AntiVirus feature prediction thread (let's look ahead and see who's guestimate is close to reality)

When was that and what specifically.

 

Problem started few years ago when they introduced new features in their software (sandbox, deepscreen). I believe it was when they released version 6, but I'm not sure.

 

I am not sure a test of 2014 products proves anything when talking about 2015 products.

 

It's still a test and WSA was still 2014 as well so we will have to wait for the next Test.

TH

 

Future AV should provide inclusive protection, at least in their premium product (total security suite). I mean, protecting only from malware is obsolete, there're many threats not directly related to malware. That includes but not limited to web-based threats (such as XSS, CSRF, click-jacking, DNS rebinding), SSL/TLS exploit, many forms of fraud or scam including bad shopping site or auction site, device lost or theft, info leak on SNS.

Some of products already take measures to some of them (e.g. avast blocks XSS, Trend warns SNS setting) , but not inclusive. Can anybody tell me what AV warn or block Heartbleed-vulnerable site?
But stand alone AV should be left for those who can take care of those threat one by one.

 

Seeing those argument, I have to say Mayahana is not 100% correct, at least.
I know you're Trend engineer and know much about security, I appreciate your insightful info, but now it seems you ignore many differences sits on those product. I divide AV's cloud usage into 3 groups for convenience.
1. McAfee, Norton, Trend
2. Kaspersky and many other AV
3. Avira, ESET
If one know how they utilize cloud reputation, he should understand why I divided like this, however even in same group, there're still many differences.
Norton have the probably best file reputation infrastructure, but apparently their correlation analysis don't reach Trend's degree. Their email and web rep are actually not as competent as file rep, and they don't back-track source of file in Trend's degree. In short, their reputation system is near vertical division, so they now (actually, from 2013 though) started to integrate those better. Not to mention Trend have much more better web rep, but I know some methods they use to correlate files with web (e.g. if a file includes URL, then they're correlated), and methods they calculate web rep (e.g. they consider not only metadata and heuristics, but also contents category. Symantec seems to focus more on metadata and heuristics.), they're differ from Symantec.
When it comes to 2nd group, there cloud usage is less aggressive and for them it is more for early detection (before sig update) and cloud-based behavior analysis.
Remember group 1 and 2 only upload hush or other metadata to cloud. Norton never upload file itself even in 2015. And it is very recently that they started to upload behavior info to cloud, until 2014 they hadn't. In this regard, even Kaspersky was earlier than Norton.
The 3rd group, contrary to them, can upload file itself (with user's agreement any way). Note ESET don't have full BB and also Avira don't in 64 bit. So they more rely on cloud-based analysis than client-side analysis.

How should we put Webroot into those group? Maybe group 1, but there's caveat.
As TH said, Webroot works differently from Norton, Trend, McAfee. Yeah, those vendor imported some of techniques Webroot use such as rollback, however they didn't imported Webroot's strategy, design, or philosophy. In Webroot, rollback makes sense only when combined with their banking protection and multi-stage sandboxing. Those other products didn't adopt such capability. Actually, Norton allows even low-rep program to connect to internet as long as the domain is not known bad and the program don't show quite suspicious behavior. So sneaky malware can make real damage unless SONAR immediately stop it, and rollback can't 'rollback' leaked info.

Webroot's strategy simply can't be tested on current AVC methodology. So they withdrew, but they're more positive than Symantec, made argument with AVC, and AVC admitted they scored better in new methodology suggested.

 

Well, security software and my wife are no great match. With WSA I have not heared her complain since I installed it (using the whitelist feature). Because of this good experience I installed Avast at a few PC's with hardened mode on (also heard of no problems). So let's agree to disagree on this.

 

Nicely put!

Thanks,

TH

 

Thanks for explaining what I was too lazy to explain. Also note the strength of Norton detecting suspicious activity is relevant to the settings of the product. I tend to dial it up (Hypersensitive) for folks like my daughter, which she is prone to downloading 'junk'. So I want the hypersensitivity in play. I suppose Webroot would be fine on her system, but I tend to prefer more mature, blended solutions over Webroot - but do enjoy the similarities in areas where it is important. Which again affirms the point I was trying to make, and you agree with that point with a minor caveat.

 

Don't make this thread an A vs B okay! Webroot is more Mature & Blended than the others as it has been around since 2004 in Prevx.

TH

 

Posting technology information is relevant. Trend for example has nearly a dozen different technologies/engines inside of it. That's what I am referring to in terms of blended protection. I choose not to rely on a pure cloud based solution, with cloud reliance on evaluation as an exclusive validation method. I like a mix of technologies, layered security even within a single product. Mature in terms of products that have been around since the 1980s, with large, experienced engineering teams.

 

Ah...so that`s what Viruscope is all about was wondering but was to lazy to do any digging.

Years ago it was predicted that the future of anti malware would/should be in the HIPS and sandboxing direction and this appears to have come true to a large extent.

I think things will continue with the multilayered approach maybe rollback features will become part of the normal as well ?

Whatever it is the futures probably here already.

Regards Eck

 

I'm stating a fact that you don't know nothing about WSA and it's many Shields, Technologies and engines inside a 750kb installer and you keep forgetting the the WIN Cloud is controlled by ENZO in which Prevx and WSA users know that Joe Jaroch developed along with his team and the Client only uses 3 to 6MB of RAM all the work is done in the Cloud by ENZO and BrightCloud http://www.brightcloud.com/platform/webroot-intelligence-network.php and I have seen ENZO in action I was very amazed how it was determining 200,000 new Files, Programs and Malware per day, Domains and URL's by the BrightCloud engine. So how can you give any advice to a person about WSA if you don't even know how it works? And this is a video by Webroot to help people like you that need help: http://www.youtube.com/watch?v=hJGCVcsaayE&list=TLCl2zGhEkyxA-

TH

Also it's close to 200TB of info now.

