Why is Webroot no longer on the AV-Test tests

Discussion in 'other anti-virus software' started by qakbot, Feb 26, 2014.

Thread Status:
Not open for further replies.
  1. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    One might question how those users of other AVs know they're infected if their chosen AV doesn't tell them they are? I guess secondary opinion from the likes of MBAM may help here, but not everyone knows of these, especially those not as knowledgeable as us.

    I think using Sandboxie as an example is flawed as technically you can get infected with Sandboxie installed; the difference is it's contained and therefore any infection can be removed when the process is terminated.

    As far as Wilders is concerned, one reason why it's quiet about possible Webroot infections is users new to here may not realise the Prevx forum is now also for Webroot product support. Also, time and again, users are advised to contact Support directly so more requests for help will/should go through that channel instead.

    Webroot certainly do have a hard task convincing people their methodology works, and there's no easy way to demonstrate than real-world usage i.e. trying it out on one's system. Because of the journaling and monitoring processes, if an unknown is later deemed to be malicious, a rollback routine is supposed to be actioned; I do think this will also explain to some extent why it's quiet in both forums as there's nothing for a user to see in the interim period between journaling and rollback. In other words, it looks like you don't know you've been infected until the said actions take place. (Obviously, Webroot does have alerts for known infections, and I've seen those; I'm talking about newer, unknown malware at the point of entry.)

    It is this journaling and rollback which is proving hard for people, and some testing organisations, to accept and understand. If they accept it is different then there has to be a way to test the product with the given parameters.
     
    Last edited: Feb 27, 2014
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,982
    Location:
    Nicaragua
    Hi Tony, I wasnt thinking of SBIE as an example of a program that allows malware to come in the computer undetected, allow the malware to sit for a few weeks (as an example) in the PC and do nothing (not infect the PC). I was actually thinking of Defense Wall. If you know how DW works, then you know what I mean. I bet the same people that complain about Webroot not detecting malware as other conventional antiviruses do are the same people that dont understand that despite (while using DW) allowing malware to sit in your computer and being detected by on demand scanners, the PC is not infected.

    I used the Sandboxie forum as an example of a program where people don't report infections. I mean its true. And that means something about the program. Regarding DW, its the same, you go to their forum and no one is reporting getting infected. Those are signs that a program is excellent. No ifs.

    Bo
     
  3. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    As a generalization, stay away from products that claim that the testers don't fully understand their product.



    Increase in excuses usually = increase in sucktitude


    .
     
  4. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,253
    Location:
    North Texas
    Thanks...I'll check it out!!:thumb:
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's not the case here. The decisions to temporarily bow out of third party tests are mutual between us and the testing firms. We're actively working with these firms to design tests which more accurately reflect our performance (I just had many meetings with several vendors over the last few days at the RSA conference).

    It is no simple matter to test our product because of how we operate, and testers agree with that fact. That said, I 100% agree with the hesitation and need for third party tests, which is why we're working so aggressively to get back in with them: we just don't want to be misrepresented in situations which say we found X% when we actually stopped (X+n)% (especially when "n" tends to be a rather large number these days)

    Unfortunately, at the moment, it is a case of: ask our customers, get some real world feedback, and try it yourself. You can use WSA alongside another AV so you can run it with zero risk to get yourself comfortable with it.

    As always, let me know if you have any questions or concerns but believe me, I want these tests back just as much as everyone else and I guarantee we're working hard to move the bar forward not only for ourselves but to get a common testing platform which compares us fairly against the other vendors as well.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    On top of rollback, it's also the Identity Shield, Infrared, realtime antiphishing, cloud based firewall, and context-sensitive analysis which have proven to be very difficult to test for third party firms.
     
  7. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    Webroot talks a lot about rollback, but it isn't sandboxing read operations is it . So if the running malware reads from location that Webroot doesn't consider sensitive, it going to allow it and there you have your sensitive information stolen.

    It doesn't have full sandboxing lusing hardware like Bromium, so I dont buy their claim that all is well even if they let the malware run wild.

    Here is a direct question for the Webroot guys: If a malware runs and then attempts to read a sensitive word doc, would you block it or would you allow it.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,386
    Location:
    Slovenia
    I have a question also: if virus would try to encrypt personal data, would WSA stop it? Or would it manage to decrypt those files later? If the second is true, then my question is how does it manage to decrypt those files?

    hqsec
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    It keep a shadow of all what was modified and re-state the Un-encrypted file. This was tested with cryptolocker infections. The only limit is the size of the HD ;)
     
  10. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    That's why WSA has an outbound firewall:

    "The SecureAnywhere firewall monitors data traffic traveling out of your computer ports. It looks for untrusted processes that try to connect to the Internet and steal your personal information."

