logo
ENFRع
#

Latest news with #privacyPolicy

Is Your Wi-Fi Router Tracking Your Browsing? Here's What 30,000 Words of Privacy Policies Revealed
Is Your Wi-Fi Router Tracking Your Browsing? Here's What 30,000 Words of Privacy Policies Revealed

CNET

time26-06-2025

  • CNET

Is Your Wi-Fi Router Tracking Your Browsing? Here's What 30,000 Words of Privacy Policies Revealed

Nearly all of your internet traffic will go through your Wi-Fi router. That's a lot of data, and it's certainly enough to make privacy a concern when picking one out. So, how can you find out if your router is collecting your data? You actually don't need to dig too deep to begin with. Your router manufacturer's privacy policy is a good place to start. Of course, they're usually long and dense documents and often come with contradictory language. Data-collection practices are complicated, and manufacturers don't exactly make it easy to read through their privacy policies if you're an average internet user. More often than not, reading through the policy all the way through will leave you with more questions than answers. Fortunately, I have a strong stomach for fine print, and after spending the last few years testing and reviewing routers for CNET, most manufacturers tend to respond to my emails when I have questions. So, I decided to read through over 30,000 words of privacy policies from seven major router manufacturers and talk to some experts. Here's everything I found out about how routers collect data about you. All of the problems with privacy policies I have more experience with routers than most, but the terms of use and policy documents I read for this article still weren't easy reading. Privacy policies typically aren't written with full transparency in mind. Locating local internet providers "All a privacy policy can really do is tell you with some confidence that something bad is not going to happen," said Bennett Cyphers, a staff technologist with the privacy-focused Electronic Frontier Foundation, "but it won't tell you if something bad is going to happen." "Often, what you'll see is language that says, 'we collect X, Y and Z data, and we might share it with our business partners, and we may share it for any of these seven different reasons', and all of them are very vague," Cyphers continued. "That doesn't necessarily mean that the company is doing the worst thing you could imagine, but it means that they have wiggle cover if they choose to do bad stuff with your data." He's not wrong: Most of the privacy policies I reviewed for this post included plenty of the "wiggle cover" Cyphers described, with vague language and few actual specifics. Even worse, many of these policies are written to cover the entire company in question, including its services, websites and how it handles data from sales transactions and even job applications. That means that much of what's written in a manufacturer's privacy policy might not even be relevant to routers. Then there's the issue of length. Simply put, none of these privacy policies are quick reads. Most of them are written in carefully worded legalese crafted more to protect the company than inform you, the consumer. A few manufacturers are starting to get a bit better about this, with overview sections designed to summarize the key points in plain English, but even then, specifics are typically sparse; you'll still need to dig deeper into the fine print to get the best understanding of what's going on with your data. In cases where a company uses a third-party partner to offer additional services like threat detection or a virtual private network, you may need to read multiple privacy policies in order to follow where your data ends up. All of that made for a daunting task as I set out to read through everything thoroughly, so I focused on finding the answers to a few key questions for each manufacturer. All of the policies I read confirmed that the company in question collected personal data for the purpose of marketing. Personal data, like your name and address, is typically collected when you're buying the router or if you're calling for troubleshooting, for example. But do manufacturers share or sell that personal data with third parties outside their control? And do router manufacturers track web activity, including websites visited while browsing? Let's take a closer look at what I found out. Router manufacturer privacy practices Tracks online activity Shares personal data with outside third parties Sells personal data Allows users to opt out of data collection Arris No No Yes* No Asus No No No Yes D-Link Unclear No No No Eero No No No No Google Nest No No No Yes Netgear No No No No TP-Link No No No No *CommScope, which manufactures Arris Surfboard networking products, says it doesn't sell data collected from products, but rather, that some of its business operations including order fulfillment and data analytics may constitute a sale under California law. You can find more details on that in the "Is my data being sold?" section. Is my router really tracking the websites I visit? Before we begin, I'll note that this article covers the privacy policy of router manufacturers, not the privacy policies of internet service providers. If you're renting a router from your ISP, the information covered here likely won't apply to you as your ISP may monitor your router as it sees fit. Almost all of the web traffic in your home passes through your router, so it's difficult to imagine that it isn't tracking the websites you're visiting as you browse. Every major manufacturer I looked into discloses that it collects some form of user data for marketing or technical purposes -- but almost none of the policies I read explicitly answered the question of whether or not routers log or record web history. The sole exception? Google. Google's privacy notice for Nest Wifi and Google Wifi devices was the only policy I found from any manufacturer that explicitly states that the products do not track the websites you visit. Chris Monroe/CNET "Importantly, the Google Wifi app, Wifi features of the Google Home app, and your Google Wifi and Nest Wifi devices do not track the websites you visit or collect the content of any traffic on your network," Google's support page for Nest Wifi privacy reads. "However, your Google Wifi and Nest Wifi devices do collect data such as Wi-Fi channel, signal strength, and device types that are relevant to optimize your Wi-Fi performance." I asked each of the six other companies I looked into for this post whether or not they tracked the websites their users visit. Though none of them indicate as much in their privacy policies, representatives for five of them -- Eero, Asus, Netgear, TP-Link and CommScope (which makes and sells Arris Surfboard networking products) -- directly told me that their products do not track the sites that users visit on the web. Eero "Eero does not track and does not have the capability to track customer internet browsing activity," an Eero