24 Comments

Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2

Written by:  • Edited by: Bill Bunter
Updated Jul 22, 2010 • Related Guides: Windows Update | Windows | Anti-malware

In Part of 1 this article, we described the installation, system requirements, updating and features in MBAM and A2. On this final part, we will compare the performance and detection ability of both programs.

Performance – Scanning and Memory Usage - Winner: MBAM (memory usage)/A2 (scanning)

During a scan, A2’s processes will use 180MB which is huge compared to MBAM’s 70MB memory usage. MBAM’s quick scan finished scanning in 2 minutes and 27 seconds a total of 89,068 files while A2’s quick scan is really quick that if finished scanning in 34 seconds, a total of 507 files.

When I let both program scan the system drive, A2 has scanned 168,377 files in 29 minutes while MBAM finished in 1 hour and 24 minutes scanning a total of 184,065 files.

False Positive or Other Detections – Winner: MBAM

A2 Free is using two type of signatures (provided by Emsi themselves and a third party signature, Ikarus). During a full system scan, A2 detected one false positive . As mentioned in Part 1 of this article, there is option within the A2 program to report an item if you are positive it’s a false detection. MBAM did not give me a false positive but it provided an extra detection about my setting on Windows Update as ‘disabled ’ in which I put in ignore list because I prefer to manually scan the system for updates. Some might think it is false positive by MBAM but you should understand that there are malware that will disable security center that MBAM will not be able to guess, if you or an infection is the cause why it is disabled.

Malware Detection – Winner: A-squared

The free editions of MBAM and A2 do not have real-time protection so I put to test the on-demand scanners using 100 positive malware samples. Note: You will find in below screenshots that each malware sample have unique MD5. Legend: X means detected.

MBAM is able to detect 58 out of 100 malware samples while A2 Free detected 92. [Note: The screenshot shows it detected 93 because of the sample file (filename: sexvod.exe contains Player2.exe and SexPlayer.exe) is self-extracting file containing 2 files]. MBAM is able to detect 2 infected registries that A2 did not detect. The infected registry is located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ for setup.exe and Install.exe. This registry key is often being taken advantage by malware or rogue installer because this particular registry key allows the redirection of the execution of one application to another.

MBAM failed to detect malware samples with .pdf, .swf, .zip and .rar file extensions.

Images

Malware Detection 1Malware Detection 2Malware Detection 3Malware Detection 4

Removal of Detected Malware Samples – Winner: A-squared

I put to test the removal engine by MBAM and A2. The program should be able to remove or delete what their scan engine has detected. MBAM scan engine detected 58 out of 100 samples and 2 registry entries which it successfully removed (although a system reboot is required). A2 Free’s scan engine has detected 92 samples out of 100. Like MBAM, A2 successfully delete all of the detected items but no reboot is required. One of the file that A2 says it cannot remove is actually deleted already. The said file is the one of the malware sample that is self-extracting file containing files (see Malware Detection section above for the said details).

Images

MBAM requires reboot to remove 58 malware filesA-squared deleted 92 detected items

The Bottom Line

Both programs are offering the best options and features but it’s quite obvious that the detection (scan engine) by A-squared Free out-performs Malwarebytes’ Anti-Malware, but the malware removal engines offer almost identical performance. These are excellent products and, as they are free, there is no reason not get both!

Next Article »
Which is Better? Malwarebytes’ Anti-Malware vs. A-squared Free
Free on-demand scanners are often recommended when a PC is infected and the resident anti-virus protection has failed to stop a threat. Let’s find out which of the two popular free malware scanner and remover is better.

Comments

Showing all 24 comments
 
Nevi Apr 4, 2011 5:54 AM
Of course
There is a difference on MBAM and A2.MBAM is mostly to rogues(especially good) trojans and worms where its great.A2 consist of 2 malware engines,A2´s own and Ikarus,so it will find more malware.
I use PrevX as my main defence,and MBAM as an on demand scanner.Its the perfect combo.(With PC Tools firewall).
Donna Buenaventura Sep 16, 2010 3:50 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
A-squared has been renamed to EmsiSoft Anti-Malware and it is still free, Joe. AFAIK, the new version do not require an email address anymore to use a free version.
joey jojo Sep 16, 2010 10:48 AM
MBAM vs A-squared
A-Squared free is no longer and I miss it. I do not like its replacement and only used it once. Now I can still use the old version but if I attempt to update it, it will automatically install the new crappy one. I found a place to download the t3sigs.vdb file for the signatures folder, but the signatures themselves will remain the same.