    You can set it to block suspicious processes or allow only whitelisted ones. The default is to block known malicious processes only, so you need to change that setting if you want that level of protection.

    https://detail.webrootanywhere.com/agenthelp.asp?n=Managing_the_Firewall
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,386
    Location:
    Slovenia
    Wow, that's great. Didn't know it was capable of that. If disk runs out of free space (virus trying to encrypt gigabytes of movies...) that could be problematic.

    hqsec
     
  12. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes sure each to their own of course. I only wanted to say that you were wrong when you said that Immunet and Avast are about the same. I have heard of several cases were people have used ESET & sandboxie together. But IMO one of them is enough, not both.

    And FYI, ESET and Webroot are the only paid for AV's that I am interested in and recommend to others. The free AV market is changing constantly so it varies from version to version, but if I would recommend a free AV to someone MSE would not be one of them. So I would never toss away a free ESET license and instead install MSE like you describe here. But he's your friend not mine ;)
     
    Last edited: Feb 28, 2014
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,982
    Location:
    Nicaragua
    Swex, I don't see much difference between antiviruses. Its just my opinion, you didn't have to jump on me because I wrote an statement that you don't agree with.

    The reasons why I prefer to install MSE on my friends computer is because 1) there has been no issue between SBIE and MSE during the past 4 years and 2) they don't get infected when they use both programs together. To me that makes sense.

    Bo
     
  14. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    FWIW, the reason I am now running WSA AV is that it works perfectly with Sandboxie in real-time on my XP Pro SP3 system.

    I'd found over the past year or two that many other AVs no longer either block sites when a browser is supervised by Sandboxie...and worse yet, that downloaded files were not scanned.

    Webroot accomplishes both these tasks. I have tested this several times.

    Many other top AVs failed to accomplish this when I tested. Others may have varying experiences or opinions but Webroot AV works for me.
     
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes ok no problem. But I do see a clear and big difference. A perfect balance is what I am after and far from all AV products do offer that.

    I didn't mean to jump on you, sorry if it came out wrong. I only wanted to say my opinion just like you said your opinion. :(

    Yes of course, you're a long time sandboxie user and I am a long time ESET user. So that you combine whatever works best with Sandboxie only makes sense. But that doesn't mean I would chose MSE in that situation anyway.

    I believe I actually remember one of your first posts on Wilders, I think you used Trend Micro and wondered if there was something better out there, and obviously there was. :)
     
  16. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    :thumb: Right there with you buddy.
     
  17. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    You know web protection is pretty useless when all files by all antivirus get scanned when they are actually placed on your hard drive.
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,982
    Location:
    Nicaragua
    I never used Trend micro but I installed it once to see if there web filter was as good as people said and I found that it was very good.

    FWIW, I have a good opinion about ESET and Webroot.:)

    Bo
     
  19. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,037
    Location:
    Ontario, Canada
    When you have time watch this video in this post as it will answer your questions. https://www.wilderssecurity.com/showpost.php?p=2342462&postcount=1

    TH
     
  20. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    Perhaps, but as I mentioned in my earlier post, the fact that WSA scanned downloaded files when others AVs didn't indicates to me that it works properly and without conflict with Sandboxie which stands as my primary layer of defense. (In fact, it alerts to the Eicar test file, for example, before the file is recovered from a "downloads folder" supervised by Sandboxie.)

    If something gets past Sandboxie due to user error or otherwise, it's there for me.

    Others may have equally beneficial solutions but I can only speak to what has worked in my own experience.
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,386
    Location:
    Slovenia
  22. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    I'd probably never have checked it out if you hadn't been using it previously (and a financial institution made it available for its customers free of charge). :cool:
     
  23. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    What's the point of scanning inside the sandbox though, since all those items will get removed anyway and are isolated. You could download hundreds of viruses to your sandbox without anti antivirus installed and do fine, why do you really need an antivirus telling you that your sandbox is working. I am sure other vendors scan inside the sandbox as well, and even if they did not its really kind of a non-issue.
     
  24. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    "You trust your mother but you still cut the cards." ;)

    :D
     
  25. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hmm then it must have been someone else, I figure it was before you started to use Sandboxie, but I guess not then. :)

    That's great to hear :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.