, the Malwarebytes main window appears. A two-item menu down the left side lets you switch from the main Dashboard view to Settings. At right, a large panel houses the Malwarebytes Trusted Advisor feature, which initially advises running a full scan. Much like the AutoPilot feature in Bitdefender Antivirus Plus, Trusted Advisor reports on the status of your protection and offers advice on how you can improve that status.

In the middle you’ll find three large panels titled Scanner, Detection History, and Real-Time Protection. It looks almost identical to the free edition except that all three features are enabled. A larger panel below represents the VPN component, enabled only if you’ve paid extra to include it. This review focuses on the basic Malwarebytes Premium, not the edition bundled with VPN protection.

Out of the box, Malwarebytes uses a light or dark theme matching your overall Windows theme, though you can override this to force one or the other.

When you call for an on-demand scan, you get a full Threat Scan by default, just as you do with Malwarebytes Free. In testing the free edition’s ability to clean up existing malware infestations, I found that the full scan averaged from two to four minutes. The same was true when scanning with Premium. Given the average for current antivirus scans is close to two hours, that's beyond speedy.

The scan scheduler lets you run a full, quick, or custom scan on a regular basis. You can choose an hourly, daily, weekly, or monthly scan, or you can set it to scan any time the system reboots. By default, scheduled scans wait to start until the machine is idle. Quick scan, custom scan, and scan scheduling are Premium-only features, and welcome ones.

Malwarebytes offers the free Browser Guard security plug-in for Chrome, Edge, and Firefox when you install the free or Premium antivirus. In testing, it proved effective at steering the browser away from fraudulent (phishing) URLs and pages that host malware. If you use Chrome, Edge, or Firefox, be sure to install this useful extension.

Few Lab Test Results

Many of the independent antivirus testing labs strive to create tests that emulate real-world situations, but this emulation isn't perfect. Some of them still include simple file recognition as one part of their testing. In the past, Malwarebytes didn’t focus on passing tests, but that’s changing. The company now participates in some testing and receives good to excellent scores. I follow the regular test reports from four labs: AV-Test, AV-Comparatives, SE Labs, and MRG-Effitas. However, Malwarebytes doesn’t appear in the latest reports from AV-Test Institute or AV-Comparatives, nor from SE Labs.

While most lab tests report results on a scale of one kind or another, those from MRG-Effitas lean toward pass/fail. In this lab’s assessment using all types of malware, programs that fend off all attacks immediately get Level 1 certification, while those that eliminate all malware traces within 24 hours pass at Level 2. A separate test specific to banking-related attacks is strictly pass/fail. Malwarebytes passed the latter and reached Level 1 in the former, a fine success.

Only Bitdefender and Malwarebytes managed top scores in both tests. ESET and Norton reached Level 2 certification. Microsoft managed Level 1 but failed the banking test. Avast Free Antivirus and Avira also failed the banking test but did achieve Level 2.

For antivirus apps that appear in reports from at least two labs, I’ve devised an algorithm that yields an aggregate score from 0 to 10 points. With just one score, Malwarebytes doesn’t fit the algorithm. To be fair, over half of recent antivirus apps have just one score, or none.

Tested by three labs, Kaspersky and McAfee AntiVirus Plus, both earned the maximum score, 10 points. Of antiviruses tested by all four labs, Avast tops the list with 9.6 points, followed by Norton with 9.5 and Microsoft with 9.1 points.

Effective Malware Protection

For most antivirus utilities, my malware protection test begins the moment I open the folder containing my current collection of malware samples. The minor file access that occurs when Windows Explorer reads a file's name, size, and attributes is often enough to trigger a real-time scan. For others, clicking on the file or copying it to a new location gets the attention of real-time protection. Malwarebytes waits until just before the malware launches before running its on-access scan.

Avast, Emsisoft Anti-Malware, and McAfee AntiVirus Plus are among the other programs that wait until launch to scan for malware. Skipping mere on-access scanning saves time and resources, no doubt. However, wiping out known threats on sight means you're protected even if the antivirus crashes or stops working.

To test this program’s malware protection, I launched each of my samples in turn. In almost every case, Malwarebytes quarantined the sample before it could launch. It also supplied a description of the malware type for each file it caught, things like PUP.Optional.Conduit.DDS, Spyware.RedLineStealer, or Neshta.Virus.FileInfector.

Malwarebytes detected an impressive 99% of the samples, the best detection rate against the current set of samples. Avast, AVG AntiVirus Free, and Norton also reached 99% detection. Avast and AVG scored 9.9 of 10 possible points, while Malwarebytes and Norton came close with 9.8.

It takes me quite some time to gather and curate a new set of malware samples, so I use the same sample set for quite a while. My malicious URL blocking test, by contrast, always uses the very latest in-the-wild malware. It starts with a feed of real-world malware-hosting URLs supplied by London-based testing lab MRG-Effitas. I launch each dangerous URL and note whether the antivirus under test blocks access to the page, eliminates the malware payload, or sits idly without preventing the malware download.

When I tested Malwarebytes Free, I thought it might be at a disadvantage due to its lack of a real-time protection module that would check downloads for malware. I found that Browser Guard did both duties, replacing some dangerous pages with a warning about reputation or such, but catching others based on the nature of the download. The free edition managed 75% protection, quite a bit less than when last tested.

