Webroot SecureAnywhere differences from traditional security suites / offerings

I've been creeping Wilders and various other security sites for around a decade now, and consider myself relatively well versed in security offerings / performance test results, etc. My question is, due to WSA's unique techniques in preventing infections and protecting the users of their software, it's hard to compare and analyze where they stand compared to traditional suites or stand alone antivirus/antimalware packages. I've been using Kaspersky IS for several years coupled with several other resident, on demand, and hardening tools for my layered setup. So... my two questions are..

1. How does WSA performance on all levels compared to a traditional suite such as KIS 2014, or other highly rated suites, or even stand-alone AV's for that matter?

2. Is WSA a full fledged suite with Firewall protection, some form of HIPS protection, etc., or is it closer to a stand-alone Antivirus/antimalware offering?

This isn't meant to be an A vs. B thread, I'm just having a hard time finding threads with any type of info on how well WSA really performs. I noticed a lot of Wilders users seem to have a lot of faith in WSA coupled with other hardening tools such as AppGuard, etc., so I would like more info if anyone knows the product really well. Thanks in advance for any insight that can be offered.

 

You'll find a lot of threads re: WSA at this forum: https://www.wilderssecurity.com/forumdisplay.php?f=105

That forum is titled Prevx Releases, but don't let that put you off. Webroot acquired Prevx in 2010, and WSA is essentially Prevx 4.x, and beyond.

 

Excellent, thanks for the info. Maybe this is why I'm having a difficult time in my search. I use to use Prevx several years ago, it replaced BOClean for me when BOClean was aquired (by Comodo I believe?) however can't remember the reason it was replaced or dropped from my setup. Thanks, I'll dig deeper, in the meanwhile if any has any additional insight to add regarding my original questions, the info would still be much appreciated.

 

Also while informing don't fall for the marketing.
Read what WSA offers in the cloud and local and than compare: what oft that f.e. KIS offers not, but what of that f.e. KIS offers more. I for myself can't find anything really unique in WSA - expect their marketing.

 

Then, I would have to say that you didn't look very hard. WSA is quite unique. Let Webroot themselves explain how they are different:

Taken from this page: http://malwaretips.com/Thread-How-WSA-works

Also, feel free to Google something like "how WSA is unique".

P.S. If you check out the link posted above, you'll read several other ways that WSA is unique.

 

So than test yourself, or google and explain what f.e. SystemWatcher of KIS does different...it also monitors and allows rollbacks...
The other points in linked thread I won't comment here, cause it's not an A vs B. , but I can find an equivalent for every thing of that in f.e. KIS.

btw.: I don't say good or bad to webroot - no I say "good marketing - but nothing unique apart from that"

 

I know Webroot puts unknown/possable malware in a user folder and leaves it there until it tries to make changes that might harm your machine. How long it will leave unknowns in a user folder, I don't know. Anyone know?

 

As long as the unknows will do nothing on the system.

 

OK, good to know. Cheers.

 

WSA roll back is far more advanced than the one in KIS it even includes the replacement of key structural files directly from the cloud (e.g. system files), this is not possible in KIS. Even if we disregard the differences, the same function in both products is achieved in WSA with a fraction of resources.

 

I wonder if the new Norton is as good at roll back as Webroot SecureAnywhere.

https://community.norton.com/t5/Nor...with-new-features-of-Windows-8-1/ba-p/1014697

 

Awesome insight and info in this thread so far. Just what I was looking for. My biggest issue here is that despite years of researching and being able to understand security software test results, analysis, terminologies, etc., I fall short on the testing ability myself, so I heavily rely on what is evaluated by others (such as members of Wilders and non-biased review sites, etc.)

However, as mentioned by another member above, I see how many people put their trust and faith in WSA (which obviously must mean something given the higher than average aptitude of Wilders' members) and despite reading above 0-day prevention methods and other techniques used by WSA to fight malware, I was also under the impression that many other software packages and suites applied shields in similar fashions (in current security software at least). It seems heuristics is their uber-strong point (although i could be wrong, this is just what I've interpretted thus far), however having a good suite such as my current (KIS 2014) coupled with some good anti-exploit (EMET, MBAE) and other strong resident protection such as MBAM Pro, I fail to see how going from a tested proven layered approach which I currently have deployed, to a software who focuses less on a balance of shields and weights more of their defenses of one particular aspect (heuristics) would benefit me.

