Discussion in 'Prevx Releases' started by PrevxHelp, Oct 14, 2013.
See the full review here: http://www.pcmag.com/article2/0,2817,2425546,00.asp
Great success Joe! Congrats to you and all at Webroot for the magnificent result.
BTW, do you know what happened that it was worth for PC Mag to mention in Cons "Completing malware cleanup required hours of remote-control tech support."
Thanks! Yes, he had his systems pre-infected with Virut and Sality, which was a bit of a nightmare, but we did manage to clean them up (albeit with quite a bit of manual heavy-lifting, which we will be able to automate in the future).
OK. It looks like WSA underwent very heavy testing, as far as I know the said infections are indeed hard to be removed and some AV solutions out there cannot clean it completely unless OS is reformatted. So if WSA/Webroot was capable to clean their test machine it shouldn't be stated as Cons but as Pros instead.
Great to hear very Kwel!
Indeed, heavy testing is an understatement. I was the main liaison with their testing and I don't usually require much sleep, but I don't think they slept for the entire week while testing the product! They certainly put every feature thoroughly through its paces.
They couldn't understand how such a tiny application can do such great things and to have impressive result. So they put every effort to find a hole but in vain! I don't want to speculate or to open Pandora's box but maybe an intervention of the main competitors was a propeller to test it thoroughly.
I'm very impressed! I'm glad to have so many licenses of WSA.
About the rollback feature...
Was it a specific malware type that couldn't be reverted with the journal-and-rollback system? A fluke? It'd be interesting to know!
If I am correct Joe said it in his post #3.
Hmm, no. That was not the pre-infected systems. WSA failed with its rollback feature in "offline mode". Page 3 in the PCMag review.
Yeah, I see. My bad. Let's see what Joe has to say.
It was due to WSA being too cautious - when it detected an active file infector (Virut in this case), it stopped the scan/cleanup process and threw up the "Contact Support" flag, which is what it normally does when pre-infected. The purpose of the prompt is to avoid "collateral damage" when cleaning a file infector, as they often wreak havoc across the system by infecting anything and everything. What we should have done is detect that rollback was available and bypass the "Contact Support" dialog. I connected to Neil's systems remotely to help out and copied over a cleanup script which bypassed the dialog, and reverted the infections.
We're looking into changing this, albeit cautiously as file infectors do often require support intervention when users come pre-infected with thousands of file infectors. It may not make it into the immediate next build, but probably the build right after.
Let me know if you have any questions!
Just read it... magnificent. Truly!
Congratulations to you, the Team and all associated with WSA.
Thanks! Good to know and even better to know that you and Webroot are aware! Personally, I haven't run into any problems so far with 2014 edition on any of the computers I've deployed WSA on.
I must say this was one of the most interesting reviews I've read. I don't know the complete sample size but I don't think it really matters. The review really showed and explained exactly how WSA works, by doing it the real way - explaining with real malware infection attempts.
In some ways, I even think the review explains how WSA works better than the official user guide!
Congrats to the entire Webroot team on the test results. Another well deserved recognition. I sometimes wonder if Joe ever gets any sleep as WSA is so much better for all the hard work of it's development team. Proud to say I'm a Webooter
There was a time when everyone were when Webroot was mentioned. But then, in October 2011, something great happened! Now everyone are whenever Webroot is mentioned! And test results are even more promising!
Yeah, and hopefully they can also re-join AV-C if they can come up with a new testing model that suits all vendors that participate
I think it has to be a separate test, due to the nature of how WSA works, which is very different to other more traditional methods.
As far as I'm aware, the two teams are/were working on such a test.
Yeah maybe, but I hope not since then there will always be people saying that wsa got "special care" or whatever in it's own special test. So if it could be tested along the other vendors with the new test model it would "look" better and less people would say that it looks this or smells that.
But i'm happy if they just get started again
That's the problem - all vendors should be tested the same way, and as we've seen, WSA doesn't work like them. It has been tested with other vendors previously, but the true nature of WSA's methodology hasn't been properly taken into account, due to the way the standard tests have been carried out. AV-C acknowledge this hence the agreement to work with Webroot to produce a test that takes WSA's technology into account.
It's odd in the review he only has one process. I've always had two. I suspect he isn't showing processes from all users.
I believe it mentions one service rather than only one process. The user process of WSA is started automatically by the service.
Congrats to Joe and the whole Webroot Team.
Congrats to Joe & and Webroot Team on an Excellent Security Product! Keep up the good work.
Yes Tony I know, but I meant if it would be possible for WSA to be tested along the other vendors as normal with the new test model. And the results should be displayed in an equal way like they are today.
And not like this.....
Here are the results. -> link
And here are the WSA results. -> link
Hope you understand better what I mean now
Separate names with a comma.