I repeated the test for Malwarebytes Premium, using the very latest malicious URLs. The premium edition earned points in three distinct ways. In many cases, Browser Guard diverted the browser away from danger, just as with the free edition. In other instances, a notification popped up explaining that the site was blocked based on the download of a dangerous file. I also observed pages blocked by Malwarebytes Web Access Control, though Browser Guard always gets the first crack.

With all these protective components in play, Malwarebytes Premium Security scored better than the free edition, but still just blocked 88% of the verified malware downloads. At the winner’s end of the scale, Bitdefender, Guardio, Sophos, Trend Micro, and ZoneAlarm PRO all scored 100% in their own latest tests.

This test specifically measures how well each antivirus prevents downloads from malware-hosting pages. Just to see what would happen, I had Malwarebytes actively scan the malware downloads that made it through to the test system. It eliminated them all. Likewise, when I tried to launch those fresh downloads, it blocked them from launching and deleted them. I’d like to see Malwarebytes apply that same level of scrutiny in all its protection modes.

Phishing Protection Success

A hack attack using malware must somehow get the malicious program onto your system, cause the code to execute, and evade detection by the operating system and antivirus. A phishing attack, by contrast, only needs to fool the hapless user. Phishing sites mimic banks, retailers, and even dating sites, often using a URL that looks almost legitimate. A victim who logs in to the fake site has given away those all-important login credentials. Goodbye, bank account! Goodbye, social media reputation!

To test phishing protection, I start by scraping hundreds of newly reported frauds from sites that track such things. I work to ensure a balance between those that have been analyzed and blacklisted and those that are still unknown. I launch each phishing URL in four browsers, one protected by the antivirus being reviewed and one each using the built-in protection in Chrome, Edge, and Firefox. If any of the four can’t load the page, I skip it. I also discard any pages that don’t actively attempt to steal login credentials.

Right after completing my test on this antivirus, I ran the same set of samples past Malwarebytes Premium Security for Mac. Since both rely on Browser Guard, I expected to get the same results. However, the Windows edition scored 95% and the macOS version reached 99%. My Malwarebytes contact explained that the Browser Guard component updates every 20-30 minutes. Testing on Windows took about three hours, so when I started testing on the Mac, Browser Guard had received six or more updates, explaining its improved score in the later test.

The Windows edition’s 95% detection is a fine score, beating out protection built into the three browsers by an average of 28%. Sophos and Total Defense also scored 95% in their own most recent antiphishing tests. Even so, others have done better. Five programs reached 100% in their latest tests, among them Guardio, Norton Genie, and ZoneAlarm Pro.

Integrated Ransomware Protection

You don't really expect ransomware to get past your antivirus. Indeed, Malwarebytes handily eliminated every one of my ransomware samples before any could begin to execute. However, the potential consequences of missing a ransomware attack are staggering enough to merit a separate focus on ransomware protection.

I don’t have access to zero-day ransomware attacks that slip past normal antivirus engines. To simulate zero-day attacks for testing, I turned off all the real-time protection layers except ransomware protection. After carefully disconnecting the test virtual machine from the internet, I released my samples one by one and noted how Malwarebytes reacted.

A whole-disk encrypting ransomware attack and a similar whole-disk wiper attack got past this single detection layer. One file-encrypting ransomware sample didn’t take any action and thus wasn’t detected based on its behavior. But Malwarebytes caught all the remaining 10 file-encrypting samples. Most of them managed to encrypt a few files while the antivirus was analyzing their behavior, but the vast majority of those files were ancillary Windows data files and logs, not essential documents.

With all cylinders firing, Malwarebytes eliminated every single ransomware sample. Even when I crippled it by disabling other features, it still detected and deleted all the file encryptors, with minimal collateral damage. If a zero-day ransomware attack gets past this program’s other layers of protection, this test suggests its behavior-based ransomware-specific component will come to your rescue.

Exploit Protection Doesn’t Detect Failed Attacks

The explainer page that goes with Real-Time Protection includes a note that Malwarebytes protects against exploits that use security vulnerabilities to break into your system. Digging into advanced settings for this feature, I found a collection of exploit types handled by this feature, things like DEP bypass protection, Anti-Heap spraying detection, and Office WMI abuse prevention. I left all these settings alone, except to turn on one called Block penetration testing attacks.

Then I proceeded to hit the test system with a couple dozen penetration testing attacks generated by the Core Impact testing tool. These are aimed at vulnerabilities in Adobe apps, Firefox, Windows components, and other products.

Malwarebytes didn’t detect any of the exploit attacks. To be fair, none of them would have succeeded because my test systems are fully patched. It’s likely that exploit protection doesn’t take action until there’s an actual exploit about to occur.

Verdict: An Undeniable Contender

The free Malwarebytes scanner is popular for its ability to clean up tough infestations, but it doesn’t offer the real-time protection you get with Malwarebytes Premium Security. The premium edition is a full-blown antivirus that packs many layers of protection against malicious attacks. It’s a contender, but it’s up against some stiff competition. Bitdefender Antivirus Plus packs more features than many suites and maintains perfect or near-perfect scores from four testing labs. Likewise, Norton AntiVirus Plus takes excellent lab scores and offers a useful array of bonus features. These two are our current Editors’ Choice winners for antivirus software.