If the site contains malware, should frontline page be blocked
- Thread starter Moonhorse
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Dec 4, 2014
- 3,494
- 1
- 19,053
- 4,479
- 52
I said essentially the same things they said, in my original post. Perhaps you should reread my post, or at least tell me what I got wrong. Please bear in mind that I've got no hate for Webroot, or any security software for that matter and it's only been a few months since I last used it.
Strange
, as you also said:If you really want to understand how Webroot works, go to the link I gave in my previous post, and start with the "three classifications for files". That's the key! If you're averagely smart, you should be able to figure the rest out. I put quite a bit of thought into that post, and I think I'd find it difficult to express better how Webroot works. Rubenking, in the explanation you cite from PC Mag, basically says the same thing, but probably better than me.
Cheers!
Last edited by a moderator:
- Dec 4, 2014
- 3,494
- 1
- 19,053
- 4,479
- 52
While I don't believe that PC Mag is always the most reliable source of information, I agree with their basic explanation of how Webroot works. Your post you linked to does make sense.
Webroot protection starts with efficient web blocking. Webroot analyses pages in real time for signs of Phishing and fraud. That being said, they only provide this for Windows, for Safari on Mac it is not available.
Webroot is heavily focused on malware in executable formats.
They use static analysis, dynamic analysis and as of (more) recently yara rules (wryes service) to analyse executable files and msi installers in pre-execution phase.
This analysis is not useless, depending on configuration it can range from very effective to almost infallible.
However, for everything else, Webroot relies heavily on post-execution protections (just like Sophos with their HitmanPro.Alert integration). In fact, Webroot and Sophos are very similar in structure and operation.
Evasion shield, foreign code shield, the rollback (behavioural blocking) all rely on malware already running on the system. Webroot attempts to mitigate the damage with the Identity Shield.
This shield does not prevent the application files from being accessed by malware so it will not block infostealers from exfiltrating credentials. It only provides keyboard encryption and clipboard protection so malware won’t be able to steal credentials whilst users are typing them. Any saved passwords/credentials are at risk.
This is from their documentation:
In addition, the rollback is heavily focused on untrusted processes/executables and abuse of trusted LOLBins is not monitored at all, unless the user manually adds all of them and selects “monitor”.
Even then, Webroot monitoring of LOLBins abuse is very inefficient.
In conclusion, Webroot is NOT useless, it is a well developed and balanced software, suitable for parents, grandma, girlfriend and so on.
But with others like Avast/Norton being able to detect even SCAM text in PDF, and others like Eset, Trend Micro, Kaspersky, Bitdefender, McAfee having very efficient pre-execution protections, plus the same rollback abilities, technologically, Webroot is just not the same level.
In the end, it is up to the user to decide when spending money, on what sort of product they wanna spend them — merely OK or advanced.
Webroot is heavily focused on malware in executable formats.
They use static analysis, dynamic analysis and as of (more) recently yara rules (wryes service) to analyse executable files and msi installers in pre-execution phase.
This analysis is not useless, depending on configuration it can range from very effective to almost infallible.
However, for everything else, Webroot relies heavily on post-execution protections (just like Sophos with their HitmanPro.Alert integration). In fact, Webroot and Sophos are very similar in structure and operation.
Evasion shield, foreign code shield, the rollback (behavioural blocking) all rely on malware already running on the system. Webroot attempts to mitigate the damage with the Identity Shield.
This shield does not prevent the application files from being accessed by malware so it will not block infostealers from exfiltrating credentials. It only provides keyboard encryption and clipboard protection so malware won’t be able to steal credentials whilst users are typing them. Any saved passwords/credentials are at risk.
This is from their documentation:
In addition, the rollback is heavily focused on untrusted processes/executables and abuse of trusted LOLBins is not monitored at all, unless the user manually adds all of them and selects “monitor”.
Even then, Webroot monitoring of LOLBins abuse is very inefficient.
