Wow! Look at WSA at AV-Test

Discussion in 'other anti-virus software' started by trjam, Mar 23, 2012.

Thread Status:
Not open for further replies.
  1. STV0726

    STV0726 Registered Member

    I just watched yet another YouTester in French testing WSA (version unknown) and he threw 20 links at it. Several of the links failed to deliver, and he marked that down, but then he forgot to reduce the total when he gave Webroot an "overall score". :rolleyes:

    As for performance, Webroot *appeared* to do well in this guy's "test", and the 3 or 4 files that Webroot didn't block seemed to be grayware...perhaps spyware worst case. To put it in Microsoft terms, they seemed like "low risk threats". Needless to say I am sure that they were all in Monitor mode, without a doubt. ;)

    Another guy I watched paired Webroot up against Panda Free (I hate comparison videos, by the way) and his test comprised (solely, if I recall correctly) of having Webroot and Panda Free each scan a folder packed with executables he deemed as "malware"; though he likely did no verification of these samples.

    Panda Free got lucky and caught more upon a quick right-click scan, but as some of the reviewers pointed out, his test was flawed because the threats were dormant and not even trying to execute.

    So at the end of the day, I do watch YouTester stuff from time to time, but it usually angers me. I do enjoy Matt Rizos's videos as I find them entertaining and, unlike the others, he has mentioned that he has verified his samples prior to doing the test. And, let's not forget that he, also unlike the others, has a lot of IT experience and runs his own malware remediation business. Still though, it's mostly for entertainment, as I like seeing the GUIs of different products and how the user can interact with it.

    But going back to Webroot, they're doing everything right. Just keep it up.
  2. ams963

    ams963 Registered Member

    that's so true :thumb:
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Indeed, and even if your AV keeps scoring great, they can still make their new release more bloated or very buggy. Then you could of course stay with the old release, but then you're stuck on an outdated engine, especially when you got a 3 year license. And I don't care that much for the multiple year discounts either, as there are often much greater discounts or even free licenses posted on Wilders quite regularly.

    Matt is the only decent YouTester.
  4. Legendkiller

    Legendkiller Registered Member

    unfortunately WSA detected nokia ovi suite as infected and i allowed it. and also it seems firewall doesn't have many settings.
  5. CogitoTesting

    CogitoTesting Registered Member

    Now could you recommend what those youtube testers should do in order to improve their testing credentials?

    To me I trust those youtube testers more than any big name testing organizations for the following reasons:

    1) The youtube testers, as far as I can tell, do not have any financial rewards to gain from the products that they are testings.

    2) Those tests are all visual, thus the youtube medium, you spot their mistakes and provide some constructive feedback.

    However, those testing organizations just publish a report and tell you what products did well and the ones that performed poorly in writing. How do we really know what they wrote is what actually happened?

    In conclusion I mostly trust youtube tests more than anything else.
  6. STV0726

    STV0726 Registered Member

    I'm going to try my best to say this without being offensive or coming off as an all-knowing expert, but...

    ...You're dead wrong. I really believe this all needs to be said. Sorry for this lengthy post, but this is essential.

    I try to keep an open-mind, even with scientific things...but if there's one thing my mind is growing increasingly narrow on, it's YouTesters.

    These are my justifications:

    1. You'd think the visual aspect helps, but it doesn't. I find most YouTesters lack transparency severely. You have absolutely NO idea whatsoever what they've done prior to starting the camera. Also, they can stop the camera and resume it without you even noticing thanks to advanced screen recording software. Also, a lot of YouTesters do what they call "zero-day execution tests", which are meaningless because viewers have no clue as to if the samples are even authentic malware. Just because a program pops up in Russian, doesn't mean it is malware.

    2. Most YouTesters without naming names sound like 18 year old punks having their senior year in high school thinking they've found their niche online. Some of them even have delusions of grandeur. Have you seen some of their intros and theme music for their videos? Good lord. Point being: they are NOT professionals of any kind, let alone IT/networking/security professionals. Yet they are sort of assuming the powerful role of a professional - trying to deliver results that which are to impact your opinion on a product's efficacy. Security software is crucial in today's world and delivering authentic test results should NOT be left in the hands of punks on YouTube after "fans".

    3. Beyond that, to suggest that they have no financial gain is also incorrect. YouTube eventually pays you to post videos if you get popular enough and essentially become a video veteran. Also, these are individual testers, not professional IT personnel, and this is evident by the fact that they often state continuously they have a preference to a particular product, which also makes their tests non-reputable. Additionally, YouTesters could not make it any more obvious that they are mainly after views and subscribers. It's a pseudo-industry full of obvious, extrinsic motivators that without a doubt have an impact on their priorities. And, their priorities are certainly NOT conducting regulated, proper tests.

