Webroot SecureAnywhere PUBLIC Beta

It was the latest beta - 6.0.0.19. That beta version is considered close to ready to be released as public beta. But I think this is a problem (the one I experienced) you'll be seeing a lot more once Emsisoft releases their new flagship.

 

I am using just the public beta of Webroot SecureAnywhere version 7.9.0.4.
So the full suite, threat detection and removal, realtime shields, firewall and identity & privacy protection. All checkmarks are checked. Running it together with ESET Smart Security 5 release candidate, no sandboxing or something like that. Furthermore, Google search results show little green checkmarks for safe websites, although this only works in IE9 not in Google Chrome stable.

 

It isn't currently supported in Chrome - search checkmarks will only show in IE and Firefox at the moment, although we will be adding more in the future.

 

Thanks! I'll have our testers take a look at reproducing this internally and will hopefully have it resolved in one of the next updates.

 

Still, doesn't explain why I am not seeing a padlock in the tray icon when in IE9 right?

 

Correct, you should still be seeing the padlock in IE9 and Chrome. Could you let me know what other security software you have installed to see if something is clashing?

 

When running something sandboxed, how exactly does that work out? Is the application run in virtual space or is it run with restricted rights? If the latter, how do I delete the content if I believe it's malicious in the best way (including registry keys etc)?

 

for me, the padlock is very sporadic, sometime it shows, sometime it doesnt, i switch to a facebook tab, it pops up, i switch to wilders it goes away, however, i open gmail and it still doesnt come back. im not exactly sure what triggers the icon but its not consistant. Another example, ill go to facebook then to duckduckgo search engine and the padlock will remain, however after switching around tabs and then going back to duckduckgo the padlock is gone this time.

i dont really understand it...

 

The sandbox is quite strict - it currently doesn't virtualize back written data (akin to Sandboxie). Its goal is to just prevent the process from doing anything potentially damaging (under your control). We'll be extending this feature in the future but at the moment, it isn't designed to be able to be used with complex applications as most of them won't support the extremely limited environment we force them to run in.

 

Just did a clean install to 7.9.0.4 and Google searches in both FF 5.0.1 and IE9 are producing blank pages, unless the browsers are " Allowed " in Identity & Privacy, settings View/Edit Protected Applications.

Previously reported.
W7 pro x64
AIS most shields disabled

 

Facebook is added as a specific website for additional protection which would explain why you're seeing it protected. Are you on the HTTPS version of GMail? There could possibly be some case where it isn't tracking pages properly - could you let me know what browser you're using?

Thanks!

 

Thank you, yes I'm using AdBlock Plus, NoScript, HTTPS Everywhere, FlagFox, and Diagnostics for AdBlock Plus in Firefox, but no sandboxing. I'll try disabling each individually to see if any difference. I've also tried disabling Mamutu (despite WRSA being excluded) without any joy. I've also done a clean install
without successful outcome/impact.
Incidentally, forgot to ask before but..."Elementary my dear Watson" but what is this?
p.s. Of course none of addons above explain absence of protection in IE9, which I run as is.

 

Dr. Watson is a debugger within the OS which sometimes leaves behind extra files. Let me know your results with disabling some extensions - I haven't seen any case of IE9 not reporting it properly but I'll continue looking as well.

Out of curiosity, do you have any browser skins enabled or other customizations to the browser itself?

 

im using firefox 5, and yes im using the HTTPS version of gmail. it does seem to have a problem tracking sites, sometime i get the padlock on regular HTTP sites and sometime on the same site i wont, depending on wat tab i had switched from seems to be whats throwing it off as far as i can tell.

 

PrevHelp,

Just a heads up to my post above, disabling Avast solves the issue completely,
so looks like a compatibility issue.

HTH

 

I see! Thank you for your time answering this.

 

I use FF theme Devious Green.