spokesperson said. Asus "Asus routers do not track what the user is browsing nor do our routers include targeting or advertising cookies," an Asus spokesperson said. Netgear "Netgear routers do not track any user web activity or browsing history except in cases where a user opts in to a service and only to provide information to the user," a Netgear spokesperson said, offering the examples of parental controls that allow you to see the sites your child has visited, or cybersecurity features that let you know what sites have been automatically blocked. TP-Link TP-Link also told CNET that it doesn't collect user browsing history for marketing purposes, but the company muddies the waters with confusing and contradictory language in its privacy policies. Section 1.2 of the company's main privacy policy says that browsing history is only collected when you use parental control features to monitor your child's web usage -- but a separate page for residents of California, where disclosure laws are more strict, says that browser history is collected using cookies, tags, pixels and other similar technologies, anonymized and then shared internally within the TP-Link group for direct marketing purposes. When I asked about that discrepancy, a TP-Link spokesperson explained that the cookies, tags and pixels mentioned in that California disclosure are referring to trackers used on TP-Link's website, and not referring to anything its routers are doing. "I will say our policy can be clearer," the spokesperson said. "That's something we're kind of working on right now, internally." CommScope CommScope, too, says that its products don't collect a its users' browsing history -- though the company makes a distinction between retail products sold directly to consumers and the routers it provides via service partnerships with third-party partners, most notably internet service providers. "Regarding our retail Surfboard products, CommScope has no access or visibility to an individual users' web browsing history or the content of the network traffic flowing through these retail products," a company spokesperson said. D-Link Meanwhile, D-Link did not respond to multiple requests for clarification about its data collection practices, and it's unclear whether or not the company's products track any person's browsing data. I'll update this post if and when I hear back. Ry Crist/CNET Where exactly is my router data going? Even if your router isn't tracking the specific websites you visit, it's still collecting data as you use it. Much of this is technical data about your network and the devices that use it that the manufacturer needs to keep things running smoothly and to detect potential threats or other issues. In most cases, your router will also collect personal data, location data and other identifiers -- and like I said, every company I looked into explicitly acknowledged that it uses data like that for marketing purposes in one way or another. If a company is "using your data for marketing," that often means that your data is being shared with third parties. In that case, there is a risk that the company may share your data with a third party outside of its control, which would then be free to use and share your data however it likes. "When data is used to target ads, it's usually not just used by the company that's collecting the data," said Cyphers. "The company is going to share it with a number of advertising companies who might share it downstream with a number of other, vaguely ad-related companies. All of them are going to use that data to augment profiles they already have about you." With respect to routers, all of the companies I looked at acknowledged that they share user data with third parties for marketing purposes. However, the majority of these companies claim that these are in-house third parties bound by the company's own policies, and all of the companies I reached out to said that they don't share data with third parties for their own independent purposes. CommScope notes that the way it handles and shares data used for performance analytics with its Arris Surfboard routers constitutes a sale of personal data under California law. Ry Crist/CNET Is my data being sold? I also asked the companies I looked into for this post whether or not they sell data that could be used to personally identify a user, as defined by the California Consumer Privacy Act of 2018. That law defines a "sale" broadly to include, "selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration." Most of the companies indicate in their privacy policies that they do not sell personal data, but the CommScope privacy policy acknowledges that it shares information, including identifiers as well as internet and other network activity information, for purposes including marketing in a way that qualifies as a sale as defined by California. "Data used for some of our business operations like order fulfillment and performance analytics as well as the use of 'cookies' on our and websites may constitute the 'sale' of 'personal information' under a conservative reading of the California law," a CommScope representative says. There's some nuance to that "yes" on the question of whether or not the company sells data, especially since things like order fulfillments and cookies on CommScope's website don't directly relate to the use of CommScope home networking hardware. Still, it's noteworthy that the company acknowledges that some of its practices may constitute a sale under California law when the majority of the manufacturers I looked at did not. "We can say that we do not sell data collected from the modems nor is that data used for marketing purposes by CommScope," the company added. "But where modems are ordered from us directly or where we provide customer support, that information is 'sold' (our read of the California law) only as part of filling that order and providing those services. "Where we supply modems/gateways to service providers, they control their own privacy policy controls," the company added. People in California have the right to tell CommScope not to sell their data on this website, but CommScope says that it "reserves the right to take a different approach" when responding to requests from users who live elsewhere. Meanwhile, TP-Link tells CNET that it does not sell its users' personal data and that none of the data collected by its routers are used for marketing at all. Still, the company's privacy policy appears to create wiggle room on the topic: "We will not sell your personal information unless you give us permission. However, California law defines 'sale' broadly in such a way that the term sale may include using targeted advertising on the Products or Services, or how third party services are used on our Products and Services." Enlarge Image Motorola router users can find a clear option for opting out of data collection in the settings section of the Motosync app used to manage their device. Screenshot by Ry Crist/CNET