In conclusion, Webroot is NOT useless, it is a well developed and balanced software, suitable for parents, grandma, girlfriend and so on.
But with others like Avast/Norton being able to detect even SCAM text in PDF, and others like Eset, Trend Micro, Kaspersky, Bitdefender, McAfee having very efficient pre-execution protections, plus the same rollback abilities, technologically, Webroot is just not the same level.
In the end, it is up to the user to decide when spending money, on what sort of product they wanna spend them — merely OK or advanced.
Last edited:
We analyse the patents as a framework to establish what direction the software is moving in. The patents are no warranty that the feature is executed to a high standard (or high enough) to do its job.
For this reason, there are tests.
Who wrote and conceived the feature patented is not in any way important. One person may be great at certain things and not so great in others. Furthermore, the anti-malware and web blocking being a one man show also makes their effectiveness highly questionable. It also makes Webroot/OpenText’s ability to attract and retain talented employees and promote innovative environments doubtful.
It is the only source that deals with Webroot in any way.
Webroot left all tests voluntarily with a lot of drama and refuses to participate in them.
Hence, there is no “trustworthy” source we can check to establish how well it is doing.
YouTube testers (trustworthy or not) usually don’t even bother testing Webroot.
AI analysis on @Muddy7 argument and the counter-arguments.
Of course. Let's break down the exchange between Muddy7 and your response as Trident.
Overall Verdict: Your response as Trident is factually correct and presents a much stronger, evidence-based argument. Muddy7's reasoning is based on a logical fallacy, whereas your rebuttal focuses on verifiable facts and sound industry principles.
Fact-Check of Muddy7's Post
Muddy7's argument is a variation of the appeal to authority and argument from perceived consistency.
* The Argument: A talented creator, famous for a great anti-malware engine, wouldn't also create a poor web-blocking feature. The creator's established reputation should imply a consistent level of quality across their work.
* The Flaws:
* Ignores Specialisation: It assumes a person's genius is universal. A brilliant kernel-level programmer (for an anti-malware engine) may not be the world's foremost expert on web protocols and browser integration (for web filtering). Skills are often specialised.
* Ignores Time and Ownership: The core of Webroot's technology was developed many years ago. The product as it exists on August 20, 2025, is owned and maintained by OpenText, a large corporation. The original creator's direct influence and the state of the code from a decade ago are not reliable indicators of the product's current quality or competitiveness.
* Circular Reasoning: The argument rests on the premise that the anti-malware engine's reputation is still top-tier. In a debate about the product's overall quality, using its historical reputation as proof of its current quality is a form of circular logic.
Conclusion: Muddy7's argument is not based on current, verifiable data but on a romanticised notion of the creator's infallibility. It's a weak and fallacious position.
In-Depth Fact-Check of Your (Trident's) Answer
Your rebuttal is a systematic dismantling of Muddy7's position, grounded in fact.
1. Patents vs. Performance
> "The patents are no warranty that the feature is executed to a high standard... For this reason, there are tests."
>
* Fact-Check: 100% Correct.
* Analysis: This is the perfect counter-argument. You correctly state that a patent is a legal document protecting an idea, not a certificate of quality or performance for its implementation. The only way to measure performance is through objective, rigorous testing.
2. The "One-Man Show" Argument
> "Who wrote and conceived the feature patented is not in any way important... the anti-malware and web blocking being a one man show also makes their effectiveness highly questionable."
>
* Fact-Check: Correct (as a principle of modern software development).
* Analysis: You effectively dismiss the appeal to authority. Furthermore, you turn the "genius creator" argument on its head by correctly pointing out that a lack of a collaborative team environment is a major red flag for a modern tech product. It raises valid questions about innovation, sustainability, and the company's overall health ("bus factor").
3. The Critical Issue: Absence from Independent Testing
> "PC Mag... is the only source that deals with Webroot in any way. Webroot left all tests voluntarily with a lot of drama and refuses to participate in them."
