Why is Malwarebytes so fast

[brcd]

Excuse my ignorance please.  In running Malwarebytes, the scan is over in seconds with under 12,000 objects scanned.  In running a competing product the scan takes over an hour and files, not objects, scanned exceed 900,000.  I queried Malwarebytes as to why such a difference and never received a satisfactory answer except to do my own research. Are objects and files different?  I hesitate to name the other program which has been problematic of late and has been removed/uninstalled.  Any and all answers and help are appreciated.  And thanks.

[alvarnell]

Please read Why Malwarebytes scans so fast on Mac devices. Then if you need additional information, don't hesitate to ask.

Edited February 25, 2019 by alvarnell

[brcd]

5 minutes ago, alvarnell said:

Please read https://support.malwarebytes.com/docs/DOC-1293 first. Then if you need additional information, don't hesitate to ask.

Thanks for the quick response.  So MB does not do a deep scan? I am still not clearly understanding this.  How is it possible to say my MAC is clean if everything on it is not scanned?  I am truly confused. What is the difference between an object and a file?  Thank you for your patience.  Dave 

[brcd]

Not sure how to edit so another question: Why is there no shield for programs and systems to protect from hackers for the MAC; no safe web browsing for the MAC? per the description on the main site. That too has me confused. Again, thanks. 

[exile360]

Greetings,

Basically, Malwarebytes only looks in the locations that threats actually install themselves when active.  The default Threat scan in the Windows version works the same way.  Basically, the Developers and Researchers know how threats function and install themselves from analyzing them and so they have optimized the scan to look at all the locations where threats actually install their components so that scans are faster and more accurate.  If a new threat is found to be using a new location not already covered by the scan then it will be added as soon as detection for the new threat is added to the database/signatures used by Malwarebytes.

With regards to web browsing protection, there is actually a new Malwarebytes browser extension beta which is in development that is currently available for Chrome (and other Chromium based browsers such as SRWare Iron and Vivaldi) as well as Mozilla Firefox.  I've been told that a version is under development for Safari, however that version isn't available at this time.

I hope this helps, and if there's anything else we might assist you with please don't hesitate to ask.

Thanks

[brcd]

58 minutes ago, alvarnell said:

Please read Why Malwarebytes scans so fast on Mac devices. Then if you need additional information, don't hesitate to ask.

9 minutes ago, exile360 said:

Greetings,

Basically, Malwarebytes only looks in the locations that threats actually install themselves when active.  The default Threat scan in the Windows version works the same way.  Basically, the Developers and Researchers know how threats function and install themselves from analyzing them and so they have optimized the scan to look at all the locations where threats actually install their components so that scans are faster and more accurate.  If a new threat is found to be using a new location not already covered by the scan then it will be added as soon as detection for the new threat is added to the database/signatures used by Malwarebytes.

With regards to web browsing protection, there is actually a new Malwarebytes browser extension beta which is in development that is currently available for Chrome (and other Chromium based browsers such as SRWare Iron and Vivaldi) as well as Mozilla Firefox.  I've been told that a version is under development for Safari, however that version isn't available at this time.

I hope this helps, and if there's anything else we might assist you with please don't hesitate to ask.

Thanks

Thanks for the response.  That helps clear things up and set my mind at ease.   I basically use the computer for bill paying, shopping, news and BBQ forums and email.  Nothing fancy.  But every once in awhile, I will read a story about some new threat and that Macs are vulnerable.  So I want to err on the cautious side.

One other admin type question:  How do I edit a post after posting?  And it looks like my response is kind of jacked up.  Thanks again.

[alvarnell]

3 hours ago, brcd said:

So MB does not do a deep scan? I am still not clearly understanding this.  How is it possible to say my MAC is clean if everything on it is not scanned?  I am truly confused.

Malwarebytes looks in every place that a malware file is known to be installed. Although anything is possible, it is extremely rare for the same file to suddenly appear in a new location, and the time it takes to scan every readable file on your hard drive to see if it might now appear in a new location is considered to be a big waste of time. Yes, zero day installs will continue to occur and as soon as the signature staff here is alerted to it's existence, they will very quickly provide an update that will be used the next time you perform a scan. Chances are extremely high that this will occur before malware has a chance to hide somewhere new on your computer. I can honestly say in over two decades of using a Mac daily, I have never suffered such a zero-day infection. If you feel this is unacceptable, then you'll need to invest in a traditional scanning engine that will tie up your computer CPU and RAM for several hours.

3 hours ago, brcd said:

What is the difference between an object and a file?