Can I opt out of data collection altogether? With some manufacturers, the answer is yes. With others, you can request to view or delete the data that's been collected about you. Regardless of the specifics, some manufacturers do a better job than others of presenting clear, helpful options for managing your privacy. The best approach is to give people an easy-to-locate option for submitting an opt-out request. Minim, the company that manages Motorola's home networking software, is a good example. Head to the settings section of the company's Motosync app for routers like the Motorola MH7603, and you'll find a clear option for opting out of data collection altogether. Asus offers a similar option, telling CNET, "users can opt out or withdraw consent for data collection in our router setting interface at any time by clicking the "withdraw" button." Unfortunately, that approach is more exception than norm. The majority of manufacturers I looked into make no mention of opting out of data collection within their respective apps or web platforms, choosing instead to process opt-out and deletion requests via email or web form. Usually, you'll find those links and addresses in the company's privacy policy -- typically buried towards the end, where few are likely to find them. That's the case with Netgear. Pursuant to Apple's policies, the company discloses its data collection during setup on iOS devices, complete with options for opting out, but there's no way to opt out in the app after that. Android users, meanwhile, get no option to opt out at all. "From the Android app (or iOS), a user can go to About > Privacy Policy and click on the web form link in Section 13 to delete their personal data," a Netgear spokesperson said. "We will look into making this option less hidden in the future." Other manufacturers, including D-Link and TP-Link, don't offer a direct means of opting out of data collection, but instead, instruct privacy-conscious folks on how to opt out of targeted advertising via Google, Facebook or Amazon, or to install blanket Do Not Track cookies offered by self-regulatory marketing industry groups like the Digital Advertising Alliance and the Network Advertising Alliance. That's better than nothing, but a direct means of opting out would make for a better approach -- especially since some companies might not make use of Do Not Track signals like those. "At this time, TP-Link does not honor Do Not Track signals," the company's privacy policy states. Enlarge Image Sections 8b and 8c of Eero's privacy policy make it clear that the only way to opt out of data collection is not to use Eero devices at all. Requesting that Eero delete the personal data it's gathered about you will render the devices inoperable, and Eero may still keep a backup of your data afterwards. Screenshot by Ry Crist/CNET This brings us to Eero. The company does not offer an option for opting out of data collection, and instead says the only way to stop its devices from gathering data is to not use them. "You can stop all collection of information by the Application(s) by uninstalling the Application(s) and by unplugging all of the Eero Devices," the Eero privacy policy notes. You can ask Eero to delete your personal data from its records by emailing privacy@ but the company claims that there's no way for it to delete its collected data without severing your connection to Eero's servers and rendering devices inoperable. The privacy policy also notes that the company "may be permitted or required to keep such information and not delete it," so there's no guarantee that your deletion request will actually be honored. Even if Eero does agree to delete your data, that doesn't mean that the company won't keep a backup. "When we delete any information, it will be deleted from the active database, but may remain in our backups," Eero's policy reads. How to opt out of router data collection, no matter which router you use Data collection is all too common in today's consumer tech, including concerns with smartphone apps, social media, phone carriers, web browsers and plenty more. I'd rank my concerns with routers beneath those -- but your home networking privacy is still worth paying attention to. From my perspective, opting out of data collection whenever possible is typically a good idea, even if the collection itself seems harmless. There's simply no good way to know for certain where your data will end up or what it will be used for, and privacy policies will only tell you so much about what data is actually being collected. To that end, here are some options for opting out with each of the manufacturers covered in this post below. And, as I continue to test and review networking hardware, I'll keep this post up to date. Asus You can withdraw consent for data collection by heading to the settings section of the Asus web interface, clicking the Privacy tab, and then clicking "Withdraw." You can reach that web interface by entering your router's IP address into your browser's URL bar while connected to its network, or by tapping the options icon in the top left corner of the Asus Router app and then selecting "Visit Web GUI." CommScope (Arris) If you live in California, you can tell CommScope not to sell your data by filling out a form on this website, but the company won't guarantee that it will honor requests if you live elsewhere. There isn't a direct option for opting out of data collection in any of the apps used to set up and manage CommScope products, but the company notes that you can unsubscribe from promotional emails at any time. D-Link D-Link does not offer a direct option for opting out of data collection, but instead, directs you to opt out of interest-based advertising from participating companies by using Do Not Track cookies provided by the Network Advertising Initiative, a self-regulatory marketing industry group. Eero Eero has no opt out setting for data collection, as Eero claims that its devices are unable to function without sending device data to Eero's servers. Google Nest You can manage your Google Wifi or Nest Wifi privacy settings and opt out of certain data collection practices by opening the Google Home app and tapping Wi-Fi > Settings > Privacy Settings. Netgear Netgear doesn't offer an option for completely opting out of data collection, but you can fill out a form on this website to download and view any data that Netgear has collected or request that Netgear delete that data. TP-Link TP-Link doesn't offer a direct option for opting out of data collection, but it does share instructions for opting out of interest-based advertising via Facebook, Google and Amazon on its website. The site also offers information about Do Not Track cookies available from the Digital Advertising Alliance and the Network Advertising Initiative, which are self-regulatory marketing industry groups. For more Wi-Fi tips, check out where you should set up your mesh router and why your ISP might be throttling your connection.

