SecureAnywhere!

I hope this will do

Here is a video of the rollback function....

"What Happens if Webroot "Misses" a Virus? - Webroot SecureAnywhere"
-http://www.youtube.com/watch?v=uKMZ1Ukw_7I&feature=plcp

 

He will come back saying its not valid since its coming from webroot... no way... its a lost battle.

 

Maybe ....but we should "settle down" a little so the thread can stay open

 

BTW, I hope they will include the rollback function in the Mac OS X version too

 

Yeah, looking forward to the MAC version too and I hope it is the same approach as WSA!!!

 

LOL. The crap coming from you two is unbelievable.

Do you not understand how a signature database works. If it isn't detecting the samples then it will not pick them up while executing them, Which means you are allowing malicious code to run. Do you know how bad this is?

Even with a rollback feature the damage is already done because who knows how long you will have to wait until the database is updated to fix the malware.Your bank details will already be gone.

How much proof do I need to show? I've got more if you want it.

But you just dismiss everything. DENY DENY DENY. You two sound like a broken record.

I really have nothing against Webroot, i even own a license. But the FUD coming from them and you two is not reality.

 

All the points have already been explained including damage/updating (i.e few minutes to few hours for samples first/last seen only in AV-comparatives). We dismiss nothing, you need to learn to read. Stop trolling and since you have even a license, check it yourself!! Is that so difficult? You are mute on this point. Sorry, but the FUD here comes from you not us. Amazing

 

So youtube tests are only valid if they show Webroot doing well. Come on.

 

I'll say a few good things about Webroot just to show I'm not biased or trolling.

The clean-up tool is by far the best cleaner tool I've seen in AV's. It get's rid of a lot of crap like TEMP files, browser files and so forth. Honestly this leads the pack.

The identity shield is pretty good, it's by far the best part of the Webroot package. I'm unsure of some of there claims like protecting from MITM attacks but overall I would use it if it was a standalone application.

But my other points are still valid, the detection rate and allowing malicious code to run are not good and need to be improved.

 

But it is a standalone app. So I guess you could use it.

 

I would be with you on this if there were consistent results across different test organisations. This is not actually the case as, for example, WSA results in AV-TEST organisation are actually very good and above industry average for most criteria used.

If you don't want to look biased you should at least take all the reputable evidence out there before coming to certain conclusions.

Finally all the quoting done up to now are based on "tests"! The real strength of WSA have been demonstrated by the millions of users out there using it with only few cases of failure (would be suspicious otherwise as there is not tool that can cover 100% of what is out there).

Have you been infected by malware during your use of the system with WSA? As licensed user you can bring your experience providing evidence on real cases during day to day operations. This would be much more interesting that accusing others of FUD or keep repeating the same concept.

 

Nothing is being solved here. ComputerSays is determined to disagree with anything and anyone concerning Webroot. Just let him be, there is no point wasting your time...

 

Oh well......let's move on shall we.

 

ComputerSays,

If you believe SecureAnywhere is not a good product, then DON'T use it or run it in conjuction with another product that you do trust.

Several of us are using other security software along with WSA for a more "layered" approach to security. Personally I am running WSA Essentials + MBAM Pro + PrivateFirewall on my five systems; regular scans with HMP and other products always show the same thing: 0 infections.

 

kdcdq, I am with you on that. As you know I have in the past run KIS & WSA layer (and complementing each other) with no breakthroughs by nasties of any type. I also on demand scan with MBAM & SAS.

Personally I believe that the layered approach is the way to go as NO one solution is 100% perfect or secure...and WSA in the 'layer' is a good start.

Balders

 

0.5-120 minutes in general, seven minutes on average across 50 positive results. Don't like waiting? System Controls and kill it yourself if you like.

Running malware couldn't capture the bank details. Keystrokes were not recorded, screen capture failed, memory modification of the browser failed, DLL injection failed, network capture failed. Bank details stayed safe despite the actively running threat machine code.

Tracked down the "malware" from some of those homegrown tests. Tested 50 samples on a debug box. Hardware configuration, in general: Hardware debugger attached, computer booting a completely normal environment from an SSD (Reimaging takes under 2 minutes), so it doesn't "look like a fake computer that the malware shouldn't give away any stuff on" (for VM-Aware and Sandbox-aware malware).

Detected by over 15 scanners on VT: 49/50
Code executed: 12/50
Code actually created a persistent and operating infection on the machine: 7/50
Persistent infection successfully performed malicious activity on the machine or across the network: 4/50 (One was TDL. XD )

Where are they getting these "malware" samples from? Bunch of broken junk that won't run or work. Maybe the rest of the ones I didn't test worked better? I even took off the hardware debugger, just in case, but nope. Same results verified by examining the drive externally.

Broken tests FTW. We might was well say "This thing is supposed to keep pigeons off the roof, but here are photos with BIRDS on the roof!" when those birds are dead or have broken wings and were thrown up on the roof.

