SE Labs - Consumer Product Test - April - June, 2018

Discussion in 'other anti-virus software' started by itman, Aug 3, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Kaspersky's System Watcher feature has like capability and it is always one of the top scorers in AV labs tests:
    https://support.kaspersky.com/9101

    Appears the AV Labs classify such activities as remediation and not protection activities. If Webroot does such activities automatically w/o alerting or recording via event log, the malicious activities is where they could get dinged by the AV labs. Note that in the AV lab dynamic tests, usually detection within a 24 hour period is considered positive detection. Such is not the case in the realtime tests.

    Also and notable is the elapsed time from initial infection to rollback mediation. If for example this was malware injecting the browser to capture your banking credentials, rollback processing is useless in preventing that from happening.
     
  2. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    system watcher reacts in a very short period of time(seconds), meanwhile webroot can take up to days
    i don't understand how people can accept this way of dealing with threats from webroot's side...
     
  3. guest

    guest Guest

    indeed.
    so do i...
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Webroot's low scoring was due to it only scoring 1/25 in the advanced threat category. Webroot's explanation for this was script and exploit protection was not included in the version tested. My questions are:

    1. Are these new protections recently added? This means prior versions of Webroot are very seriously flawed.
    2. The assumption is that all the advanced threats were script and/or exploit based. Whereas its fair to assume a number of the test samples were such, one can assume a number of the samples were not.

    In any case, it is also time for Webroot to hire any army of testers to game the next test. It appears to me, the current hot job opportunity in the IT security field is AV lab game testing.;)
     
  5. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Exactly, well said.
     
  6. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Fascinating post by Inspector Clouseau—also, the article referenced by @bellgamin in the first post of that thread. That was back in 2007. I wonder how AV testing organisations have evolved since then?

    I've seen the rejoinder here (a few years back now) that that would be because Webroot has a smaller customer base. I don't know what the size of Webroot's customer base is compared with other AVs discussed here so I can't comment on that point. But what I do very distinctly remember is that back in 2011/2012, when Webroot transitioned from its old AV to the Prevx-based AV that it now uses, one employee remarked how the incoming support phone lines and email inbox went eerily silent.

    That certainly tallies with my experience: https://www.wilderssecurity.com/thr...on-update-thread.364655/page-149#post-2768581
     
    Last edited: Aug 5, 2018
  7. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    My understanding is the new script detection was released 12 July with version 9.0.21.18 but had been in beta since build 9.0.21.15. According to the beta release notes, WSA had "basic script protection already but with this script shield feature we are adding a layer that can help protect against obfuscated file content that was not easy to catch earlier."

    (SE Labs used builds 9.0.19.43 through to 9.0.20.31 in their testing.)
     
  8. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    Seems like there is an excuse every time Webroot performs at a substandard level. I have used Webroot since 2011 and bugs and excuses have driven me away.
     
  9. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    Testing shows the same thing with malwarebytes but find me a sysadmin without that piece of software in his toolkit.
     
  10. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Well, Malwarebytes wasn't initially design to be a primary security solution.

    Webroot, however, is. At least that's what I think they have been promoting themselves as for a very long time.
     
  11. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    My understanding is that that so called "excuse" was a footnote in the AV testing organisation's report. And Webroot has always tested mediocrely in most AV tests.
    A clear example of YMMV. Personally I did experience a big problem with FPs emanating from the Web Browser Extension for quite a while (±15 month perhaps?) that was resolved now some time ago. But as you can see from my other posts, Webroot (and previously Prevx) has done for me, and for 12 years now, what other AVs failed to do—protect my back 100%. However, as I say, your mileage may vary ;)
     
    Last edited: Aug 5, 2018
  12. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    Well they both have the same sort of image issues. Go to spiceworks and look how they talk about Webroot. They need a product that works for humdrum users, not cave dwelling on the spectrum people biting their nails about perfect security.
     
  13. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    For completeness, how would you describe WSA having protected your back? I know we have had a similar discussion previously but it may be useful for new onlookers to understand.

    When a user says an anti-malware product has kept them safe, do they mean that product has successfully detected any malware infection and alerted them? Or does not receiving any alerts gives the impression they have not come across any kind of malware? Is this a true measure of a product's effectiveness? Or is it more likely down to what one does online, as I have mentioned a few times before?