Malwarebytes Antivirus Review 2025: Decent Software, Terrible Customer Service
Malwarebytes Antivirus Review 2025: Decent Software, Terrible Customer Service

CNET

time25-06-2025

  • CNET

Malwarebytes Antivirus Review 2025: Decent Software, Terrible Customer Service

CNET's expert staff reviews and rates dozens of new products and services each month, building on more than a quarter century of expertise. 7.0 / 10 SCORE Malwarebytes Antivirus Buy at Malwarebytes Score Breakdown Performance 8 /10 Security 9 /10 Customer Support 4 /10 Usability 7 /10 Value 5 /10 Features 9 /10 Pros Free malware scanning and browser safety tools Decent VPN Impressive privacy policies Excellent dark web monitoring tools Cons Free version doesn't provide real-time protection Interface isn't the easiest to navigate Plans page lists a social media monitoring tool that doesn't exist Poor customer service Multidevice coverage gets pricey Malwarebytes Antivirus 7/10 CNET Score Buy at Malwarebytes Malwarebytes has long been known for its ability to find and remove malware on your computer. Today, it also offers real-time antivirus protection, ad blocking, a VPN and online data management tools to help you protect your information. But how well does it hold up compared to other top antivirus tools? I spent a week researching and testing Malwarebytes to answer that question. It didn't live up to my expectations for premium antivirus software. It had frustrating usability issues, concerning third-party security test results and the worst customer service of any antivirus I've tested so far. The only real upsides were its minimal resource usage during scans and its excellent privacy policy. Malwarebytes antivirus features Malwarebytes offers a free, top-of-the-line malware scanner and remediation program to remove malware that's already made its way onto your computer. Additionally, Malwarebytes' Browser Guard, an online security extension for browsers like Chrome and Firefox, is free. This extension scans websites for potential danger and blocks ads and ad trackers, protecting your digital privacy. Malwarebytes' premium antivirus provides the malware scanner (with added scan scheduling) and remediation tools, plus real-time protection against viruses and other malware. This includes protection against phishing (a kind of scam that uses fraudulent emails to gain access to your personal information) and ransomware (which locks you out of your device and demands money in exchange for restoring your access). The midrange plan adds a VPN for improved privacy while browsing the web. A virtual private network is a fairly standard tool included in every antivirus package I've reviewed, even the relatively minimal cybersecurity packages offered by Norton and AVG. At the highest tier, Malwarebytes offers advanced features for monitoring your data on the dark web. You'll also get a personal data remover that finds sites selling your data and helps you remove your information, plus credit monitoring and up to $2 million in identity theft insurance. Overall features score Malwarebytes features are similar to those offered by our top two antivirus tools, Bitdefender and McAfee. Malwarebytes also provides protection for Windows, MacOS, Android and iOS. However, there's no password manager, so Malwarebytes can only earn a 9/10 features rating. Malwarebytes antivirus plans and pricing Malwarebytes offers three plans for individuals: Plan Features Who it's best for Price Standard Core antivirus, including real-time protection from viruses, phishing and ransomware + Browser Guard Folks who want basic cybersecurity for a single device $45 per year for one device; additional fees are charged for each device added Plus VPN Folks who want both the security of an antivirus software and the privacy of a VPN from one company $60 per year for one device; additional fees are charged for each device added Ultimate $2 million in identity theft insurance, social media monitoring*, dark web monitoring, credit reporting, personal data remover Folks who are highly concerned about privacy and/or have significant assets to protect $120 for the first year, $240 per year after, with coverage for one device; additional fees are charged for each device added Malwarebytes also offers two family plans: Plan Features Who it's best for Price Family Device Security Core antivirus, ad blocking and anti-tracking, scam detection Families who want basic cybersecurity and protection from scams $120 per year for 10 devices; additional fees are charged for extra devices Ultimate Family Protection VPN plus social media monitoring*, dark web monitoring and identity theft insurance of $2 million for two adults plus 10 kids; online personal data remover for one person Families with significant assets to protect and/or serious privacy concerns $232.49 for the first year, $465 per year after, based on 10 devices; additional fees are charged for extra devices *Social media monitoring is listed on the Malwarebytes plans page, but customer service states that this feature doesn't exist, and as far as they were aware, no such feature is in the works. Note: Some features, like the identity theft protection and personal data remover, are only available in the United States and US territories. Pay close attention to how plans differ in your region before you purchase. Malwarebytes antivirus usability I created a Malwarebytes account and explored the account dashboard, product installation and basic setup for both the antivirus and Malwarebytes' additional tools to determine their usability. Specifically, I focused on how intuitive Malwarebytes is for those who aren't tech-savvy. Most processes were pretty