Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @Gein -- A main criticism of tests is that they are not very indicative of: (A) how well AVs handle zero-day threats, and (B) how well AVs handle "new generation" threats that are not easy to spot based primarily on signatures. However, the fact remains that these tests are using actual malware, and the success/failure percentages are actual measurements, not fantasy.

    Thus, it is a fact that these tests are not the be-all & end-all indicator of an AVs ALL-AROUND effectiveness in the real-world. However, any AV that shows up as markedly weak in these tests is actually weak in a very basic, foundational component of an AV.
     
  2. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    I don't know how you reconcile the opinion that a test can not be indicative of how a AV handles zero day or new generation malware and also consider the test valid. There's lots of actual malware out there that is no longer being widely distributed. If an AV doesn't detect malware that no one is ever going to see again is that a bad thing?

    The sample set an AV uses is either representative of something customers are running into or it's not. If it's not then how useful of a test is it going to be for a consumer anti-virus?
     
  3. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Exactly. Considering that the threats tested against aren't very new threats, AV vendors have plenty of time to add signatures for them. So if an antivirus consistently scores very badly, it's not a problem with the test, it's a problem with the antivirus.
    It is malware that consumers will encounter. It's just probably a week or so old. It's not zero day malware, but it is current malware, that should be detected.
     
  4. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I offer a rather convoluted analogy. When taking a physical exam, a check of vitals (weight, heart rate, blood pressure, temperature, respiration) is very significant as an indicator of someone's health. But vitals are not the be-all & end-all of health indicators. They tell little if anything about liver, kidneys, colon, etc -- tests for those aspects of health are often more invasive, always more expensive, and usually MUCH less pleasant (e.g., a colonoscopy or a proctoscope exam, etc).

    Now, suppose that I am charged with hiring a professional football player. I get a report showing that all the prospective players have excellent vitals, except for one poor fellow. That poor fellow is "Albert." He has very high blood pressure and an exceptionally low blood-oxygen level. That report doesn't tell me everything I might want to know about the OVERALL health of the prospective players, but it does tell me that it's not a good idea to give any further consideration to Albert.

    Thus, checking a person's vitals won't disclose everything about a person's health, but that doesn't mean that tests of vitals are insignificant as a broad indicator of general fitness. The same rationale holds true with respect to AV tests.
     
  5. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    I realize that, but my point is you can't call a test bad and then turn around and use it to criticize a product you don't like.
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I have not once said that tests are bad. My only criticism of tests is that the results would be very different if actual zero day malware was tested and you would see a lot more variance between different products, rather than most products getting near 100% detection rates.

    As I already said, due to the age of the samples tested, there is plenty of time for vendors to have added signatures for the majority of the malware that is tested. My criticism of Webroot, also applies to any other antivirus, that regularly performs badly in testing. However, what differentiates Webroot and other products in that category, is that die hard fans of it fail to accept any criticism of it. For example, it scores badly in testing, but it doesn't matter, as it wasn't designed to. I do not see the same behaviour, with regard to any other security product. Supposedly there is something remarkable about how Webroot works. But there isn't.
     
  7. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    I'm not only talking to you. That was a general statement at many different users. And I think if you bothered to read the results you're referencing, Webroot had a problem specifically with zero day samples. And they specifically had a problem in the months of May and June respectively. Wide spread malware was anywhere between 99.8 percent detection rate and 98.9 percent detection rate. Which is not the best result, but if you consider the tests done by MRG Effitas, Webroot is particularly good at remediation and preventing malware from exfiltrating data. So good at it were they, that they ended up getting higher scores with those tests than some of the vendors you see on the AV-Test with 99.9 percent detection rates. Have they gone done hill recently. Quite possibly. Does that mean their protection model doesn't work?

    And again, I'm going to reiterate my earlier point. Which I'm now going to point specifically in your direction. If you don't think the section that AV-Test called, "0-day malware attacks" has any "actual zero day malware" in it, then why do you assume this test has any veracity at all? You clearly don't regard it enough to take it at its own word. And yet when you want to apply the result to a vendor you don't like, here you are quoting the numbers. Half of the webroot criticism I've read in the past ten pages of this thread has been directed at the users not the product. How do you expect someone to take criticism when they're labelled as rabid fans, or cultish coolaid drinkers?
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I actually did reference any specific results. I was talking about tests in general, rather than any specific results.
    Other vendors have excellent detection rates and similar (if not better) protection models.

