Webroot claims they can protect online or offline...

...yet they pull out of the AV-Comparatives offline heuristics only test. Seriously guys?

Do you not remember the days when Prevx 3.0 was more marketed as a behavioral blocker?

"...any definitions we do have are stored in the cloud." (from Prevx.com)

You guys used to put more emphasis on your BEHAVIORAL detection which is why your product USED to be better...I'm starting to grow fairly, increasingly confident on that! You can't rely too heavily on the cloud of a not-so-widely popular AV product! This is where Prevx 3.0 succeeded and WSA is starting to fail, in my viewpoint. This might be "the answer".

I'm not very happy that you guys pulled out of this test. You are supposed to have great behavior/heuristic detection IN ADDITION to your cloud detection. Not to mention the fact that you market the offline mode...why not prove it can do what it claims to?

You've already gotten poor scores. What are you afraid of?

My faith in this product line has been shaken. I can't help but have the feeling that if it were not for my other security layers, I would be partly exposed.

EDIT: Webroot's YouTube channel has a sole video testimonial of some guy who can't even remember which version of WSA he has saying that "you're a fool if you think something for free is going to get you there." Ironically, many of the free products have consistently scored better than WSA. I'd love to see his face if he was told that.

 

We've never been in the AV-C offline heuristics-only test. The offline test at the moment doesn't take into account how WSA's offline protection works. We're discussing this with AV-C and other testers to see how we can be more accurately tested.

All of the behavioral components of P3 are in WSA, but bolstered with a massive set of additional security so there is no degradation in protection.

 

Okay, noted. Sorry. It seems once again I (or anyone else that's posted a reaction thread like this) assumed wrong and jumped the gun. Sorry Joe.

I reiterate that I wish the age/pop worked "classic" style aka don't take behavior into account. Let adv. heur. do that.

 

When we did this with P3, we had an outcry of so many "false positives", and some of the (in)famous threads of how many "FPs" P3 had.

That being said, we are working on a new middle-ground approach which is much closer to how it originally worked in P3 but which should hopefully limit FPs in real world scenarios while dramatically bolstering protection.

This next update will be significant, with literally dozens of improvements all around, and this new protection engine should be in place in time as well.

Expect some positive news in probably ~2-3 weeks

 

Hopefully the new "middle ground" approach focuses (at least partly) on making sure the granular control of age/pop does FP prevention work for non-advanced users rather than neutering the protection itself.

What I mean by that is like making sure defaults won't cause many FPs.

Though I must say at this point especially FPs > bad scores for detections aka FNs.

 

I agree - this is always a weighting game to configure which direction to take. The first round will focus on creating fewer FPs as we test how it looks and is received within our userbase.

 

I agree, if you are going to take a modified direction, the time is now. You still have your support from all the P3 users and now the Webroot community. What we have now is no where what we expected for this product and the time it took it to come to be.

I agree FPs are a issue with products, but lack of detection is even worse. Webroot needs to give you a clear hand in now creating what you know will work because waiting will cost them alot more in both money and consumers. WSA needs to be simplified and then back with the ability to detect as well as P3 did. It will happen, it is just ashame we are even at this point today with this project and product.

 

And please, modify the numerous settings for hueristic detection. Break the product down into 3 areas and each with their own settings for hueristics.

 

We're looking into the logistics of these areas but definitely planning on a simplification layer above the settings as 99% of consumer users don't need to touch any of them.

 

I was talking to Joe about this too...

I was thinking (and hoping for) something like Prevx 3.0 with just a touch more configurability. For example, I like the ability to make non-administrators not be able to change settings. I like that a lot better than a password personally.

I also think different heuristic levels for different vectors is important but many users don't need to change them. Maybe keep the backend of it intact while simplifying the GUI into less categories (group some together), or an option to set them all at once.

 

I think grouping options is the key here - a list of checkboxes is daunting but a simple slider bar or on/off button which controls the majority of the features is much easier. I think we'll still have similar categories, but they can definitely be simplified down for the default settings display, but keeping the underlying data beneath as there are a number of users who do need to use the granular control.

 

For example, how useful is changing the apply before v after setting for a home user? Not sure on that.

Do home users need the white list mode?

 

I personally use whitelist mode on one PC, but it could indeed be made much easier - even just a single toggle on/off button for it.

 

The offline mode I use whitelist as I'm online 99.9% of the time and don't use my laptop offline much but security knowledgeable people like it but for the average user I don't think many use it also I just don't execute unknown files but many do.

TH

 

Most of the time if you're getting infected its because you're online. Worth considering.

 

What about something like "you can set heuristics for online and offline modes, or expand them and set each vector individually."

I'm not sure how important directional before/after is. Honestly that might be something good to cut for the home version and just use that fine tuning in the backend without users know about it.

Whitelist mode can be in an advanced area on/off thing I like that idea. It can be a single on/off or a toggle option for each vector for those that want to specify.

Other than that, the slider bars are fine. Off, Low, Medium, High, Maximum.

I'm more concerned though about the countless other settings that exist...tons and tons of overwhelming checkboxes...some that sound like they do similar things to the heuristics...like "enable advanced threat analysis" or something like that.

I'd honestly keep it simple. Maybe a performance slider bar instead of all those checkboxes for scan time vs cpu time...

Maybe leave real option stuff that people actually might need to turn off like the HOST file one...let's see what else...

Oh! VERY important: Combine all of the "just block automatically" setting stuff into one. Maybe take some inspiriation from ESET and make it a slider bar:

|--Always prompt user on how to respond to threats
--Automatically quarantine major threats while leaving low-risk threats such as adware for user to decide
--Automatically quarantine all threats as they are detected. No user interaction.

Now simplifiy Access Control... Checkboxes:

* Only administrator users can change settings and manage quarantine

* Only administrator users can use features marked as "advanced"

* Only administrator users can give an "allow" response to threats if user interaction is required

* Require a password to access and change settings and to manage quarantine:
[Password Box]

* Require entering a CAPTCHA to change critical WSA functions

-----

As for the other automatic block option that hides in one of the other shields (I think behavior) I would remove that option and still put that under the scope of the slider bar in real time options. You want all threat response stuff in one place imo.

Also, some of the other shields have too many options too. Home users probably don't need that fine level of control...especially since most of the options are all checked by default anyway.

---

One thing I think should remain the same is the overview. Good job on that.

Green - Safe
Blue - Scan required, but still safe
Yellow - You disabled a non-critical shield
Red - Critical shield(s) disabled or threats detected that require user interaction

I love that.