straightforward, but I ran into a few hiccups that I haven't encountered with other antivirus tools. Account navigation Creating my Malwarebytes account was easy. I created login credentials, entered payment information and was directed to the account dashboard, where a pop-up asked me to confirm my information to set up identity theft protection. This surprised me, as most cybersecurity suites instruct you to set up the antivirus first. In addition, I'm in a country where I can't access Malwarebytes' identity theft protection. Screenshot by Dianna Gunn/CNET I was able to close this pop-up and go to the account dashboard, where I found prominent links for downloading and activating the antivirus, Browser Guard and other tools. The only confusion here was that the sidebar features both a Subscription Overview and a Manage Subscription link -- and the subscription overview page is where you can actually manage your billing or cancel your subscription. Most antivirus tools, like McAfee, have a Subscriptions and Billing page to simplify this, though it's often hidden in a drop-down menu. Screenshot by Dianna Gunn/CNET Installation and setup The Malwarebytes installer took just a few seconds to download and launched the Malwarebytes Setup Wizard. I selected the type of device I was protecting, had the option to download the Browser Guard with the antivirus and waited a couple of minutes for the antivirus to unpack itself. I also glanced at the Advanced Options, but it only directed me to create a desktop shortcut, so most people can ignore this. Screenshot by Dianna Gunn/CNET Once installed, Malwarebytes directed me to run a scan. This included a malware scan, a trust advisor scan (which looks at security settings on your device) and a digital footprint scan (which connects your email to Malwarebytes so it can search for data breaches). This took another two minutes and then directed me to the antivirus dashboard. Screenshot by Dianna Gunn/CNET This dashboard features prominent buttons for running a scan, accessing identity theft protection and using the VPN. You'll also see your Protection score and a button to see suggestions for improving your digital security. However, there's no visible setting for scheduling scans or running different scan types. While I've experienced this with top antivirus systems such as Bitdefender, what makes Malwarebytes uniquely frustrating is the lack of a Scans area for scheduling scans. I had to search for this option in the Settings area instead. Other minor issues with Malwarebytes include the need to manually activate my subscription -- something I've only experienced with AVG -- and the lack of a deep scan feature. I had to set up a custom scan to run a full scan on all of my files. The Android app is also fairly simple to navigate and shows that several features -- including a Scam Guard similar to the scam protector recently launched by McAfee -- are currently in beta. These features have great potential to protect you from the ever-increasing amount of spam and scams being sent to your phone. Screenshot by Dianna Gunn/CNET Additional tools Most of Malwarebytes' additional tools are intuitive. The VPN is built into the antivirus and can be quickly toggled on or off. You can install the Browser Guard extension when you're setting up the core antivirus and easily connect it to Chrome or Firefox. You can set up identity theft protection by entering some core information when you first log into Malwarebytes. The one tool I found confusing was the digital footprint tool. There seem to be two components to it. The first ran during my antivirus setup and provided information about a few data breaches, with some advice for how to deal with them. The second is built into the browser extension and displayed a pop-up about a data breach when I logged into Facebook. From there, it asked permission to search for other breaches and a few seconds later displayed this visual map of data breaches my information has been caught up in: Screenshot by Dianna Gunn/CNET Both versions of the digital footprint scan were easy to use, but I'm not certain why there are two of them. I also don't know if there's any difference in how they search for data, though I do prefer the visual display the browser version gave me. I wasn't able to test the Online Personal Data Remover, as this tool isn't available in Canada. I also couldn't test the social media monitoring tool Malwarebytes advertises in its Ultimate plan, and a customer service agent I chatted with told me this tool doesn't actually exist. I wasn't able to find out why a nonexistent tool is listed on the plans page. Overall usability score Individually, Malwarebytes' usability issues are small: mildly confusing labels for some features, lack of readily visible buttons for advanced settings like scan scheduling and the need to manually activate my subscription. These all took only a few clicks to figure out. But there's one big issue: The social media monitoring tool listed on the pricing page doesn't exist. This, combined with the minor issues I encountered when using other Malwarebytes tools, means I can only give Malwarebytes a 7/10 usability rating. This sounds pretty good, but it's the lowest rating for any antivirus I've tested so far. Most tools I've tested, including Bitdefender and McAfee, earned a 9/10 usability rating. Malwarebytes antivirus performance I spent three days running Malwarebytes and performed several active scans to determine its efficiency. I also tested the Browser Guard and VPN to determine how they affected my browsing experience. The core antivirus thoroughly impressed me, with minimal resource usage and fast scans, and the