I like the fact that MB can scan from safe mode as I have seen many times things must be removed from there or the cleaning fails. MB's limitation seems to be in scanning individual files (rars) from a right click, where it seems it cannot find problems with files I know are infected most of the time. Once the infections are triggered it sees them just fine but its too late. A combination of the two plus Spyware Blaster is my method.
voltron Jul 28, 2010 4:35 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
I am also a fan of Mbam and has and always will be an Mbam user(even I'm having problems with the dreadful update error problem..lol). Have not used A2 for that long and seem to find it quite heavy on the resources at that time..(was using CIS with D+ w/o the antivirus, Avira Premium, Mbam free, SASpy free at that time). I also remember that it (A2) caught some items that Mbam did not catch.

But I like Mbam and in the end it will be "user preference" that will prevail --as to what he/she will stick to using or not. Or if you have a good system with lots of ram (as the Bottom Line says) you can use both products as augmentation for your layered security.
Donna Buenaventura Jul 21, 2010 3:16 AM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Until, I see the same scan time result in 2 machine with 3 systems (1 is dual-boot and the other is single OS) and another the VPC system.
Justin Case Jul 19, 2010 12:34 AM
Test Reults
When you have different totals for files scanned does that mean you tested them on 2 different machines? How can you validate you scan times or really any of the others test for that matter on 2 different machines?
Donna Buenaventura Feb 2, 2010 5:49 AM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Hi pra,

Sorry but I will not post the link in public where the malware came from because it can pose security issue to some readers who might be curious to visit the link without knowing it's dangerous to click or try links. The site has live links to download the malware. If you want, you can send me a Private Message here. Just register for a free account then send me a Private Message.

Thanks and I hope you'll understand.

Regards,
Donna
pra Feb 2, 2010 5:41 AM
source
HI Donna,

Can you provide the link from where you installed these test malware??
Constantin Jan 5, 2010 11:03 AM
Thanks
Thank you very much Donna for replying to my query, I read your review from the link you provided there, it help a lot. I guess you're that rare kind of woman, both brain and looks.

I think I go with the SAS pro trial version, then I'll decide between SAS pro or MBAM paid, simply because both software provide lifetime license which I found more favorable.

Maybe...... both SAS pro and MBAM paid? I heard it not recommended to run 2 anti-virus at the same time, what about those SAS & MBAM? Sorry for asking a lot of question.

Again, thank you Donna
Donna Buenaventura Jan 5, 2010 4:48 AM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Hi Constantin,

The paid editions of MBAM and A2 is offering different layer of real-time protection. Both will protect against executed known malware and will prevent visiting known malware or rogue sites (MBAM's IP Blocking and A2's Surf Protection). One thing that you should note is that A2 has detection on known formats which the malware is distributed. I noted in my review that MBAM failed detect malware in zip/rar and failed to detect many pdf and some swf malware files. A2 has detection to such formats without doing anything to it (no need to uncompress). If you want such protection, I suggest to trying the trial edition of A2 AntiMalware and decide to buy or not. Take note also the fast support by both company and of course, the frequent false positive by their products and the impact. In their forums, you will see FPs on both products has occured which is normal nowadays but if the fix on FP is slow... it'll be an issue.

Hope this helps.

BTW, have you seen the comparison between MBAM and CounterSpy? http://www.brighthub.com/computing/smb-security/articles/56589.aspx That should give you also an idea how the real-time protection of MBAM works. It works like A2. The malware file need to be executed or running or has added itself to registry or startup before A2 and MBAM will trigger their alert. CounterSpy works like Antivirus when preventing. The malware files don't have to be executed but it will catch soon as soon as you download or transfer or save in your hard-disk. That is what MBAM and A2 is missing on their real-time protection.
Constantin Jan 5, 2010 2:40 AM
What about the paid version?
Hi Donna, this 2 free software are great, but non offers real-time protection, in your personal opinion, which of this two should I paid to provide me with real-time protection?

