New ransomware protection engine performed well in testing. Clean, attractive user interface.
No test results from independent labs. Mediocre to poor scores in testing. Simultaneously identified malware samples as both safe and malicious. Dismal antiphishing score. Scans slow in testing.
- Bottom Line
IObit Malware Fighter 5 Pro boasts an attractive user interface and an effective new ransomware protection engine, but the antivirus labs don't test it, and it failed some of our hands-on tests.
Most of the antivirus utilities you're familiar with probably come from companies based in the US or Europe. IObit Malware Fighter 5 Pro comes from China, but you wouldn't know it, except for an occasional oddly translated turn of phrase. The new ransomware protection is a nice addition to the software, but it can't make up for the product's total lack of independent lab tests and poor showing in my own hands-on tests.
//Compare Similar Products
At $39.95 per year for a single license, IObit's price is about the same as that of Bitdefender, Kaspersky, Norton, and Webroot. McAfee AntiVirus Plus goes for $20 more, but offers unlimited licenses. I should point out, though, that I've never seen the IObit store asking for that full price; it seems to be perpetually on sale for $19.95.
The program's dark gray main window features a big, green status indicator in the middle, with some simple information about protection status. Green icons at bottom right reflect the status of the product's three protection engines—more about those in a bit. A column of five icons at left expands to a full left-rail menu when you point to it with the mouse. It's a slick, simple user interface.
Four of the icons represent Home Page, Malware Scanning, Browser Protection, and Real-Time Protection. The fifth, named Action Center, is a bit different. It's just an advertisement, an invitation to install trial versions of four other IObit utilities. That sort of upsell is something I expect to see in a free antivirus; Comodo Antivirus 10 is a good example. It's less common in commercial antivirus utilities.
No Lab Results
I follow test reports from five major antivirus testing labs. When an antivirus product appears in the reports from one of the labs, it means two things: the company felt that paying the test fee was worthwhile, and the lab's researchers thought the product was significant enough to merit taking up one of their limited number of testing slots. Few companies participate with all five labs, and even fewer earn top scores across the board. Bitdefender and Kaspersky Anti-Virus are among that chosen few, with results from all five labs and 9.8 of 10 available points in my aggregate scoring system.
IObit is at the precise opposite end of the spectrum. It doesn't participate in testing with any of those five labs. It does include an anti-malware engine licensed from Bitdefender, so you might expect its results to track closely with the excellent scores earned by Bitdefender Antivirus Plus 2017. However, the labs state very clearly that their results apply strictly and only to the product under test. And indeed, I've seen wildly different results between licensed antivirus engines and the original product. As far as lab tests go, we have no information about Malware Fighter.
So-So Malware Blocking
With no help from the labs, I had to rely entirely on my hands-on tests. Before starting those tests, I enabled all of Malware Fighter's features. Upon initial installation, the product installs as its feature-limited free edition, with only IObit's own antivirus engine. Activating the premium product with your license key makes the ransomware protection engine and the licensed Bitdefender engine available, but does not actually enable them. If you choose to install this program, you absolutely must turn on those two engines. I'd prefer to see the engines activate automatically.
This test begins when I open the folder containing my malware samples. Some antivirus products spring into action immediately, taking less than a minute to wipe out all the samples they recognize. Real-time protection in others doesn't kick in until you click on the file, or until just before launch. Initially I had the impression that Malware Fighter belonged to one of the latter two categories, because nothing happened right away. However, after a while it started slowly chipping away at the sample collection. It took 10 minutes before I was sure it was done. At that point, 21 percent of my samples remained.
Malware Fighter's full system scan also proved to be extremely slow. The initial full scan of my standard clean test system took over two hours, longer than almost any competing product. The current average for a full scan is 45 minutes. On completion, it exhibited one of those odd turns of phrase that I mentioned: "Your PC is on risk!" The scanner flags files that are known to be safe and thus don't require another scan, so a repeat scan finished in six minutes. That's good, but a repeat scan with ESET NOD32 Antivirus 10 took less than half a minute.
I launched the remaining samples, noted Malware Fighter's reaction, and used my hand-coded analysis tool to check how thoroughly it prevented malware installation. In the end, it detected 89 percent of the samples and earned 8.7 points out of a possible 10.
I gathered and analyzed a new collection of malware samples just over a month ago, and this is the first time I've used it for real-time antivirus testing. I did use these sampled to test the cleanup-only FixMeStick, but that was a completely different process.
Because the sample collection is new, Malware Fighter's results aren't directly comparable to those of products tested with the previous collection, but even so, its scores don't look good. Tested with my previous collection, Webroot SecureAnywhere AntiVirus, PC Matic, and Comodo all earned a perfect 10.
The sample URLs I use to test an antivirus product's ability to prevent malware downloads are different every time, because this test aims to challenge antivirus tools with the very latest malware. The samples come from the previous day's feed of malware-hosting URLs collected by MRG-Effitas. I launch each URL in the browser and note whether the antivirus steers the browser away from danger, eliminates the malware during download, or does nothing at all. I keep testing URL after URL until I have 100 validated results. Malware Fighter includes both Network Protection and Download Protection, so I anticipated a good score. That's not what I got.
Malware Fighter steered the browser away from exactly one dangerous URL, which means the test took a long, long time. I had to wait for each malicious executable to download, and then wait 5-10 seconds for Malware Fighter's verdict. It blocked 79 percent of the downloads, which is a hair above average. But Norton protected against 98 percent of the samples, and Avira Antivirus Pro managed 95 percent.
