App Review Webroot SecureAnywhere 2024

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
Webroot is an American security solutions provider.
Formerly SpySweeper, the company acquired PrevX several years ago to create its SecureAnywhere solution.
For several years now, Webroot has set itself apart from the competition with 100% Cloud protection. Despite this choice, it has unfortunately never shone...
I hope 2024 will be a good year for it. Let's check it out!



User interface :

Webroot's interface is simple and intuitive.
The editor has chosen a very user-friendly approach to help novices as much as possible.
There's no need for updates or settings: just install it and it's ready to protect!


Web protection: 10/10

Webroot has blocked all malicious links.
Its Web filtering is very good.
A few downloads were still possible, but Webroot was able to stop or delete them.


Fake crack : 1/1

Webroot was able to block all installations of the malicious crack.
It then performs a small analysis to see if there is no longer any risk. I like the idea.

Malware Pack : Remaining 154 out of 648 threats.

While Webroot put on a good show during the test, the pack was a complete disappointment, a cold shower!
Webroot is unlucky once again to find itself with a completely infected machine where malware has made its nest!
Even if it tries to defend itself as best it can, its protection against unknown malware is clearly poor.
And so is its anti-malware engine!
In the end, Worm.AutoRuns launches, multiplies and loops in memory, saturating RAM.
Note that this worm dates back to ....2007...

Final scan : The machine is unusable. Analyses could not be performed.

Final opinion:

Webroot has many good ideas.
Cloud protection, ease of use and light weight are all big pluses.
Unfortunately, these assets are clearly spoiled by its weak proactive protection and very weak anti-malware engine...
The machine ended up very infected!
It's still not to be recommended.
 
Last edited:

Bot

AI-powered Bot
Apr 21, 2016
4,446
Thank you for the detailed review of Webroot SecureAnywhere 2024. It's clear that while it excels in some areas like user interface and web protection, it falls short in proactive protection and anti-malware engine. Hopefully, they will address these issues in future updates.
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
as a once upon a time user of Prevx, which IIRC was intended as a second layer, not primary security, @Shadowra can Webroot be used as a supplemental layer in combination with another AV, and if so, any suggestions, perhaps MD? Or perhaps CyberLock??

Even if you can run it with another AV, I would never advise doing so.
Better safe than sorry :)
And MD is much more powerful than Webroot.
 

misterman2100

Level 2
Verified
Dec 3, 2018
63
The essence of
1710026624695.gif
Webroot throughout the years. And the guy's jacket is green to boot!
 

Spartan

Level 3
Verified
Well-known
Apr 15, 2019
119
I don't know how this company even still exists in 2024. webfruit is a horrible solution, I would not even want to use it as a 3rd security layer, they cannot even participate in any of the major antivirus tests like AV-C and AV-TEST because they would fail miserably and their excuse is that they don't rely on signature based detections, yeah well, we all know how that turned out.
 

misterman2100

Level 2
Verified
Dec 3, 2018
63
I don't know how this company even still exists in 2024. webfruit is a horrible solution, I would not even want to use it as a 3rd security layer, they cannot even participate in any of the major antivirus tests like AV-C and AV-TEST because they would fail miserably and their excuse is that they don't rely on signature based detections, yeah well, we all know how that turned out.
It goes along with the strange saying: "It works until it doesn't." I had it for a few years until, lo and behold, I had a very strange infection that Webroot did not remedy. And when it did get resolved, I had corrupted files on Windows which led me to format the whole drive and reinstall without Webroot. Could that have happened to other programs? Sure. But for the time I had Avast, I had nothing infect my machine whatsoever. Although miles my vary, I'd prefer a more reliable airline.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Only one AV can be run at a time so it must be chosen wisely. Webroot is a waste of time. It is not as effective as others, updates are very infrequent and new features haven’t been added in ages, apart from VPN and Identity Protection which were introduced recently. Evasion Shield and Foreign Code Shield for example, are reserved for the business product.
 
F

ForgottenSeer 109138

Journaling and rollback, system monitoring in active processes, among other tools found in utilities such as resetting certain features and restarting in safe mode ect.

As this application has been designed slightly differently than others, it requires knowledge of its tools and uses to test properly.