    If you look at Q2 and Q3 2018 tests from MRG Effitas, you will see that Webroot's initial detection rate was far below any other vendor. The detection rate, 24 hours later was very good. I don't know about you, but personally, I'd rather that malware was detected immediately, rather than a day later. Also of note, is that tests against 0 day malware at MalwareTips, show that the behaviour blocking of Webroot is extremely weak. So, if Webroot doesn't have signatures for a threat, then more then likely it won't detect it. Maybe it will 24 hours later. But other antiviruses are much more likely to detect it right away, due to much better signatures and behaviour blockers. If they don't, quite probably, they will soon add signatures for the missed threat, just like Webroot does. The fact that Webroot can add signatures for malware it initially fails to detected is not something that only it does.
    I was thinking of Panda, which is almost always slow to add signatures for new malware and have a very weak behaviour blocker, but it does very well when tested at AV-Comparatives.
    There is a reason for that. What do you expect when users continually ignore objective criticism of the product they use. Rather than admitting that Webroot needs a lot of improvement, they blindly defend it as if it is some amazing product that is better than other antiviruses. Yet, there's nothing at all remarkable about it these days, even though there was when it was first released. The post by @Nightwalker details it very well.
    https://www.wilderssecurity.com/thr...on-update-thread.364655/page-167#post-2854484

    When other products that perform badly, are criticised, I rarely - if ever, see users blindly defending them. For example, Panda gets criticised quite a bit (for good reason) and I can't recall ever seeing someone defend it. Yet, every single time, someone makes some legitimate criticism of Webroot, die hard users rush to defend it. I find this behaviour very bizarre, to say the least.
     
  9. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    The argument Webroot has is that block at first site against new malware is generally a pipe dream and will never be fully successful. For them to score well in the MRG tests they had to achieve a full remediation rate. Which would mean they must be able to restore the system to a pre-infected state and fully remove the malware. In addition to this they also had excellent results preventing banking trojans from stealing user data and credentials. Even though they're infected Webroot is doing a fairly good job isolating the malware from user data. Do they have room to improve? Of course. The process hollowing protection gap needs to be fixed. But if I had to pick which program I'd want my novice user to have to protect them from say a banking trojan, it would be Webroot.

    The protection models are totally different. You can't bring a house cat to a horse-race and complain that it's not running very fast.
     
  10. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    That, may I say, is a statement that turns reality completely on its head. My exerience has been that whenever I say the slightest positive thing about Webroot on, for example, MalwareTips, unfailingly members descend on that thread like a pack of wolves and use the most vicious language to attack me and any other person who dares to pop their head above the parapet to express any vaguely similar views.

    Now note well, it is those very same people who pop up here but of course express their opinions more mildly, as they know full well that if they behave in the same feral way that they do at MalwareTips they will be banned by moderators with pretty short shrift. The ironic thing is that the MalwareTips rules clearly state that this kind of behaviour is unacceptable. And yet for some reason the moderators completely tolerate it there (except for a mild rebuke more recently—I think they have perhaps belatedly realised that such hypocrisy on their moderating part is unsustainable).

    I have already said in this thread that never in my entire life have I seen a product and its customers attract this utterly weird cult following that makes its adherents consider it worth investing their precious time to make it their mission to mercilessly attack a product (which, incidentally, they don't use) and its customers. Amazing what the internet can do to people. And yet you, Roger, have the chutzpah to declare that it is our behaviour that is "bizarre". Unbelievable.

    There was even recently one of the lead members of that pack who particularly excels in this kind of nasty language, innuendo and veiled attacks, that fully demonstrated this behaviour in his recent posts on this thread; but when he discovered that we were prepared to push back, retreated. And then of all things, he decided to add the description Fanboys Persecutor under his Wilders avatar and username! That just about says it all... Needless to say, may I add in passing, he appears now to have been banned by the moderators.

