Webroot SecureAnywhere differences from traditional security suites / offerings

Discussion in 'other anti-virus software' started by mitsu3kgtsl, Nov 18, 2013.

Thread Status:
Not open for further replies.
  1. mitsu3kgtsl

    mitsu3kgtsl Registered Member

    Joined:
    Aug 25, 2006
    Posts:
    25
    I've been creeping Wilders and various other security sites for around a decade now, and consider myself relatively well versed in security offerings / performance test results, etc. My question is, due to WSA's unique techniques in preventing infections and protecting the users of their software, it's hard to compare and analyze where they stand compared to traditional suites or stand alone antivirus/antimalware packages. I've been using Kaspersky IS for several years coupled with several other resident, on demand, and hardening tools for my layered setup. So... my two questions are..

    1. How does WSA performance on all levels compared to a traditional suite such as KIS 2014, or other highly rated suites, or even stand-alone AV's for that matter?

    2. Is WSA a full fledged suite with Firewall protection, some form of HIPS protection, etc., or is it closer to a stand-alone Antivirus/antimalware offering?

    This isn't meant to be an A vs. B thread, I'm just having a hard time finding threads with any type of info on how well WSA really performs. I noticed a lot of Wilders users seem to have a lot of faith in WSA coupled with other hardening tools such as AppGuard, etc., so I would like more info if anyone knows the product really well. Thanks in advance for any insight that can be offered.
     
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    You'll find a lot of threads re: WSA at this forum: https://www.wilderssecurity.com/forumdisplay.php?f=105

    That forum is titled Prevx Releases, but don't let that put you off. Webroot acquired Prevx in 2010, and WSA is essentially Prevx 4.x, and beyond.
     
  3. mitsu3kgtsl

    mitsu3kgtsl Registered Member

    Joined:
    Aug 25, 2006
    Posts:
    25
    Excellent, thanks for the info. Maybe this is why I'm having a difficult time in my search. I use to use Prevx several years ago, it replaced BOClean for me when BOClean was aquired (by Comodo I believe?) however can't remember the reason it was replaced or dropped from my setup. Thanks, I'll dig deeper, in the meanwhile if any has any additional insight to add regarding my original questions, the info would still be much appreciated. :D
     
  4. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    Also while informing don't fall for the marketing.
    Read what WSA offers in the cloud and local and than compare: what oft that f.e. KIS offers not, but what of that f.e. KIS offers more. I for myself can't find anything really unique in WSA - expect their marketing.
     
  5. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    410
    Location:
    USA--Colorado
    Then, I would have to say that you didn't look very hard. WSA is quite unique. Let Webroot themselves explain how they are different:

    Taken from this page: http://malwaretips.com/Thread-How-WSA-works

    Also, feel free to Google something like "how WSA is unique".

    P.S. If you check out the link posted above, you'll read several other ways that WSA is unique.
     
  6. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    So than test yourself, or google and explain what f.e. SystemWatcher of KIS does different...it also monitors and allows rollbacks...
    The other points in linked thread I won't comment here, cause it's not an A vs B. , but I can find an equivalent for every thing of that in f.e. KIS.

    btw.: I don't say good or bad to webroot - no I say "good marketing - but nothing unique apart from that"
     
  7. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    I know Webroot puts unknown/possable malware in a user folder and leaves it there until it tries to make changes that might harm your machine. How long it will leave unknowns in a user folder, I don't know. Anyone know?
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    As long as the unknows will do nothing on the system. :)
     
  9. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    OK, good to know. Cheers.
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    WSA roll back is far more advanced than the one in KIS it even includes the replacement of key structural files directly from the cloud (e.g. system files), this is not possible in KIS. Even if we disregard the differences, the same function in both products is achieved in WSA with a fraction of resources. :)
     
  11. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    828
    Location:
    Ireland
    I wonder if the new Norton is as good at roll back as Webroot SecureAnywhere.

    https://community.norton.com/t5/Nor...with-new-features-of-Windows-8-1/ba-p/1014697
     
  12. mitsu3kgtsl

    mitsu3kgtsl Registered Member

    Joined:
    Aug 25, 2006
    Posts:
    25
    Awesome insight and info in this thread so far. Just what I was looking for. My biggest issue here is that despite years of researching and being able to understand security software test results, analysis, terminologies, etc., I fall short on the testing ability myself, so I heavily rely on what is evaluated by others (such as members of Wilders and non-biased review sites, etc.)