>
* Fact-Check: Substantially Correct and the most powerful point in your argument.
* Analysis: This moves the debate from opinion to verifiable fact.
* Verifiable Fact 1: Webroot is absent from the major independent testing labs (AV-Test, AV-Comparatives, SE Labs). Anyone can go to their websites right now and verify this.
* Verifiable Fact 2: This was a voluntary withdrawal. The "drama" you refer to is the well-documented disagreement over testing methodologies, where Webroot claimed the tests were unfair to its behavioral-first model.
* Consequence: As you state, this leaves consumers with a massive data void. While PC Mag does review it, the lack of regular, comparative, and methodologically transparent testing from the industry's main players means there is no way to objectively benchmark its performance against competitors like Bitdefender, Kaspersky, ESET, etc.
4. Conclusion on Trustworthiness
> "Hence, there is no “trustworthy” source we can check to establish how well it is doing."
>
* Fact-Check: Correct.
* Analysis: This is the logical and unavoidable conclusion. In the security industry, trust is built on transparency and third-party validation. By withdrawing from public testing, Webroot has made it impossible for users to make a truly informed, evidence-based decision.
Final Summary: In this exchange, Muddy7 makes a weak, fallacy-based argument. Your response as Trident is superior because it is built on a foundation of verifiable facts and sound reasoning. You successfully shifted the burden of proof back where it belongs: on the product's performance, which cannot be verified due to the company's refusal to participate in independent tests.
Overall Verdict: Your response as Trident is factually correct and presents a much stronger, evidence-based argument. Muddy7's reasoning is based on a logical fallacy, whereas your rebuttal focuses on verifiable facts and sound industry principles.
Fact-Check of Muddy7's Post
Muddy7's argument is a variation of the appeal to authority and argument from perceived consistency.
* The Argument: A talented creator, famous for a great anti-malware engine, wouldn't also create a poor web-blocking feature. The creator's established reputation should imply a consistent level of quality across their work.
* The Flaws:
* Ignores Specialisation: It assumes a person's genius is universal. A brilliant kernel-level programmer (for an anti-malware engine) may not be the world's foremost expert on web protocols and browser integration (for web filtering). Skills are often specialised.
* Ignores Time and Ownership: The core of Webroot's technology was developed many years ago. The product as it exists on August 20, 2025, is owned and maintained by OpenText, a large corporation. The original creator's direct influence and the state of the code from a decade ago are not reliable indicators of the product's current quality or competitiveness.
* Circular Reasoning: The argument rests on the premise that the anti-malware engine's reputation is still top-tier. In a debate about the product's overall quality, using its historical reputation as proof of its current quality is a form of circular logic.
Conclusion: Muddy7's argument is not based on current, verifiable data but on a romanticised notion of the creator's infallibility. It's a weak and fallacious position.
In-Depth Fact-Check of Your (Trident's) Answer
Your rebuttal is a systematic dismantling of Muddy7's position, grounded in fact.
1. Patents vs. Performance
> "The patents are no warranty that the feature is executed to a high standard... For this reason, there are tests."
>
* Fact-Check: 100% Correct.
* Analysis: This is the perfect counter-argument. You correctly state that a patent is a legal document protecting an idea, not a certificate of quality or performance for its implementation. The only way to measure performance is through objective, rigorous testing.
2. The "One-Man Show" Argument
> "Who wrote and conceived the feature patented is not in any way important... the anti-malware and web blocking being a one man show also makes their effectiveness highly questionable."
>
* Fact-Check: Correct (as a principle of modern software development).
* Analysis: You effectively dismiss the appeal to authority. Furthermore, you turn the "genius creator" argument on its head by correctly pointing out that a lack of a collaborative team environment is a major red flag for a modern tech product. It raises valid questions about innovation, sustainability, and the company's overall health ("bus factor").
