Dennis Technology Labs tests

Discussion in 'other anti-virus software' started by IvoShoen, Apr 21, 2015.

  1. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    527
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,739
    Location:
    New York City
    Thanks IvoShoen for the tests.
     
  4. tns

    tns Registered Member

    Joined:
    Mar 19, 2015
    Posts:
    21
    Why most of the antivirus are not included?
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    avast! did well, though I'm a bit surprised over Panda. It has slipped down considerably in most tests. They used to be in top constantly which is a bit weird...
     
  6. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany

    Yeah...

    So if the results are good, they may be published, and if they are bad, the same methodology is no longer adequate.

    :argh:
     
  7. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    @FleischmannTV , good find! :D
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    at least the lab informed us that they had tested the product and gave the reason why the results weren't included,doesn't seem that it was anything to do with the vendor applying pressure because the results were poor
     
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I was actually wondering why I didn't see Webroot since we read not long ago that they were going to be included from now on. Now we know why. But would still be interesting to hear if it were a success or not even if the results aren't made public.
     
  10. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    at the last minute Dennis Labs researchers determined they hadn't fully accounted for this unusual detection style in the current test, so Webroot's results had to be pulled.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Alas, at the last minute Dennis Labs researchers determined they hadn't fully accounted for this unusual detection style in the current test, so Webroot's results had to be pulled.

    yeah, I think they refer to it as "no detection".
     
  12. tolstoshev

    tolstoshev Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    18
    Location:
    United States
    What FleischmannTV said is correct - we're working with Dennis Labs on some updated testing for Webroot. It's basically the same issue we have with a lot of the older signature-based detection tests, since we work differently.
     
  13. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    This is, unfortunately, an issue that crops up from time to time whereby some users and testing organisations appear to have difficulty in understanding how Webroot technology works.

    I recall Webroot were working with AV-C to produce separate tests, but so far I haven't seen any recent results. It would appear Dennis Labs may have to do the same since WSA can't, in theory, be tested along with other more traditional methods in the same way since it "works differently".
     
    Last edited: Apr 23, 2015
  14. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,968
    Location:
    U.S.A.
    Removed Off Topic Posts. Let's Focus Only On the Topic, and Not Each Other. Thank You!
     
  15. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Excuse me but I don't think I have such a great difficulty in understanding how Webroot works and why it is hard to test them.

    I know they don't have virus signatures and thus they lack the initial high detection capabilities of products with a strong signature based engine / emulator and a malware analyst team with the focus to push out new signatures as fast as possible.

    When Webroot encounters a new process it first checks its MD5 hash against the cloud whether it is good, bad or unknown. If it is bad, it will be blocked right away and this would be reflected in the usual lab tests.

    When a process is unknown on the other hand, several mechanisms come in to play. Firstly, the process is isolated in a way that it cannot compromise your identity and financial transactions. Further all its actions are monitored very closely in order to help in its classification as malware and ,when it has been determined as such, the system is restored to its pre-infection state. These aforementioned mechanisms are not reflected by the major testing organisations and in that way I can fully understand the criticism of Webroot and I even concur with it to some extent. It is indeed unfair to test products in a way that only some can show their strengths, whereas other cannot, period.

    On the other hand some of Webroots arguments are unfair as well. Mainly they point out other products are outdated. Signatures don't provide complete protection, we all know that. Yet somehow this outdated technology gives their competitors a significant edge when it comes to initial detection of malware. Further they try to make it look like the competition is relying only on signatures, which of course is completely false. Behavior blockers can stop malware right after it executes, but before it does any damage, and aggressive reputation systems can even stop it before it executes. Suffice to say these technologies are reflected in traditional testing as well.

    And of course they forget to mention the importance of polished traditional detection mechanisms. Modern malware is able to change itself very slightly so that it is unique on the victim's system. Even Webroot points that out in their own marketing.

    But I dare to say that if your product only checks the MD5 hash of a process against the cloud in order to initially determine whether it is good, bad or unknown, then in terms of self changing malware it will always end up initially as unknown. And when a process is classified as unknown it takes some time for the product to classify it as malicious. In this case it takes much more effort for malware writers to avoid initial detection by a traditional antivirus with a strong emulation engine. Suffice to say that being unique will fool every checksumm scanner and many mediocre AV engines, but good look trying to get that past an aggressive reputation system or a reputation system powered HIPS.

    ---------------------

    Now after these memoirs - thank you for your patience by the way - my initial commentary still stands.

    In the Q4 2014 report Webroot was tested and looked good, so they published it. In the Q1 2015 report they withdrew from publishing their results because the researchers at Dennis Labs supposedly discovered at the last minute that their methodology didn't account for Webroots unique abilities. Thus I ask: Have Dennis Labs dramatically changed their methodology from Q4 2014 to Q1 2015?

    Maybe @si_ed can shed some light on this. Of course I understand that you cannot say anything about internal communication between your lab and Webroot. But please just answer: Have Dennis Labs dramatically changed their methodology from Q4 2014 to Q1 2015?

