Security for Everyone Reviews Webroot

Another individual (who happens to be the owner and chief editor of 7tutorials) has reviewed Webroot SecureAnywhere Essentials recently and is advising people who follow his site to "stay away" from it...

...owner and chief editor...you'd hope someone with that title would have a bit more awareness...

Although amazed by the installer size, and the memory used being lower than any other suite this person has tested, not to mention the fast scan time, he was not impressed with the protection.

He claims to have filled a USB with malware, scanned it, and Webroot detected and cleaned everything; but when he unplugged it from the Internet, Webroot found nothing.

He also claims that Webroot is not suitable for advanced, power users, because it is not configurable enough. And, he is upset that Webroot offers no way to exclude files from detection.

Now as you probably know all of the above complaints are non-issues, and those features all exist! Furthermore, Webroot has advanced, intelligent heuristics that would have caught all that malware if he actually executed it. He acknowledges that it is a cloud product; then he knocks it for not detecting dormant files when the Internet is disconnected. Are you stupid?

Webroot isn't configurable enough? Wow. Compare Prevx 3.0 to WSA and tell me that again. Look at all those settings you moron! And you CAN turn off automatic malware remediation in the real-time shield settings!

And PC Security > Quarantine > Detection Configuration. Are you stupid? Care to fully explore a product before you right an extensive review on it?

And to top it off, towards the bottom, he claims AV-Comparitives was going to test Webroot but didn't publish their results because of "issues with their cloud"...is he making this up? I certainly did not hear anything about this. I was under the assumption that Webroot will have detection results in the next AV-C test round.

Perhaps the only thing of real concern in his review is that he claims he pre-infected himself with a particularly nasty rogue antivirus, and Webroot failed to detect let alone remove it. Of course, he provides no details of which incarnation of this rogue he used, nor if it was a zero-day version or not.

I thought I should debunk this before someone posts this and gets everyone worried that Webroot didn't perform well in this person's "test". I'm going to go to Home Depot and buy some weed killer spray to stop these home grown tests.

http://www.7tutorials.com/security-everyone-webroot-secureanywhere-essentials-2012

Read with a grain of salt and a bag of popcorn as it's mostly entertainment since almost everything he says is wrong information.

Bottom Line: Part of reviewing a product CORRECTLY is to spend some quality time with the product and get to know it, like it is your friend. This is what really separates Matt Rizos from the rest of the online, individual testers. Obviously, this guy who reviewed Webroot here did NOT spend enough time to even learn the basics of the GUI. This to me alone makes this review invalid.

 

Happened to take a look at a look the site and this guys reviews,and there is no doubt in my mind that this person's reviews should not even be given a second thought or first thought for that matter.Very poorly written reviews(maybe he's 12 years old) across the board.They all sound made up to me.No real documentation or anything.Seeing his best of list was a bit of a joke.I somehow doubt he has anything more than minimal knowledge.Fortunately,webroot users know what WSA can do firsthand.Very much looking forward to the future as WSA continues to get even better build after build.

 

Some one should give him a spelling lesson as well,I thought Customisation was spelled Cutomization. Debunkit is correct for a loser review.

 

I have to agree. The reviewer very accurately displays zero understanding of basic concepts such as "real life use" (How many people unplug from the internet, then stick a USB drive full of malware onto their system?), accurate testing, and various other things. His failure to understand the firewall system does not make it Webroot's failure to make a good firewall system. His failure to understand remediation (and the fact that a free message would get his fake AV cleaned off by hand by Webroot), and his failure to understand the reasons behind certain things does not mean anything other than a lack of research and accurate reporting. It simply shows an appalling failure on this person's part. Were it a random reporter, I'd have more faith in the site, however that being the editor simply means that I can't reliably refer anybody to that site.

"Customisation" is the European English spelling, by the way. The Z is used in US English.

 

I didn't know that European english spelling was different.Thanks for the education,learn something new everyday - so they say.

 

Hey everyone,

Thanks for the responses.

Yup...just wanted to share my feelings on this guy's "test" (or lack thereof) in an attempt to debunk it before some "scientist" who wants to "consider all test results valid regardless of the source" posted the URL, causing unnecessary fear/uncertainty/doubt.

Another thing that cracked me up about this guy is he kept mentioning that "this is just a cloud product." LOL...

