Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I see. WSA's updates are invisible to the user. Therefore, the user must take it on *faith* that they are being done. :rolleyes:

    Moreover, tests showing that a huge percentage of malware was NOT blocked by WSA are unrealistic, and the user must take it on *faith* that somehow, behind the scenes, invisible to the user, everything is just fine. :cautious:

    FACT: Tests use ACTUAL malware specimens -- not imaginary. FACT: Either an AV DOES block a malware specimen (thus protecting the user's computer) or it does NOT block it. FACT: In all tests where WSA has been included, WSA has consistently failed to block a distressingly high percentage of malware. FACT: No amount of denial or rationalization will make WSA's demonstrated, proven failures go away.

    The first step in solving a problem is to recognize that a problem exists. Hopefully, WSA's proponents are not in a state of denial, but DO recognize the need to fix WSA.

    FACT: The emperor has no clothes on.

    Further Affiant Sayeth Naught
     
    Last edited: Sep 5, 2019
  2. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Well, Bill, if that's how you truly feel the ground lies with Prevx>Webroot, then don't use Webroot and stop wasting your precious time dialoguing on this Forum with us diehard, deluded Kool-Aid fanatics. Move on. Problem solved ;)

    If ever I feel the same, I will surely do likewise.
     
  3. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    You linked to a quite lengthy post, but there is no acknowledgement of its substandard performance, which as I already said is a fact, that I can back up with evidence.

    I fail to see what is so amazing about Webroot, when there are alternatives which are just as light and are much better at detecting malware. I've used just about every antivirus there is (I tested over 60, a couple of years ago) and based on my experience, there is nothing remarkable about Webroot which makes it stand out.

    If you're not getting infected, then that's really all that matters and i'm not saying you should ditch Webroot. But, I could use no antivirus software (not even Windows Defender) and do absolutely nothing to harden or otherwise protect my system (other than leaving Windows Firewall enabled) and quite probably would never get infected.
     
  4. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,712
    Location:
    USA
    I just updated FF and noticed the yellow lock over the WSA icon informing me FF is protected is no longer there. Not sure if it was there prior to update, but was there a couple of days ago. Anyone else seeing this?
     
  5. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Did you check if firefox.exe is still in the Application protection? if not, you might want to manually add it.
     
  6. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Roger, I agree with you on this one thing: traditional testing of Webroot yields vastly substandard results.

    If I were able to meet you in person, for example over a pint in a pub, I would certainly want to ask you quite a few targeted questions about how you conducted your tests (as I would also with the traditional professional AV testers), but as:
    • my IT knowledge is relatively limited
    • I fear this could become a long and protracted discussion and unfortunately I don't have the time for that at the moment
    • and above all, I do not want to get into a spat on this Forum
    I prefer to leave the discussion here regarding these questions to heads more competent than mine.

    By the way, you will see that, in the post I linked to earlier, I in fact give arguably considerable evidence, albeit anecdotal only, for the superior performance of Webroot.

    One final post for food for thought: https://www.wilderssecurity.com/threads/wsa-poor-detection-result.353478/#post-2282246. The issue described here is not the only issue I have with the professional testers with regard to Webroot, but it is certainly one, and a significant one at that.
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,712
    Location:
    USA
    I did nothing and today it came back to be as it should be. Have not seen that before. Oh well.
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @Muddy3 The poor performance I'm referring to, is is testing against the latest malware at Malware Tips. It consistently performs terribly.

    It's important to note, that only actual malware is tested and not unwanted software, cracks, etc, which some antivirus may not detect. In one of the latest tests, it was tested against 20 malware samples. In only detected three of these threats with its signatures. The behaviour blocker, detected none of the remaining 17 threats. Not only did it perform terribly in this test, it consistently performs very badly.

    Having said that, the tests are not repeated later on, e.g. 24 hours later, to see if the missed threats are detected then. The post you linked to made mention of that fact that Webroot will add signatures for threats that it fails to detect. But, there is nothing at all remarkable about this. Major antiviruses will typically do just the same and unlike the post said, it will not take two weeks to do so. It comes to to this. You could use another antivirus, that is just as light as Webroot it, but has significantly better detection rates and just like Webroot will most likely add signatures for new threats that it misses pretty quickly. In any case, surely it's better to detect threats right away, rather than later. If detection rates were important to me, I know what option I would choose.

    Anyway I've made my point and I certainly don't want to get in an argument. Here is the link to the Malware Hub at MalwareTips if you want to take a look.
    https://malwaretips.com/forums/malware-samples.104/
     
  9. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    @roger_m

    You need to have an account to see the threads in the malware sample section.
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I wasn't aware of that.
     
  11. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Tried logged out. I can see the threads but when I clicked on one it states "You must be logged-in to do that".

    So, it's more like you can see the threads just not what's in them.
     
  12. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    That simple statement shows how little you understand how Webroot works.

