Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,243
    Location:
    Hawaii
    As of recent date, Google also iced MBAE out of Chrome. Big Brother is up to no good IMO. Long live Firefox!
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    Google wants everything to go through there Chrome Store. :(
     
  3. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    191
    Enjoy it while it lasts - Firefox has the same code injection blocking in their roadmap for Q1 2019.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,243
    Location:
    Hawaii
    For internet-facing apps, including but not limited to browsers, MBAE affords effective protection against exploits, I believe. Will the blocking of code injection eliminate the need for protection such as that provided by MBAE? If not, is it possible that eliminating code injection will close one door to hackers but open others? I ask these questions sincerely -- not to start a debate -- but to understand.
     
    Last edited: Oct 10, 2018
  5. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    191
    I agree, it's a good product, but I feel like the best protection it offers is exploit blocking applied to media players, document viewers and productivity/office apps, as they have a different security model than a browser.
    It's hard to say - with Chrome/Chromium, the browser is sandboxed and isolated and exploits would need to escape the sandbox in order to compromise the system. Firefox is secure, but doesn't use as many fancy techniques, so I'm inclined to think it might potentially benefit more. Both browsers are automatically updated, and both have talented security teams, so I feel it's safe to say that if they're confident that preventing code injection improves stability and security that they know what they're talking about and users would likely benefit more from protecting other apps like PDF readers, Office, media players, etc. that don't have the security model of a browser.
    I'd say that it doesn't open doors to hackers - as a security researcher, the bulk of the browser-borne threats I see are things like drive-by downloads where blocking a bad site or payload downloaded from an unblocked site makes a bigger difference.
     
  6. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,710
    Location:
    Hollow Earth - Telos
    It is working as of right now but who knows for how long.
     
  7. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    I'm still waiting to hear back from the Product Manager who looks after the WTS for some info.
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    @Dragon1952 here is what I got!

     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    New Beta out to Beta testers.

     
  10. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
  11. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    824
    9.0.24.28 is out on the download page now. I just got it..........
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    You're right but no release notes at this time. :thumb:
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
  14. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,781
    Location:
    Canada
  15. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    312
    Location:
    Belgium
    It’s exactly 12 years ago to the day that I installed Prevx which was subsequently acquired by Webroot. Because on the one hand Webroot sometimes gets a hard time over here and yet on the other, my experience before and after migrating to Prevx/Webroot has been so night and day, I feel a kind of debt of honour to the product to write my story for all to read and draw whatever conclusions they will.

    I do understand that this is normally a Help Forum, but nonetheless I feel that my experience is indeed apposite to such a thread. Also, forgive me that this post is very long but I could find no other way of adequately saying what I feel needs to be told regarding my experience.

    So here goes...

    ---------------------------------------------------------------------------------------------------------------------------------------------------

    What was my experience before that day? It felt depressingly as if I was becoming a repeat victim of malware infection, being infected every 3 to 9 months or so and having each time to call in the IT man (I am unfortunately no IT expert :(), despite supposedly being protected by AV software—indeed, not any old AV but reputable names.

    Then came a particularly nasty rootkit infection: Gromozon (another name given to it was LinkOptimizer). At that time, rootkits were in their infancy but this one apparently took rootkits to a new level. At the time I was on Symantec AV so I downloaded their Gromozon removal tool and ran it. It took its time, about 15 minutes, and did what looked like pretty impressive stuff. Only one problem: a few days later, I found I still had the wretched beast. Tried again. Same result. So I decided to call their help desk. To cut a long story short, after spending 1½ fruitless hours watching the Symantec technician do this, that and the other, he finally told me that I had no other option than to reformat my disk.

    I didn’t tell him what I was thinking, but inwardly I was fuming. For starters, I was told that before the technical intervention could proceed, I would have to agree to be charged €69.95 (plus cost of international phone call, plus work time lost): this despite the fact that I had fully paid for their software, trusting it to protect me from infection and had seen it dismally fail—not only this time, but several previous times to boot (those times, I had called in my IT man and paid for manual removal). Secondly, to my mind it was a cop-out to say I had to reformat, as I knew this would entail a very long time for me to get back to the customised state I had caringly brought my computer to over many months (back in those days, I did not have reimaging software). Thirdly, I was furious that a company that acted as if they were a world leader in malware protection could so pathetically fail me.

    ---------------------------------------------------------------------------------------------------------------------------------------------------


    I decided instantaneously that reformatting was not going to be my solution. I had noticed the chap trying to download different removal tools (tellingly, none from his own company) and being unable to do so. I had particularly noted one from a British company called Prevx that he had tried repeatedly to download. I’d noted down the webpage address as he was working. I decided to give it a go. Again the computer refused to connect to the website. Then I thought: suppose the malware is deliberately blocking this website? I went to my other computer. Success! I then stuck it on a USB key and tried to copy it to my main computer. It refused to copy. Tried again. Still refused to copy. Then I realised: perhaps it’s not only blocking the website but also the removal tool. Why not try renaming it? Whoopaaah!! It worked! So – now to run it.

    Compared with Symantec, it was really quite disappointing—almost pathetic. It just opened a humble DOS shell window, and seemed to potter around with a few DOS commands for a couple of minutes or so. At the end of which, it claimed Gromozon was no longer on my machine. Just one small detail: since that day, I never saw a rumour of Gromozon again.

    That evening, I installed a trial version of Prevx. I can see the time I did it because I still have the document which I saved to my disk that is the Prevx1 EULA: created 01/11/2006 (American format: 11/1/2006) at 01:02. And you know what? I’ve never been infected since. At least, not knowingly so.

