Security News SE Labs Consumer protection June 2018

Hawaii007

Level 2
Thread author
Verified
Jan 31, 2018
66
Content source
https://selabs.uk
Screenshot at Aug 03 10-15-23.png
 

Attachments

  • apr-jun-2018-consumer.pdf
    1.4 MB · Views: 329
F

ForgottenSeer 58943

Boy Webroot continues to take a dump to the point it's useless now.

Did they basically stop working on it? I suspect their major snafu's with damaging millions of systems harmed them irreparably. I haven't run into anyone using Webroot in almost a year now, and the only major MSP's I know using it, stopped.
 
I

illumination

Boy Webroot continues to take a dump to the point it's useless now.

Did they basically stop working on it? I suspect their major snafu's with damaging millions of systems harmed them irreparably. I haven't run into anyone using Webroot in almost a year now, and the only major MSP's I know using it, stopped.
Penalized for how it functions would be the proper way to state what mostly occurred here.

Not all protections, or detection's for that matter, are equal. A product might completely block a URL, which stops the threat before it can even start its intended series of malicious events. Alternatively, the product might allow a web-based exploit to execute but prevent it from downloading any further code to the target. In another case malware might run on the target for a short while before its behavior is detected and its code is deleted or moved to a safe ‘quarantine’ area for future analysis. We take these outcomes into account when attributing points that form final ratings. For example, a product that completely blocks a threat is rated more highly than one that allows a threat to run for a while before eventually evicting it. Products that allow all malware infections, or that block popular legitimate applications, are penalized heavily.
 
  • Like
Reactions: Brie and harlan4096

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I would definitely take these tests with a pinch of salt. Do we know how old these samples, URLs & files are? Which was used in testing the software(s)

~LDogg
 
  • Like
Reactions: Brie and Al-Faqir
5

509322

Boy Webroot continues to take a dump to the point it's useless now.

Did they basically stop working on it? I suspect their major snafu's with damaging millions of systems harmed them irreparably. I haven't run into anyone using Webroot in almost a year now, and the only major MSP's I know using it, stopped.

Penalized for how it functions would be the proper way to state what mostly occurred here.

Webroot rollback only works against specific types of infections. And even then, sometimes only against a specific infection within a subset.
 
D

Deleted Member 3a5v73x

Boy Webroot continues to take a dump to the point it's useless now.

Did they basically stop working on it? I suspect their major snafu's with damaging millions of systems harmed them irreparably. I haven't run into anyone using Webroot in almost a year now, and the only major MSP's I know using it, stopped.
Webroot is always butthurt and comes up with an new excuses why in lab tests their product didn't perform well. Tested version was 9.0.19.43
Webroot notes that testing
occurred before it released its script and anti-
exploit protection.
 
I

illumination

Webroot rollback only works against specific types of infections. And even then, sometimes only against a specific infection within a subset.
You are correct, but what is not mentioned here is the ability to manually monitor or block processes and the extra tools built in... The product is wrapped around the test instead of the way it should be.
 
  • Like
Reactions: harlan4096
I

illumination

Like any of them work as they should e.g. SafeStart Sandbox :D
Im not a fanboy of webroot, do not even use it, just pointing out that products are not all designed the same, and testing with one methodology and penalizing some for the way they are designed is not correct or accurate. Now if they tested the product as it was designed and it failed, then i would salute them and move on.
 
5

509322

You are correct, but what is not mentioned here is the ability to manually monitor or block processes and the extra tools built in... The product is wrapped around the test instead of the way it should be.

You can monitor Zeus or a screenlock ransomware and those of their ilk, and Webroot lets them trash the system with no way to rollback. Webroot has known about it for at least a decade because I reported it so many times.

I just analyzed an Evil Locker that kills the Webroot (WSRA) service. LOL...

People cannot figure out how to use Webroot. There's stuff in it that most Average Joes are like... wut ? And Webroot's reply is always "Oh, you just don't understand how the product works." What's worse, they're liars in my experience. I have been lied to not once but multiple times by a staffer. They're also another one of those outfits that cries and complains that they're being oppressed and persecuted.
 
Last edited by a moderator:
I

illumination

You can monitor Zeus or a screenlock ransomware and those of their ilk, and Webroot lets them trash the system with no way to rollback. Webroot has known about it for at least a decade because I reported it so many times.
Did manually clicking block the process stop them? It is kind of my point with this, although i do not need to explain this to you, as you are aware how they all test and how it does not fit the design.

People cannot figure out how to use Webroot. There's stuff in it that most Average Joes are like... wut ? And Webroot's reply is always "Oh, you just don't understand how the product works." They're liars in my experience.
The underlined pretty much sums it up. As i stated above, im not behind this product nor am i recommending anyone to use it, im just merely stating the methodologies of these test are so misleading how they are implemented. I want to see a product fail, because it does indeed suck, not because some half-baked test was labeled professional.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Boy Webroot continues to take a dump to the point it's useless now.