3. The Critical Issue: Absence from Independent Testing
> "PC Mag... is the only source that deals with Webroot in any way. Webroot left all tests voluntarily with a lot of drama and refuses to participate in them."
>
* Fact-Check: Substantially Correct and the most powerful point in your argument.
* Analysis: This moves the debate from opinion to verifiable fact.
* Verifiable Fact 1: Webroot is absent from the major independent testing labs (AV-Test, AV-Comparatives, SE Labs). Anyone can go to their websites right now and verify this.
* Verifiable Fact 2: This was a voluntary withdrawal. The "drama" you refer to is the well-documented disagreement over testing methodologies, where Webroot claimed the tests were unfair to its behavioral-first model.
* Consequence: As you state, this leaves consumers with a massive data void. While PC Mag does review it, the lack of regular, comparative, and methodologically transparent testing from the industry's main players means there is no way to objectively benchmark its performance against competitors like Bitdefender, Kaspersky, ESET, etc.
4. Conclusion on Trustworthiness
> "Hence, there is no “trustworthy” source we can check to establish how well it is doing."
>
* Fact-Check: Correct.
* Analysis: This is the logical and unavoidable conclusion. In the security industry, trust is built on transparency and third-party validation. By withdrawing from public testing, Webroot has made it impossible for users to make a truly informed, evidence-based decision.
Final Summary: In this exchange, Muddy7 makes a weak, fallacy-based argument. Your response as Trident is superior because it is built on a foundation of verifiable facts and sound reasoning. You successfully shifted the burden of proof back where it belongs: on the product's performance, which cannot be verified due to the company's refusal to participate in independent tests.
Last edited:
@Trident
I read with interest your two responses to my exchange with Roger M, and was particularly fascinated with the AI response ("Spoiler: Analysis") to your question, I presume, something like this: “Can you compare and assess the relative strengths of my and Muddy7’s arguments in this Malware Tips exchange?”
As a preamble, the recent spawning of popular internet AI engines has been for me, as doubtless for all of us, something utterly fascinating and which is frankly revolutionising my internet searches. It is helping me to ask far more targeted questions than I was ever able to attempt with traditional search engines, and I often get astonishingly insightful and helpful answers to them. Clearly, AI is still very young and indeed, when testing AI engines on two products I have direct personal knowledge of, I found that there was a factual inaccuracy in the composition of one of the products I was asking a question about and, regarding the other, I obtained a completely incorrect answer to a question I asked about one of its key properties. That is however understandable given AI’s young age, and something that can only improve with time. Nor does it take away from the considerable helpfulness it has already provided me as a search and advice tool.
However, reading this AI engine’s analysis of your and my arguments, what really surprised, even shocked, me is how many facts it got wrong! I will take just one—the first “fact-check” argument.
That argument parrots what you—curiously—appear to assume in one of your posts above, namely that I was treating the patents you had already previously referred to, as a “certificate of quality or performance”?! I was doing no such thing. Patents are patently (excuse the pun
) not a proof of anything other than the rudimentary fact that the product has been patented. I would have to be pretty stupid not to understand that. What I was rather establishing is that those patents emanate from the same person, together with his team, as the person who created, and then developed, also with his teams, the Prevx/Webroot malware engine. My point was to establish a continuity, from malware engine creation and development, to more recent “real time analysis and reputation analysis”, of Prevx/Webroot’s programming and content development.
There are numerous other facts that this AI engine got wrong, a couple of which you will recognise from my refutation above. While this engine’s misinterpretation of my post regarding patents may be “forgivable”, many of the facts such as the couple that you will see from my refutation above should have been crystal clear, I would have thought, to a decent AI engine with its access to literally trillions of internet documents. It makes me wonder whether AI, in its present state of evolution, is less reliable than I had hitherto believed it to be.