    However, as mentioned by another member above, I see how many people put their trust and faith in WSA (which obviously must mean something given the higher than average aptitude of Wilders' members) and despite reading above 0-day prevention methods and other techniques used by WSA to fight malware, I was also under the impression that many other software packages and suites applied shields in similar fashions (in current security software at least). It seems heuristics is their uber-strong point (although i could be wrong, this is just what I've interpretted thus far), however having a good suite such as my current (KIS 2014) coupled with some good anti-exploit (EMET, MBAE) and other strong resident protection such as MBAM Pro, I fail to see how going from a tested proven layered approach which I currently have deployed, to a software who focuses less on a balance of shields and weights more of their defenses of one particular aspect (heuristics) would benefit me.

    Now I don't mean for the above statement to sound negative or condescending, call it honest ignorance if you will. And a part of me wants to try WSA sooooo badly, however I don't have any virtual or sandbox environments setup at the moment, and installing all of my additional security software to test for incompatibilities, etc., is a big time consumer. And even after all of that, I wouldn't know how to properly evaluate and test the setup.

    Sometimes I wish we could A vs. B just so I could get some solid responses telling me to ditch what I have an go for the new thought :) But I completely understand what comes from those types of threads and won't go there.

    I guess I'll keep researching, or even wait for AV-comparitives to develop and finalize their testing suite so WSA can be properly evaluated alongside the other top names in the game at this point.

    Thank you for the good discussion so far, any more info is appreciated! :)
     
  13. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    @mitsu3kgtsl

    KIS 2014 already has exploit protection, so I see no need for MBAE. MBAM Pro seems to be redundant as well, but that's just my opinion. Just go to KIS / Settings / Threats and Exclusion and check the box for "other". The only thing that could further strengthen your setup would be using KIS 2014's Trusted Applications Mode. That's certainly more powerful than any additional real-time detection software, which only consumes more system ressources without detecting anything, which KIS doesn't already detect on its own.

    Seeing that you already have and use KIS 2014, just stay with it unless the program is bugging you somehow. Of course there are stronger solutions out there, but those are certainly not realtime anti-virus programs. In that category KIS is as good as it gets.
     
  14. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    Bull. Didn't work for a friend of mine. Had to wipe his machine in the end. Roll back my foot.
     
  15. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Probably forgot to contact support, right? :rolleyes:
     
  17. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    Yeah, contacting support is always good, but it ONLY SHOWS that even WSA's unique rollback capacities COULD BE overthrown as well. (given the assumption that a malware overpowered WSA)

    No perfect solution. For me, STILL, great detection (which is WSA is poor at), offers some GREAT ADVANTAGE.

    "Prevention (great detection) is better than cure (WSA's rollback)."

    If WSA's detection would be great, then WSA could almost be bulletproof.
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We've never seen a case where the rollback didn't work to remove the infection once we detected it centrally but we're very interested in anything if something does come up. volvic has been posting unsubstantiated claims for quite some time without giving us visibility into what they've "experienced". Our detection is very solid - every vendor's detection can always be better - but ignoring rollback, we focus on detecting threats differently than AV testers test: they want a file blocked before it executes, while in some cases, we wait for it to perform its first system change and then block it. Rollback doesn't need to come into play in this scenario as we've blocked it immediately, but this doesn't result in a block score in AV tests.
     
  19. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines

    Ok, thanks for the comment. And sorry for my words. That is why I put the words "assuming that WSA's rollbak was overthrown by malware", because I myself could not know if volvic's claim were true.

    Now I know that WSA's detection works differently too from others. Interesting. Now I know why it scores poorly, though as you said its detection is solid.
     
  20. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    Does not mean it does not happen if you do not see it.
    I haven't seen the galaxy, does not mean it is not there.

    Unsubstantiated my foot, I spent over an hour with support, got nowhere. Even logged it online with support, complete and utter joke. Wanted me to run a log program which I told them was crashing at the point of finalising the information it had collected. I uploaded a log from WSA (which was quite large) which they wanted uploaded to a particular location (can't remember the name some kind of file sharing site) and their support said it was corrupt (boloney).

    I still maintain WSA is a good program but has serious deficiencies which they gloss over here and their staff are just out and out liars seeking to undermine people who genuinely complain as well as the fanbois who step into insult anyone who questions the holy grail.
     
  21. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    Hi Fanboi.
     
  22. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    Oh so because he says it is true?
    Were you paid to post here or do you work for them?
     
  23. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    Hi volvic.

    Actually I don't know WSA, and I dont trust AVs which rely completely on the Cloud. I am impressed by EAM and ESET.

    I just let them have their defense.
     
  24. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Is that supposed to be an answer to the question? Who is the troll here? uuuhm let me guess... LoL :D
     
  25. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    Marketing? Strategic confusion of users? Or just not up to date with methodology?

    For example AV-C clearly states in report (WPDT):
    So professional antivirus testing is a bit more than just looking if files are blocked before execution as you want to make belief us.
    ...
     
    Last edited: Nov 23, 2013
Loading...
Thread Status:
Not open for further replies.