Is Webroot Secureanywhere 2012 Really that Great???

Discussion in 'other anti-virus software' started by Atul88, Dec 13, 2011.

Thread Status:
Not open for further replies.
  1. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I believe not. As far as I know, it's still a tool for limiting rights for applications - not a real sandbox.
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Correct you can run any malware file inside the WSA SafeStart Sandbox to see what happens in realtime! The other day I ran a Ransomware variant inside the WSA sandbox and it showed me the Page that if someone was infected would have to either fine the code to unlock or follow the instructions in the window to get your system back! http://www.webrootanywhere.com/sah_System_Control.asp?n=Using_SafeStart_Sandbox

    TH
     
    Last edited: Dec 21, 2011
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    This is what I was trying to say to you!

    Thanks PrevxHelp!

    TH
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623


    I'm actually waiting for my suggestions to be implemented. It should take the sandbox into a different level, both in terms of usability/convenience (to use it!, not to weaken it! things such as allowing us to create shortcuts with predefined commands and all that) and in terms of security, by working mostly with more integrity levels functionality.

    I hope that a recent version introduces some of it, at least. :D
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I agree :thumb: We have a lot on our plate at the moment with other development/improvements but your suggestions are high up on the roadmap :)
     
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Interestingly, PrevxHelp has said in this thread that all of the samples in the November test would have been detected if the heuristics were set to "warn when new programs execute that are not trusted". Makes one wonder why this isn't on by default; perhaps the only reason against it being so is the possibility of more false positives. The Help file does highlight this caveat.
     
  7. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    Yup they do have but its still not mature enough to be compared to sandboxie still it has its own perks.
     
  8. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Webroot SecureAnywhere is a complete re-write of Prevx 3.0 and they are still working on some bugs...particularly when some of the tests were done.

    Even some initial tests by actual, official 3rd party organizations might not be optimal, unfortunately...particularly in the area of false positives.

    I would give them until mid 2012 before I give my final opinion on their product. Something tells me by then it will be Advanced+'s across the board.
     
  9. opcode

    opcode Registered Member

    Joined:
    Dec 19, 2011
    Posts:
    37
    Location:
    united states
    http://img62.imageshack.us/img62/6457/wsafail.jpg

    This photo illustrates the difficulty I had with WSA yesterday cleaning up 10 malicious .exe's found on malwaredomain (pages 0-3).

    WSA picked up a couple of them but after 2 hours it was claiming my system was clean when in fact several other (free) on-demand scanners confirmed what was really going on.
    In the above picture, Mbam is in the background, showing the current infections. WSA in the foreground, falsely indicating that the system is clean.

    - WSA heuristics were set to max.
    I allowed the program to monitor suspicious processes for over an hour and it failed to detect these. Rebooted system, re-ran scan. Nothing.
    Hitman pro detected all of them in one pass on it's first try. Same with mbam.

    I'm interested to see what AV-Comparatives results are.

    To me, this product feels very much like it's in beta and still working out bugs. I really can't recommend it until I see it truly put through the ringer. Based on what I saw today on my own system, I probably won't be purchasing after the trial is up.
     
    Last edited: Dec 24, 2011
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you could write into our customer support inbox, they'll be able to correct the detection as needed.

    Thanks!
     
  11. opcode

    opcode Registered Member

    Joined:
    Dec 19, 2011
    Posts:
    37
    Location:
    united states
    Thanks Prev. As this was a test system loaded with several on-demand scanners and clean images to restore from I was able to remove these.

    One thing I can attest for though is that Prevx remote assistance is top-notch. I had to call in once on a customer's PC and the response time was quick and the tech, very knowledgeable and professional. Problem was solved in no-time. You guys are fantastic at that.

    I hope Webroot carries that tradition of customer support as that would be most appreciated from the community. I do also hope that it's detection engine continues to improve and that you guys score Advanced+ in the upcoming months.
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    The Op asks, "Is it really that good?" Simple answer is, it could have been. Prevx was a very simple product to use, manage and promote. WSA goes totally in the opposite direction.

    There are so many mind-numbing features that just totally dont make sense to me. The different hueristic levels is the biggest of all. I still can not figure out what happened. My first shock was the release of 3 products when even one would be a issue, based on what was created. I dont know, I personally think this product will have to revamped and simplified so people like Joe can get back to doing what they are good at, and that is tweaking it to stop malware.

    I mean isnt that whats important, or ticking a captcha settingo_O? Geez. I am probaly the most, disappointed member here with what Webroot brought forth.
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I don't understand why Prevx would allow such use in the first place.
    To my thinking, the potential for looking bad is enormous.
     
  14. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    Yesterday I sent a Virus Sample's MD5 Hash Code ( I don't know much about it)
    which WSA was not able to find, within some hours, they put it in their Database as a Malware.Gen:D , So i try to do something else. What i did was
    just rename the file & BOOM it was not detected as a Virus:eek: , Came out clean :doubt:. So are they using just the MD5 hash code to detect the Virus? What is Heuristic doingo_O?:ouch:
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Renaming a file does not change it's hash.
     
  16. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    SO HOW IS IT MISSING THE EXE?? OF THE SAME SIZE BUT WITH JUST A DIFFERENT FILE NAME??
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The detection wouldn't change just because of the file being renamed (we don't detect samples by filename). I suggest writing back into support to see what they think of it, in case the detection was reverted for some reason.

    Thanks!
     
  18. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    K will do that again
     
  19. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Can you scan the file and save a scan log and post the relevant line from log for that specific file? I'm just wondering if you overridden detection on that file?

    TIA,

    TH
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.