Edit to add...
Disclaimer: I was able to track down samples from two of the tests and took a random sampling of 50 from all of the sample files that were theoretically used. There are a lot of considerations with this method as well, for example, a sample may require an EXE and a DLL both in the samples that the dropper would normally pull both down. The file may be a malware item that is highly targeted and does not react to English machines (VERY common), and I did not test on other OS languages or localizations. This should -NOT- be tried at home by anybody under any circumstances (technically not by me either). The actions I took have inherent risks that I am well aware of and accept, including the assumed risks that I am not aware of and accept anyway. A good bit of complex equipment and setup was involved in the testing. This was not testing -any- AV product. No animals were harmed in the testing, not even pigeons, however my cat sat on my lap and purred when I wasn't playing with the hard drive. It was testing whether the Malware used by other tests actually did diddly as opposed to diddly squat. Network traffic was deep inspected; a failed connection to a non-existent server was not counted as working, for example, however consideration was given to apparently-potentially-polymorphic domain lookups that could be time-driven and may connect the next day even if today failed. An example of a common "ran but failed to create a persistent infection" situation was "Dropped a file somewhere, put a run key in the registry, and the run key pointed to the incorrect location, thus causing the malware to not run." It is fully possible that the malware could exploit holes in unpatched or different operating systems that did not exist on the test image. It is possible that the malware may target only specific OS flavors (Bit depth or type, such as XP only, or only 32-bit systems) and fail on the test system. The test image feeds from a normally-patched (Windows Update on Auto, Java, Flash, IE (Default), Firefox, Chrome, Opera, no OEM software, all default update settings for third party software) Windows 7 64-bit system, shut down nightly at 10 pm and started at 5 am, no AV software, defender disabled, UAC disabled, firewall disabled, local CA certificates installed on the system and in all browsers to allow transparent SSL interception and decrypting on the network, including modifiable returns and access to "sensitive" sites (Financial, email, game, etc) as well as passthrough capability . I've already said "Don't try this at home" but I'll say it again: Don't try this at home. The test is only partially representative of the capabilities and operation of the malware samples examined and does not cover the full gamut of potential environments that they could try to operate in, which means that while they failed to run and/or infect in cases on this testing, they potentially may be able to infect on, say, an XP SP1 machine. Of the three samples that persisted and continued to run, there may be a timer function included to not activate until a later or pre-determined incremental or static time, in which case the 15-minute test would not detect the samples performing any malicious activities. During testing, a set of standard "user actions" were taken both before restart for persistence checking as well as after restart: Logged into (and briefly navigated when real) accounts (real or fictitious) on PayPal (R), BofA (F), Chase (F), Well's Fargo (F), BattleNet (R), Guildwars 2 (F), GMail (R), MSN (R), Yahoo (R), Facebook (F), Twitter (F) in Chrome, IE, and Firefox respectively; Loaded, modified, and saved five spreadsheets with trigger words in content and filename indicating sensitivity and related to finances or private information; and downloaded three images, one video, two text files, from a USB stick. Results are not scientifically sound and individual mileage may vary. This test is not designed to cure or treat any disease. Oh, and: Don't try this at home.

 

As usual, excellent post!

 

http://malwaretips.com/Thread-Malware-Pack-211-malware-samples-by-ReviewsAntivirus-InternetChicken

Same result. Why is detection so awful?

 

It's already been explained in excellent manner by Techfox.

As kdcdq already said

Stop trolling around. Help Joe and the Team to improve WSA even more instead of crying out why it's not good. why so bad. why so poor.

 

Amit come on, your smarter than that.

Well..... coming from the people who have publicly said they had Flame samples as early as 2007 I don't think they need any more help. How incompetent can you get really...

Even so where are they now then? Vanished without a trace to the safety of their own forum where they can control negative comments by closing threads that's what. No doubt they have been told not to comment any further.

 

Computer my friend all I'm saying is let's take it easy. I'm sure Webroot Team is working on improving detection rates. If we find any tests showing poor results we could post them and ask the Webroot Team to take a look and improve further. No need to continuously batter the product. I'm sure they are working hard.

I know many are frustrated with long time poor detection results. So am I. But we just gotta give them some more time. As I'm sure if they do not improve significantly as they had promised their sales will fall and people will leave WSA. Because there are other products. And Webroot knows it.

And I think as WSA fall release is near the corner, Joe and the others are busy in that. I think Joe will be back here with his clear explanations as he always does.

 

Totally agree with you Amit. But people need to know all the information, not just cherry pick the good bits. Without failure there would be no improvement in society, without criticism companies are free to push what ever they like without being held to account. This go's for all AV's not just Webroot.

 

I have to agree with that. Well go on then.

 

Wait, I think I heard this somewhere...

All this discussion is sadly near to pathetic... I can only see cut/paste of the known, ignore the discussion/feedback and back to the beginning... cut/paste of the known, ignore the discussion/feedback and back to the beginning...cut/paste of the known, ignore the discussion/feedback and back to the beginning

WSA works differently as it is designed differently from standards AVs. This is known since Prexv 2... we are at Prevx 4 now or WSA 8. You cannot expect the same detection of offline sample as live detections. You cannot expect the same detection of laboratory malware, broken marlware or one off sample as other AVs. WSA will probably waste their time to add static signature as much as possible (probably increasing the rate of false positives) to go on pair with the rest of the AVs out there and to look better on tests. But thats not the purpose of the tool (i.e. look better on tests) and does not at all reflets its power. Isn't it CLEAR by now? LoL

Isn't it time to stop the carousel?

 

If you cannot see the reality of the situation then that is your problem. But you are misleading this forum and you are doing a disservice to the wider population by defending a product that does not live up to the PR marketing hype it puts out there.