File-Detection Test September 2012

It's not the same as a system restore. The rollback only reverses the changes that the suspicious file made. This is why everything is monitored - file events, registry actions, and so forth - and is what is meant by journaling.

 

ok thanks for that.
But doesnt this present a danger because how long before webroot detects the suspicious file?
By the time it is detected the file could have done serious harm to the computer.
Ive never used webroot myself and i must be like many others who cannot grasp the mechanics of the program.
Excuse my cynicism but this sounds like closing the stable door after the horse has bolted.

 

What if an undetected trojan has already stolen the user's bank credentials and money in the first place?

 

This is apparently where other mechanisms come into play, such as Identity Shield. There's a video of theirs, which has been posted on here a few times, that shows keylogging functions failing, even while infected in this manner.

However, I think we're in danger of veering off topic here. Users might be best asking these kind of questions in the Prevx/Webroot forum, where I hope this could be explained more fully.

 

Thank you Tony.

Ok, otherwise I would tend to think that Prevx has some sort of "user's insurance" for such contingencies

 

Thats what being professional is all about and how he carry's him self by being polite and respectful.

 

I agree, Webroot/PrevxHelp provide an amazing level of support. Howver, my tuppence worth is that although i am a WSA licence holder I'm not using it just now due to the doubt in my mind about whether the product will detect resident malicious files or not.

Weighing everything up i think i'd rather have an AV with a reliable high level of detection of all malicious files resident, than WSA which has lower detection of reident files *if not executing* at time of scan. I appreciate the journaling facility WSA has, just my preference is to know what is sitting on my machine - even if it's doing nothing at any particular time.

I will keep reading and learning more about WSA, and keep my thoughts under review.

 

Maybe you could do what I do. Have WSA running realtime and use HitmanPro for regular on-demand scans, along with Emsisoft Emergency Kit for the occasional full scan. I then get the best of both worlds; no performance impact from WSA plus extra peace of mind from the others.

It does get a bit boring however when the on-demand scans never find anything

 

Then indeed you should not run WSA has it is not designed for this specific task.

 

I don't have any problem with the Webroot product and understand why they would not test well with this particular methodology. The issue I have is about Webroot being involved in a test which does not accurately measure their product's ability and, in fact, leads to a result with a lot of collateral drama. It just seems like a situation where someone in Webroot marketing, who does not fully understand the test or the product, has final say-so in which tests Webroot is taking part in. And then marketing leaves it up to the developers to explain the test results. That may not be what is occurring, but the perception is that it is a viable explanation.

 

Unfortunately there is no test that fits well WSA and its different way of working. The best test environment are the users running it. Interestingly I have yet to see one here that had serious malware problems with it installed.

 

I thought I remembered the Webroot crowd being ok with their results in the av-test.org july/august 2012 test. Regardless, the explanation you give of Webroot not doing well in tests does not explain why they choose to enter their product anyway. IIRC AV-C used to offer anonymous results and private tests. If they still offer those services it would be better for Webroot to take part instead of getting below market average results and trying to explain that away, somehow.

Thus far I am satisfied with the explanation that some misinformed marketing higher-ups have more say-so in the product than the developers. That seems to be a history of Webroot in a nutshell anyway. Or do you not remember the rise and fall of SpySweeper?

 

Indeed they are. Avira always does well in this type of test, I just wish it improves its dynamic test results. All in all, considering its price, detection capabilities, and system impact it remains my favorite still.

 

I am sure you are right, but one could say the same thing for most of the other vendors. If this is really the case WSA should stop being tested by AV Comparatives as the results will inevitably create a bad image of the software.

 

Actually latest tests are rather positive for WSA (i.e. 99% blocked malware) and dropping from one AV-C test (on-demand) will mean to drop from all within AV-C (e.g. dynamic). I guess WSA, due to its novel design, is under the spotlight both by some users and competitors and any occasion is good to discredit it. That's unfortunately how business works sometime....

 

So what is so novel about WSA? I can't see anything that this software has that f.e. kaspersky hasn't.

 

Well webroot is a lot lighter which is a good start.!

 

The two are radically different from any point of view (apart from the objective - protecting PC from malware). Sorry I can't go into details since, as you know, this violates Wilders ToU. You could start reading at the Prevx section of this forum or from the main webroot web page. The best would be to try it yourself as this is the ideal way to see how WSA works and how it is designed.

 

I didn't ask for too much details and I know that those products are different in many points.
I only want a few examples what is really new and unique in WSA...

 

You actually need some details as the main work does not happen face to the user but in the backyards. If i need to be generic then WSA is completely different (new/unique) from most solutions out there starting from the coding up to the security implementation (host and remote). You have been contributing to this forum since sometime and I am sure if you try it you will notice how different is WSA from the rest out there (user-wise).

 

False positives have never been so deadly. Wait until the new wave of future tech (false positive roll-back). Where your legitimate files get rolled back and you don't even know about it.

 

Yeah i would say that WSA definately looks a dicey option at the moment.
And the threads in this forum do not raise much confidence either plus the poor testing results.
It seems a bad recipe in my opinion but hopefully it will improve.

 

If the detection's were that bad the Prevx Forum here and the Webroot Community Forums and the support inbox would be full of complaints about infections in which they are not.

TH

 

... and we are back to the usual trolling to confirm what i was saying before

 

absolutely absurd.
The facts are clear and yet you call it trolling.