Browser Guard had no discernible impact on browser speed. However, the VPN had mixed results, especially when using servers outside North America. Note: I ran these tests on a Lenovo ThinkPad with an Intel i5 processor. Your own experience may vary, especially if you're using an older system. Background performance Running Malwarebytes in the background had no noticeable impact on my browsing or other computer activities. Tracking with Task Manager showed that Malwarebytes consistently used just 0.3% to 0.5% of my CPU's processing power. This is slightly more than top antivirus systems like Bitdefender use, but not enough to interfere with day-to-day activities or even complex tasks like video editing. Malwarebytes also uses no disk space, making it highly efficient. Screenshot by Dianna Gunn/CNET I then launched a custom scan, checking off every area of my drive and all file types. This scan used slightly more CPU power -- between 3% and 5% -- and no disk space, allowing me to continue using the computer without issue. However, it did take around 42 minutes, with a similar timeframe the second and third times I ran the full scan. You'll want to make sure you only do full scans when you can leave your computer running for at least 40 minutes. Additional tools performance Next, I moved on to testing the Browser Guard extension. It had no noticeable impact on my browser speed, but a pop-up appeared when I opened Facebook. This pop-up led to a digital footprint scan, which ran in a secondary tab without interfering with my continued browsing in other tabs. However, I did have some issues closing the pop-up, forcing me to refresh the page to properly view Facebook. I'm also not certain that the Browser Guard did much beyond identifying the Facebook breach. It didn't stop me from loading any of the suspicious links in my spam folder or flag any links I encountered elsewhere. It did block some ads, but it wasn't quite as effective on that front as my preferred ad blocker, UBlock. Finally, I moved on to testing Malwarebytes' VPN to determine how much it affects internet speed. I started by establishing my internet speed without the VPN activated by running three Ookla speed tests. I got an average ping of 2 milliseconds, a download speed of 559.81 megabits per second and an upload speed of 787.09 Mbps. (Disclosure: Ookla is owned by the same parent company as CNET, Ziff Davis.) Next, I set the VPN to my fastest server -- the one closest to my location in Canada -- and ran three more speed tests. These tests established an average ping of 3.33ms, download speed of 671.26Mbps and upload speed of 813.37Mbps. So, using the VPN on my local server actually improved my overall internet speed -- a stark difference from most antivirus companies' VPNs. Only Norton's VPN had similar results, making minimal impact on download speed and actually improving my upload speed when using my closest server. I then ran speed tests with the VPN set to several different locations (three tests per location), establishing the following averages: US UK France Germany Singapore Australia Download (Mbps) 466.75 376.59 260 375.15 346.52 355.27 Upload (Mbps) 791.89 569.44 371.44 417.08 355.63 572.58 Ping (ms) 79.33 161 256.33 203.33 490.33 409.33 These tests weren't as extensive as our usual testing process for VPN reviews, but they still show that most of Malwarebytes' VPN servers were significantly slower than my regular internet connection. However, the Canadian and US servers had great performance, so the Malwarebytes VPN may be worthwhile if you're planning to stick to those locations. Folks in Europe, Asia or Australia may have similar experiences with VPN servers on their own continents. Overall performance score Malwarebytes' background performance and active scans are fast and use minimal processing power, allowing you to continue with your regular tasks while they run. The Browser Guard also uses minimal resources, but it doesn't seem particularly effective at blocking malicious websites, and its ad blocking is mediocre. So is the VPN, which mildly reduced my internet speed when I used nearby servers but caused major slowdowns when I switched to servers further away. This mixed experience leads me to give Malwarebytes an 8/10 performance rating. Malwarebytes antivirus security I performed a deep analysis of Malwarebytes' third-party lab test results, security protocols and privacy policies to see how well it protects you. Results were mixed, with lackluster performance in antivirus testing but excellent privacy protocols for the VPN, comprehensive protections in the privacy policy and no recent data breaches. Antivirus security A quick look at the Malwarebytes AV-Test page shows that Malwarebytes hasn't been tested since 2023. Moreover, Malwarebytes received a 5.5 out of 6 stars security score (or lower) in its last several tests, a stark contrast from the other antiviruses I've tested, all of which had perfect security scores going back at least one year. Since companies must pay to have their tools tested by AV-Test, I suspect Malwarebytes stopped paying for tests it couldn't use in marketing instead of fixing the security issues that led to lower scores. The Malwarebytes AV-Comparatives page is similarly concerning. The tests are more recent -- including one for March 2025 -- but there's no star ranking at all, whereas most of the antivirus tools I've tested had 2- or 3-star rankings out of 3 stars. The full AV-Comparatives ranking page shows why: Malwarebytes might have a 98.6% online detection rate, but it also had 53 false positives, far more than the 28 false positives Avira had, or the 10 to 15 false positives common among other