AV isn't Dead. It's Evolving!-LIVE-Given by Webroot's own Tyler Moffitt Threat Research Analyst.

[Petrovic]

Traditional signature AV technology is no longer able to consistently and fully remediate or defend against today’s most advanced threats. New and emerging threats such as ransomware, social engineering driven attacks, and micro variant financial threats are just some of the examples of difficult to remediate infections. This presentation will take a look at the malware landscape and explain why these tactics are so effective against traditional AV technology. We will examine three specific families of infections and highlight their tactics to evade detection and what issues occur with remediation. To keep up with modern malware, the methods for discovering and addressing new threats needs to change. Lastly, we will talk about Webroot’s innovation and how our SecureAnywhere AV solution is capable of defending against, and remediating today’s most advanced threats.

Live:
https://www.brighttalk.com/webcast/8241/114021

 

[Jack]

I have read a few articles about this subject... Yes, malware is evolving at a faster rate than traditional antivirus engines, and this is why almost all the antiviruses now come with behavior blockers, sandbox and file reputation system, however even so, the antivirus engine can do what the other layers can't. An antivirus engine can give a definitive answer if a file is malicious or not.

Bottom line is that malware has evolved, and so the security products, however the antivirus engine is still need it, and is the most helpful layer of protection for 90% of users.

 

[MalwareT]

Great article.

 

[FleischmannTV]

As if Webroot is anywhere able to defend against "today's most advanced threats". Today's most advanced threats would simply disable this overrated roll back feature and be done with it. You probably won't even need to exploit the kernel, as it has been possible to do this from user-mode in the past (look at kernelmode.info PrevX discussions). Where Webroot can only roll back, other solutions have blocked attacks from the get-go for years, no roll back necessary.

Yet even proper solutions are helpless against "today's most advanced threats", as Bromium Labs research has painfully and repeatedly shown in the past, and Webroot is nowhere near as sophisticated as these obstacles that have already been overcome.

I can't stand this Webroot marketing, it's so annoying. Their detection and false positives are the among the worst in the business. Yet they have the audacity to criticize the vendors, who are actually doing their homework, for being stuck in the past, whereas the accused at least constantly adapt their products to the current threat landscape and Webroot only has their silly roll back feature.

When they were confronted on how even their prestigious roll back has been compromised (simply because the machine crashed during roll back and the program couldn't remember where it was afterwards, lol), they said that it's a cat and mouse game between them and the malware writers and that you should always have backup. Yeah, so much for roll back.

They say they have the lightest product out there, but when they are confronted that it causes excess memory usage across several 64bit processes on Windows 8.1 x64, they said that most machines today have 8 GB of RAM, so it's not an issue. When they are confronted about how this might cause performance issues because of possible excess page file usage, they said that most people have SSDs today and thus it shouldn't be noticeable. Oh, and it's Microsoft's fault of course and it's not a bug really. Funny how other security solutions are perfectly fine with Windows 8.1 x64.

They are unable to fix bugs, they don't detect malware, they detect legitimate software as malicious, they fill your hard drive with gigabytes of data in case of roll back and their protection is easily defeated. That's the truth.

Their only strong suit is their marketing department. That's possibly one of the best in the business.

 

[kmr1684]

Yet even proper solutions are helpless against "today's most advanced threats", as Bromium Labs research has painfully and repeatedly shown in the past, and Webroot is nowhere near as sophisticated as these obstacles that have already been overcome.

I can't stand this Webroot marketing, it's so annoying.They are unable to fix bugs, they don't detect malware, they detect legitimate software as malicious, they fill your hard drive with gigabytes of data in case of roll back and their protection is easily defeated. That's the truth.

Their only strong suit is their marketing department. That's possibly one of the best in the business.

@fleishmanntv please do not say too much some fanboys may also available here on MT.

i really loved these words, true golden words from bottom of the hearts.

 

[Jack]

I can't stand this Webroot marketing, it's so annoying. Their detection and false positives are the among the worst in the business. Yet they have the audacity to criticize the vendors, who are actually doing their homework, for being stuck in the past, whereas the accused at least constantly adapt their products to the current threat landscape and Webroot only has their silly roll back feature.

Indeed. This is nothing more than a marketing technique... Scared and misinformed users means money for these companies...

 

[Muddy7]

Well, all I can say is I’ve been using Prevx->WSA ever since late 2006 for my malware protection, and whilst previously I found myself all too regularly infected and that was with big name AV products on my machines, since then I have been virus-free. Sorry if I come across as a bit of a fanboy but that’s the honest truth.

 

[Dima007]

Thanks Petrovic

 

[Deleted member 178]

Webroot like any other vendors has strong points and flaws...
For the story, webroot forum is one of the worse i came across ^^