Webroot

I saw a similar thread topic a few weeks ago on "Avira" by the same person....makes you wonder.

 

I keep hearing of anecdotal evidence about a friend been infected using WSA. But most of the time it ends up with: "sorry I have no logs", "I have removed WSA", "… I have solved it with something else", "I am not available for a remote session" …etc… or finally don't bother to come back again with some info. Excluding geeks here trying to get infected on purpose, there is little been provided by users to support the claims of a below average protection as compared to other products. On the contrary, you have many stating the opposite.

My experience is, based on several machines used by mostly IT security illiterates, users get actually infected (mostly PUP) but as they get infected they also get cleaned by the tool. Sometimes the maximum I need to do is to go the WSA console and force a cleaning command. That’s it. For stubborn cases of users that keep getting infected, it was enough to set the protection level from the console and not let users deciding.

 

This is clearly a sign of our modern times unfortunately.
There is no security solution that will protect these wreckless and careless users and it makes the job of the security vendors that much more difficult when they have to try and protect such infantile browsing habits.

It is not just malware which is increasing but also the level of mindless user habits which seem to be ever increasing.

 

I look forward to seeing WSA tested in a way that allows the product to show what it can do (and what it can't do).

I noticed that Windows_Security (the dude, not the concept) thinks highly of WSA. And that dude knows what he's talking about.

 

Because it has a lot of apple like fanbois.

 

WTF is a legitimate user?
AND yes they do.

 

Just read it.

TH

 

okay here is my personal webroot story and why i carry it in our shop, PLEASE NOTE I AM NOT compensated AT ALL by webroot i was NOT given these keys for testing i purchased them all while it was at wholesale cost i still bought them out of pocket.

i have somewhere around 3000 clients at any given time sometimes a few less sometimes a few more. i keep my available av offerings low usually 3-4 at most. this keeps things easier on my end due to not having 20 variables to deal with. i used to deal with others who i dropped as a example one was nortons. regardless of what people think about it it just was not working out for my clients. i had many call backs from things getting through or issues with the program etc. im not singling out just nortons here there were others like this also just as a example. i tried wsa and liked it and i learned i could get webroot from one of my software distributors (who i also get others through) and decided to do a small test group. i ordered in 24 copies and installed them on clients pc's and these were ones that i often had come in telling me they were re-infected. well to put it simply i had no calls after a month. i decided to check in with them with the thinking maybe something had gone terribly wrong since i never heard from anyone?? nope all was well. in order to get the free lic's from me part of the agreement was to bring the systems back in so i could manually go through scan with some other tools and check them out. nothing. all were great. i went ahead and let another month go by. this time i added another 12 clients (please remember i DO NOT GET compensated by webroot and i BUY all of these lic's used for my testing).

these 12 new clients were some of my worst. not bad customers but bad "surfers" always having infections. in fact one was my own mother in law. she was constantly getting infected with the previous av's mostly from facebook junk(i will not name who because i do not want this to be a "a vs b") but they were major players. this time i had one single person call me out of 36 and when i spoke with them they said i know your going to be upset because i allowed it to run but im infected. also my own mom is now on webroot on here 3 computers as well as her office computer.

longer story short i think i have over 300-400 people on webroot now and honestly i almost never hear from them. which is good and bad for me lol. great because they love not being infected. bad for me because no $$. but having my clients not become infected is more important to me. if this is not a real world test then i dont know what is. it is still not my most popular av used but its getting there.

 

The problem with this is understanding what's actually meant. How would one know if they were infected if said AV didn't alert on it? (Presumably by installing an alternative AV and if detection occurs, you believe you're infected.) When you say infected, are you saying the AVs in question didn't detect?

I often test other AVs, and, like with Webroot, I can say I've not been infected. Yes, I've had alerts and dealt with them. Some users just don't know what to do with such popups. When we say we've not been infected with Webroot, or any other AV for that matter, is that because we prevent the infection at the point it is detected? 18 scans so far with current version of WSA and no infections on my system; several scans with others and same result - no infections.

Another point is some AVs detect java exploits and iframe script viruses. I've had alerts on those with other AVs so have I been "infected" or was that a "detection" and action needed to prevent the infection? (I note Webroot doesn't alert on this type of detection by itself, but if malicious content is on a web page it should alert the user.)

I'm only making these points because there are users, including myself, who say they are rarely infected, and I think it's good to be clear on the terminology and the reasons why.

 

The common indicator of "infected" for us is "OMG, the computer is doing something bad!" (FBI warning, playing commercials over the speakers, not-working right, sending me to evil pages every time I Google something, etc). As security professionals, we're also intelligent enough to realize that another AV saying "OMG Infected! Look! A dozen .js!!!" doesn't hold any water when the JavaScript exploit was from five years ago and is patched on this system.

We also take "Is something not-poking the user and just hiding?" into account.

 

exactly, she would call me (just like most any client) saying something is strange, or there is this pop up saying i have 3000 virus (a rouge) or that the system is just incredibly slow and she cant do anything, the browser redirected etc etc. all signs of a infection, there are cases of something hidden that a normal consumer would not see this is the exact reason i asked them to come in for me personally to check the systems out just in case. ive been at this a LONG time and have seen almost everything i can imagine from clients and family

 

I agree these are situations that have happened to people, and there is evidence of that in these forums and elsewhere.

I've yet to experience the pop-up telling me I have x-number of viruses, and some of the other things you mention. I often wonder what is it I'm doing/not doing that these other users are, and I don't consider myself to be a totally tech-savvy person.

You mentioned Facebook in an earlier post. I tested it a while ago as an experiment, but immediately locked it down via the privacy settings. Neither WSA or any other AV alerted me to anything on there. Admittedly, I didn't install any apps or agree to any being pushed to me; those that did, I blocked.

I guess it boils down to where you go, what you do and what you click on.