    4. Why do we need to keep re-stating this rudimentary concept? VirusTotal, HitmanPro, and Malwarebytes' do NOT guarantee a file is malware or not, NOR can they guarantee a system is clean. Yes, they seem to have indeed been proven to be effective "second-opinion" tools, but they are by no means absolute. No product is. This should go without saying. Even bootable environment recovery products like Dr. Web CureIt, which is especially effective (as Matt Rizos proves - and he IS a professional) cannot guarantee a system has been fully cleaned.

    5. In addition to the above flawed mentality with absolute trust placed in those products, a lot of recent YouTester punks place what seems to be 100% confidence in Comodo KillSwitch to be able to tell whether something product X missed is malware. Comodo consistently is rated (I'm sorry - it's cold hard truth day) crappy by 3rd party, known-reputable testing bodies. Their CEO ended up fighting with AV-C. Off-topic, but make what you will of that. I have a lot of respect for Comodo, but they are FARRR from the level of quality needed to be a malware analyst tool. No surprises here either - this should be common sense for you.

    6. Not to restate and harp on what LowWaterMark has already said perfectly, but VirusTotal is NOT NOT NOT a malware analyst tool. Using VirusTotal does NOT NOT NOT verify your samples as authentic malware. Going further, VirusTotal is a good way to quickly check how other vendors are responding to file X, but whether that means file X is authentic malware or not is a different story. It really depends - I suppose if a lot of vendors detect it as malware, it can be inferred (and perhaps is reasonably likely) that it is somehow malicious. But inference is DEFINITELY NOT something that belongs in ANY type of scientific test following the scientific method. You use inference skills when reading a story and you want to guess what's going to happen next; NOT when doing tests that have a potential to lead or mislead many individuals into using one product versus another. Again, common sense.

    7. To establish just a fundamental, minimum level of validity, reliability, and reputability (V.R.R.), the YouTester would have to at least make a fully detailed video outlining their testing procedure, and how he checks to ensure all samples are truly authentic malware (be it spyware, viruses, etc.) BEFORE he publishes any testing videos. The tester could do this using a virtual machine by analyzing changes that occur when each file is ran. He could use logging software and other tools to see what's happening. Alternatively, he could perhaps use something like a sandbox analyzer as well. All of these require skill though - skill that YouTesters in general, (well actually almost all of them) most likely lack to an epic degree. It makes my chest hurt and my eye twitch when I see a YouTester pulling "malware" right from Malware Domain without any verification at all (and there are MANY that don't even check with VirusTotal) and then they globally advise people against the said product. Then I clench my fists in anger as commenters join in hate against a product and give this idiot punk more views and likes to keep fueling his fire.

    8. You need to have something written down formally. Even a video should be released with a PDF report outlining the test procedures and assuring authenticity, groups of samples used (I will touch on this more next), etc.

    9. Most YouTesters clearly don't verify their samples as I have already stated. That is obvious to the most casual observer. But even worse, they often (almost always, sadly) don't bother to differentiate between types of samples. First, they don't even make mention of what type of malware the file is supposed to be (spyware, worm, etc.) Secondly, they don't document what they mean by "zero-day". Zero-day should mean zero-day. They sometimes save them and end up calling them "zero-day"...days Moreover, they don't bother to group samples by if they are on the wild list, are X # of days old, their prevalence, etc. All stuff LowWaterMark has already said time and time again.

    11. For a final, catch-all reason...errors and mistakes in the video, counting samples that were broken, starting a test stating there will be X samples but then there is only Y, flawed logic and methodology due to not being educated (disconnecting the virus database then expecting product X's heuristics to catch dormant, zipped threats from a right-click scan), using incorrect terminology during the video, using Microsoft Notepad to narrate (amateur, man), failure to understand and become sufficiently acquainted with product X to be able to judge it fairly, bias to a particular product, FUD spreading, intentionally doing things with the product that the vendor doesn't recommend (i.e. Canceling cleanups or protective scans), failing to reveal how the product did overall in summary until the end of the video or sometimes not even at all (forces you to watch entire thing for their view statistics), failure to clearly explain how they set up the product (sometimes they mention they only changed notification settings from defaults but that isn't specific enough - document everything!); these are just SOME, yes SOME of the reasons YouTesters are a big fat joke...

    I cannot say it any clearer: YouTesters are a corruption to the industry overall, and are completely unregulated. They are a lot like buying illegal prescription drugs. It may be what you want to take. Maybe inside the capsule is half drug, half sugar. Maybe it's filled with horse dung. Who knows? It's unregulated! I compare it to this because there are people that will not trust real pharmacies because they hate the medical industry. Silliness.

    It is not my place. I am just a user. I get that. But I am passionate about this topic and I feel too many people still get away with misleading others on here and I cannot stand it.

    The bottom-line is this: the effort required on the tester's part to conduct a proper, scientific test makes it not worth it for the YouTester punks, since this said YouTester is only after fame essentially.