If you couldn't post my question and answer my question publicly do to ethical reason, I totally understand, but please be kind enough to email me the answer. I need the answer because I'm about to format my PC very-soon, and I hope I could use last program on my PC resource (my current system seems to be corrupted because, a few days before there is an electrical shocks, which force me to change my PC power supply & on of my RAM slot became unusable)

I'm currently using:
-Avira Free
-ThreatFire Free
-MBAM, A2, SAS (all free)
-Outpost Firewall Free
-Geswall free

Thanks in advance
Donna Buenaventura Dec 25, 2009 9:48 AM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
No offense taken, Dustin. As I don't take yours and others comments as personal attack. It's quite normal to defend any products that some person is using, bought or working on or with but I kindly request only to look at the article as it is. This article is to compare not only the detection but installation, feature, performance etc. Even other product reviewers in other websites is using low number of samples. Some will use 15 samples only while others will use 20 or more. What matters is if the product will perform what it claims during the review or test. There's no perfect scanner and remover as you know already. There is always better only (depending which and what is tested).

Example: In PC Mag's review on MBAM:
"Malwarebytes detected 83 percent of the samples, the same as Webroot. Spyware Doctor detected 78 percent of the new samples, while Norton 360 detected 92 percent. Malwarebytes did poorly against rootkits, scoring just 3.6 points, whereas Spyware Doctor, Norton 360, and Webroot scored 6.1, 6.8, and 7.1, respectively. But Malwarebytes took the top score for removing rogue security software: 7.3 points. For its rogue removal score, Webroot got 6.5 points; Norton 360, 5.5 points; and Spyware Doctor, a measly 3.3 points. "
More in http://www.pcmag.com/article2/0,2817,2345357,00.asp (there are 4 pages)

Note how many samples they used? Almost 40 samples only which is not a problem IMHO. A review is a review. If the product will detect more or less, it will be seen. MBAM detected 58 only. There are malware on emails (malware spam which often comes in zip format) so people should see in this review if the product they will use can handle all or few only.

I personally use MBAM and many other scanners so I look forward also to see MBAM to add more detection on any format where the malware comes in or from or distributed with or to.
Merry Christmas :)
Dustin Cook Dec 24, 2009 9:06 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
I don't think using 100 samples from wherever it was you acquired them, and leaving the majority of them in archive format is what I'd consider, good reporting.

In this particular test, our product didn't fair well; until you unzipped the files in question. Sadly, if we had scored a perfect on all of them once unzipped; We couldn't and wouldn't use your article to claim we were better than so and so. As, you only used 100 samples.

This sort of testing really isn't as easy as you seem to believe. You should leave this mundane stuff to the univerisities that choose to do it. I'm sure one will eventually come along to offer a certification of some sort for antimalware just as they do antivirus.

I do appreciate you taking the time to respond to my comment; and I mean't nothing personal towards you when I critize this testing. I'd do it if I worked for a2squared too.


Donna Buenaventura Dec 23, 2009 10:55 AM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Hi Dustin,
Thanks for the comment.
I noted in the above article that "MBAM failed to detect malware samples with .pdf, .swf, .zip and .rar file extensions". It is also obvious in the screenshot that most items that MBAM could not detect is zip/rar files including many pdf and swf file extension.
This review is to show what the two scanners can detect and not. But if we want to extract the compressed files manually - out of curiosity - (even users don't have to do that if they downloaded a zip file with malware on it using other scanners - CounterSpy, Spyware Doctor, Windows Defender, A-squared, Ad-Aware etc) how many more that MBAM will detect then I just did before replying to your comment ;)
There's 28 archived/compressed files on the samples. So I extracted them and let MBAM scanned the 28 exe files. Result: 17 out of 28 extracted files were detected by MBAM. This means 17 + 58 = MBAM detects 75 out of 100 while A-squared on this review detected 92 out of 100. No difference or changes on the conclusion:
Both program in this review is offering the best option and features but A-squared Free's scanner or detection outperforms Malwarebytes.

