Webroot unsecurity. Lack of support (legal customer)

Discussion in 'other anti-malware software' started by virtuo, Feb 1, 2014.

Thread Status:
Not open for further replies.
  1. virtuo

    virtuo Lurker

    Joined:
    Jan 24, 2014
    Posts:
    8
    Last edited: Feb 1, 2014
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    uuuhm... and why the hell you require an https to download an installer? The installer is anyway digitally signed, so any manipulation will break it. I think paranoia is at alarming level.... are you chased by NSA? This looks like the most innovative excuse I have heard to get a refund Lol :D
     
    Last edited: Feb 1, 2014
  3. virtuo

    virtuo Lurker

    Joined:
    Jan 24, 2014
    Posts:
    8
    What made my distrust is the different checksum for the same version of WRSA. That one, not suspicious, earlier version is no more available (but it mean Webroot is able to do that), instead I can dowload the same version number different checksum executable only - what make it suspicious. Yes, I'm considering routine agency operations.
     
  4. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    @virtuo

    Best thing would have been to learn about False Positives (FPs), different MD5s etc, and approach any perceived issue with more of an open mind, leaving apparent prejudice and paranoia to one side, in an attempt to clarify your misunderstanding.
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    Looks like anyway the issue has been clarified at Webroot community forum. Now you can relax and install the malware without fear :D
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've replied in the Community now as well:

    "As has been stated before, different download locations have different checksums, and every update will change the checksum. The link you've been provided is one of the more common download locations ( http://anywhere.webrootcloudav.com/zerol/wsainstall.exe ). You can right click the file, click Properties, Digital Signatures, click on the Webroot Inc. signature, Details and see that "This digital signature is OK."

    The file is not infected despite what a few AVs are saying: that is a false positive (a detection of a file as malicious when it is not) and there is nothing that Webroot can do. If you use one of the AVs, you can locally allow the file or submit it to their threat research team to have it re-assessed, but there is nothing malicious about the download you have received."
     
  7. virtuo

    virtuo Lurker

    Joined:
    Jan 24, 2014
    Posts:
    8
    To remind:


    According to http://www.herdprotect.com:

    wrsa.exe, v8.0.4.46,
    954eea818edd5226a7615b431f6ae51d860958b9
    tested 1/14/2014 - no infections

    wrsa.exe, v8.0.4.46,
    a50fa9a3e928713b3f2c6bb74c79e02907634f28
    tested 1/19/2014 - and every other
    have PE:smileyfrustrated:tealer.Zbot!1.6524 suspection detected by Rising Antivirus.

    The anomaly was that there was a file signed by Webroot which was
    _'not suspicious'_ and is no more available,
    instead _later_ tested and the only available file is 'suspicious'
    - the same as all other _earlier_ versions.

    And no checksums provided upon request.

    If Webroot is able to provide 'unsuspicious' version - which was available
    for few days probably, then why would them prefer to provide 'suspicious'
    version - what is against logic?

    (I would wish to no have never to wonder about this kind of things.)
     
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    All you need to accept is that there is NO suspicious version...they are isolated false positive detections, as has been fully explained for you.

    Either trust the software, or don't use it.
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Exactly. The only difference is that the "suspicious" version is a new version with improvements. We don't provide old downloads because there is no reason to: they will auto-update to the newest version immediately. There is nothing suspicious about any version of Webroot - it is simply a mistaken detection from another AV vendor: if you ask them, they will confirm that no version of Webroot is actually suspicious. It is just a false positive as has been explained in both threads by many users.
     
  10. virtuo

    virtuo Lurker

    Joined:
    Jan 24, 2014
    Posts:
    8
  11. virtuo

    virtuo Lurker

    Joined:
    Jan 24, 2014
    Posts:
    8
    Was that 'unsuspicious' version a threat ?
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No. There has never been a version of Webroot which is a threat. I don't know how else I can describe this... both of the hashes you've posted are legitimate copies of WRSA.exe - they can have the same version as we have different builds used by different customers.
     
    Last edited: Feb 1, 2014
  13. virtuo

    virtuo Lurker

    Joined:
    Jan 24, 2014
    Posts:
    8
    I did not posted any MD5.
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Both are 100% legitimate, virus free copies of WSA.
     
    Last edited: Feb 1, 2014
  15. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,956
    Location:
    U.S.A.
    Removed Off Topic Posts. Since PrevxHelp has answered the question, we'll close this thread.

    For any Webroot software questions, feel free to post in the Prevx Releases sub-forum. Thank you.
     
Loading...
Thread Status:
Not open for further replies.