Now I don't mean for the above statement to sound negative or condescending, call it honest ignorance if you will. And a part of me wants to try WSA sooooo badly, however I don't have any virtual or sandbox environments setup at the moment, and installing all of my additional security software to test for incompatibilities, etc., is a big time consumer. And even after all of that, I wouldn't know how to properly evaluate and test the setup.

Sometimes I wish we could A vs. B just so I could get some solid responses telling me to ditch what I have an go for the new thought But I completely understand what comes from those types of threads and won't go there.

I guess I'll keep researching, or even wait for AV-comparitives to develop and finalize their testing suite so WSA can be properly evaluated alongside the other top names in the game at this point.

Thank you for the good discussion so far, any more info is appreciated!

 

@mitsu3kgtsl

KIS 2014 already has exploit protection, so I see no need for MBAE. MBAM Pro seems to be redundant as well, but that's just my opinion. Just go to KIS / Settings / Threats and Exclusion and check the box for "other". The only thing that could further strengthen your setup would be using KIS 2014's Trusted Applications Mode. That's certainly more powerful than any additional real-time detection software, which only consumes more system ressources without detecting anything, which KIS doesn't already detect on its own.

Seeing that you already have and use KIS 2014, just stay with it unless the program is bugging you somehow. Of course there are stronger solutions out there, but those are certainly not realtime anti-virus programs. In that category KIS is as good as it gets.

 

Bull. Didn't work for a friend of mine. Had to wipe his machine in the end. Roll back my foot.

 

Webroot certainly offers banking protection:
http://www.mrg-effitas.com/wp-content/uploads/2013/08/MRG-Effitas-Online-Banking-Browser-Security-Assessment-Project-Q2-20132.pdf

 

Probably forgot to contact support, right?

 

Yeah, contacting support is always good, but it ONLY SHOWS that even WSA's unique rollback capacities COULD BE overthrown as well. (given the assumption that a malware overpowered WSA)

No perfect solution. For me, STILL, great detection (which is WSA is poor at), offers some GREAT ADVANTAGE.

"Prevention (great detection) is better than cure (WSA's rollback)."

If WSA's detection would be great, then WSA could almost be bulletproof.

 

We've never seen a case where the rollback didn't work to remove the infection once we detected it centrally but we're very interested in anything if something does come up. volvic has been posting unsubstantiated claims for quite some time without giving us visibility into what they've "experienced". Our detection is very solid - every vendor's detection can always be better - but ignoring rollback, we focus on detecting threats differently than AV testers test: they want a file blocked before it executes, while in some cases, we wait for it to perform its first system change and then block it. Rollback doesn't need to come into play in this scenario as we've blocked it immediately, but this doesn't result in a block score in AV tests.

 

Ok, thanks for the comment. And sorry for my words. That is why I put the words "assuming that WSA's rollbak was overthrown by malware", because I myself could not know if volvic's claim were true.

Now I know that WSA's detection works differently too from others. Interesting. Now I know why it scores poorly, though as you said its detection is solid.

 

Does not mean it does not happen if you do not see it.
I haven't seen the galaxy, does not mean it is not there.

Unsubstantiated my foot, I spent over an hour with support, got nowhere. Even logged it online with support, complete and utter joke. Wanted me to run a log program which I told them was crashing at the point of finalising the information it had collected. I uploaded a log from WSA (which was quite large) which they wanted uploaded to a particular location (can't remember the name some kind of file sharing site) and their support said it was corrupt (boloney).

I still maintain WSA is a good program but has serious deficiencies which they gloss over here and their staff are just out and out liars seeking to undermine people who genuinely complain as well as the fanbois who step into insult anyone who questions the holy grail.

 

Hi Fanboi.

 

Oh so because he says it is true?
Were you paid to post here or do you work for them?

 

Hi volvic.

Actually I don't know WSA, and I dont trust AVs which rely completely on the Cloud. I am impressed by EAM and ESET.

I just let them have their defense.

 

Is that supposed to be an answer to the question? Who is the troll here? uuuhm let me guess... LoL

 

Marketing? Strategic confusion of users? Or just not up to date with methodology?

For example AV-C clearly states in report (WPDT):

So professional antivirus testing is a bit more than just looking if files are blocked before execution as you want to make belief us.
...