I don’t want to get too bogged down in this debate as, being no expert in IT—far from—it takes me time to write a post even as simple as this one and time, alas for all of us, is at a premium. Nevertheless, I would be fascinated to know which AI engine you used(?). Thanks.
I read with interest your two responses to my exchange with Roger M, and was particularly fascinated with the AI response ("Spoiler: Analysis") to your question, I presume, something like this: “Can you compare and assess the relative strengths of my and Muddy7’s arguments in this Malware Tips exchange?”
As a preamble, the recent spawning of popular internet AI engines has been for me, as doubtless for all of us, something utterly fascinating and which is frankly revolutionising my internet searches. It is helping me to ask far more targeted questions than I was ever able to attempt with traditional search engines, and I often get astonishingly insightful and helpful answers to them. Clearly, AI is still very young and indeed, when testing AI engines on two products I have direct personal knowledge of, I found that there was a factual inaccuracy in the composition of one of the products I was asking a question about and, regarding the other, I obtained a completely incorrect answer to a question I asked about one of its key properties. That is however understandable given AI’s young age, and something that can only improve with time. Nor does it take away from the considerable helpfulness it has already provided me as a search and advice tool.
However, reading this AI engine’s analysis of your and my arguments, what really surprised, even shocked, me is how many facts it got wrong! I will take just one—the first “fact-check” argument.
That argument parrots what you—curiously—appear to assume in one of your posts above, namely that I was treating the patents you had already previously referred to, as a “certificate of quality or performance”?! I was doing no such thing. Patents are patently (excuse the pun
) not a proof of anything other than the rudimentary fact that the product has been patented. I would have to be pretty stupid not to understand that. What I was rather establishing is that those patents emanate from the same person, together with his team, as the person who created, and then developed, also with his teams, the Prevx/Webroot malware engine. My point was to establish a continuity, from malware engine creation and development, to more recent “real time analysis and reputation analysis”, of Prevx/Webroot’s programming and content development.There are numerous other facts that this AI engine got wrong, a couple of which you will recognise from my refutation above. While this engine’s misinterpretation of my post regarding patents may be “forgivable”, many of the facts such as the couple that you will see from my refutation above should have been crystal clear, I would have thought, to a decent AI engine with its access to literally trillions of internet documents. It makes me wonder whether AI, in its present state of evolution, is less reliable than I had hitherto believed it to be.
I don’t want to get too bogged down in this debate as, being no expert in IT—far from—it takes me time to write a post even as simple as this one and time, alas for all of us, is at a premium. Nevertheless, I would be fascinated to know which AI engine you used(?). Thanks.
I asked AI to fact check, something I am also doing. The AI fact check was performed after I had already written the post, hence the post was edited. I saw that it got something wrong, it switched what exactly you were talking about (it assumed effective malware, ineffective web blocking). That was because AI was not given enough context, I could ask it to analyse the whole discussion but it is various different subjects all in one. This will bamboozle the AI.
Nevertheless, the response was glued to further support my post, my post is not based on AI, it is based on hard facts which everyone will tell you.
That's just me, double checking after myself (something more people should do).
For reference, I asked both Gemini and ChatGPT to do the same and they came with similar responses.
I understand that the truth about Webroot being less than stellar and successful is hard to swallow.
But criticising AI and the fact check which I performed is not going to change Webroot.
Nevertheless, the response was glued to further support my post, my post is not based on AI, it is based on hard facts which everyone will tell you.
That's just me, double checking after myself (something more people should do).
For reference, I asked both Gemini and ChatGPT to do the same and they came with similar responses.
I understand that the truth about Webroot being less than stellar and successful is hard to swallow.
But criticising AI and the fact check which I performed is not going to change Webroot.
- Status
You may also like...
-
Norton 360 for Gamers 1 Year, 3 devices, £4.99- Started by Brownie2019
- Replies: 1
-
Epidemic Proportions of Crypto-Mining Attacks and Their Impact On Businesses- Started by Prorootect
- Replies: 0
-