Did they basically stop working on it? I suspect their major snafu's with damaging millions of systems harmed them irreparably. I haven't run into anyone using Webroot in almost a year now, and the only major MSP's I know using it, stopped.
They have been working with adding script protection and anti-exploit. So, they haven't stopped.
Webroot SecureAnywhere Discussion & Update Thread
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I like that SE Labs does not charge for participation.... or give the 'opportunity' for vendors to pay so that their results are not shown.

I'm not surprised that Norton is on top. Norton finishes at or near the top of the majority of tests in which it is included.

And I'm not surprised that Webroot is at the bottom. At least 5 years ago... AV-C developed a fair methodology to test Webroot with the roll-back feature and all...

And.... Webroot still finished poorly. So they basically tried to quit being tested.

The Webroot propaganda machine launched into overdrive. "Most advanced... best protection.... blah blah blah...."

Oh, and "all testing is unfair because the testers don't understand Webroot....roll-back..... active threat.... blah blah blah..",,,

Except.... that the testing organizations understood Webroot perfectly. And could test it fairly and effectively.

Webroot just didn't like the results.

In the meantime, somebody I'll nickname 'Triple Hernia' at another website pushed the Webroot propaganda machine hard, and did manage to develop a group of kool-aid drinking followers. But most of them.... some faster some slower.... eventually realized that Webroot is just not that great.

Great at excuses... not that great at protection.
 
I

illumination

I like that SE Labs does not charge for participation.... or give the 'opportunity' for vendors to pay so that their results are not shown.

I'm not surprised that Norton is on top. Norton finishes at or near the top of the majority of tests in which it is included.

And I'm not surprised that Webroot is at the bottom. At least 5 years ago... AV-C developed a fair methodology to test Webroot with the roll-back feature and all...

And.... Webroot still finished poorly. So they basically tried to quit being tested.

The Webroot propaganda machine launched into overdrive. "Most advanced... best protection.... blah blah blah...."

Oh, and "all testing is unfair because the testers don't understand Webroot....roll-back..... active threat.... blah blah blah..",,,

Except.... that the testing organizations understood Webroot perfectly. And could test it fairly and effectively.

Webroot just didn't like the results.

In the meantime, somebody I'll nickname 'Triple Hernia' at another website pushed the Webroot propaganda machine hard, and did manage to develop a group of kool-aid drinking followers. But most of them.... some faster some slower.... eventually realized that Webroot is just not that great.

Great at excuses... not that great at protection.
My point was simply that a user could block the active process manually, i have yet to see this in a test from any of them. If it failed to block the samples, then so be it.

Even though i do not use the product, i will not resort to product bashing and calling out users and creating more drama, it was a simple statement of the testing procedure that i have yet to see.
 
5

509322

My point was simply that a user could block the active process manually, i have yet to see this in a test from any of them. If it failed to block the samples, then so be it.

Even though i do not use the product, i will not resort to product bashing and calling out users and creating more drama, it was a simple statement of the testing procedure that i have yet to see.

People don't use the manual monitoring in Webroot because Webroot itself states in their marketing that "WSRA will rollback the system perfectly." Webroot doesn't promote nor offer any step-by-step, how-to guide to promote the more arcane functions in their product. Actually, I think the company dissuades people from using the advanced features in various ways. For one, some don't work as advertised\intended - or more importantly - no one can get any details out of Webroot as to how they are intended to work.

They're not gonna testing anything manual... involving HIPS or HIPS-like protections or stuff like a user adding a process to a sandbox. It has to be automated for the people who don't know what they're doing, don't know how anything works, basically... the clueless.

It's not product bashing to discuss security software limitations. Every product has them, but some have them a whole lot more than others. What is being discussed here is a long-known set of issues with Webroot going back all the way to PrevX days.

And I am very open and honest that I despise Webroot due to my own, personal, very bad experiences with the Webroot fanboyz, the product itself and the company. It's no secret, that's for sure.
 
Last edited by a moderator:
I

illumination

They're not gonna testing anything manual... involving HIPS or HIPS-like protections. It has to be automated for the people who don't know what they're doing, don't know how anything works, basically... the clueless.
This was all i was trying to point out, so basically the testing method is not wrapped around the product design, so how accurate can it be.
 
  • Like
Reactions: harlan4096
5

509322

This was all i was trying to point out, so basically the testing method is not wrapped around the product design, so how accurate can it be.

If my extensive testing is any indication, you can max-out Webroot's protections and it is still going to perform poorly. I'd bet it would rank about the same in the tests if you maxed-out each product's protections and re-tested them. Of course someone will scream "Foul, foul !" that's speculation. Nope. It's not. I am making an informed opinion based upon my own set of experiences - whether one considers those subjective or not - with most of the products with fully maxed-out protections.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top