SecureAnywhere!

While I would not dispute that, the average user, of which I consider myself one, is not capable of determining how good an AV is. If I use one a year or so without any infection that does not really tell me that A is as good as B. I am a safe user, and also run MBAM in real time.

I suspect that I could run the poorest and not get infected. That would only prove that I am a safe user. Since I am not capable of really determining how good one is compared to another, I will use AV-C results that convince me that I am starting out with a good one as far as protection is concerned.

If one AV detects 5% less than the best I won't use it.

Regards,
Jerry

 

Testing firms don't take into account what an AV does even if it doesn't block the file itself. For example, WSA will protect your personal information from leakage (being stolen by keyloggers/screengrabbers/man-in-the-browser attacks/etc.) and it will protect your files by automatically journaling everything that's changed by an infection and undoing the changes when WSA eventually finds it as malicious even if it doesn't catch it as bad initially.

Because of these and other technologies, our real protection scores are much higher than what you may see from a test which just looks at what files are blocked on first sight.

 

Regardless of how good a product is at undoing changes made by malware, most users, me included, simply want something that blocks malicious code at first sight, not after the fact.

 

Yeap, this what it counts, real life experience. Unfortunately you always have two or three users battling their crusade against a XXX or YYY product. WSA is far more advanced than most AVs out there and people have difficulties to understand it.

 

Which WSA of course focuses on, but we've been in this business long enough to know that no one blocks 100% so we plan for those contingencies.

 

Are you saying that in the meantime, while infected (as WSA does not detect the file as malicious) I am still protected until WSA actually detects the malware?

Cheers

/E

 

Yes! Have a look at this video as I pointed to earlier: -http://www.youtube.com/watch?v=uKMZ1Ukw_7I

TH

 

Great video, thx!

/E

 

Your very welcome and that was done without WSA knowing if the file was Good or Bad and no need for an internet connection to remove after she set it to Block and the system was reverted back to the state before the infection!

TH

 

ill add that i have a lic to the internet security and i use it on one of my daughters laptops and she is far from a safe surfer even though we have many sites blocked her freinds send her links and she plays a lot of the online games etc we do monitor as much as possible but so far she has yet to be infected with webroot. i figured it would be a good test for her and so far has been very good.

 

Why did it do so poorly on the last AV-C Real World test? Is it not true that on that day with those malware samples it did the worse of any AV?

So if it is so good then why the difference?

I am not really trying to run down the AV, but I fail to see why it is being touted as great when the results by professional testers showed otherwise. The test results speak for themselves.

Jerry

 

It is true that in that instant, those files weren't found, but that doesn't take into account the rest of the protection. Here's some additional context: http://blog.webroot.com/2012/07/19/webroot-bulletin-regarding-av-comparatives-results/

 

very true. And Jerry, I know for a fact how good Prevx was and loved it. I have no doubt this product gets better and better.

As Joe said, no product gives you 100 percent, but this is the only one that monitors unknown malware to totally reverse its effects once it is deemed to be bad. No half ass repair like others, just "poof" and its gone.

 

Webroot have already commented on this in their blog. Here is the posting in question.

They are apparently working with testing organisations, such as AV-C, to "build better real-world testing environments". Quote from the blog:

Edit: PrevxHelp beat me to it providing the link.

 

The article is a good one. However, even that being true, I am much more interested in preventing any malware from getting into my systems than to have to remove them. Also, doesn't every developer and producer say that his products are the best?

I freely admit to my lack of expertise in the computer areas. In that area I am at the bottom of the totem pole. But until an AV can do well on AV-C I won't have any confidence in it. Although Norton has worked well for me the fact that they did not take part in those tests was a factor in my changing applications. I want a double check on whatever I use. There are several excellent AVs out there, and the only way I can determine their effectiveness is with tests. I have more confidence in AV-C than any of the others.

I won't ague further as I don't have the smarts to do so, but I "Pays my money and takes my choice."

Regards,
Jerry

 

Don't be invisible....stay in the neighborhood Jerry...we appreciate your comments!

 

I ain't leaving the looking. I guess sometimes you who have a lot of expertise need to see what an oak stump can soak up.

I can learn by reading the comments by the rest.

Thanks,
Jerry

 

........Unfortunately

I do as you do, wich is redirecting people to the webroot blog post that Joe made a while ago regarding the core technology in WSA. And hope that they will understand better after they have read the whole post

 

The article and the Webroot video link shows clearly..... it's not a battle we are just trying to help users understand WSA's new technology in a 700kb download app!

