SecureAnywhere!

Now that is a million dollar question...

 

You do not answer my criticism's at all. Just blah blah blah deny deny deny.

 

Transparency is very important, without it you cannot trust anybody.

So ask yourself why Webroot pulled out of the MRG flash test. Because they knew they would fail it. Don't believe some PR marketing excuse they drummed up.

MRG tests would of shown Webroot failed in detecting 0-day malware.


Also while we are talking about transparency, how many of you have recieved free licenses or discounts including for beta testing? Be honest. I bet there are a few of you.

 

You do not know what you are talking about, you have no clue.
http://www.blog.mrg-effitas.com/mrg-effitas-flash-test-29-06-2012/

Please STOP spamming this thread.

 

Depends on which version of what you call 'Transparency' one believes. One person's transparency is another person's opaqueness...some might argue!

Have asked myself...and it makes sense...at least to me and a lot of others. We just do not choose to share your view...as you do not choose to share ours. Lets leave it at that.

If what you say is true then surely the word, based on real experience rather than some 'test tube testing', would quickly spread that WSA was not capable of detecting this circumstances...and sales would decline/registered users would move very quickly to what was seen as a better solution? Which I do not think is the case!

I have been testing since the product was call Prevx3...and whilst I have a beta testing key, I have never, as far as I recall, been offered a discount or a free key...and I do not beta test to get one...but rather because I believe in the product and want to help to make it better.

BTW, have also beta tested Kaspersky products for quite a while (for the same reason). Here I have kindly been offered free keys but have never taken them up on the offers....for my own reasons.

Make of the above what you will...if anything at all.

Balders

 

A question regarding rollback: is a reverse signature/backup of malicious PE files kept in the rollback journal in cases where malware dropper that did the changes deletes itself after execution, so that WSA can rollback its actions even if the file isn't present on the PC anymore at the time when signatures are created for the dropper (so WSA can compare the new signature update to the journaled backup instead of the physical file in its original location)? Of course, assuming its not detected by behavior on execution.

 

Yes it is.

 

LOL.. Detection is junk. But don't worry a few others deserve the junk status so Webroot is not alone.

~Link removed. See the TOS.~

 

By posting that you are really demonstrating that you really do not understand how WSA is designed & how it actually works. Oh, well...your loss, even if you do not realise it!

That is me done. Am not venturing or reading anything further re. this thread...it is just a waste of time.

 

Why isn't this thread moved to the Prevx Forum so ComputerSaysNo can have a garden to stubbornly stomp in and not annoy the rest of us...

 

Same tests, same method used, same question asked why WSA score so low.

 

In the spirit of sharing, Webroot developers you need to disable right click exit from start menu. A simple .VBS script kills the Webroot program. Go ask the Bitdefender guys why they disabled right click exit. Capatcha doesn't matter, the script kills Webroot.

 

How dumb do you think we are? I fully understand how it works. Detection rate just sucks how do you not know that?

i'll just come back and re-post every time so it's ok..

Hey cracked 70%!!!! First time for everything lol How are those Flame samples doing? Looking forward to the press release "5 years later we really don't know jack sh*t" lol

 

Then please tell us how You Think that WSA works OK?

Too bad that you edited out the part about the TOS that you don't agree with

 

LOL yeah I'll have a go later. I think the mods should post any PM's they recieved

 

And what script is this? You can disable it if you like under Basic Configuration. You'd have to be able to automate clicking and entering in the characters, which is pretty far beyond VBScript's capabilities

 

In the spirit of suggesting, why don't you post your suggestion for Webroot Developers over at the Prevx site where the developers are located. Surely you can find it here at Wilders. Instead of expecting them to come here and seek out your wisdom...

 

Maybe what we need is a "roll back" test where the malware is executed to test which AVs took action to deal with it and how each AV disables and removes the malware and what position the AV leaves the system in after that ie is it still operable? Would that test WSA's capabilities?

When a poster says "you just don't understand how WSA works" am i right in thinking that if malware is in a file doing nothing, WSA may not detect it, but if it runs, the cloud will assist in determining if the file is malicious and contact all WSA clients to update and roll back if neccesary?

What the user buyer has to consider and weigh up is would it be better to have an AV with high detection of unexecuted hidden malware files but not so good clean up/roll back, or an AV with lower malware detection of dormant malicious files, but great clean up?

I also appreciate that in the 'real world' WSA has many fans, presumably the low scores we see in malware tests are not replicated in the real world?

It is confusing when WSA score low for detection in comparison to others (not every test i have seen some tests WSA score high), but still people say if you don't like the result, it must be cause you don't understand how WSA works.

Does WSA score higher in detecting executed malware - is that the issue, low score for detecting dormant malware files, but much higher detecting executing malware files?

 

Yes, that correct. Most tests do no reflect the real potential of WSA for which a core part of the detection and action is based on the behaviour of the application been executed during a timeline. If not executed then WSA will only be able to use part of its detection capability to identify a threat. So, an ideal test should be also based on actual execution including time based re-test. As simple as that. And sorry for the simplification.