    -------------------------------------------------------------------------------------------------------------------------

    Now to return to the main argument (and I wonder if I will have much more to say on this matter after I have said this).

    Earlier in this thread, I referred to a post by Joe, the chief architect at the time of both Prevx and Webroot SecureAnywhere, where he said that Prevx 3 would have fared "abysmally" in the AV tests. I think it is worth quoting all of that post, as it makes some points that seem to me to remain surprisingly pertinent to some of the criticisms made by some about Webroot today. I have underlined what I believe to be his most salient points:
    And one final post by Joe that seems to me to be particularly pertinent to the whole argument:
    -------------------------------------------------------------------------------------------------------------

    So what is my conclusion?

    The fact is, and I don't care what other people may say or whether they choose to taunt me (and other Webroot users) in their totally childish school playgound manner, previously I used other AVs frequently referred to positively by folk who post here lecturing us about how bad Webroot is, and I found myself being regularly infected. That stopped dead when I changed to Prevx>Webroot. I have never knowingly been infected in the 13-odd years since I changed to Prevx>Webroot. Until the day that I am infected using Webroot, I have no intention of reviewing my decision.

    It is also pretty remarkable that it is extremely rare indeed to see people posting to the Webroot Community Forum and reporting actually being infected (that awful Business Endpoint update incident that was deleting Windows system files excepted).

    People here are saying that anecdotal evidence is not evidence. Well, I just plain disagree. The evidence I refer to above is evidence (imho). I am very happy indeed that I am no longer being infected. I have no plans to change my AV software while that situation continues.
     
    Last edited: Sep 8, 2019
  11. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    To me the problem is simple. We are giving way too much credit to (any) AV software. I have been running without any AV for almost two years now, not even Windows Defender, and guess what? No infection yet....
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I spend a lot of time reading posts both here and at MalwareTips and I literally have never seen anywhere even remotely near the same level of fanaticism regarding Webroot, as I have with any other product. I honestly, can't think of a single other security product where its users always blindly defend it when valid criticism is given. So yes, I do consider your behaviour to be bizarre. With other security software, users are often quick to come to a products defence when someone posts something incorrect. However, I don't see that, when valid criticism is made.

    It's important to note, that none of my comments have been intended as a personal attack on you and I have not once said or even suggested you (or anyone) should change security software. I've just been trying to have an objective discussion regarding the issues the Webroot has. As I've said more than once, I want Webroot to improve. I've seen countless security vendors disappear over the last few decades and I would hate for that to happen to Webroot too. It appears that you don't realise, just how hard it is to get infected these days. If you keep your system updated and don't open infected files, more than likely you'll never get infected, no matter what security software you use, or even if you don't use any. The only times that I've ever been infected on updated computers, if when I've manually opened and infected file. Because nowadays, I'm a bit more careful regarding what files I open, I never get infected. With that in mind, no matter how good or bad Webroot is, you'll most likely never get infected.
     
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Sure, it will never be fully successful. But, some of the top performing antiviruses will block most new malware, even when they don't have signatures for it yet.
     
  14. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    And I have not taken them as such. I consider your remarks quite mild compared with some MT members. However, I stand by what I said in my previous post, very much including your "turning reality completely on its head". I have seen quite a few posts on MT speaking positively about Webroot that do not exhibit a "blind defence" of the product. I have also seen far too many MT posts attacking Webroot that blindly, yes blindly, follow the party line (and, to boot, use very nasty ad hominem language as they do so). You, by passively supporting these folk and the language they use, are doing precisely the same. You would do well to reread my post, with the points I make and particularly the points Joe raised, that seem to me to still be pertinent even today as to why Webroot continues to perform poorly in tests. I am not being blind by referring you to those arguments. You however are being blind if you do not take care to listen to those arguments and carefully consider the strengths (and/or weaknesses) of them—and, by the way, do not resort to the stock knee-jerk reaction. And yes, I agree with you that a person who uses Windows 10 for example, and who keeps his Windows system and certain apps updated and also takes the minimum care when using her/his computer, will have some difficulty getting infected.
     