 

This looks like a WSA marketing thread more than anything now. The guy even has referrer links to a sales website in his signature now.. <smh>

 

I don't think it's against the TOS that I'm an Affiliate? And most people know me since I been here since 2004 and worked closely with Joe Jaroch in the Prevx forums: https://www.wilderssecurity.com/categories/archive-of-prevx-support-forum.104/ and I test many AV's to see what they got on my VM's but I will drop this useless discussion with a person that don't know a thing about WSA in any way so you stop talking about it and I will not bother to reply to your FUD.

Cya,

TH

 

Tact and diplomacy are good.

As an affiliate, we appreciate it when you inform and educate.


-Frank


Edited to tone down based on Daniel's positive response

 

Point taken Frank!

Daniel

 

Cheers.

 

@Triple Helix , I will give a positive spin to all this discussion... if WSA is taken up and subtlety undermined then it means the competition is scared about WSA. Thats good!!

 

Funny that the two AVs the poster knocking Webroot praises are the very same two AVs that were giving me problems by letting malware through until I changed over to Webroot (Prevx) back in 2006. Funny also that I’ve never been infected since changing over to Prevx/Webroot. Ah well, I suppose it’s just coincidence, fluke, whatever…

PS. To Mayahana: out of curiosity, have you ever installed Webroot on a working machine and tried it out for a significant amount of time? Just asking

 

Can you point out specifically in this thread where I 'knocked' Webroot?

Thanks.

 

These remarks:

• "I would have more confidence in those products (“Trend, Norton, and others”) over Webroot because they generally seem to be tested, and performing quite nicely in those tests."
• "the 300MB Webroot balloons Explorer to be fair, OK?"
• (“Trend, Norton and others” as opposed to Webroot) “all of them have technologies not reliant on the cloud, which is why they can deal with blended threats”
• "Trend and Norton are fairly reliant on the cloud, but they use the cloud to strengthen (my emphasis) their core products - a wise choice." (Innuendo: "strengthen their core products" rather than simplistically rely on the cloud alone)
• "I suppose Webroot would be fine on (my daughter’s) system, but I tend to prefer more mature, blended solutions over Webroot"
• "Trend for example has nearly a dozen different technologies/engines inside of it. That's what I am referring to in terms of blended protection. I choose not to rely on a pure cloud based solution, with cloud reliance on evaluation as an exclusive validation method. I like a mix of technologies, layered security even within a single product."
  REACTION: Do I hear you correctly?? Are you really saying that Webroot is not a layered security product?? Are you serious!!??!!??

The implication and the general drift of the above remarks is that Webroot is a relatively weak, "immature" product compared to "Trend, Norton and others". Actually, I'm surprised you asked me to point out the paragraph and sentence of each of your remarks, seeing your opinion of Webroot is carefully worded, thoughtfully expressed, articulate, crystal clear, albeit speaking by innuendo.

Anyway, I've answered your question even though you didn't answer mine. How about your now answering mine?

 

'Knocking it' has now become an opinion that one is 'drifting' towards implicating it as? I also said in this thread, although I appreciate you taking the time of researching this. To answer your question, of course we've evaluated, tested, and put it through our vetting process. We deploy AV solutions on 32K machines, and have tested all of the major products. Disclosure of the results aren't relevant because it's internal company information. I do detect a certain level of hostility anytime Webroot comes up. I am uninterested in partaking in arguments of favored products, and would rather focus on solving problems, and sharing information/ideas rather than distractions.

It's good to see a certain level of bravado from aficionados of specific products, it helps moderate the detractors, so it is appreciated.

 

I just think Webroot gets unjustifiably knocked by some folk here (and that CAN and DOES include subtle innuendo). I do also feel that 'testing' is not necessarily the best way as Webroot is so different in its approach, that testing it in the same way as other AVs can lead to apparently negative results. That's why I specifically asked if you had tried Webroot on one of your own working machines for a significant period of time. Apparently you haven't?

And btw it's not "bravado", it's experience of superior performance as compared to other products (EDIT: the other products I had tried) over an extended period of time. I don't need to be an expert to see that other products (EDIT: those other products) didn't protect me and this one does.

 

Hey I agree. It's tough to test reputation systems as well, which is why Norton 2015 had issues with some tests, but aced others. Trend uses a very mature, blended system so it's scoring big time these days, but I still feel Trend needs another year to marinade this new version, there are some bugs/issues with it. As stated in another thread, I've had some success with Webroot as a cheap/nearly free solution for relatives/inlaws that are heavy clickers. They've generally been well protected from what I can tell - at least they don't call me every few months to ask for malware removals.

It's good to be enthusiastic over products, although it can be nauseating when someone goes over the top with it, even neglecting the downsides. I tend to recommend products, but also generally post what I view as faults or flaws in them, even if I do like them. That way I don't appear to be blindly enthusiastic to the extent of ignoring truths. I've been around long enough to know even products I love have issues. I can cite issues with Fortinet, ZyXEL, and Cisco, regardless of how much I like them, and I am pretty clear about pointing those issues out. For example ZyXEL's default allow for admin access is ridiculous. Fortinet's Maintainer, and Cisco's Bad Secrets are pretty obnoxious and exploitable. (as examples) I'd never want to be implicated in being a rabid fanboy, I'd consider it a huge failure of mine if I was.