TH

 

Oh Me. Jeff, if you say it is good I accept that. I might try it when it hits the high 90% on AV-C.

I certainly do not know how it works. But I don't really care. If it doesn't detect and prevent infection that is all I need to know. After all I just want protection, and don't want to have to get a degree in computer science to understand why.

The AVs which scored in excess of 98% are what I will consider. I don't have to be technically qualified to read the scores, and if they run well that is enough for me.

Maybe WSA is not meant for average users like me.

Best, Jerry

 

I think Jerry is allowed to have his opinion without people shoving blogs and videos down his throat. He wants a AV that scores high on AV-C tests, I can't blame him for that. We all want the best protection for our money we can get don't we?

I'm hesistant to post my opinion on Webroot because I don't want to badmouth it. It has a lot of potetional to become a great product, but the tests just prove it's not there yet with the Kaspersky's & Bitdefender's of this world. They have a great presence on this forum though, you can be sure to get an answer to any support questions you have. No doubt they have great custermor service as I've just said but I just think we need to give Webroot a bit more time to mature which is why I decided not to renew my license and go with Emsisoft Internet Security package.

Part of the reason was because Emsisoft have a far superior firewall, it's one area where Webroot needs to improve. I don't like the attitude that "windows firewall is enough" that Webroot uses as a defense to these claims. To me I want a robust Firewall that can tweaked like Comodo or Online Armor. Webroot's firewall needs to be user friendly but it's needs to have some more power to give it the edge for people like me who like tweaking settings.

The other part was detetction, I know Webroot has technology to "revert" changes made by malware but the fact is it needs to stop and detetc malware before it runs. Sadly there are some really poor tests showing Webroot's ability to detect malware before it's launched. Now I know you take these with a grain of sault but I like to know if my AV is doing well on 0-day malware. The good news is that from what I've seen is that Webroot is working hard to improve it's detection rates which is good news.

You can say all want about sandboxing this and sandboxing that but in the end like Jerry I grew a bit weary of Webroot showing such poor results in on demand tests and the fact it allows malicious code to run even though this can be "reverted" apparently. The good news it's improving, I just hope they take the negative criticism and feedback in these threads to keep growing so that one day I will want to use Webroot again.

So respect to Jerry for his opinion and that's my 2C's,

 

I know I will get bashed by the horde of fans for saying this, but its important. I don't like when people sell a bad thing as good, the don't worry if it does not detect as your protected anyway!

Its exactly what happened with the mortgage scam, want to buy that nice house but don't have the money? No problem, we will give you the money to buy the house and you can pay us back later, then down the line they can't pay and you offer to buy the house back for 25% of the original price. Meaning you lost nothing, but now they are still indebted the remaining 75%.

It may be hard to understand the comparison, but saying ”even if you don't get a detection, you are still safe!” Its like saying, don't not buy your house, take this mortgage and have it anyway! But in the end you get screwed over by false promises and a still infected system.

 

Correct me if I am wrong, but as I understand it:

* Regular AVs that miss a malware dont do anything until malware DB is updated.

*Webroot that miss a virus reverts back to to the state that was before the virus entered - at the same time the virus is classified as such?
This because Webroot has the virus in a sandbox so to speak. It has recorded exactly everything that the malware has done before it was classified as a malware by Webroot?

The difference to me is that Webroot has the actions of the malware recorded exactly what it has done in the specific computer whilst regular AVs dont? And therefore can undo what has happened (unless it is a malware that works in real time before webroot has identified it as malware, like man in the middle attack while logged into a bank for example, then it is to late)
Please educate me if I have misunderstood.

 

Yes, that is what Webroot claim. I would have more confidence in that if Webroot had stayed in the MRG 0-day tests which showed which AVs classified malware correctly at 0 hour, 6 hr, 12 hour etc. I appreciate Webroot can 'roll-back' but what if it takes WSA say a week to recognise a file as malware? The time between infection and detection is important for example if your bank details have been obtained by malware on your system that was sitting undetected by WSA for say 3 days . I appreciate rolling back once malware is identified but the length of time it takes to detect is still important, and it's that which is difficult to get a handle on whether WSA is good at detection when compared to other AVs. (Not that good would be the answer for the previous MRG 0 day tests).

That said I like the WSA product, it is light, easy to use and the roll-back feature is great. But without competitive detection rates, the value of the roll-back in case of infection is significantly diminished.