A Couple of Webroot Questions

I've been doing some reading lately, and I am very impressed with what I'm seeing about WSA -- both it's unique methodology and it's fantastic support. Before I take the plunge and give it a try, a couple of questions:

1. I already have Lastpass installed. If I opt for WSA Complete, will there be a simple way to migrate all my passwords, or will that even be necessary? How will this process work?

2. I use Sandboxie -- a lot. I haven't done extensive research, but the little I've done, I believe, indicates a potential conflict between WSA and SBIE. I want all the browser protection that both products offer without compromising either -- especially since I do a lot of online banking and shopping. Can/should the two be used together? If so, how should each be configured?

Thanks for taking the time to help.

 

LastPass passwords can be exported from the LastPass toolbar and thereafter Imported into Webroot's LastPass implementation, however I don't know if this is a "Supported" feature (As in, the feature is there, but I don't know if there are specific directions to do it or help that support can provide to do it).

Webroot and SBIE don't conflict, per se. More specifically, SBIE and "Everything Else" (Webroot included) are not compatible due to the way SBIE works. Simple way to consider it: SBIE puts a shell around the browser so that nothing but basic UI interactions (Keyboard and Mouse) get in and Graphics get out. Nothing else can get to the memory of the browser, the browser itself can't send information out to the system, etc. Since "everything else" works by injecting itself into the functionality of the browser's code and reading browser memory and getting information sent from the browser, and that's no longer possible due to SBIE, all that "everything else" won't work.

Conflicts occur when SBIE leaks the fact that a browser process exists and still blocks something from actually accessing that process. So WSA and SBIE don't "conflict", just SBIE does it's job properly and blocks everything else from touching the browser, including WSA's protection. Running the browser in SBIE is pretty much the same as running it on a completely different machine that has nothing at all but the browser installed on it. The AV on your main machine can't talk to the browser on the other machine at all.

 

Thanks, Techfox. That was helpful. I may just try WSA Antivirus, since I already have Lastpass and don't need backup. That would eliminate the transfer step. As far as Sandboxie and WSA are concerned, it sounds like you basically have to choose between the two, given the nature of SBIE. I'm still trying to learn about all this, and am behind the curve of most of the folks that frequent this forum. So, in your opinion, is it better to have WSA or SBIE's protection for general web browsing? And then how about banking/shopping?

Thanks again for your input.

 

I'm running both WSA and sandboxie. The identity shield in WSA actually does work with a sandboxed browser. I have the little yellow padlock on now. I actually like the combo. Anything that gets downloaded outside sandboxie gets monitored by WSA.

 

Good to hear, kjdemuth. Thanks.

 

Speaking of LastPass, what are the differences between the original and Webroot's implementation?

Thanks!

 

I am a Lastpass user and prefer to run WSA Antivirus/Lastpass combination (also don't need backup). I don't know for sure but would guess fixes/versions come to native Lastpass a little quicker (also seem to remember somebody saying the WSA implementation require signin every session - a security decision made by Webroot).

Did run WSA Essentials/Complete originally but found that it installed Lastpass anyway so it was a little messy when you already had Lastpass installed. Could not downgrade via support so just bought an Antivirus license when the cheap offer was on a few months ago.

 

I am also a long time user of native LastPass and prefer it over the Webroot version for the same reasons you mention.

I went through some pain when installing WSA Complete and my LastPass installation was hosed by the Webroot installer. After some trial and error I determined that the solution to keep native LastPass as your password manager is to uninstall it before the WSA installation and then reinstall it.

A more elegant solution, in my opinion, would be for the Webroot installer to acknowledge that LastPass is already installed and ask if you want to replace it (or not). Another solution would be for Webroot to make the installation of their password manager version optional like they do for the online backup tool.

 

Detecting if Lastpass is already installed and suppressing the installation from WSAC is a great idea and something we should definitely have in place.

Thanks for the suggestion