  15. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @Muddy3 The points made by Joe six years ago, are not relevant today. A lot has changed in those 6 years. It really does matter, if Webroot continually performs badly in tests. It may not matter to you, as it would seem you are not the type of person who is click happy and I'm sure you're smart enough not to open attachments in random emails, which contain ransomware, as an example. So in your case, if Webroot performs really well, or terribly, you probably wouldn't get infected in either case. But what it does clearly indicate that Weboot is just not a very good antivirus anymore. As I keep repeating, sure, Webroot will add signatures for threats it it misses. But, so will other antiviruses. The big difference is that better performing antiviruses will detect a lot more of the threats initially, rather than in an hour, a few hours or a day. No matter how much you love Webroot, hopefully we can both agree that having good detection rates for malware that is currently infecting computers matters.

    Regarding Malware tips, I'll just leave this here. It's a post from someone whose opinion I value. While it is very critical of Webroot, it is objective criticism and definitely not someone bashing it for the sake of it.
    https://malwaretips.com/threads/time-to-say-goodbye-to-webroot.93928/post-826000
     
  16. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Oh no! Burrito (aka Frank the Perv here, who got permanently banned for his egregiously abusive behaviour on this Forum) is the worst of the worst!!! Literally.
    I honestly thought you were more sophisticated than that. He blindly quotes test results without even properly reading them. Well, if you rate his opinion, that tells me a great deal about you and the value of your pronouncements here. And honestly, I thought better of you.
     
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @Muddy3 I think that this should be my last post on the subject. This discussion is going nowhere and I would hate for mods to close this thread.

    I actually had no idea that Burrito was Frank the Perv. But, I thought he made some valid points in that post. Anyway, it's clear you don't care about test results and I'm done commenting. As no amount of objective discussion will change your opinion that Webroot still is a wonderful product and I'm done commenting here...
     
  18. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    I can't see how my challenging posters who use sloppy arguments to diss Webroot, and where necessary challenging their abusive language towards the posters they are addressing (though the latter is certainly not in any way applicable to your posts ;)), should be a reason for mods to close down this thread. However I stand ready to be corrected and, if necessary, will modify my behaviour accordingly (@stapp and/or @LowWaterMark, will you check out my recent posts and advise me—and/or us—if necessary).

    Nor can I see how just throwing out a list of AV test results without examining carefully their methods at arriving at their results, as with Burrito's MT post that you linked to, can in any way be considered
    But so be it if you really want to see things that way.

    In connection with the above, if you care to you can study the following MT post where Burrito tried to diss Webroot by just producing a pretty picture from an AV test report that appeared at first blush to be alarming for Webroot, but without any attempt to study carefully the results of that chart he was displaying, and my response where I carefully examined one by one the findings of that report.

    Frankly, I'm getting rather tired on the one hand of your declaring that Burrito's posts are "objective criticism" (?!?) and on the other your asserting that apparently "no amount of objective discussion will change (my) mind".

    I certainly do "care about test results", but test results which adapt their tests to the particular methodology of the product involved. For example, if you used tests designed to test the quality of a long haulage truck on, for example, a push bicycle or an aircraft, you would certainly get very strange and warped results. MRG Effitas is one organisation that has made a genuine attempt to adapt its tests to the methodology used by AV products such as Webroot. It seems to me, although I haven't studied this issue in detail, that Webroot's performance in those tests has been fairly consistent and respectable over the years, albeit with some bumps along the way. However it is unfortunate that MRG's methodology for interpreting those results (not, may I hasten to add, the results themselves) has changed more recently, thus penalising Webroot's ranking (this change of criteria strangely following a series of MRG comparative test reports commissioned by Webroot from mid-2015 to early 2017).

    By the way, I too actually intended to finish this exchange following my longer post yesterday, but as things go in Forums, often that proves not to be so. So my intention at least is that this will be my last post regarding this exchange.

    As a final thought, I am sure @fax will not mind at all if I quote his post here as a somewhat more recent example of an anecdotal comparison between an AV product that is very highly regarded in the MT Forums, and Webroot:
    My question in light of all the above: Who is being objective here?
     
    Last edited: Sep 9, 2019
  19. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    What changed with the way they interpreted the results? I haven't really been following that closely.
     