Did he not notice "behavior shield"? Guess not. We already know he failed to go through all the settings so he likely glanced over the "heuristics" settings too!

And just for the record, this is the way heuristics works, at least for WSA...

If the cloud is connected, it can clearly identify files it knows about instantly.

If the cloud is not connected, it uses advanced heuristics solely, but it by default bumps them up. If any threat tries to execute, it must deal with WSA's heuristics. Even if it is not a known threat, WSA will automatically place the unknown file in "monitor" mode, preventing it from doing any harm to your system and allowing for rollback on any changes it makes. But you likely will not see a prompt for this - it is seamless and automatic. So, yes, he fails to understand and counted that as a fail on Webroot's behalf, which was stupid on his part.

Think of it like this (sorry, EDU major here)...

If the cloud is offline, it's like a teacher. A teacher can't yell at a kid for misbehaving until he starts misbehaving. That's how behavior blockers work. The threat needs to execute (or in WSA's case even better: pseudo-execute) before it can catch it based on its behavior. That should be common sense.

I agree with you all above - you guys are right on.

 

The AV-Test Jan/Feb 2012 test results will be published this Friday.

 

Wow what a response to just one of hundreds of half baked reviews out there.

There are so many poor reviews about I can't see why this one attracts such vitriol. Take a look at Languy I don't think he's ever seen the products he tests (other than Comodo of course).

Unless of course the reaction is because it's about your beloved product. You really need to chill guys it's a security product not one of your children he doesn't like.

Interested in what AV-Test and AV-C say. Webroot is generally ordinary in basic OD tests and no better in dynamic testing either from what I've seen. I guess if its not to your liking we can look forward to more enlightened debate about the stupidity of the tester.

Cheers

 

by chris1341:

But this is no ordinary Webroot software, it's a new and totally different product, in reality it's Prevx 4.0, and hasn't yet been tested extensively. Give it a spin, and see what you think perhaps?

 

Chris,

If it helps, we don't care what product some half-baked review comes out for. If the review has a gooey, undercooked center, the review is craptastic, no matter what the product is.

As to "Official reviews" and Webroot, in my 17 years in the security industry, I've moved beyond the numbers. Simply put, nothing is perfect now. So it's not the 97% of stuff they catch, or 100% of 6-month-old stuff they catch that matters. If SomeAV catches more than Webroot, I'll use them BOTH. Then the important thing is that when SuperVirus gets in past both of them, Webroot gives me capabilities and direct personalized-to-my-system-and-infection help to get rid of it. This is compared to the "broad-spectrum antibiotic" method of CF (and hope your computer survives) or throw stuff at it and see what sticks capability and assistance from other companies.

Since I can get a brand-spanking-new, custom-written, not-from-a-kitchen Ransomware item that -NOTHING- detects... then contact Webroot and say "Hey, I've got this virus"... and have them say "Ahh, yes, you are the only one who has ever gotten this, but we can see it right here on your system", make a change, and within five minutes, SecureAnywhere pops up with acknowledgement of the infection, then removes it 100%... Well, I happen to like this. And contacting Webroot is only needed if I can't get the client up and running to click a button and kill it myself.

But yeah, I rant at bad Amazon.com reviews of Turkey Pans. So heh.

 

And what, if, the article is actually correct. I have seen nothing to say otherwise.

 

I beta tested the product, I have a 5 user licence and use it on older machines with limited resources. I use it because it's so light.

Like the other products I use I test it extensively with real malware and my findings match with MRG's (missed 23 out of 50) and AV Test- ordinary (16 out of the 28 tested had better detection). Let's see what AV-C say.

The point of my first post was you're allowed to disagree without, the what I consider, over reaction displayed here.

You think it's great - good for you. I like it but don't mind when others don't - whether they are 'stupid' or not.

