WSA v8.0.2.79

Discussion in 'other anti-virus software' started by Macstorm, Dec 14, 2012.

Thread Status:
Not open for further replies.
  1. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Webroot has updated it again to v.8.0.2.79

    No changelog yet.
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Something changed for sure. I now see a green lock. Which is odd because with sandboxie the identity shield never worked. This is the first time I saw a lock green or otherwise. They must have added compatibility with sandboxie or maybe sandboxie added WSA. Not really sure but I'm happy that it seems to be working now.
     
  3. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    812
    Location:
    255.255.255.255
    I also noticed a green lock. Good to see improvements :)
     
  4. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Evening ! The Lock...The Green Lock...Boss ! Tatu...Lol...it's a Lock. Sincerely...Securon
     
  5. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    For the first time we are noticing slowdowns with WR.

    I tested that and calculated a good 13% drop in raw disk IO (on 550MB/s SSD drives). That's pretty significant. That's not even accessing files, that's just accessing sectors directly using drive performance tests. That's not all that great, and in fact higher than others claimed to be "performance pigs". WR performance difference (on raw IO, not even accessing files) 13%, the bane of this list due to "performance" problems Kaspersky is less than 1%.
    You can test the results yourself if you like.

    Anyone notice fileIO slowdowns creeping up with WR?
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    WR is what? I cannot see any degradation on performance with WSA. You probably need getting your applications whitelisted. Check with support.
     
  7. Senhor_F

    Senhor_F Registered Member

    Joined:
    Oct 18, 2012
    Posts:
    54
    I've noticed a bit of sluggishness here, too. I sure hope it's not because I adjusted the heuristics to medium. Ugh, seems like one thing after another with this 'set it and forget it' software.
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I haven't noticed any slow downs with the now v8.0.2.85 but if it's a concern post in the Prevx forum.

    TH
     
  9. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Also one customer reported random 'slowdowns' (sometimes nearly 30 seconds) opening complex script software. He disabled WR, and the problem went away. I've switched to Bullgard2013, and will migrate my WR license over to inlaws/relatives for the remaining months. I will re-evaluate WR in 1195 days, the length of my BG license. My primary issues with WR were/are;

    1) IO slowdowns(noted above)
    2) Erratic web monitoring. For example sometimes the same site would flag, other times it would not.
    3) Mediocre HTTP scanning. In a year, WR has flagged only 5-6 websites during that entire time. In just a few hours BG flagged half a dozen, which is what I would expect as they were malware domains.
    4) Infections still possible. I managed to get an infection on a test machine where it ruined a few boot files. This was after the file was flagged as a threat. It caused me some alarm because that shouldn't have happened.
    5) Controversy over Rubenkings test. Apparently a WR employee(or former one) said they 'gamed' the test, engineers were working in realtime to fix the threats on his test machines. The person stating this seemed to have a good handle on the inner workings at WR, and Rubenking said it was 'suspicious' the way WR functioned.
    6) WR pulling out of some tests, is this true? Seems it has disappeared from some of the common test sites lately. I have heard it was requested to be removed, but cannot say this is true. But it's curious at the least.
    7) Strange, often questionable marketing. VERY aggressive marketing turns me off. Booth babes are fine, but the strange antics they perform seem really off color. Also, seeing WR at the top of every google search, or on random videos, and other places gets a bit old. I know they are a business, but whats with the cheap gimmicks? https://www.youtube.com/watch?v=tbrXnJAUtRU REALLYo_O?

    Also, it concerns me that there seems to be a sort of advocate system in place. Where dissenting views are squashed pretty quickly by what would appear to be paid agents of some type.(shills) I always sort of question software that this happens with, it's not a pleasant thing to see. I am not accusing WR of this, I have no evidence, but to the casual observer it seems odd.. Shills, or fanois annoy me to no end because they ignore virtually anything negative, and blindly follow a single product without evaluating anything potentially better. I think they discourage serious evaluation of products out there with folks that don't want to be subjected to this.

    I am skeptical of US-Based security products due to the rampant loss of privacy in this country, and acknowledged state sponsored trojan development. Stuxnet was found by VBA32, and was literally ignored for years by US security firms. Why? Some testers have reported state sponsored threats not showing up with US scanners, but Chinese ones find them. I have read Kingsoft readily detects some of them. Frankly, I want something to pick up my corrupt govt's trojans. Does WR have ties to the US Govt? I have read they were working on contracts with the Department of Defense, is this true? Some transparency should be out there in terms of these clients.

    Finally, Bullguard detected a trojan on my VERY secure computer. It was a trojan installed with a paid, legitimate game from a well known website. Yet this trojan sat on my PC for months (and dialed home), and Webroot ignored it. I'm actually pretty furious with that. I left Bullguard on last night, and that handy little trojan tried to dial home and was killed by BG.. If WR can let this little lovely sit around, and background process on a highly secure system, I question it's effectiveness. THREE MONTHS this thing was dialing home, keeping in mind it was part of a game purchased honestly. I don't care if it is sending usage data, it's a trojan and WR should not have allowed it.

    http://www.anony.ws/i/2012/12/15/51snQ.jpg

    Webroot is a fine product, but I think it needs quite a lot of improvements. I am thinking perhaps another year or two of good strong development is needed, I consider it a beta product as it sits. Make of that what you will.
     
  10. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Is this the same 'trojan' that is 'missed' by 76% of AVs including Avast, Dr.Web, Mcafee, Microsoft, Eset, Panda, Sophos, Symantec, Trend and VBA?

    http://r.virscan.org/88a0d596e514b0f29a87b18e0a37bf1c
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    There shouldn't be any performance differences with this build but we'll investigate to see what could be causing it. In the meantime, it would be helpful if you could write into our support inbox and send in logs for closer investigation.
     
