Webroot unsecurity. Lack of support (legal customer)

So far technical support is avoiding to answer the question:

Where is safe download link (https) and the control sum of the file available?

https://community.webroot.com/t5/Co...ity-Lack-of-support-legal-customer/td-p/80117

Things which could be tampered: file, connection, signatures - anything else ?

 

uuuhm... and why the hell you require an https to download an installer? The installer is anyway digitally signed, so any manipulation will break it. I think paranoia is at alarming level.... are you chased by NSA? This looks like the most innovative excuse I have heard to get a refund Lol

 

What made my distrust is the different checksum for the same version of WRSA. That one, not suspicious, earlier version is no more available (but it mean Webroot is able to do that), instead I can dowload the same version number different checksum executable only - what make it suspicious. Yes, I'm considering routine agency operations.

 

@virtuo

Best thing would have been to learn about False Positives (FPs), different MD5s etc, and approach any perceived issue with more of an open mind, leaving apparent prejudice and paranoia to one side, in an attempt to clarify your misunderstanding.

 

Looks like anyway the issue has been clarified at Webroot community forum. Now you can relax and install the malware without fear

 

I've replied in the Community now as well:

"As has been stated before, different download locations have different checksums, and every update will change the checksum. The link you've been provided is one of the more common download locations ( http://anywhere.webrootcloudav.com/zerol/wsainstall.exe ). You can right click the file, click Properties, Digital Signatures, click on the Webroot Inc. signature, Details and see that "This digital signature is OK."

The file is not infected despite what a few AVs are saying: that is a false positive (a detection of a file as malicious when it is not) and there is nothing that Webroot can do. If you use one of the AVs, you can locally allow the file or submit it to their threat research team to have it re-assessed, but there is nothing malicious about the download you have received."

 

To remind:


According to http://www.herdprotect.com:

wrsa.exe, v8.0.4.46,
954eea818edd5226a7615b431f6ae51d860958b9
tested 1/14/2014 - no infections

wrsa.exe, v8.0.4.46,
a50fa9a3e928713b3f2c6bb74c79e02907634f28
tested 1/19/2014 - and every other
have PE:smileyfrustrated:tealer.Zbot!1.6524 suspection detected by Rising Antivirus.

The anomaly was that there was a file signed by Webroot which was
_'not suspicious'_ and is no more available,
instead _later_ tested and the only available file is 'suspicious'
- the same as all other _earlier_ versions.

And no checksums provided upon request.

If Webroot is able to provide 'unsuspicious' version - which was available
for few days probably, then why would them prefer to provide 'suspicious'
version - what is against logic?

(I would wish to no have never to wonder about this kind of things.)

 

All you need to accept is that there is NO suspicious version...they are isolated false positive detections, as has been fully explained for you.

Either trust the software, or don't use it.

 

Exactly. The only difference is that the "suspicious" version is a new version with improvements. We don't provide old downloads because there is no reason to: they will auto-update to the newest version immediately. There is nothing suspicious about any version of Webroot - it is simply a mistaken detection from another AV vendor: if you ask them, they will confirm that no version of Webroot is actually suspicious. It is just a false positive as has been explained in both threads by many users.

 

http://languagelog.ldc.upenn.edu/nll/?p=4230

 

Was that 'unsuspicious' version a threat ?

 

No. There has never been a version of Webroot which is a threat. I don't know how else I can describe this... both of the hashes you've posted are legitimate copies of WRSA.exe - they can have the same version as we have different builds used by different customers.

 

I did not posted any MD5.

 

Both are 100% legitimate, virus free copies of WSA.