Peace

 

ot posts removed

 

No problem, you know it very well then, and how it's being actively developed. In fact, I agree with a couple of things the reviewer said (e.g. that scan scheduling should have more features, and that there should be an offline manual available (in the pipeline I think), and that there should be more
info about firewall) but some of what he says is ridiculous e.g. that it doesn't have a lot of configurability to suit geeky advanced users.
I remember something STV0726 said to PrevxHelp sometime back, in that it was possibly released a bit early, and I agree.
But for myself, the "proof of the pudding" will come when we see a few more tests e.g AV-C, and if it kept performing badly, then eventually I would drop it.
Cheers Chris,
Dermot

 

Let me clarify (which I should have from the start) why I made this post:

1. Because this is not an ordinary "YouTester" review that people now (hopefully) know by default to take with a grain of salt. This is from a website that many respect and visit and I felt they should be held accountable for their poor, frankly stupid testing methods (or lack thereof). And Chris if you want to say I'm using "stupid" as a fallback because I love WSA, I'm not, because I wouldn't trust this guy's tests for any products. For example, he advises that McAfee is bad. Hey I agree with that, but I wouldn't trust HIS review of it due to his lack of scientific, carefully documented procedures and apparent failure to understand how AVs work.

If someone wants to make a general statement that they don't like WSA, fine. I probably wouldn't even comment. It's when they publicly advise others to avoid it without proper evidence that I take an issue with it.

2. I am without a doubt a WSA fan. But I am fair and I stand for user education more than ANYTHING else. I have been defending Webroot more than other AVs not because I love them so much, but because it is so new that most of the data people are posting and judging it based on is coming from questionable/invalid testing bodies.

Furthermore, I extend Webroot the benefit of the doubt and I give them until the .150 versions to have any "detection oddities" sorted out. I have high hopes that we'll see a 5 or a 6 on protection for Webroot on these AV-Test results, but if not...

Total spent for 3 years of protection: $15

Cost of remote tech support fixing a failure to remove : $0

Near-zero impact on performance: Priceless and almost unprecedented

Knowing these testing bodies test on defaults and I use all max so I wonder what it would catch then: Intriguing.

Will I be disappointed? Yes. But again, I have high hopes.

 

Thanks Dermot, I guess such passionate defence (as in this instance put forward by STV for WSA but could anyone for any product) always makes me a little suspicious of fanboyism particularly in cases like this one where really the jury is still out.

I do recognise the achievement that is WSA. To deliver so many features with so little system impact is remarkable and the quoted reviewer obviously did a poor job but you're right there are some valid points and we miss the opportunity for improvement if we simply dismiss what we don't want to hear. True in life never mind security software IMO.

Cheers

 

Understood, thanks for the clarification. Sometimes we all need to get things off our chest. Let's leave it at that.

Cheers

 

And I am not a fanboy...even Joe can attest to that.

Have you seen my loud and long complaints about the way WSA saves your configuration exports?

I have several things I have suggested to improve Webroot, mostly setting/GUI related. I am open to others' as well.

But much of the negative stuff this guy says is already in the product, he just failed to see it/understand it.

 

Hey I'm a fanboy But really Reviews you take them all and put them in a bag and you pull one out the best is a guess! And test results will get better in time as WSA is growing still as there are many releases that are always in house and we don't even see, I would say that the 8.0.2.xxx series will bring the big steps for WSA and from now 8.0.1.158 Closed Beta till then well I can only speculate! Give it a year of Testing from the Qualified testing Organizations such as AV-Test, AV-Comparatives and Virus Bulletin then we can see!

TH

 

By the end of the year we'll see where WSA stands when all the Organization tests have been done

I think WSA will do just fine

 

I was jokingly 'threatening' that WSA better be a top performer in the NEXT tests, and Joe said "we will be "

 

Why post links to reviews you dislike, surely better to post links to reviews you find to your liking ?

 

Of course I'm going to post the link to any review I am referring to, whether I like it or not. Why would I comment on a review and then make people find it themselves?

I wanted to basically "debunk" this review or at least "cut it down to size" so someone else doesn't post it thinking it's a "real test" and cause FUD.

 

I found the Quote from Joe that I was looking for!

TH

 

I think one of the things that people object to in the reviews in question is that a lot of the review methods are similar to saying "Look, this car sucks! I took it and drove it over a bunch of potholes and nails at 50 MPH and the tires went flat and the alignment went bad, so obviously they are giving us a poor quality product."...

Like I said, what person who has this product is likely to disconnect from the internet and put a USB drive full of malware on their system? Why not test traditional AV by saying "So I figured that since they are definition based, I'd see what they did if I deleted all their definitions. So I booted to Linux, deleted all their definitions, and then disconnected the network so they couldn't get the defs back. They didn't find anything at all when I did that." XD