  12. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    No idea if that's the same one, how can we tell? However webroots protection mechanism should alert to dial-home type of behavior from this type of file. BG found it not with the firewall (which it also did) but with actual behavioral analysis within the program. In otherwords 'this program shouldn't be dialing home at 4am on an unattended pc'. I think WR really needs to improve in some areas, and this is one.
     
  13. THIS. Sorry but some of you need to take off the love shaped spectacles and analyze the product for what it is. A good product that doesn't work, I like Webroot but it needs to step up with it's detection rates, also the identity shield is well crap. It does not work the way Webroot says it does.
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    As far as I can tell, this looks like a false positive, but please send in logs so that we can determine more precisely.

    "Shouldn't be dialing home at 4am on an unattended pc" doesn't mean it's malicious. Most software intentionally tries to update at odd hours so that they don't interrupt work (i.e. Windows usually updates at 3am, and even Webroot usually will update at 4-5am). I agree that every application can always improve, but I don't think showing prompts when applications try to update is a good idea (although you can do this if you choose by changing the firewall configuration options within WSA).

    I'm curious as to what poor detection rates you're referring to? If you look at AV-C's latest realtime tests, our realtime protection is extremely strong. AV-Test is also showing the same. The Identity Shield is extremely strong and blocks all known real in-the-wild malware from stealing browser data and is constantly being improved further (it's now even compatible with Sandboxie).

    I'm all for constructive criticism but I stand behind our product.
     
    Last edited: Dec 16, 2012
  15. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Yet another update: v8.0.2.85

    Just out of curiosity, anyone else experiencing issues with right-click scan? It's not working on my rig atm o_O
     
  16. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    818
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Discussions about "how crap I found a product and how good I found to be another one" are rather suspicious... :cautious: What I can see here is a false positive from BG, paranoia on WR (WSA?) and US Gov accompanied by some conspiracy theory dressing. All in all not even good for a cheap Hollywood movie :D
     
  18. chabbo

    chabbo Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    370
  19. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    419
    Same here.
     
  20. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
  21. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Let me make something clear, I think WR is a fine product, it works. It has blocked numerous threats on my kids PC's over the year. It's fast, light, and reasonably effective.

    I posted why I had issues with it, which is an opinion. However missing what appears to be a known trojan, allowing it to consistently dial home, is where I draw the line. However if I had dialed up the FW to nag-levels, this would not have happened, however the trojan would still be on the system. Potentially a false positive, but oddly enough the game works fine with this removed.

    Also, some of the updates seem to be inconsistent, and sometimes seemingly cause issues with the product. The I/O hogging aspect is pretty serious for me, but we note there are a few things broken in the most recent update. I think the quality control needs to be beefed up at WR. A major problem was, it just doesn't seem to block enough sites that should be known in their malware database. Fake porn sites that have been around for a couple years downloading fake flash have never been caught by it, but Commtouch(through Bullguard) nailed all of them. No product can detect everything of course. But another issue was we noticed 'sometimes' it would flag a site, and other times it would not flag the same sight. This varies between machines in testing. On one machine next to me it flagged a site, on my machine it did not.. Same default settings.. What's up with that?

    WR hands down would be the fire and forget product I would install on friends/family computers, and potentially clients. It's so light and friendly, you cannot go wrong. But for my home it's not a good fit, I want more power, I want better HTTP protection from malicious websites, and I want a robust signature based on-demand scanner. My clients and family LOVE the product, and I agree with them on the important points, they are not on high risk boxes so it's a perfect fit. At $2-$3 per license on Ebay, it's a product I will continue to install for people.
     
  22. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    A vs B is what you are doing here... BG is detecting more than WSA. These posts have no future and brings no added value aside from attracting other posts reporting the contrary or just asking for more evidence as the report on a file, a flash, a porn site, a trojan are, to say the least, a bit vague... and the waste begins. If you really are serious about it and want to improve the product then you should report the issue and your detailed findings to the developers of that product rather than announcing that you found a better product. ;)

    ... and good luck with your WR license on Ebay at $2 :D
     
  23. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    As noted, I am not selling my WR license, I am migrating it to family. I only paid a few bucks for it.

    A few additional things WR should do IMO.

    1) The cleaner needs to be enhanced. It only does IE and a few other things. BG has a very strong cleaner, at least as good as CCleaner in some cases. It does all browsers, and it cleans up and defrags the registry. WR's cleaner is nice, but too basic.

    2) WR I believe would benefit from a nice vulnerability scanner. BG has one provided by Secunia. It accesses Secunia repositories for safe 1-click updates. It found 'multiple' outdated software and drivers on my machines, and fixed them. This is an important security feature, WR would benefit.

    That's about it.. WR was nice, I think it needs more, I will check back in 3 years with it again.
     
  24. Senhor_F

    Senhor_F Registered Member

    Joined:
    Oct 18, 2012
    Posts:
    54
    I'm experiencing performance differences here. It's especially noticeably when web browsing. Video's take longer to buffer and Chrome just becomes sluggish after using the browser for a bit. Seems restarting the os refreshes things but I encounter the same cycle of sluggishness.

    I'd be happy to upload any logs you want here in PM or whichever you prefer. Let me know what to do. Thanks.
     
  25. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you can write into our support inbox, they'll be able to collect logs from you to diagnose what's happening. Send me your email address by PM so that I can track the conversation and help out.

    Thanks!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.