STV's Webroot SecureAnywhere Basic Evaluation

Discussion in 'Prevx Releases' started by STV0726, Dec 14, 2011.

Thread Status:
Not open for further replies.
  1. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    As I introduced in the "Good News..." thread, I have received permission to post this rudimentary assessment I have documented in PDF form of Webroot SecureAnywhere.

    I am a very detail oriented person and I wanted to document the details, not just the detection rate or conclusion. I have also formulated my own basic scoring system I shall use in future tests.

    DISCLAIMER: I am of course just one individual, independent tester, and my testing system was fairly limited. I hereby do NOT claim, nor will I ever claim, to have the same degree/potential of reputability and/or reliability that large, 3rd party organizations such as AV-Comparitives or AV-Test does. These are preliminary test results and should not be used by themselves as justification to form a conclusion about the effectiveness of Webroot SecureAnywhere as a whole.

    As a side note, I post these primarily for the benefit of the community, as well as to assure myself of the effectiveness of Webroot SecureAnywhere. There have obviously been some conflicting results being shared on these forums, but you all seem to want to consider all results, not just ones coming from known reputable associations, so I therefore share mine as well.

    Important Amendment: In the introductory explanation the text explains what I denote a "1 point" determination versus a "2 point" determination of an infected file. There was one case in the actual results, however, that I gave Webroot SecureAnywhere 2 points in a circumstance that resembled 1 point due to the way it was detected in my results.

    Linked below is the PDF. Feel free to ask if you have any questions. Again, these are preliminary results and are not intended to replace (nor hold anywhere close to the same weight of) official test organizations' results!

    Thank you for reading.

    Click here to view the PDF report.
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Good work, thanks! :thumb:
     
  3. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    OK. Granted.

    But as a non-savvy end-user I find these kind of detailed notes, on exactly how WSA behaved in the face of different items of malware, a lot more useful than just a table of stats/results such as this report. In fact, to be frank, and I may find myself in a minority of one on this, I find your one-man report in many ways more helpful than all the WSA reviews I've read so far. This because it's giving me much more detail on how you conducted the tests and how WSA interacted with the malware.

    And it seems to confirm my gut feelings about Prevx/WSA, based on five years' experience of the programme, that it does a (Edit: far) more effective job than other programmes I have tried.

    OK, your evaluation is not as comprehensive as the professional reviews, but it does help me understand exactly what you did and how WSA behaved. Personally, I think all AM reviews should have detailed notes such as this attached. It would make them much more credible.

    In particular, I would really be fascinated to see notes like this attached to the latest MRG report on WSA (and all their reports). Are you listening, Sveta??

    Thank you so much, STV :D
     
    Last edited: Dec 14, 2011
  4. james246

    james246 Registered Member

    Joined:
    Nov 5, 2005
    Posts:
    80
    This is a very impressive result
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ STV0726

    Hi, always nice to see different tests :thumb:

    1 - So does this mean Only IE8 was protected by SB & not the rest of your comp ?

    2 - If the rest of your comp wasn't protected by SB, how did you protect it ?

    3 - Also how did you Totally clean up, & ensure that Nothing had survived ?

    Regarding allowing up to 30 mins for WSA to detect etc. I feel this is too long, as a Keylogger etc could have done it's dirty deeds well before then.

    TIA
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    If the method of infection was by visiting malicious links via a sandboxed browser,then the rest of the system will be protected automatically.
     
  7. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    It kinda makes sense to me. SpyEye intentionally delays fully-malicious activity in order to evade initial heuristics checks. The ongoing monitoring that Webroot performed caught it when it stopped pretending to be a good guy. I would expect that a keylogger that took action much more quickly would be caught more quickly.

    So the 30-minute window allows for advanced monitoring and heuristics to see what's going on. That is how new things get caught. :)
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The Identity Shield components of WSA would have prevented the keylogger from getting any personal information anyway so I don't think this would be an issue.


    Thanks for the testing, STV0726 :thumb: It's always helpful to see the results from a live user!
     
  9. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Thanks Joe as well as everyone else for reading! I am flattered that you all appreciate my results but do remember they are preliminary. I am working to re-test the product once a gain using a sandboxed administrator account to achieve a more "real world" setup.

    I am so surprised that Mr. Neil Rubenking referenced my results (Thanks Joe) in a response post he made to his tests on behalf of PCMag. Link here.

    Thanks again for the kind regards and look forward to more results! I am working on getting my own test machine as I am very interested in becoming a malware tester myself.
     
  10. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    I was very, very thorough in my disclaimer statements in the original post, for better or for worse, but, I still am going to have to officially denounce this test...

    In respect to the forum rules, which I was sadly ignorant of (my own stupid fault) at the time, and in respect to LowWaterMark (administrator), I have to ask everyone reading my results to please not consider them "meaningful" or any valid/reliable means of determining product efficacy.

    Even though I was oh so careful to document everything, provide a detailed disclaimer stating what my results were not meant to be used for, and send all missed samples to Webroot, I still should not have posted those and for that I sincerely apologize.

    Being that what is posted is already posted, I will say that if readers ignore the "scoring" portion of my PDF report, you can perhaps use my report simply to conclude that Webroot offers a functional product. In other words, perhaps you can think of my test as an extended EICAR type of test, rather than a detection rate efficacy test. I cannot go into your minds and force you to forget that I posted these results, but I do want to cover all bases and reiterate my original disclaims which state that these results cannot nor will ever be relevant.

    I have been becoming less and less fond of home-grown malware tests lately, even when posted by technical savvy people. Yes, the worst are the YouTube ones where you have no idea how they have prepared the machine and only what you see is what you get. But with that being said, any home-grown test publishing is against the global rules at Wilders. And for that reason, I denounce my findings.

    I apologize again. Thank you for reading anyway!
     
    Last edited: Jan 24, 2012
  11. d0t

    d0t Registered Member

    Joined:
    Apr 23, 2011
    Posts:
    181
    STV0726, thank you!

    It's good to see a "real user" test. I'm very sorry if it hurt any Wilder's rule, but I'm sure you didn't do it on purpose. :)
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Well, "denounce" is a rather strong word which I don't think is necessary under the circumstances, but your desire to clear and honest is appreciated.
     
  13. superssjdan

    superssjdan Registered Member

    Joined:
    Dec 11, 2011
    Posts:
    148
    Location:
    USA
    You shouldn't apologize for anything especially given your intentions.I put very little stock in most testing as there are way too many variables from machine to machine.no testing will ever replicate what one might encounter on their machine.While input from testing organizations can be useful,that is just 1 persons experience.I would rather glean what i need from body of reviews and more importantly other user experiences as alot of testing can and is rigged.WSA complete works for me and i don't need a test to tell me.I've used Norton,Kaspersky,PC Tools,Old Webroot and i can honestly say this is the best piece of security software i have ever used by far.I would certainly hope more people give this software a try.The more people in the cloud can only benefit the rest of us.To end it i would just say that the best protection is a little common sense on the users part.Common sense+ WSA=secure,smoothly running pc.
     
  14. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    Very well put sir, and my sentiments exactly! :thumb:
     
Thread Status:
Not open for further replies.