In a very unfortunate turn of events, Malware Fighter exhibited signs of what I can only call antivirus schizophrenia. For 17 percent of the samples, it simultaneously displayed a threat warning from the antivirus component and a "file is safe" notice from the download protection module. That's not something that encourages a user's trust.
Poor Phishing Protection
Phishing attacks aim to steal your login credentials by masquerading as legitimate secure websites. These attacks are insidious; they can be very convincing. Even major corporations have been fleeced by phishing frauds. Malware Fighter's Network Protection aims to protect against phishing, but after its pitiful performance against malware-hosting URLs, I didn't hold out a lot of hope.
For this test, I search the web for the newest reported phishing URLs, those too new to have been analyzed and blacklisted. I launch each simultaneously in a browser protected by the product under test and in another protected by Symantec Norton AntiVirus Basic, a long-time winner in the antiphishing realm. I also check the built-in phishing protection in Chrome, Firefox, and Internet Explorer.
Phishing warnings from Malware Fighter were very, very scarce. However, in several cases it displayed its standard Threat Found popup, with "phishing" in the reported threat name. I generously counted those as hits, adding them to the rare cases where Malware Fighter displayed an antiphishing alert page in the browser.
Trends and types of phishing URLs vary over time, so rather than report a hard number, I report the difference between the product's detection and Norton's. Malware Fighter's detection rate was a dismal 76 percent lower than Norton's, and the built-in protection in all three browsers scored significantly better. If for some reason you must use this product, make sure you don't turn off your browser's phishing protection.
New with this edition, Malware Fighter includes a ransomware protection module. When enabled, it protects specific file types against any unauthorized access, even read access. That's similar to what Panda Global Protection offers, but Panda reserves this feature for its top-of-the-line suites.
Not all file types are protected by default with Malware Fighter. In particular, text files and many image file types aren't checked for protection. I suggest you dig in and enable protection for all types that are important to you. For testing purposes, I enabled protection of text files.
To test this module, I first ran a very simple ransomware simulator that I wrote myself. All it does is go through text files in the Documents folder and perform a reversible XOR encryption on them. Malware Fighter detected my test program, popping up a query asking whether to allow the access. I checked the Remember box and clicked Block. However, it didn't remember my choice. I had to respond to the popup once for every single text file in the Documents folder. On a repeat run, Malware Fighter handled the test program automatically.
Next I tested it against real ransomware. I turned off the Bitdefender engine, so it wouldn't wipe out the samples. However, I didn't find any way to turn off Malware Fighter's own engine, so the antivirus detected the samples, I allowed them to run. For both samples, it detected the initial attempt to encrypt files. This time when I blocked the attempt, I didn't get additional warnings. Ransomware is tricky; it's very likely that upon being foiled once, the malware stopped trying.
I also tested what happens when an unauthorized program tries to just read data from a protected file. For this test, I used a tiny text editor that I wrote myself, something that no antivirus would have on its whitelist. Malware Fighter correctly warned about the program's access attempt and prevented it from even opening a text file.
The RanSim ransomware simulator from KnowBe4 simulates 10 different real-world ransomware behaviors, acting on files it creates itself several folder levels below the Documents folder. Malware Fighter popped up more than a dozen warnings when I ran RanSim, and I chose to block access and remember the choice every time. Even so, Malware Fighter failed all 10 of the tests. On a repeat test, I got no more warnings, but it still failed.
The designers of Cybereason RansomFree, which watches for ransomware behavior, point out that RanSim acts only on files many folder levels below the Documents folder, something real ransomware doesn't do. RansomFree also didn't pass the RanSim test. However, Malware Fighter doesn't try to detect ransomware behavior; it just protects files, regardless of location. I can't explain why it didn't succeed against RanSim.
The ransomware protection component is a nice addition to Malware Fighter, and it passed all my hands-on tests. However, its messaging needs a little work. All the popup warning says is that a certain program is attempting to access a certain document. It's a pretty innocuous-looking warning. I wish that it mentioned something about ransomware protection, something that would get the user's attention.
IObit Malware Fighter 5 Pro has a clear, simple user interface, and keeps its configuration options to the minimum necessary. It looks good, and the new ransomware protection module showed its mettle in testing. However, it doesn't have any tests results to show from the independent labs, and its scores in my own hands-on tests ranged from so-so to awful. There's no compelling reason to buy this product, especially when you can get most of our Editors' Choice antivirus products for the same list price.
Bitdefender Antivirus Plus and Kaspersky Anti-Virus get fantastic scores from all the independent testing labs. Symantec Norton AntiVirus Basic scores big too, and offers some unique protective features. With its behavior-based detection system, Webroot SecureAnywhere Antivirus doesn't easily fit the standard lab tests, but it did well in my own tests, and its journal/rollback system for unknown programs can reverse malicious activity, even ransomware activity. McAfee AntiVirus Plus looks like it costs more, but your purchase gets you unlimited installations. Any one of these Editors' Choice products is a better choice than Malware Fighter.
Other IObit Antivirus Software
Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips… More »
More Stories by Neil J.
- The Best Ransomware Protection of 2017
When ransomware turns your most important files into encrypted gibberish, and paying big bucks to ge… More »
- Malwarebytes Anti-Ransomware Beta
Malwarebytes Anti-Ransomware Beta watches program behavior to thwart any ransomware that gets past y… More »
- Cybereason RansomFree
The consequences of a ransomware attack are dire, so a second layer of defense like Cybereason Ranso… More »