    There are lots of things in life you cannot and should never take at Face Value. YouTesters are an example of this.

    You can take Phil Collins at Face Value, though. :)

  7. CogitoTesting

    CogitoTesting Registered Member

    Well of course you are entitled to your own opinion. However, I have no way to view or verify the testing companies tests' results. How do you know that they do not use themselves broken samples? How do you know that everything that they do went according to plan? Do you believe and thus accept as fact everything that you are told or read?

    Testing companies never proved anything, there is no third party verification of their methodology nor of their results. The worst part of it all is that they have people who actually believe everything that they write as if though such a wirting was a Gospel, a Torah, a Qu'ran, a Bhagavad Gita, or an Analects of Confucius. In other words God's words within the testing industry.

    Well, not me, as long as there is no third party verification and if I cannot see nor verify their end-results; thus I will not believe in them. I will believe however, in my own.

    P.S.: Who is Phil Collins anyway?

  8. STV0726

    STV0726 Registered Member

    Again, no offense intended, but this is NOT an issue of're wrong.

    The major, accredited reliable testing facilities operate in accordance to standards set by organizations, primarily AMTSO. They are therefore obligated to deliver authenticate, valid, and reputable results.

    Furthermore, as a part of these standards, the major testing organizations always verify their testing bed of samples to make sure they are all in fact true malware. Additionally, they sort them for use in specific types of tests (spyware vs worms, for example) AND they make sure if they say "zero-day", they mean zero-day for sure. It is also important to distinguish malware on the Wild List (which all AVs should catch 100% of) between other classifications of malware based on time it has been out and about. A good example of this is AV-TEST, which has clearly defined the 3 time-based categories and scores products protection accordingly.

    Please be aware that I am NOT trying to suggest YouTube reviews are meaningless. Come to think of it, they are probably the best way to get a feel for a product without installing a trial. But YouTesting on the other to no value as none of them really take the time to do it right...and I can't stress this enough: when it comes to independent scoring of the products of others, the validity and authenticity of the tests should be the #1 priority.

    It really is not a matter of opinion. YouTesting and other homegrown malware tests hold little value, and according to LowWaterMark the posting of such URLs/reports is a violation of Wilders. It may sound harsh but any effort to prevent unneccessary FUD is a good move in my book. :thumb:

    P.S. If you truly are so convinced that homegrown testing is so believable, take confidence that in my meaningless "test", Webroot SecureAnywhere killed 100% of all 10 "samples" I threw at it, which again means absolutely nothing. :)

    P.P.S. Phil Collins is the former legendary drummer and then lead singer of classic progressive rock band, Genesis. In the early 80's he started doing solo work and released his first album Face Value, which introduced the famous "The hurt doesn't show, but the pain still grows, no stranger to you and me DOO DOO DOO DOO DOO DOO DOO-DOO-DOO-DOO, I can feel it coming in the air tonight..."
  9. Legendkiller

    Legendkiller Registered Member

    sorry it was nokia suite help file it caught...Image
  10. CogitoTesting

    CogitoTesting Registered Member

    Wow, this is peculiar to the superlative...very much of an oddball, really. Anyway, let's say that we all have our own opinions and let's leave it at that.

    P.S.: No further reply necessary.

    Last edited: Mar 27, 2012
  11. gery

    gery Registered Member

    it did the same to my machine
  12. ALiasEX

    ALiasEX Registered Member

    Does that 18mb ram include performing quick/full scans or something? I can name a few that use less than 18mb of ram with day to day use.
  13. pegr

    pegr Registered Member

    FWIW, Process Explorer normally reports the combined Working Set for both WRSA.exe processes on my system as being between 2MB and 3MB.
    Last edited: Apr 2, 2012
  14. Atul88

    Atul88 Registered Member

    i really liked WSA..few days ago i tried it & my pc won't shutdown :eek: :eek:
    even after 30min...
    it always hanged at the shutting down screen:blink: :blink:
    i guess it didn't like me!!!:( :(
  15. pegr

    pegr Registered Member

    Are you on Windows XP and do you also have AppGuard installed?
  16. STV0726

    STV0726 Registered Member

    @the guy with a cool rocking out smiley avatar: Your best bet is customer support at They'll get you up and running quickly.

    @the MB confusion: Sorry...I was looking and referring to the wrong number.
  17. Atul88

    Atul88 Registered Member

    I am running Xp SP3
  18. pegr

    pegr Registered Member

    All the reports I've seen of this have been on Windows XP SP3. In my case, it is a conflict with AppGuard that causes Windows to hang when shutting down. If WSA is running without AppGuard installed, the system shuts down normally.

    In order to pinpoint the cause in your case, you would need to perform some additional investigation to see if there is a conflict between WSA and another application on your system. Even then, it won't solve the problem but it might give Webroot Support more information to work with.

Thread Status:
Not open for further replies.