App Review Webroot SecureAnywhere 2024

[Shadowra]

Exactly, not something that can be determined in a few minutes test dependent on samples and variables. It is why the application is supposed to partially sandbox "restricting access", and monitor actions until determined, as mentioned above.




Advanced sections and manual tools are placed for users to make the most of an applications abilities. If one has the ability to use such features it is in their best interest to learn to do so.

Good evening,

Before I start, I'd like to introduce myself. I'm Shadowra, the tester who evaluated Webroot.

I've read your comments carefully, but unfortunately I need to clarify a few points:

1) I very rarely change the settings of the antivirus programs I test. In fact, I start from the premise that I'm putting myself in the shoes of a novice user. Most novices don't bother, they just install a security solution and want it to work!
That's exactly what Webroot offers, and it's great.

2) During the test, there are 3 phases: URL testing, where I select the most recent malware sites, an EXE SFX which is a fake crack that will install different malware (the danger of cracks) and a malware pack with a mix of 0-day and old malware from 4 sources I use.
I spend about 1 hour making this pack, as the samples are checked and tested (I may let a few false positives through, but it's quite rare...).

Honestly, I can understand that you've had good results with Webroot with your settings, but that's not what I do.
On the other hand, if you'd like another video with YOUR settings, let me know and I'll do it as soon as possible.

Best regards

 

[Practical Response]

The thing is all this sandboxing and process control only affects malware in PEEXE formats, when I test I usually use varied malware, including weaponised documents and code injecting scripts. As mentioned earlier, foreign code and evasion shield are reserved for business products and home products can not handle such malware — regardless what settings have been applied.

As you stated, we are discussing the home edition and not the endpoint. How are you approaching your testing of these more advanced threats? Do you add the file to the block and allow section also enabling monitoring manually, just as any document or script should be checked before execution? This overrides the scanning and shields normal behavior.

In the system control you can set the process to these manually as well to monitor them and even stop all untrusted processes with a click of one button.

As stated in the post above the product does have the ability to have advanced settings adjusted as well.

I always recommend the user manual to learn a products abilities for those that have not read:

Spoiler: webroot maual

https://download.webroot.com/WSA_PC_UserGuide.pdf

 

[Practical Response]

Good evening,

Before I start, I'd like to introduce myself. I'm Shadowra, the tester who evaluated Webroot.

I've read your comments carefully, but unfortunately I need to clarify a few points:

1) I very rarely change the settings of the antivirus programs I test. In fact, I start from the premise that I'm putting myself in the shoes of a novice user. Most novices don't bother, they just install a security solution and want it to work!
That's exactly what Webroot offers, and it's great.

2) During the test, there are 3 phases: URL testing, where I select the most recent malware sites, an EXE SFX which is a fake crack that will install different malware (the danger of cracks) and a malware pack with a mix of 0-day and old malware from 4 sources I use.
I spend about 1 hour making this pack, as the samples are checked and tested (I may let a few false positives through, but it's quite rare...).

Honestly, I can understand that you've had good results with Webroot with your settings, but that's not what I do.
On the other hand, if you'd like another video with YOUR settings, let me know and I'll do it as soon as possible.

Best regards

As per my first initial post, it was to establish that the product even in default settings was not being tested as designed. It was the main point I was trying to establish. Its "features" work differently than other products and needs "time" dependent upon samples and variables to function as it was designed. The journal and rollback feature has to "monitor" the sample to come to conclusions before it reacts to them. It does this in a contained state restricting access to system files ect. As seen in other videos, this product can not be just slammed with samples then call it a night, its not designed as such.

To be clear, I'm not a fan of webroot, I do not even use the product, and have not tested it myself in some years. I am however a fan of testing applications as they are meant to be used and designed. Its only proper and fair to do so for the product, company and potential users.

 

[simmerskool]

... it was to establish that the product even in default settings was not being tested as designed.

Huh? Unclear to me (fwiw) what you mean "the product even in default settings was not being test as designed." Webroot should not be, cannot be, tested with its default settings?

 

[Practical Response]

Huh? Unclear to me (fwiw) what you mean "the product even in default settings was not being test as designed." Webroot should not be, cannot be, tested with its default settings?

I am assuming until malicious actions are performed, captured and classified. Depending on the malware it may be a minute or it may be hours, after rebooting, on a specified date… depends on what’s been programmed.

As per my first initial post, it was to establish that the product even in default settings was not being tested as designed. It was the main point I was trying to establish. Its "features" work differently than other products and needs "time" dependent upon samples and variables to function as it was designed. The journal and rollback feature has to "monitor" the sample to come to conclusions before it reacts to them. It does this in a contained state restricting access to system files ect.

It was written directly below what you highlighted as well as mentioned in a few other posts. The product needs time as it was designed to "monitor" threats "while contained". I will leave an example video of a tester that does just this, even though the product still failed to keep the system clean, the tester knew to "allow" the product "time" to try and remove the threats. Notice the length of the video.

