WSA complete

Discussion in 'Prevx Releases' started by volvic, Mar 24, 2012.

Thread Status:
Not open for further replies.
  1. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    "Provides advanced protection for online shopping and banking"

    What is this and why isn't in in the other two WSA versions?
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    It's just because the Complete version has the rebranded LassPass Toolbar for password management! But you still have great online protection with the Essentials version to protect your online credentials! You can read more here: http://www.webrootanywhere.com/sah_Password_Management.asp?n=About_Password_Management

    HTH,

    TH
     
  3. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Identity Shield (formerly Prevx SafeOnline) is present in Essentials - the website is incorrect.
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes, and that's since the release day.

    Maybe it should say something like "Provides advanced protection for online passwords" or similar :doubt:
     
  5. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    106
    That's really annoying and a bit dishonest of Webroot trying to upsell and not being correct / transparent enough. DId not have that with Prevx.

    I cam to this thread today precisely for this same reason. I have WRSA Essentials and saw on the WR site that the complete version has advanced online protection and am wondering that this actually is and whether Essentials does actually have the old safeonline functionality or not!

    Looking at the tabs it does seem that Essentials includes safeonline, and I am not convinced that adding Lastpass (which I have installed seperately for a long time) can be considered as extra online protection in the sense of an anti-malware product.

    Anyway, it's already July and no update to the Webroot site!!!
     
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    It would take less than 5 minutes to correct that portion of the website. I remember Joe saying he'd have a word to get that sorted.
     
  7. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    106
    I noticed the claim and comment that "According to AV-Test, Webroot® SecureAnywhere™ antimalware engine was 99.8% effective against malware and 100% effective against Zero-day threats."

    That was in Jan / Feb after which it dropped like a stone! What happened, does anyone have the low down?
     
  8. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Stone?

    April AVT:
    0-Day - 93% (Industry Avg 91)
    New - 100% (Industry Avg 9:cool:
    Old - 100% (Industry Avg 100)
    Repair Detection - 98% (Avg 100)
    Repair Removal - 95% (Avg 93)
    Repair Remediation - 85% (Avg 73)
    Slowdown - 3s (Avg 10s)
    FPs - 0 (Down from error in Mar) (Avg 6)
    False Warnings - 0 (Avg 1)
    False Blockings - 0 (Avg 1)

    Better than industry average in all but Repair Detection.

    Looking at across two reports, in order, Jan/Feb/Mar/Apr:
    98/100/93/93
    99/99/100/100
    100/100/100/100
    100/100/98/98
    69/69/95/95
    46/46/85/85
    5/5/3/3
    1/0/43/0
    1/1/0/0
    4/4/0/0

    Other than the 0-Day getting hit and FP burst in March, and a small decrease in repair detection , it looks like AVT improvements across the board.
     
  9. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    106
    Sorry for not being clear, I am referring to the "Protection against 0-day malware attacks" which dropped to 93%. Sure it's a great product, probably the best, but is there any info on why such a drop? And I notice that in December 2011 it was an alarming 53%.

    Zero day ability is my rationale for choosing WRSA over the others and it is difficult to understand why such large fluctuations. A good methodology should be fairly stable because it's zero day, therefore it is all about behaviour not signature. At this rate of fluctuation I will be going back to a shouty HIPS and which I really want to avoid.

    Any clues appreciated, thanks.
     
  10. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    When a computer gets hit with 1 or 2 "Real World" "0-Day" threats, it wipes them out, and can recover from a temporary infection that would kill other AVs. HOWEVER... delayed detection of the threat two minutes later and complete cleanup thereof still counted as a partial or full failure in many official tests. Also, non-detection of a threat that is broken (truncated download, invalid code, etc) and thus couldn't actually run is also a fail in many tests, despite the fact that these files can't infect anything.

    When testing causes the same computer ID to get hit with dozens or hundreds or thousands of threats, the failsafe that was tweaked in May and June to accommodate tests would trigger and cause it to insist on human intervention to evaluate WTF was going on. The agent would ask itself, "Could the user really be that stupid, or am I seeing things wrong?" and want a second opinion from a brain. This means failing the test too.
     
  11. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    106
    Good perspective, thanks.
     
  12. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    ^.^

    I always take testing with a grain of salt. By the very nature of it, it's impossible to replicate real Real Life in a test. In reality, AV is just a prophylactic response. Just like other shields of various types, -ANY- AV can fail. 100% AVT scores would mean nothing if somebody goes poking around in the diseased and cancerous bowels of the internet.
    Even if something could give 100% protection, all it takes is somebody saying "But I want this video! It says my AV would detect it as bad, but it says I should know better, so I'll follow the directions and turn off my AV, THEN double-click on it. Then I will be haaaaappeeeeeee..." ;)

    I know enough to see what it is doing and know what that means. Even if it misses something on, say, my parents' machine, I know that it will take a phone call and a few hours at most to fix it, and that's only if I need Webroot involved. I know that if <insert other random AV here> misses something, there is no possible way for it to be fixed by that AV until a pattern update who knows how many days later. But something missed by WSA can be caught by a cloud change within minutes, and the manual tools are also awesome.

    So I take tests with that salt. Though the vacuum test seems shockingly effective. :)
     
  13. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    It is also worth noting that since the April test and following internal investigations, some logic rules have been changed in the backend. Joe explains better here.
     
  14. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    106
    Which manual tools are they?
     
  15. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Process control and Antimalware tools primarily for any threat problems. I got used to them in a non-networked test machine in case I'd have to use them in the future. I like the fact that when a threat was on and not caught (I was off-network and turned all heuristics off to ensure it would get by), quick interaction with the program got rid of it completely without needing to wait for help from anywhere else or definition updates.

    I'd expect the tools aren't perfect. Nothing can be perfect, right? But they can definitely be helpful in many cases where nothing else would have any options.
     
Thread Status:
Not open for further replies.