Review: Malwarebytes Enterprise Edition

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

If you're the type of person that family members or neighbors ask for help when their laptop gets infected with a nasty piece of malware, chances are you're familiar with Malwarebytes' Anti-Malware. The free program is particularly good at identifying and removing all traces of malicious programs like rogue anti-virus applications and ransomware, which disables computers and demands a payment before they can be used again.

In the five years since its launch, Anti-Malware has become one of the most widely known and respected  tools for cleaning up infected home computers. Now the California-based company is introducing its product into the enterprise space with the release of Malwarebytes Enterprise Edition (MEE), a product aimed at organizations with 100 users or more. The software uses the same core anti-malware engine technology as the consumer product, but MEE includes a central management console which enables administrators to deploy the product to endpoints, create policies and view reports.

What's unusual about Malwarebytes is that it does not see MEE as a replacement for traditional anti-virus products. Instead, it is presented as a complementary addition, offering an added layer of protection with the ability to detect zero day malware that anti-virus software may miss and to remove malware more completely than anti-virus software can.

"In large enterprises there are significant costs and resources involved in deploying and running an enterprise anti-virus product," explained Marcus Chung, Malwarebytes' COO. "Companies generally don't want to replace their AV product -- but they can use Malwarebytes as well."

Pros : Good Technology, Strong Remediation Capabilities

Malwarebytes uses heuristics, behavioral analysis and other techniques to detect malware - just like most regular anti-virus software packages. Chung says it also uses about 250 specially designed proprietary software tools to provide additional protection. Chung won't say exactly what these tools are or do, and this kind of black magic approach to fighting malware may put off corporate customers. Enterprises want tried and tested, or at least well explained, protection, not some secret sauce.

Whatever it is, it's fair to say this black magic seems to work when it comes to remediation: cleaning up all traces of malware from a system after it has been infected. The product appears to have a database of registry entries and other system modifications that families of malware make; once an infection is identified, the product can often rip out every single one without leaving any remnants. This is something traditional anti-virus programs find very difficult, and it's important in a consumer environment because many malware programs can automatically re-infect a system if a single remnant remains undetected.

Cons: Added Cost and Complexity, Basic Management, Questionable Need

A major objection to MEE is that it introduces additional expense and complexity. The product costs about $13 per seat -- a not insignificant amount -- and it involves deployment on every endpoint. Once running, it consumes computer resources, reduces performance (although that may not be noticeable) and leads to an increased likelihood of false positives.

It also needs to be managed using the central management console. This, however, is rather basic, and since there is no integration with Active Directory or with the management systems of anti-virus vendors such as McAfee or Symantec, groups and policies must be created from scratch.

Malwarebytes also promotes the product on the basis of strong zero day malware detection capabilities, but in this regard MEE is something of a disappointment. Recent tests by MRG Effitas, an independent IT security research organization, examined the capabilities of Malwarebytes Anti-Malware and 17 traditional anti-virus products against zero day malware up to an hour and up to six hours after they first appeared, and Anti-Malware came in fifth in both tests. While that's not a bad result for Malwarebytes, it is certainly not exceptional. It doesn't indicate that its zero detection capabilities are fundamentally different from those of existing anti-virus vendors.

Do Enterprises Need It?

A more fundamental consideration is the question of whether enterprises need MEE at all. Its major strength, and the reason it appeals to the consumer market, is that it is good at removing infections. But enterprises are different from home users in that they tend not to worry about removing viruses; in the event of an infection, they will typically re-image the machine from a standard desktop image and put the machine straight back into service.

"For consumers, removal is very important, but in the enterprise space this ability is not so important," said Andreas Marx, CEO of Germany based security testing company AV-Test. "I simply can't see why enterprises would be interested in buying Malwarebytes' technology. Maybe it will appeal to smaller businesses with up to 25 people, but larger companies won't buy it because they can re-image."

This view is mirrored by Peter Stelzhammer, from security-software testing laboratory AV-Comparatives. "I think by and large most enterprises are happy with the protection that they have, and implementing Malwarebytes would be a lot of work," he said. "If it integrated with the management systems of other anti-virus vendors that would help, but if companies get infected we tell them to re-image their machines not try to remove the virus. Really the technology is useful for cleaning up in a home environment, not in a corporate one."

In any case, the major anti-virus vendors also offer specialist removal tools for organizations to use if they decide for some reason that re-imaging is not appropriate -- perhaps in the case of a laptop that gets infected while a user is traveling. Some of these run from a startup disk or USB key in a self-contained Linux environment, which gives them the added advantage of tackling rootkits and other deeply embedded Windows infections from outside Windows  before they have an opportunity to start.


While there's no denying that Malwarebytes' technology is good at removing malware, most enterprises probably won't be interested in this capability. Since it's not clear that it offers much more in the way of protection than existing anti-virus solutions alone and its management capabilities are rather rudimentary, it's hard to see how the extra expense, complexity and time involved in implementing and running MEE can be justified.

MEE is immediately available, and pricing for 100-seat licenses begins at $1,315. Special pricing is also available for government, education and non-profit entities. Malwarebytes MEE is compatible with Windows Server 2003, 2008 and 2008 R2 and supports XP Pro (SP3), Vista, Windows 7 and Windows 8 operating system clients.

Paul Rubens has been covering IT security for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.