 

[Muddy7]

Only one AV can be run at a time so it must be chosen wisely. Webroot is a waste of time. It is not as effective as others, updates are very infrequent and new features haven’t been added in ages, apart from VPN and Identity Protection which were introduced recently. Evasion Shield and Foreign Code Shield for example, are reserved for the business product.

So much is wrong here.

For example:

updates are very infrequent

Official SecureAnywhere Release Notes | Webroot
If you're talking about the Mac version, granted. But for the PC version ... hardly. Also, being cloud based, the version history doesn't really reflect at all the daily changes that are happening where it really matters, ie. on the backend.

Identity Protection which were introduced recently

Identity Protection was first introduced, under another name whose exact name I no longer remember, in the Prevx version circa 2009/2010. As far as I know, Prevx>Webroot was the first AV on the market to introduce Identity Protection.

Foreign Code Shield for example, are reserved for the business product

I can't confirm regarding the Consumer version, but I've had this feature for quite some time on my Beta version:

 

[likeastar20]

So much is wrong here.

For example:

Official SecureAnywhere Release Notes | Webroot
If you're talking about the Mac version, granted. But for the PC version ... hardly. Also, being cloud based, the version history doesn't really reflect at all the daily changes that are happening where it really matters, ie. on the backend.

Identity Protection was first introduced, under another name whose exact name I no longer remember, in the Prevx version circa 2009/2010. As far as I know, Prevx>Webroot was the first AV on the market to introduce Identity Protection.

I can't confirm regarding the Consumer version, but I've had this feature for quite some time on my Beta version:

View attachment 282079

How do you get the beta version?

 

[Muddy7]

How do you get the beta version?

I'm not sure if Beta is open to new applicants at the moment, but you could always try contacting Webroot Support: Official Support Contact Information for Individuals & Families | Webroot

 

[Trident]

If you're talking about the Mac version, granted. But for the PC version ... hardly

I am not sure that this constitutes for frequent updates. The fact that it’s cloud-based means nothing, Avast for example uses the cloud as well, yet there is update every month.

Identity Protection was first introduced, under another name whose exact name I no longer remember, in the Prevx version circa 2009/2010. As far as I know, Prevx>Webroot was the first AV on the market to introduce Identity Protection

You are confusing Identity Shield and Identity Monitoring. The former has been around for ages, the latter is breach monitoring and was introduced in the US about a year ago.

I can't confirm regarding the Consumer version, but I've had this feature for quite some time on my Beta version:

I am not taking beta versions as reference but I am glad Webroot is adding it.

 

[Muddy7]

You are confusing Identity Shield and Identity Monitoring.

The very expression you used was "Identity Protection", and you're now obfuscating by introducing new terms. Or, to put it more simply, you are moving the goalposts. The protection I am referring to was actually named "Identity Protection" in the very first version of Webroot Secure Anywhere (circa 2010/20211).

More here:

As I said, as far as I know Prevx was the first AV company to introduce Identity Protection.

 

[simmerskool]

It was written directly below what you highlighted as well as mentioned in a few other posts. The product needs time as it was designed to "monitor" threats "while contained". I will leave an example video of a tester that does just this, even though the product still failed to keep the system clean, the tester knew to "allow" the product "time" to try and remove the threats. Notice the length of the video.

I think your post lacks clarify IMO - FWIW. I understood your comments that in your opinion Webroot testing needs more time, but what has that to do with your previous sentence "... even in default settings" -- @Shadowra offered to re-test Webroot and asked about the settings you wanted him to try and how much time does the analysis need. I did not see that answered (unless I missed i -- I am not going to watch the video you linked of unknown length when apparently you have watched it and can simply state the time required for a better / optimal test of Webroot.

 

[Trident]

The very expression you used was "Identity Protection", and you're now obfuscating by introducing new terms. Or, to put it more simply, you are moving the goalposts. The protection I am referring to was actually named "Identity Protection" in the very first version of Webroot Secure Anywhere (circa 2010/20211).

More here:

View attachment 282084

As I said, as far as I know Prevx was the first AV company to introduce Identity Protection.

I am not changing and obfuscating anything, I am talking about Webroot Premium and Webroot themselves call it “Identity Protection”, marked as “New”

I’ve explained that this is breach monitoring service which is the only new feature added to Webroot in the recent years. Even their UI has remained the same 10 years +. The identity shield that you are referring to was added in 2010/2011.

 

[CyberDevil]

@Shadowra can Webroot be used as a supplemental layer in combination with another AV, and if so, any suggestions, perhaps MD? Or perhaps CyberLock??

I knew a man a couple years ago who was actively using Panda + Webroot at the same time and I myself, for fun, used them simultaneously for a month or so. There were no problems whatsoever. Considering that both products are not actively developing, I think there won't be any problems even now. The question is whether you want it or not

 

[simmerskool]

I knew a man a couple years ago who was actively using Panda + Webroot at the same time and I myself, for fun, used them simultaneously for a month or so. There were no problems whatsoever. Considering that both products are not actively developing, I think there won't be any problems even now. The question is whether you want it or not

passing on webroot (at least for the foreseeable future)

 

[Trident]

passing on webroot (at least for the foreseeable future)

Once foreign code and script shields are released officially for home products (not sure when) I can consider it. For now, hard pass from me as well.