Correct me if I'm wrong, but if an application is unknown it is basically sandboxed and monitored, allowed to run but not allowed to access system files and processes. Journaling and logging commence and if the file is found to be good it is allowed to run and if found to be bad it is terminated and file quarantined. The user can actually change the status from monitored to block manually if found to be bad. Of course it would require giving the application time to perform as it was intended. Supposedly the privacy shield protects all sensitive data during this process as well.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I
Journaling and rollback, system monitoring in active processes, among other tools found in utilities such as resetting certain features and restarting in safe mode ect.

As this application has been designed slightly differently than others, it requires knowledge of its tools and uses to test properly.

Correct me if I'm wrong, but if an application is unknown it is basically sandboxed and monitored, allowed to run but not allowed to access system files and processes. Journaling and logging commence and if the file is found to be good it is allowed to run and if found to be bad it is terminated and file quarantined. The user can actually change the status from monitored to block manually if found to be bad. Of course it would require giving the application time to perform as it was intended. Supposedly the privacy shield protects all sensitive data during this process as well.
Journalling and rolling back is the theory, @Shadowra ’s test is the practice and reality. And in reality, the product failed miserably and produced results similar to third-tier AVs like K7 and Arcabit. On my tests it took about 5 minutes for a few infections to be active, without too much effort. So I’m afraid Webroot is not to be compared to Kaspersky, Avast, Bitdefender and others. Btw Kaspersky is mainly a heuristic-based AV like Webroot as well and most, if not all AVs, got the rollback. Many restore modified files as well.
 
F

ForgottenSeer 109138

I

Journalling and rolling back is the theory, @Shadowra ’s test is the practice and reality. And in reality, the product failed miserably and produced results similar to third-tier AVs like K7 and Arcabit. On my tests it took about 5 minutes for a few infections to be active, without too much effort. So I’m afraid Webroot is not to be compared to Kaspersky, Avast, Bitdefender and others. Btw Kaspersky is mainly a heuristic-based AV like Webroot as well and most, if not all AVs, got the rollback. Many restore modified files as well.
I would have to agree to disagree, as the rollback and journaling are part of the applications design, not a theory, a theory would be should the user have had opened system utilities during the test and found the active process of the worm and blocked it, could he have had possibly continued the test. If the test were allowed to continue for some time, would the application itself respond as it was designed too? Without doing either how can anyone speculate the product failed? If it's allowed to be used as intended and fails it is one thing, but quite another to judge the product from half way attempts at testing it. "no offense meant towards testers or those commenting here".

The manual controls were placed to be used as well as the utilities, the ability to reset functions and enter safe mode as needed. I have tested webroot myself back in the day when it was a bit more popular and found that it needed to be tested differently than the rest because of design, did it fail tests, certainly, but I gave it a fair shake by its design.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
? how much time is "some time?" :unsure:
I am assuming until malicious actions are performed, captured and classified. Depending on the malware it may be a minute or it may be hours, after rebooting, on a specified date… depends on what’s been programmed. But in my tests, although I put settings to their highest, behavioural blocking wasn’t very effective. Although admittedly, Webroot/OpenText have impressive portfolio of patents in this area, again, this is theory and in reality the product doesn’t shine. Others do it better. Relying on the usage of manual tools is not a great approach either.

Even their website isn’t amazing, if that’s their face I can imagine their under-the-hood.
IMG_3130.png
 
Last edited:
F

ForgottenSeer 109138

I am assuming until malicious actions are performed, captured and classified. Depending on the malware it may be a minute or it may be hours, after rebooting, on a specified date…

Exactly, not something that can be determined in a few minutes test dependent on samples and variables. It is why the application is supposed to partially sandbox "restricting access", and monitor actions until determined, as mentioned above.


Relying on the usage of manual tools is not a great approach either.

Advanced sections and manual tools are placed for users to make the most of an applications abilities. If one has the ability to use such features it is in their best interest to learn to do so.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Exactly, not something that can be determined in a few minutes test dependent on samples and variables. It is why the application is supposed to partially sandbox "restricting access", and monitor actions until determined, as mentioned above.
The thing is all this sandboxing and process control only affects malware in PEEXE formats, when I test I usually use varied malware, including weaponised documents and code injecting scripts. As mentioned earlier, foreign code and evasion shield are reserved for business products and home products can not handle such malware — regardless what settings have been applied.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top