    As for the Malware Hub tests at Malware Tips, I don't even want to get into that discussion. You may say I'm burying my head in the sand. So be it. I will however leave any response to those tests to heads smarter than mine in IT (if they even wish to—I'm not even sure that discussions about other than professional malware tests are allowed on this Forum).
     
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Webroot needs to add signatures for new threats, in order to detect them. All traditional antiviruses use signatures as the primary method for detecting threats. There are secondary methods too, such as heuristics behaviour blocking.

    Whenever Webroot, or any other antivirus detects a threat by name, then it is using signatures to detect it.
     
  14. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Need to clarify here, as there seems to be a difference of understanding between us on the use of the word "signatures". I have understood this word as describing a particular way of defining malware samples as used by most traditional AVs. I may be right, I may be wrong on this. And of course, I stand to be corrected if wrong.

    See this fascinating thread with Catherine's explanation regarding this issue, and the ensuing discussion: https://community.spiceworks.com/topic/1967923-is-webroot-definition-less
     
  15. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Okay, so here is my understanding of Webroot.

    Webroot does need new definitions/signatures otherwise every single program it detects as unknown will forever remain as such.

    Like the thread there states the difference between Webroot and other traditional AVs is that it requires definitions for both good and bad program.

    Regardless if the definitions are store locally or on-the-cloud.

    What remains a question is how fast Webroot is at creating new signatures for new threats.
     
  16. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    ...so that it can monitor (and journal—and rollback if found to be bad) unknowns. Which there will always be whatever your AV.

    "...we operate by categorizing files and processes into three categories (still I believe a unique approach in endpoint security).
    • Known good - it absolutely positively matches to one of the known good in our 9.5BN and growing file threat intelligence platform.
    • Known bad – it is an already known malicious entity.
    • Uncategorized/Unknown – we have never encountered it in that form ever before."

    (see link from my previous post)
     
    Last edited: Sep 7, 2019
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @Muddy3 As per the link, it is using cloud based signatures.
     
  18. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    As I said:
     
  19. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    The original post you linked to is from 2013. Quite possibly back then Webroot was unique. But these days, the features that made it unique back then, are standard features for many antiviruses.
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Exactly, some people assume the reason they are not getting infected is because of their choice of the AV protecting their system... Furthermore I find it almost hilarious when people say their AV is working so well without a single instance of detection. Malware does exist, but it is indeed rare and preventable with a bit of common sense. I do have an AV (why not) but it has hardly detected anything in the last 7 years, although my AV is among the best 3 in every test by reputable testing organizations. Faith is not a good metric for security programs...
     
  21. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    This is so true.:):thumb:
     
  22. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    That sounds bad, so i just installed Kaspersky Security Cloud to run along with WSA and keep it company.
     
  23. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    No doubt about that, when Prevx 4 (aka WSA) was introduced it was ahead of its competitors in terms of system impact, identity and cloud protection sophistication (Symantec and Panda were runners up), but the scenario changed dramatically, nowadays almost every security vendor has advanced cloud protection (machine learning/detonation/AI) combined with behavior blocker ,offering much better protection with similar or better system impact (dont forget the "old" tech that WSA doesnt have)

    WSA rollback failed many times against ransomware that they feel obligated to change their claims about 100 % rollback protection and the vulnerability against hollow malware was embarrassing, to say the least.

    Take a look at some leaders like Bitdefender, ESET, Kaspersky and Symantec for example, their technologies make Webroot looks like an ancient piece of software, even Windows Defender is much better prepared to face the malware scenario of today, dont matter what fanboys say, WSA has stopped in time and it is such a shame.

    Source:
    https://www.reddit.com/r/sysadmin/c...al_we_are_webroot_and_we_are_here_to/ctkjcoa/
    https://malwaretips.com/threads/webroot-rollback-discussion.61104/

    Ps: Kaspersky System Watcher is the gold standard of malware damage rollback, WSA isnt even close, Symantec and Bitdefender are runners up in this area.
     
  24. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    I would certainly agree with that.

    Also with this:
    But regarding:
    (by the way, I am not saying you rely on testing organisations as an indicator of the efficacy of Webroot, @Obasan, but the fact is many, including many here, do) note carefully this remark by Joe Jaroch, the architect of both Prevx 3 and Prevx4 (aka WSA):
     
  25. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    I think the only time I've ever seen anyone talk about these tests in a positive manner here is when they're using them to criticize webroot. It's one of the most comically inconsistent things I've ever seen in my life. I wonder how far back I'd have to go in any of your post histories before I found stuff about how stupid you think these tests are. Not that I'm going to do that, because I really don't give a fig one way or the other. Actually I kinda wanna go back and make a montage of inconsistency. Is it worth the effort? I think there's a word for this kind of thing. Hypo.. hyno.. hypo. Well, you guys get the point.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.