 

[Muddy7]

WTF are you talking about??? WSA Virus and Identity Protection are, as i said, as old as the product itself.

Can't you read ??? It's Webroot Premium (whatever that may be) that is "NEW!"

Btw I was wrong about the Webroot Mac releases. it seems from a Webroot employee that has just posted to the Beta Forum, that the page regarding Webroot releases that I referred you to is not up to date with Mac AV releases:

Oh and regarding "Avast for example uses the cloud as well, yet there is update every month", any Joe, Dick or Harry can trumpet themselves as being "cloud based". However as a point of fact, right from the beginning Prevx has never had loads of signatures constantly being downloaded to the client's local computer (not even one sole signature, in fact) as, apart from a handful of very basic sigs built into the app, ALL the Prevx>Webroot detection has always taken place in the cloud. So the rigmarole of performing a monthly update becomes a somewhat pointless exercise.

 

[Trident]

WTF are you talking about??? WSA Virus and Identity Protection are, as i said, as old as the product itself.

I’ve explained the difference between Identity Shield and Identity Protection few times but you don’t seem to be getting it.
Too confusing?
Blame Webroot who named them, not me.

Regarding your release history, I saw 2 updates for the whole 2022 and 3 for 2023. Everyone else releases monthly/bimonthly updates.
You consider product updates pointless?
Good on you.

For me, it is an attestation how actively a product is being developed.
Webroot development is in a deep freeze.

If you wanna argue, point out 3 features that were released in the last 2 years.

 

[Muddy7]

Here is a picture of the Webroot Secure Anywhere Identity Protection tab from a PCMag 2013 review of the product (Webroot SecureAnywhere Complete 2013) :

I admit I am not acquainted with the niceties of distinctions between Identity Shield and Identity Monitoring — though I think I can glean a good idea from the wording thereof — but, with all due respect, that was NOT what you referred to in your original post in this exchange between ourselves. You referred to "Identity Protection" (which, in Webroot's AV product architecture, is itself a kind of monitoring process). You also claimed wrongly in your last but one post in this exchange that Webroot only recently introduced "Identity Protection" with their new product Webroot Premium. Not only was that statement completely false, but it was an egregious (and shocking!) misreading of the Webroot advert you displayed in that post.

If I'm prepared to admit I'm not acquainted with the distinction between Identity Shield and Identity Monitoring, are you not also able to admit that you were dead wrong about Webroot only recently introducing Identity Protection?. FYI Identity Protection is an absolutely essential component of their anti-malware architecture without which their approach to antimalware detection would not work effectively at all. I would wager you do not know why that is so.

 

[Trident]

I am not sure why you keep going on and on.
Identity Shield is the protection you keep referring to, Identity Protection is Webroot term for breach monitoring. Identity Shield is essential and was released ages ago. Breach monitoring is something I couldn’t care less about and was introduced a year ago.

The original post stated that Identity Protection (breach monitoring) and VPN are the only features added in the recent years and I am not sure why we keep going round and round in circles. What was once Identity Protection is now renamed to Identity Shield and Identity Protection is breach monitoring. Again, if it is too confusing, blame Webroot, not me. I am not responsible for OpenText’s marketing fluff.

You keep going on and on about this “Cloud” as well. Name few improvements made to the “Cloud” in the last few years.

Example:
“In September 2022 a new AI model to deal with shortcuts was introduced. The model is capable of detecting malicious shortcuts based on icon, linguistic and command-line parameters.”

Till you name a few improvements other than the addition of VPN and breach monitoring, I am only going to ignore you. Not a fan of going around in circles.

 

[Practical Response]

I think your post lacks clarify IMO - FWIW. I understood your comments that in your opinion Webroot testing needs more time, but what has that to do with your previous sentence "... even in default settings" -- @Shadowra offered to re-test Webroot and asked about the settings you wanted him to try and how much time does the analysis need. I did not see that answered (unless I missed i -- I am not going to watch the video you linked of unknown length when apparently you have watched it and can simply state the time required for a better / optimal test of Webroot.

To clarify, I'm not the user that mentioned settings being adjusted for stronger protection, go back through and reread the comments.

The statement even at default settings was meant to concentrate "focus" on the statement that webroot is not like other products, when there is a unknown, it sandboxes this unknown and runs it restricted watching it's behaviors and monitoring it. This action alone takes time, not always immediate, hence the product can not be tested like the others in these quick 4-5 minute videos.

@Shadowra please check the link of the video, it's a 31 minute video in which a few infections spawn, the tester allows the product time and after a bit a few of those infections were determined and stopped, now at the end of the vid the test machine was infected with a ransomware, so yes the product needs some work, but when you view "How" it works you will understand my initial posts.

P.s. I'm the same user that mentioned process explorer, auto runs and tcpview for your tests, I won't steer you wrongly.