Webroot Rollback Feature Multi-Part Test (MalwareDoctor)

[MDTechVideos]

This review has been a long time coming (and quite an interesting one to plan out). Starting in mid-2013 I began contemplating how I would go about testing Webroot but at the same time keeping in mind their rollback feature. Sure I could make this review just like any other av test. If I did it this way someone could (and I mean would) say that Webroot does not work like a traditional antivirus and I did not make a fair test. I agree with these people. If Webroot was designed more so to roll-back malware infections than to block known malicious threats that is how I should test their product. Personally I have little complaints about this system (default-deny is a much better policy than default-allow for unknown files). There is however one big issue: it makes conducting a test of their product difficult. How do you test an antivirus that will supposedly detect ALL unknown files eventually (but score poorly on zero-day test). It is for this reason that Webroot test are becoming more and more hard to find.

I have long-since noticed that AV-Test no longer releases test of Webroot (found this interesting discussion on the Wilders Forum: http://www.wilderssecurity.com/threads/why-is-webroot-no-longer-on-the-av-test-tests.360667/

I figure testing Webroot over an extended period of time is the absolute best way to test their antivirus like they claim it supposedly works (to find out once and for all if their claims are valid). Basically Webroot will be given final remarks after a given amount of time has passed (and at which point this series will end). Rather than just release one big compiled video I have decided to break up the review into smaller parts that will be released following each daily evaluation of Webroot.

Please share your comments, feedback and suggestions below.

 

[Countryboy_MN]

Thanks for doing the multi-test on Webroot. Looking forward to the final result. One question though. How does Webroot's firewall compare to other security programs? Or maybe the question should be does it do anything different than the others ?

 

[Moose]

Let see what happen! Thanks! Nice!

 

[MDTechVideos]

Thanks for doing the multi-test on Webroot. Looking forward to the final result. One question though. How does Webroot's firewall compare to other security programs? Or maybe the question should be does it do anything different than the others ?

I am too.

Webroot "enhances" Windows Firewall by implementing outbound protection (while Windows Firewall only offers inbound protection).

 

[Countryboy_MN]

Oh I see. Thanks!

 

[Moose]

Interesting! Let see what happen!

 

[DaZa9]

The way it works is totally unacceptable to me. Anyways waiting for next parts

 

[woodrowbone]

Nice initiative!
What you could do while you test and execute files is to right click the WSA icon and choose: "Control Active Processes"
From here you will see what files are active and if they are monitored, if you choose to block a monitored file it will perform a "Rollback".
Some files you just see monitored for a short while and then they disappear, Rootkit for example.
They usually delete themselves and spawn new processes, but they will be monitored as well.
A monitored file is restricted in what actions and connections it is allowed to do/use.
The "Identity Shield" will protect the data from leaking/erasing etc while the file is monitored.

/W

 

[Petrovic]

I am too.

Webroot "enhances" Windows Firewall by implementing outbound protection (while Windows Firewall only offers inbound protection).

First off, it's important to understand that the WSA firewall works differently than a traditional firewall in that it works together with the Windows firewall, functioning as the outbound component while the Windows firewall takes care of the inbound traffic. More specifically, it blocks malicious data traffic coming onto your computer. Basically, when both are turned on, they work in tandem to monitor data traffic coming in and out of your computer ports, looking for untrusted process that try to connect to the internet. The result is an intelligent and hassle-free firewall that unintrusively performs in the background, letting our powerful antivirus work it's magic and only steps in if it misses something.

Source: https://community.webroot.com/t5/Webroot-SecureAnywhere-Internet/WSA-Firewall-tests/td-p/4191

Windows 8 presents certain technological limitations to our current firewall implementation and we are evaluating our options in light of those limitations. The operating system itself is locked down in certain respects that limit what third-party firewalls are capable of, which is why you don't see some of the features in Windows 8 that you would otherwise see in older versions of Windows.

Source: https://community.webroot.com/t5/We...ows-8-and-Firewall-settings-in-WSA/td-p/25208

The Webroot SecureAnywhere firewall and software is compatible with any other antivirus or firewall application, so you should have no problem running our software alongside your other antivirus/firewall. While it is possible for another antivirus or firewall application to interfere with WSA, no part of Webroot should interfere with other firewalls as WSA is built to recognize and co-exist with other legitimate antivirus/firewall applications. Running the Windows firewall alongside our program is recommended and sufficient because the Windows firewall is effective against hostile inbound connections, whereas SecureAnywhere provides effective outbound protection.

Source: https://community.webroot.com/t5/We...ureAnywhere-Firewall-Compatibility/ta-p/19260

 

[FreddyFreeloader]

Expect to hear lots of excuses from Webroot if it doesn't do so well. They are good at that. However, I don't hear many Webroot users getting infected, either. Personally, I don't want all that malware sitting on my machine...get it off, now! All Webroot has to do is miss just one little change and it's off to the races for malware.

 

[MDTechVideos]

I know this series was a little bit shorter than most (and I was) expecting. However, experimenting this time around has given me an even better idea (and more effective) way to test Webroot in the future. What I am planning should get us to 5 or more videos. I wound't count on it being released tomorrow but it is definitely possible in the coming few months. (;

 

[FreddyFreeloader]

BSOD is a bit concerning.

 

[Deleted member 178]

BSOD is a bit concerning.

this is a Windows feature

 

[yigido]

Great review, I like the working mentalities of Webroot

this is a Windows feature

LOL

 

[FleischmannTV]

I am most curious about BSODs during rollback and if the journalling gets corrupted and further rollback attempts become impossible because of that.

https://community.webroot.com/t5/Webroot-Discussions/Cryptolocker-Webroot-fail/td-p/99214

 

[Koroke San]

 

[FreddyFreeloader]

Good eye, KS!

 

[Nightwalker]

Great test, I am looking forward to see the next parts of the review.

Webroot was one of my favorite antivirus in the past, but it didnt meet my expectations and I am a bit sceptical of its protection now.

 

[Behold Eck]

Expect to hear lots of excuses from Webroot if it doesn't do so well. They are good at that. However, I don't hear many Webroot users getting infected, either. Personally, I don't want all that malware sitting on my machine...get it off, now! All Webroot has to do is miss just one little change and it's off to the races for malware.

Exactly my thoughts as well. I`d prefer something suspicious to be removed than left on the system to be "monitored".

Hopefully the rollback feature will work.

 

[Behold Eck]

Great review,

so the roll back feature appears to have worked. Well done Webroot.