    I'm currently testing another product which still shows zero infections in its logs. I occasionally run on-demand scanners giving the same zero result. I've even thrown OS Armor into the mix but it isn't showing any blocked processes in the GUI. I may remove that program as I did with Sandboxie as I don't think it's needed for me.

    Some might argue there could be a placebo effect in play but I still think a lot of what is necessary to use depends very much on what you do online and how you do it.
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    In my opinion if the security solution is doing its detection job properly, all malware should be detected prior to or at the latest at download time. As far as a never before seen real 0-day, it will probably slip though most of the AV products out there. Thankfully due to the high cost of this type of malware, it almost always is employed against high valued targets. As such, most home users will never see one of these buggers.
     
  15. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Thanks, @TonyW

    Briefly:
    1. I have from time to time been alerted regarding detection of malware.
    2. More recently, I have only been alerted that a webpage is unsafe and therefore blocked (Better that way as there is no need for Webroot to spend precious time cleaning up a malware, and/or doing a scan or scans to check that a malware it has blocked has not left something behind. Prevention better than cure ;))
    3. I used to do third party scans (Kaspersky, BitDefender etc.) from time to time to get a second opinion but as they never came up with anything, I eventually got lazy and have not done so for a few years now (perhaps I should :doubt:)
    4. As I said in a previous post, the day I changed to Prevx, the difference was night and day! Before then, I had found myself infected every 6 months or so and having to call in the IT technician despite having AV protection—AV protection, although it was different reputable names (I tried one after the other), didn't seem to be very reliable protection. That stopped the day I changed to Prevx/Webroot.
    5. That was in 2006. No infections yet. 12 years and counting...
     
    Last edited: Aug 5, 2018
  16. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Maybe you have been lucky. Or maybe you lead a very clean life & always stay away from those **** websites that want to **** your computer.
     
  17. guest

    guest Guest

    More like it, people here will probably rarely get infected because they have the basics of safe behavior. So they feel their favorite AV is flawless.
    For us to check our favorite solution efficiency, we have to infect ourselves, not with 100 malware at same time, but 1 malware from time to time.

    When i evaluated a product efficiency in the past, i put the said solution in a computer used by Average (risky) Joe, aka some volunteer customers; then i wait 2-3 months and check if they get infected or not. It was the closest thing to "real world" testing, not the BS promoted by those tests labs.
     
  18. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    I have used Avast, Avira, ESET, Emsisoft, McAfee, Kaspersky, Windows Defender, Norton, Webroot, and others and have not been infected for as long as I can remember. I narrow down what I use based on professional testing, bugs, performance, and how intrusive some can be. I often wonder if I can do without an antivirus.
     
  19. guest

    guest Guest

    you probably can, since you are here for quite a long time, i guess you have the basics of security. You may not need a real-time AV but maybe some default-deny products.
     
  20. Eggnog

    Eggnog Registered Member

    Joined:
    Nov 17, 2012
    Posts:
    129
    Location:
    United States
    I hear ya. I've used a number of them over the years and am currently using ESET Internet Security. Back in the day, whenever my subscription was close to running out for whatever I was using, I would find something on sale that seemed halfway decent (thank you, @Thankful , for your AV sale thread). I can't remember the last time I was ever infected using any AV solution, even when I used Windows 10 Defender for a while; it was probably back in Win XP or maybe early Win 7.

    I decided to give EIS a try a while back. I just renewed it and will stick with it for the foreseeable future, or until I finally give up 3rd party AV's for WD, which seems to be coming along nicely these days. EIS is light, stays out of my way, and gives me some configuration options to play with to make me feel like I'm doing something. I've got it on two desktops and two laptops and have zero issues with it, even on my oldest laptop, an i3.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    @TonyW :thumb:

    Great to see ya as always. May I ask which Online Scanners seem to prove to suit best on good returns for you from their detections?

    Keep up the action. ;)
     
  22. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Well, all I can say is, as far as I've been able to observe I'm not the only one who has had this kind of experience.
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    EIS?
     
  24. guest

    guest Guest

    ESET IS
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    LOL is /:p
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.