  20. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    662
    Location:
    USA--Oregon
    I totally agree with you Muddy. Even though I made the recent decision to discontinue using Webroot, I still support it. In fact, I may end up going back since I am having significant issues with ESET and Sandboxie. (Many others are having similar issues with ESET & Sandboxie when used together.) I never had conflict issues with Webroot.
     
  21. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    It had all become a bit vague in my memory as this was something that I had observed back in 2016, so I had to go back to school so to speak, and do my homework on the MRG 360 Tests.

    So here is the score...

    MRG differentiates its tests from those by other testing organisations in several ways, one of which being that it allows the software either to block the malware immediately or to recognise and block it within 24 hours. This is important for an AV programme like Webroot as it will sometimes categorise an executable as "Unknown" until it can make a determination one way or the other, and in the meantime closely monitor and journal that Unknown file's activity while at the same time severely restricting its privileges, and also use its Identity Shield to protect the user's personal data from being viewed or exfiltrated. It will subsequently rollback any malicious activity, using the journal, if and when it determines that file to be bad.

    I believe this is a unique feature of Webroot as, as far as I know, it is still the only AV product that categorises files not just into two categories, known Bad and All The Others, but into three, known Good, known Bad and Unknown.

    All that I imagine you know already, @Gein.That was for the benefit of the uninitiated ;).

    Now up until MGR's 360 test in 2016 Q1, MGR graded the AV products it tested simply into Pass or Fail regardless of whether they blocked all the malwares immediately or whether some were only blocked within the following 24-hour period. However since 2016 Q2 (whose results were published mid-August 2016), they have graded those passes into Level 1, where at least 97% (and more recently at least 98%) of the malware is blocked immediately, and Level 2 where most of those 97%/98%+ are blocked immediately but some within the following 24-hour period.

    This in my opinion unnecessarily penalises Webroot as, unlike other AV products that have only two categories of files, thus leaving the computer and the user's personal information potentially vulnerable to irreversible damage and identity theft by the as yet undetected malware, Webroot is able, by monitoring and journaling, and restricting the privileges of, all Unknown files present on the device, to continue to protect that device even when a malicious file is resident but has not as yet been determined to be Bad.

    Unfortunately, MRG's new grading system makes it look as if Webroot only has an inferior Level 2 grade of pass when it has in actual fact been protecting your computer from any malicious activity by that Unknown file.

    I know some people who visit this thread (and who by the way don't use Webroot) dispute the efficiency of this somewhat unusual approach but anyhow that, in a nutshell, is the change since August 2016 to "MRG's methodology for interpreting (their) results".
     
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    No you don't. You've been given plenty of evidence that Webroot performs very badly when tested again current malware. If you actually cared about the results, you would care about Webroots poor performance. You've even said that test results don't matter, because Webroot said so.

    When tested against current malware, Webroot performs significantly worse than just about every major antivirus, such Kaspersky, Bitdefender, ESET, Norton, Avast/AVG, McAfee, Trend and more. Even smaller vendors like K7, which I would absolutely never recommend, due its poor detection rate, do much better. I can't comprehend why you don't think it's important to detect malware that is currently infecting computers. You said "but test results which adapt their tests to the particular methodology of the product involved." But, any antivirus should be able to detect current malware, if not when scanned, at least when executed. But Webroot usually does neither. No antivirus will detect everything. But when tested again current malware, some other antiviruses, often just about every threat. Even if vendors haven't added signatures for very new threats yet, they are often detected by proactive protection when they are launched.

    I know that this discussion has already gone on for way to long. But I have a final question for you. Why don't you think it matters if an antivirus - and I'm referring to any antivirus, not just Webroot, consistently performs terribly at malware that is currently infecting computers?

    As a final statement, I want to make it very clear that I don't hate Webroot. I actually like it, I just want to move from being a terrible antivirus to a decent one.
     
  23. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Rubbish. I generally distrust what commercial organisations say (including Webroot—ask people who closely follow my posts on the Webroot Community Forum and don't just blindly follow what MT members tell you). I go on their performance, not their words.
    Which Webroot does. More effectively than other AVs.

    I don't think you properly read my posts (this particularly regarding your penultimate paragraph).
     
    Last edited: Sep 10, 2019
  24. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
     
  25. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.