But what I just did (by uncompressing) is not fair for A-squared, right? ;)
The review is to let the scanner detect what it can detect and show what it cannot. And that has been noted in the report and again, obvious in the screenshot. I did the above for you and readers who might want to know how many more MBAM will detect if we will de-compress the files.

Regards,
Donna
Dustin Cook Dec 23, 2009 4:42 AM
My comment
This should be noted, as you didn't specify in your report. If the files .rar, .zip etc aren't executables (MZ header present) our scanner doesn't scan them. IE: we do not unzip/unrar whatever the files. So if the 62 files we missed are zipped/rarred or whatever, thats entirely normal; and if this is the case, I politely request you visit our forums and check our software closely before running another lopsided test like this. Thanks. :)

Dustin Cook
MalwareBytes Researcher
Stiev Nov 29, 2009 8:43 AM
Sour grapes taste bad
I concur with MBAM's awful detection rating. I've found it completely misses what is commonly referred to as riskware, as well as commercial keyloggers and monitoring software. But it did nicely flag a couple of meaningless, benign registry values for me which are native to Windows.
Donna Buenaventura Nov 13, 2009 3:34 AM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Only that particular week because I happened to have NOD32 vs Avira and A2 vs MBAM for that month/week and I collected them before the reviews (not old positive samples but new positive samples).
DJ Nov 13, 2009 3:27 AM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Are the tests run with the same malware samples each time?
Donna Buenaventura Nov 10, 2009 10:51 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Both, DJ - VPC, VMware and non-virtual. That's how I try to repro things to make sure there's no difference of the scan and removal result.

Some malware is from malware spam and reputable sources: malware submissions site submitted by security researchers.

Note that the samples in this article (Oct. 23) are the same samples I use when I test NOD32 vs AntiVir Premium (Oct. 28) http://www.brighthub.com/computing/smb-security/articles/53944.aspx
DJ Nov 10, 2009 10:11 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Do you test the malware on a virtual machine? How do you get the malware samples?
Donna Buenaventura Nov 10, 2009 8:42 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
No worries DJ :)
Yes, A2 free includes Ikarus engine too.
Like you, I am surprised to see MBAM failed to detect 62 items (I'm MBAM, A2, SAS, SS&D, AAW, Windows Defender user - all of them are installed as I often check any sample I will get against their current database) but it's the result after few times I tried to re-scan the samples. And as you can see in the screenshot - 42 remain undetected but detected 58 only. BTW, correction in my earlier reply: MBAM failed to detect 42 (not 62).

Thanks!
DJ Nov 10, 2009 8:30 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Sorry if I came off the wrong way, everone is entitled to their opinion. Does A-squared free use the Ikarus engine as well? I have a hard time believing MB missed that much malware.
Donna Buenaventura Nov 10, 2009 8:23 PM
RE: Which is Better? Malwarebytes’ Anti-Malware Versus. A-squared Free Part 2
Thanks for the comment, DJ. I hope you are NOT accusing every person who will oppose your review or test. I got a backup of rules file (definition file) that was use during this review and I have the backup of the malware samples which MBAM failed to detect 62. I'm sure you are aware that A-squared is using 2 signatures (Ikarus and Emsi) which is why it is detecting more. As for removal, my article stated that MBAM successufly removed ALL what it found.
DJ Nov 10, 2009 7:57 PM
MBAM vs A-squared
It sounds to me like you never used MB or how much did you get paid to write this review. I have done extensive testing with MB and it has removed most if not all malware from a virutual machine. Go to remove-malware.com and see the tests for yourself. Matt has videos on both.
 
blog comments powered by Disqus
Computer Security
FEATURED AUTHORS
Lamar Stonecypher Linda Richter DeborahWoehr Marziyya S Malik
Berry van der Linden Daniel Brecht J. Forlanda Sheila Robinson
Most Popular Articles
Email to a friend