popular antivirus tools. Combined, these test results aren't promising. In fact, the free Microsoft Defender received better scores in its most recent tests from AV-Comparatives and AV-Test. Malwarebytes' scanning tool is still considered one of the best for finding malware already on your computer, but for real-time protection, you're better off sticking with Microsoft Defender or choosing one of our top-rated antivirus tools like Bitdefender. Additional tools security Malwarebytes' VPN secures your information with AES-256 encryption, an industry-standard protective protocol. The VPN also has a comprehensive no-logs policy, which means it won't track your IP address, DNS requests, bandwidth usage or other internet usage data while the VPN is active. This is notable since some antivirus companies, like Avira, only extend the no-logs policy to the sites you visit but do track your IP address, which could be retroactively used to gather other data about you. I chatted with a Malwarebytes representative about the VPN's privacy protocols and learned that the VPN is currently being moved to the AzireVPN infrastructure that Malwarebytes purchased last year. This gives Malwarebytes full control over the VPN infrastructure, allowing it to prevent anyone -- including Malwarebytes employees -- from accessing or abusing private data. AzireVPN also has a Blind Operator mode, creating a barrier to block traffic interception for further privacy. In addition, AzireVPN uses RAM-only, diskless servers. This means data only goes through the RAM and is never written onto permanent storage, ensuring true no-logs functionality in line with Malwarebytes' privacy policies. AzireVPN also publishes regular transparency reports, allowing me to independently confirm its commitment to privacy. Malwarebytes is headquartered in the US and states that it will share your data with government authorities if legally required. As its VPN uses a 100% no-logs infrastructure, there won't be much to give them. Still, if you're concerned about privacy, you may want to use CNET's Editors' Choice ExpressVPN, which is headquartered in the British Virgin Islands and has excellent privacy policies. Privacy policy and data breaches Malwarebytes has a thorough privacy policy with something I deeply appreciate: Simply Put sections translating the legalese into easy-to-understand language. The policies themselves are solid, too, promising that Malwarebytes will only collect the bare minimum data needed to keep its programs functional. It even explicitly states how all data collected will be used to improve the antivirus and other Malwarebytes tools. Malwarebytes' policies around sharing your data with third parties are also well thought out. Malwarebytes specifies that your data may be shared with Google Analytics, payment processors and third parties engaged for services like delivering marketing communications. There are no provisions for sharing your data with social media platforms unless you've given proactive consent. Malwarebytes states that the companies it does share data with must agree not to disclose your information or use it for anything other than the services they've been hired for. Malwarebytes also states that it will share your data with government authorities on request. As mentioned above, Malwarebytes is in the US, which is part of the Five Eyes Alliance. This means your data may be requested by the US government for its own purposes or for the purposes of any government within the Five Eyes Alliance. While Malwarebytes doesn't collect much data, and most popular antivirus tools are from countries with similar privacy concerns, it's important to be aware of this. As for data breaches, Malwarebytes had one known data breach of its forum in 2014 that compromised 112,000 accounts. Malwarebytes addressed this breach right away, providing instructions to find out if an account had been breached and secure accounts. There hasn't been a known data breach since then. Overall security score Malwarebytes' privacy policies and VPN security protocols are some of the best I've seen in the antivirus industry. However, the antivirus itself isn't as effective as other tools like Bitdefender, McAfee or even Microsoft Defender. This means I can only give Malwarebytes a 9/10 security rating. While this is on par with some top antivirus tools, like McAfee, it's not as good as our top-ranking antivirus, Bitdefender. Malwarebytes antivirus customer service Malwarebytes offers a self-serve knowledge base and 24/7 live chat powered by AI. The AI-powered chat can connect you with a human worker, but there's no immediately visible support ticket system and no phone support. The support I was able to access proved slow and inconsistent in quality. Knowledge base The Malwarebytes knowledge base, or Help Center, is very well laid out, with a search bar at the top and buttons for common question categories. There are even helpful arrows pointing to the search bar, quick start guide and account/billing articles, though they feel somewhat superfluous given how clearly labeled everything already is. Screenshot by Dianna Gunn/CNET The Quick Start guide is also excellent, with step-by-step instructions for setting up the software and tutorial animations. However, I didn't find images or videos in most other areas of the knowledge base. This is frustrating, especially for those who prefer to learn visually. Direct communication Malwarebytes' AI chatbot is easy to find -- something I can't say for most antivirus companies' live chat -- and moderately well trained, providing fast answers to simple questions. I was pleased when the chatbot directed me to an agent immediately the