STV's Webroot SecureAnywhere Basic Evaluation

As I introduced in the "Good News..." thread, I have received permission to post this rudimentary assessment I have documented in PDF form of Webroot SecureAnywhere.

I am a very detail oriented person and I wanted to document the details, not just the detection rate or conclusion. I have also formulated my own basic scoring system I shall use in future tests.

DISCLAIMER: I am of course just one individual, independent tester, and my testing system was fairly limited. I hereby do NOT claim, nor will I ever claim, to have the same degree/potential of reputability and/or reliability that large, 3rd party organizations such as AV-Comparitives or AV-Test does. These are preliminary test results and should not be used by themselves as justification to form a conclusion about the effectiveness of Webroot SecureAnywhere as a whole.

As a side note, I post these primarily for the benefit of the community, as well as to assure myself of the effectiveness of Webroot SecureAnywhere. There have obviously been some conflicting results being shared on these forums, but you all seem to want to consider all results, not just ones coming from known reputable associations, so I therefore share mine as well.

Important Amendment: In the introductory explanation the text explains what I denote a "1 point" determination versus a "2 point" determination of an infected file. There was one case in the actual results, however, that I gave Webroot SecureAnywhere 2 points in a circumstance that resembled 1 point due to the way it was detected in my results.

Linked below is the PDF. Feel free to ask if you have any questions. Again, these are preliminary results and are not intended to replace (nor hold anywhere close to the same weight of) official test organizations' results!

Thank you for reading.

Click here to view the PDF report.

 

Good work, thanks!

 

OK. Granted.

But as a non-savvy end-user I find these kind of detailed notes, on exactly how WSA behaved in the face of different items of malware, a lot more useful than just a table of stats/results such as this report. In fact, to be frank, and I may find myself in a minority of one on this, I find your one-man report in many ways more helpful than all the WSA reviews I've read so far. This because it's giving me much more detail on how you conducted the tests and how WSA interacted with the malware.

And it seems to confirm my gut feelings about Prevx/WSA, based on five years' experience of the programme, that it does a (Edit: far) more effective job than other programmes I have tried.

OK, your evaluation is not as comprehensive as the professional reviews, but it does help me understand exactly what you did and how WSA behaved. Personally, I think all AM reviews should have detailed notes such as this attached. It would make them much more credible.

In particular, I would really be fascinated to see notes like this attached to the latest MRG report on WSA (and all their reports). Are you listening, Sveta??

Thank you so much, STV

 

This is a very impressive result

 

@ STV0726

Hi, always nice to see different tests

1 - So does this mean Only IE8 was protected by SB & not the rest of your comp ?

2 - If the rest of your comp wasn't protected by SB, how did you protect it ?

3 - Also how did you Totally clean up, & ensure that Nothing had survived ?

Regarding allowing up to 30 mins for WSA to detect etc. I feel this is too long, as a Keylogger etc could have done it's dirty deeds well before then.

TIA

 

If the method of infection was by visiting malicious links via a sandboxed browser,then the rest of the system will be protected automatically.

 

It kinda makes sense to me. SpyEye intentionally delays fully-malicious activity in order to evade initial heuristics checks. The ongoing monitoring that Webroot performed caught it when it stopped pretending to be a good guy. I would expect that a keylogger that took action much more quickly would be caught more quickly.

So the 30-minute window allows for advanced monitoring and heuristics to see what's going on. That is how new things get caught.

 

The Identity Shield components of WSA would have prevented the keylogger from getting any personal information anyway so I don't think this would be an issue.


Thanks for the testing, STV0726 It's always helpful to see the results from a live user!

 

Thanks Joe as well as everyone else for reading! I am flattered that you all appreciate my results but do remember they are preliminary. I am working to re-test the product once a gain using a sandboxed administrator account to achieve a more "real world" setup.

I am so surprised that Mr. Neil Rubenking referenced my results (Thanks Joe) in a response post he made to his tests on behalf of PCMag. Link here.

Thanks again for the kind regards and look forward to more results! I am working on getting my own test machine as I am very interested in becoming a malware tester myself.

 

I was very, very thorough in my disclaimer statements in the original post, for better or for worse, but, I still am going to have to officially denounce this test...

In respect to the forum rules, which I was sadly ignorant of (my own stupid fault) at the time, and in respect to LowWaterMark (administrator), I have to ask everyone reading my results to please not consider them "meaningful" or any valid/reliable means of determining product efficacy.

Even though I was oh so careful to document everything, provide a detailed disclaimer stating what my results were not meant to be used for, and send all missed samples to Webroot, I still should not have posted those and for that I sincerely apologize.

Being that what is posted is already posted, I will say that if readers ignore the "scoring" portion of my PDF report, you can perhaps use my report simply to conclude that Webroot offers a functional product. In other words, perhaps you can think of my test as an extended EICAR type of test, rather than a detection rate efficacy test. I cannot go into your minds and force you to forget that I posted these results, but I do want to cover all bases and reiterate my original disclaims which state that these results cannot nor will ever be relevant.

I have been becoming less and less fond of home-grown malware tests lately, even when posted by technical savvy people. Yes, the worst are the YouTube ones where you have no idea how they have prepared the machine and only what you see is what you get. But with that being said, any home-grown test publishing is against the global rules at Wilders. And for that reason, I denounce my findings.

I apologize again. Thank you for reading anyway!

 

STV0726, thank you!

It's good to see a "real user" test. I'm very sorry if it hurt any Wilder's rule, but I'm sure you didn't do it on purpose.

 

Well, "denounce" is a rather strong word which I don't think is necessary under the circumstances, but your desire to clear and honest is appreciated.

 

You shouldn't apologize for anything especially given your intentions.I put very little stock in most testing as there are way too many variables from machine to machine.no testing will ever replicate what one might encounter on their machine.While input from testing organizations can be useful,that is just 1 persons experience.I would rather glean what i need from body of reviews and more importantly other user experiences as alot of testing can and is rigged.WSA complete works for me and i don't need a test to tell me.I've used Norton,Kaspersky,PC Tools,Old Webroot and i can honestly say this is the best piece of security software i have ever used by far.I would certainly hope more people give this software a try.The more people in the cloud can only benefit the rest of us.To end it i would just say that the best protection is a little common sense on the users part.Common sense+ WSA=secure,smoothly running pc.

 

Very well put sir, and my sentiments exactly!