    Within two weeks, I had purchased a retail copy of Prevx and uninstalled my old antivirus. Never looked back since.

    Ironically, in a blog on their website, Prevx referred to AV companies (without naming any, of course!) who too often told you when you contacted their helplines that you would have to reformat instead of successfully finding a solution to your infection and not only that but charged you for the privilege of telling you so! Kind of sounded familiar. "Wow," I thought, "these guys sound different. Maybe this is a very different ballgame I’m entering into."

    And then I noted their lightning response times when I contacted them for support, and their thoughtful responses which dealt with my individual query rather than giving a boilerplate response (sadly, not always true today with Webroot, but hey! I suppose nothing is perfect). Indeed the first query I made elicited a response from Jacques Erasmus who was one of the top guys there and has now moved on to other things (and I think, if I recall, that that was not the only time that he responded).

    ----------------------------------------------------------------------------------------------------------------------------------------------------


    I repeat what I said a few paragraphs earlier: since that day, I have not been infected once. Detected? Yes, many times at first, and as I have gotten older and wiser, less and less. Infected? Never (as far as I know). I have heard various explanations on this Forum as to why this may be so. One of these is that it was just one big fluke. Well, I suppose anything is possible but, if so, there are others who apparently have experienced the same as me. Look, for example, no further than this forum.


    Take Techfox1976, speaking of his experience with his customer base:

    Or Zfactor, speaking—at some length—of a trial he conducted with his customer base:

    Or again, listen to PC_Fiddler, speaking of his and his friends' experience:

    I believe @Baldrick , who is present and active on the Webroot Community Forum, and who occasionally visits this Forum, has a similar story to mine to tell. He may or may not wish to chime in on this conversation. (I don’t mention Triple Helix as he says he is the type who never gets infected :D)

    ---------------------------------------------------------------------------------------------------------------------------------------------------


    People look askance at the mediocre test results that Webroot has received from the majority of testing organisations. I am actually surprised by how much confidence many people here place in these organisations.

    I could start by mentioning, for example, the numerous occasions where we have seen wildly varying results for the same AV product from two different testing organisations at almost exactly the same period of time for testing.

    Then again, I could mention a frequent contributor to this Forum, @Umbra, and his experience of many of his customers using reputable AV products which perform well in AV tests and yet getting badly infected: https://www.wilderssecurity.com/thr...st-april-june-2018.406841/page-3#post-2774879 (this post needs to be read in its surrounding context). And his resultant healthy, I would say, dose of scepticism regarding AV testing organisations: https://www.wilderssecurity.com/thr...ly-in-professional-tests.407680/#post-2778019.

    That should be telling us something.

    Please understand me, I am not in any way impugning the seriousness of these organisations. But I do think that in the real world it is extremely difficult (maybe even almost impossible??) to do this job effectively.

    Let me cite three posters from this Forum whose remarks seem to me to be particularly pertinent to this whole issue regarding how we should properly perceive AV lab tests.


    First, Bodhitree referring to the danger of placing too much confidence in the results of these tests:

    Consider secondly this post by m0use0ver, reflecting on the natural limitations of what is being tested by the AV labs, and the implications of this for how we should read their tests:

    Finally, Firecat pointing out how sometimes there can be a genuine disparity between the results of AV tests and real world experience:
    ---------------------------------------------------------------------------------------------------------------------------------------------------

    All this reminds me somewhat of the ironic story of the Maginot Line (an elaborate system of border defences in France constructed between the two World Wars and designed to protect the country against German invasion). It was carefully thought through, and implemented, by seasoned military generals, top military experts and eggheads. However when it came to the acid test, it proved almost completely ineffective. This was because it was based on outdated military thinking and also made certain key but fatal false assumptions. As a result, it generated a dangerous national false sense of security. I suspect that, to a certain extent, the same danger pertains to our, at times, too blinker-eyed perception of AV lab tests.

    My final argument is this: consider the sudden, eerie silence of Webroot’s Support phonelines and incoming email inboxes right from day one when they changed from their legacy product to Webroot SecureAnywhere. Plus the almost complete lack of infections that were, and are, being reported to the Webroot Community Forum. All of the above makes sense to me because it simply echoes my real world experience.
     
    Last edited: Nov 6, 2018
  16. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    v9.0.24.32 out to Beta Testers.

     
  17. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    751
    Got this last night and noticed that the 'Script Shield' is no longer showing under the PC Security > Shields and Firewall tab. It wasn't in the last build either. Is it now out of beta and incorporated into one of the other shields or has it been dropped?
     
  18. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,150
    Location:
    .
     
  20. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    751
    Thank you TH:thumb:
     
  21. jjc225

    jjc225 Registered Member

    Joined:
    Nov 25, 2010
    Posts:
    247
    I used Prevx when it first came out many years ago, and it was a game changer. Incredibly effective av, and incredibly fast. The scan speed was way ahead of its time. I have used Webroot off and on since then, and I noticed when it first incorporated Prevx some of the features of the GUI were reminiscent of it. I think they also borrowed the language of the subscription system and contacting support. Anyway, pretty seamless incorporation, but the original Prevx is still the single greatest av ever created.
     
    Last edited: Nov 13, 2018
  22. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    312
    Location:
    Belgium
    Same developer team (to the man)
     
  23. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    v9.0.24.37 out to Beta Testers.
     
  24. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,703
    Location:
    Ontario, Canada
    More info:
     
  25. ttomm1946

    ttomm1946 Registered Member

    Joined:
    Jul 23, 2014
    Posts:
    187
    I had to re-install webroot and now no colored search ratings..How do i know if the protection extension is actually working?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.