first time I asked. This may seem like a low bar, but multiple antivirus companies' bots have refused to connect me with a person until I requested it two or three times. However, the agent wasn't able to answer my questions in a timely manner. In fact, she told me she'd have to follow up via email, as she didn't have ready access to the information. My questions were somewhat advanced -- specifically, asking if transparency reports exist for the VPN -- but other companies' agents have been able to answer them within a few minutes, suggesting that Malwarebytes' support agents aren't as well-trained as those at other antivirus companies. Support tickets do exist, but you'll only discover this if the AI can't answer your questions -- a support ticket option appears when you request human customer service. If you prefer to get customer service via email, you'll have to jump through hoops to even know it's an option. The other downside is the response time. I submitted my request at 3 p.m. one day and didn't get a response until 9 a.m. the next day. The response thoroughly answered my question, but waiting so long was frustrating. Overall customer support score I was thoroughly disappointed by Malwarebytes' customer service. The knowledge base lacks visual guidance, the live chat representatives were slow and unable to answer my questions and the response time for support tickets was abysmal. There's also no phone support. This leads to a customer support rating of 4/10, the lowest of any antivirus I've tested so far. Malwarebytes antivirus value Finally, let's take a look at how Malwarebytes compares to Avira, another freemium antivirus, and our top-ranking antivirus, Bitdefender: Basic plan cost Mid-range suite cost and devices Most expensive suite cost and devices Standout security features Malwarebytes Free for one device, but no real-time protection $60 per year for one device; additional fees charged for added devices $120 for the first year, $240 per year after, coverage for one device; additional fees charged for added devices Scam protection, social media monitoring*, dark web monitoring, online personal data remover, up to $2 million in identity theft insurance Avira Free, with real-time protection and software updater $35 for the first year, $71 per year after; coverage for one device $135 per year, coverage for 25 devices Software updater for Windows, junk cleaner/PC cleaner for enhanced performance, anti-tracking tools Bitdefender $25 for the first year, $50 per year after $90 for the first year, $160 per year after; coverage for five devices $150 for the first year; $250 per year after; coverage for five devices Scam protection, digital footprint visualization, identity theft insurance of up to $2 million *Social media monitoring is listed on the Malwarebytes plans page, but customer service states that this feature doesn't exist, and as far as they were aware, no such feature is in the works. We can draw a few conclusions based on this data: The free version of Malwarebytes is severely limited , without the real-time protection you'll get from Avira or even the built-in Microsoft Defender in Windows or X-Protect for MacOS. , without the real-time protection you'll get from Avira or even the built-in Microsoft Defender in Windows or X-Protect for MacOS. The basic paid plan has no introductory discount , something most other antivirus suites I've tested offer. , something most other antivirus suites I've tested offer. The highest-tier plan seems affordable until you factor in the one-device limit. When you calculate the cost for five devices, the first-year price rises to a whopping $200 and the renewal cost to $400 per year, significantly more than other multidevice cybersecurity suites. In short, Malwarebytes is significantly less cost-effective than other antivirus tools and cybersecurity suites, especially if you have multiple devices. You may be able to save some money with it if you have only one device and still want identity theft insurance, but otherwise, its individual plans aren't a great investment. However, the Family Device Security plan, priced at $120 per year, may be worthwhile if you want comprehensive antivirus and scam protection for six to 10 devices. Bitdefender doesn't offer coverage for more than five devices, while Avira only lets you choose between five or 25 devices for its Avira Prime, and its 25-device plan costs $135 per year. Still, Malwarebytes' Family Device Security plan doesn't include the VPN or other features common to multidevice cybersecurity plans. Overall value score With all this considered, I can only give Malwarebytes a value rating of 5/10. It's simply not worth the cost for most people, though you may find it valuable if you have six to 10 devices to protect and you only want antivirus and scam protection. Malwarebytes: Is it right for you? Before you make a purchasing decision, let's consider how Malwarebytes performed in each subcategory: Features: 9/10 9/10 Usability: 7/10 7/10 Performance: 8/10 8/10 Security: 9/10 9/10 Customer service: 4/10 4/10 Value: 5/10 These numbers earn Malwarebytes an overall rating of 7/10, the lowest score of any antivirus I've tested so far. There are some areas where it truly shines -- like its excellent VPN security protocols and privacy policies -- but its features, usability and subpar customer service don't live up to other paid tools like Bitdefender or McAfee. The free version isn't a great antivirus solution, either, since it only provides malware scanning, not real-time protection. I recommend Bitdefender if you want a paid antivirus or AVG if you want a free one.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store