    Personally I presume they did not, or at least not in a way that it suddenly no longer reflected on Webroot's abilities. My presumption is that Webroot's results where good in Q4 2014 and bad in Q1 2015. Thus they decided to publish the former and withdrew from the latter.

    And, if true, this would be bigotry par excellence from Webroot, in my opinion. I know this may sound inflammatory, but how else should I call it? You cannot use a lab's results for marketing purposes, just as long as they are good, and then suddenly question the methodology as a whole, only because the next test's results where no longer so flattering.
     
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    My post was not directed at you personally; I have amended my post to add the word 'some' to users.

    Over recent years there have been numerous posts on Wilders from some users challenging how WSA functions only to be told they don't understand how it works, which is why I wrote what I did. I apologise if you felt I was singling you out. It was not the intention of the post.

    Just a side note: I have used WSA, and Prevx before that, so I too have some understanding on how it's supposed to work.
     
    Last edited: Apr 23, 2015
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Time needed for detection is linked to how aggressive is the malware, more agressive is the malware faster will be the response and more stringent the sandboxing. I am afraid the details of the engine will need to be disclosed by the developer. They will likely never do this, for obvious reasons. ;)
     
  18. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    I believe you fax. I've always been disappointed that I've never been able to see the product in real action. I can only choose between insufficient official testing and insufficient YouTube Videos. The latter are plagued by the fact that there is no aggressive malware, almost only junk files and adware, never ever actual ransomware, hence no suspicious behavior to detect.

    Truth is, I actually want to believe, because Webroot does so much right in my opinion. No overzealous activity on the file system, no ridiculous http scanning :gack:, among many other things. But since I can neither rely on official nor unofficial testing, all that is left is the marketing and I am allergic to AV vendor marketing in general, not Webroot's in particular.
     
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    I can only speak by my experience that is: you need to try it on a real environment.

    I have several installations that I follow via the webroot console since several years and I had only a couple of occasion of adware that I simply managed to resolve remotely by forcing scans and increasing the level of protection. Never got any infection anymore, other security tools before failed miserably especially for clueless users clicking on everything.

    So believe it or not with WSA you cannot use a test in support of your choice as there are only very few test been published. You need to test it yourself. :)
     
  20. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    has anybody tried just installing and using it(webroot)in the kind of hostile environment that causes most pc's to be infected,dodgy cracked software,free porn sites,opening attachments in bogus emails? etc,if so how did/does it cope?
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    There are many members (most of them savvy) who use Webroot without any criticism, therefore its efficacy is proven at least at Wilders which should be a good certification for it. I feel a bit hesitant however, when you say "you need to test it yourself".

    How? By using it I suppose, and if your system remains pristine, it means that Webroot works. This could be true for any AV, I've been using Avira for 8 years, never got infected while browsing and never got a detection except rare warnings of suspicious websites by the the Web Protection which were most of the time FPs.

    I also have 2 old machines without an AV which have never been infected. The bottom line is that it is a relative conclusion to say, try it and if you don't get infected it's a keeper. Webroot should find a way to be tested by professionals for the capabilities it claims to have.
     
  22. m0unds

    m0unds Guest

    yes, and it works fine. my brother in law and father in law have both been running secureanywhere on their respective pcs since the end of last year (prev product was vipre IS). both of them are click-happy computer idiots (covering the cracked software, porn and "free movie" genres of infection vectors). both machines have remained infection free. this is good for lots of reasons, the most selfish of which is that they don't bother me to fix their pcs. i think that the web shield has been blocking most of the threats before they're downloaded, as i have only occasionally seen malicious stuff removed via the web based console.
     
  23. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,082
    Location:
    Netherlands
    I used to have an everlasting trial :D which ran on my wife's laptop (simple dual core E4600 Lenovo).

    I replaced it, because she had got a new work laptop causing her own laptop suddenly to seem slow. So I replaced her 250MB harddisk with a 1TB Hybrid. WhenI reïnstalled my prevx4 pre alfa everlasting lisence, it started to cout down from a one year lisence. So next year I have to decide what to do, because WSA really is a smart HIPS/sandbox dressed up as a silent and user friendly antivirus. Especially for people who buy a lot of stuff on the internet, I don't know of a better solution.

    I did not mind that it scored low/awfull in tests, I had played with it in the pre-alfa PrevX4 stage and its effectiveness has only been equalled by DefenseWall. All of my tweaks are default settings now and the auto-reverse infection has been automated also (no need to get scripts from support as with PrevX4 days).

    Regards Kees
     
  24. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I remember that keycode and if you even did a clean reinstall it would stop working and if you were part of the Beta Group back then you should of gotten a XXXX-BETA-XXXX-XXXX Keycode as we all got them and Nic the Webroot Community Manager continues to add time on to it! Kees did you ever get that keycode? If not send a PM to Nic: https://www.wilderssecurity.com/members/tolstoshev.139981/ as he has the old list and can check with the email address you used from back then.

    Daniel
     
  25. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,082
    Location:
    Netherlands
    Thx, I have enjoyed for nearly five years a free WSA.

    Regards Kees
     
Loading...