Not sure where you are finding that, but I'd have to guess there is no difference and if there is that it's unimportant in context.

[alvarnell]

3 hours ago, brcd said:

Why is there no shield for programs and systems to protect from hackers for the MAC; no safe web browsing for the MAC? per the description on the main site. That too has me confused. Again, thanks. 

Malwarebytes for Windows was around for several years before they adopted an application known as Adware Medic recently. Some of the additional features you mention will likely be added to Malwarebytes for Mac at sometime in the future, while others may not be needed because of differences in the way Windows and macOS work and protect themselves against malicious attack.

I'll just add to what @exile360 said concerning a Safari extension that there are significant issues with creating an extension to that provided for Chrome and Firefox due to Apple's recent restrictions on what such extensions can and cannot do for security and privacy reasons. For that reason, there is no announced timeline for when such a feature will be made available, even in beta.

[alvarnell]

3 hours ago, brcd said:

How do I edit a post after posting?

You can't. Spammers will create what appear to be innocent/legitimate posts and then later return to edit their previous posts to inject spam links/content into them.  It's a behavior we've seen many times and is the reason the forum administrators created this policy.

[brcd]

16 hours ago, alvarnell said:

Malwarebytes looks in every place that a malware file is known to be installed. Although anything is possible, it is extremely rare for the same file to suddenly appear in a new location, and the time it takes to scan every readable file on your hard drive to see if it might now appear in a new location is considered to be a big waste of time. Yes, zero day installs will continue to occur and as soon as the signature staff here is alerted to it's existence, they will very quickly provide an update that will be used the next time you perform a scan. Chances are extremely high that this will occur before malware has a chance to hide somewhere new on your computer. I can honestly say in over two decades of using a Mac daily, I have never suffered such a zero-day infection. If you feel this is unacceptable, then you'll need to invest in a traditional scanning engine that will tie up your computer CPU and RAM for several hours.

Not sure where you are finding that, but I'd have to guess there is no difference and if there is that it's unimportant in context.

Thanks.  The term object is used by MB and files scanned was used by another program which I no longer use (see my original post).  I appreciate the information.  Thanks again.

[alvarnell]

4 minutes ago, brcd said:

The term object is used by MB and files scanned was used by another program which I no longer use (see my original post).

MB may have a different answer on that one, but my guess would be that they are making a distinction between individual files and a collection of files, such as a directory (folder) or archive  (e.g. zip) or bundle (e.g. application), which contain multiple files.

[brcd]

I believe you are right.  Makes perfect sense.  Thanks.

[Amaroq_Starwind]

There's another reason that MalwareBytes runs so quickly on Mac: It's the SSD. MalwareBytes uses extremely efficient code, but like many other Anti-Malware and Anti-Virus solutions, the number one bottleneck in scanning speed is the storage medium. Especially on bigger, more cluttered and/or severely fragmented hard-disks, MalwareBytes takes a long time regardless of your operating system. On an SSD however, even the Windows version of MalwareBytes can do a complete scan of the system in almost no time at all... And it just so happens that for the last decade or so, most Macintosh computers are fitted with Solid State Drives by default.

[brcd]

I can attest to the fact that my early 2009 iMac has no SSD.  I read a blog on the MWB site that made everything chrystal clear.  But I can see where having a sed would be faster.  Thanks.

[Jonnyb]

I can tell you what I did to get my whole computer scanned. I have a PC with Windows 10. I opened up File Explorer>>Hit hard drive and the files and folders appear in the right side of the screen at this point. I highlighted all that was in my hard drive on the right side of the screen, right clicked and chose "Scan with Malwarebytes" and it started to run. It found 275,124 files to scan. That's everything on the hard drive I suppose and It took over 4 minutes. Now normally I just hit Scan. When that happens that will take 58 seconds and it scanned 269,60 files. I did both just to see the difference.

I do like everything scanned and they used to have the Custom scan to choose from but they don't any more. 

I don't know on a Mac but on a PC just do it the way I did it and you will see the difference. Then do the normal scan and then look at the math to see how many less files it scans during a normal scan.

Glad I could help, others.

JB

[Porthos]

15 minutes ago, Jonnyb said:

I have a PC with Windows 10.

What I am going to say is for Windows ONLY.

15 minutes ago, Jonnyb said:

I do like everything scanned and they used to have the Custom scan to choose from but they don't any more. 

It is still there. BUT... It is generally a waste of time.

Quote

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution-only with the anti-exploit module of the paid program.

 

And,

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches, and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

 

Edited November 17, 2020 by Porthos