 

Yes, that does. That coincides with what firzen771 is seeing as well - I'll have our testers work on reproducing the incompatibility with Avast to hopefully get this fixed in one of the next builds. In the meantime, you may want to disable the Identity Shield or at least the Web Threat Shield > Search result annotation feature.

 

I see one of my suggestion still wasn't implemented... Shortcuts, mate... shortcuts for the sandboxed applications. Within the feature itself, where we could save shortcuts by categories... or something like that. Also an option to add in the Desktop.

I'd hate to have to write the same commands all over again.

Can you also find out when the sandbox feature (SafeStart something... I forgot the full name lol) will allow an allowed process (allowed by the user) running with a lower integrity level to save a file to a medium area level (while still retaining the low integrity level, of course)?

I haven't actually tried it, but from past talks, I think such wasn't possible.

It would be great to have a low integrity level applied to the web browser process, and have SecureAnywhere as a broker process to allow me to save files to a folder running with a medium integrity level, for example.

This way I wouldn't have to change a medium integrity level folder to a low integrity level folder, retaining isolation.

Sandboxie allows me that. I'd like to see SecureAnywhere to also allow it.

I mean, considering that the sandbox feature already works with the integrity levels, I believe it makes sense to evolve it a bit.

-edit-

By the way, regarding the file system and registry virtualization, why not make use of RunAsInvoker while something better isn't implemented? Any file system or registry change would happen in a virtualized file system and registry and not in the real ones.

 

I agree All of these are very good suggestions - we do intend to implement the shortcut ability and logic to support saving/interacting with the outside "world" when within the sandbox. This is still very much under development and will require some time to implement but it is on our roadmap.

Let me know if you have any other suggestions!

 

I think that the ordinary users should be given a warning before using the "Safestart Sandbox".

You could potentially get infected and at its current state, you get the impression you're perfectly safe running any application with the default settings even though you're not.

 

We will be including this in the documentation. Indeed it, and every other sandbox, is conceptually imperfect but we have tried to make sure the defaults fit well with what users would expect to see. If you're seeing something specific not working correctly, could you send an email with a sample to report@prevxresearch.com?

Thanks

 

I will eventually test the feature along with Sandboxie and see how it works out. I've only tested it with one malicious file so far and it seemed to work fine. WSA detected it with its heuristics/behavior blocker only 3-4 seconds after Safestart. Great engine! 2 minutes later the file was detected as malicious by cloud.

 

There's actually one more thing regarding the integrity levels, but I still couldn't find any documentation whether or not something would be possible.

When you apply, say, a low integrity level to an object/container, nothing "within" those low integrity level objects/containers can raise the integrity level to medium/high. Unless there would be some kernel bug, I suppose. Let's hope not.

The problem is that objects running with a higher integrity level can raise a lower integrity level to its own level. In other words, a medium integrity level object can raise a low integrity level object to a medium integrity level object.

Imagine I have my browser running with an explicit low integrity level - which I have. The browser is placed at Program Files, so medium integrity level objects can't access it. But, if I run some application (say, an installer) with administrative rights and it starts the web browser, it may start it with the same integrity level, or in other words, a high integrity level.

I'm wondering if it's possible to have SecureAnywhere to monitor anything trying to execute the browser (I'd have the browser's process protected by SecureAnywhere) and prevent this installer/whatever from giving a high integrity level to the browser?

I guess one way could be to ask the user whether or not he/she would want to allow such action. But, in the event the users do allow, I'm wondering if it would be possible to prevent the browser from inheriting the installer/other application high(er) integrity level?



P.S: I mentioned the browser, but it could be any process that I'd want to stop integrity levels from being modified, even if only by temporary inheritance.

 

This is indeed a good point and we've considered the implementation of something along these lines as well. The problem lies in that the OS prevents you from changing the integrity level after a process has started, so WSA would need to intercept and take control of a process being started. This is certainly possible but it has some compatibility considerations which we weren't too keen on potentially breaking in the initial release.

WSA has been built primarily as a framework which is highly extensible so you'll see a lot of exciting features in the future even if we don't get them in this initial release