Webroot SecureAnywhere 9.0.19.36

[509322]

You're the one inventing your own scoring criteria. It's LITERALLY how they grade the test:

View attachment 202660


[QUOTE="Which product are people going to choose ? No one wants active malware running on their system... and especially not for hours and days. That's just a bit more than crazy because over that period of time you could be wiped out. You cannot assume that Webroot will protect. You have to assume that there will be further compromise. Once a system is compromised, it's no good. Period. You have to assume it is tainted and treat it accordingly. That means a clean install if not more extensive cleanup.

Well it depends what kind of an infection you're talking about. If it's ransomware yes you're absolutely correct. However, if it's an infostealer or a banking Trojan, different story.

View attachment 202663

Webroot does comparatively well in these tests. It has failed some, but some of these products use those abysmal "Safe Browsers" in order to achieve protection from these types of malware.

Unfortunately, Webroot's Privacy Shield only covers keystrokes. It isn't going to stop the offloading of files, malicious screenshots, etc. Scriptors, screenlocks, Zeus\Zbot, etc just runs right over WSA. I reported it so many times.

I do agree with one thing though... if a solution has to protect processes against already running malware, then it is too little, too late. The system is smashed. All bets are off and there is no guarantee of protection despite the lab test results. The mistake people make is to assume that the lab test results can be extrapolated and automatically applied to all malware in a class. It just doesn't work that way.

Anyhow, i can see how some would find Webroot appealing. The best thing that a user can do with the product is to set the heuristics to maximum, enable alerts, and pay attention.

It's difficult to find in WSA stuff that inspires the same level of confidence one gets from other products.

 

[Nevi]

What I can't understand is the people here, that seemingly hate WRSA. The way they triumph when they show a graph with the usual bad scores for WRSA. TAKE THAT and etc.People should get some more out, maybe find a girl. They seemingly dont get WRSA will many times score bad in a test, because of the way it works. That's a fact, and this is the last I wanna write about this.8 years of great protection, and a hell of a lot malware blocked tell me WRSA can protect a computer. The fanboys to other brands can show graps until they get blue in the face. Who cares?
Webroot SecureAnywhere Revew - Updated 2018

 

[Muddy7]

...oh, and I just saw this test in a different thread.

Published day before yesterday by MRG.

Completely HAMMERED Again.

There were 6 different security tests and a performance test -- which Webroot did well in. But who cares if it's light if it doesn't do its primary job well.

Webroot results:

--4 finishes in 2nd to last place.
--1 finish in last place.
--1 finish in 7th place... in the bottom half.

This is the long-term norm for this product.


View attachment 202655

https://www.mrg-effitas.com/wp-content/uploads/2018/12/MRG_Effitas-2018Q3-360.pdf

OH YEAHH! Glug glug glug...

DISCLAIMER: this was drafted before I clicked your link and went to that report. You therefore need to read my second post as well. Also, this reply may be relevant to ForgottenSeer 58943, Umbra and Lockdown's posts as well.
I am also aware that I am repeating some of what Artek has already said (when I wrote this, he hadnt yet posted).

First as a preamble, I would part paths with you, Artek, when you say that Webroot is more designed for novice users than are other popular AV programmes (1).

Essentially, what Webroot is doing is not only separating files into Good and Bad but also introducing a third category Unknown. Webroot is thus able effectively to stop malware never seen before from infecting your computer. Unknown files get very limited privileges and as soon as they start acting maliciously, they get zapped. Also as you correctly say, Identity Shield is extremely effective at stopping any sensitive data from being exfiltrated to the web by those nasties (Lockdown, regarding your latest post, I am no expert, but I think this is where the outbound Firewall comes into play regarding the monitoring of Unknown files and restricting of their privileges. As you know, Webroot has particularly concentrated on the outbound firewall).

That said, the reality is that in real life at least 95% of the malware that will attack the Webroot user will be caught immediately, eg. Web Threat Shield, behaviour blocking, known threats etc, and in real life operation on the user’s device, as a general rule only a maximum of 5% will be new and as yet undetected threats.

Now to come to your post, Burrito—may I call you Frank? I would ask you, Frank, could you address the, yes, facts that we are presenting here? You could start by addressing the question I asked: why out of the 143 reviews of Webroot on Spiceworks by MSPs, many of whom serve Webroot to hundreds of clients and some to thousands, more than 94% are very satisfied and less than 3% (there was a typo in my post when I said 4%—for some reason or other I don’t have editing privileges on this Forum and so perhaps a moderator — @Jack ? — might correct this typo for me?) are dissatisfied. If Webroot is so bad as you assure us it is, how can this be, Frank? Also, I have bad surfing habits and yet since I started using Prevx/Webroot(2), and that is now 12 years ago, I have never knowingly been infected. Detected? Many times. Infected? As far as I know, never yet. Before then, I was absolutely regularly infected although I used reputable AV products, all of which score higher, often far higher, on the AV tests you refer to than Webroot does. The day I changed to Prevx(2), that stopped dead. Please address these facts I am presenting you. Cut the insults. Reason, data, please.

And no, BJM_, I don’t use any other security product other than those that are built into Windows and into the browser I use, Firefox. (Sorry, that’s not completely true. I used to run a third-party scan from different companies such as Kaspersky, BitDefender, Eset etc from time to time to check if Webroot had missed anything. I eventually stopped doing this because they never found anything.)



(1) Granted, some people such as some members of this MalwareTips forum, choose to use more sophisticated tools. But the vast majority of users, whether IT illiterate, semi-literate or even pretty literate, will be content to use an automated AV programme as their first line of defence. And the vast majority of AV programmes are indeed pretty automated.

(2) Webroot acquired Prevx in late 2010

 

[Muddy7]

Well, I asked for facts, data, Frank, and even as I got round to finishing my first reply, I realised you’ve already given them us. You’ve kindly provided us with a link to the MRG report. You’ve made it easy for us so I have no excuse now.

But whoaaaahh!! Hang on a moment. You can’t just present us a pretty picture from the report, and then shout, “Doom and gloom!” because the colours don’t look good. Context is very important. First, we need to look at the small print. Then we need to evaluate the results of the test in the light of the particular methodology of that AV product and also the particular properties of its multi-layered defences.

My competency in this area is with Webroot so I will limit myself only to this product

--------------------------------------------------------------------------------------------------------------------------------

Let’s take the first page: all the ITW samples (329 of them). This is the page you captured and uploaded to your post. Just looking at the picture and ignoring everything else, it looks alarming for Webroot. It even had me alarmed…just for a moment: that is, until I opened the report and carefully studied it. Please note: I am not an IT expert at all, just someone who knows the AV product I use, and who tries to read the whole lab report and understand the results in the light of the nature of that product. The same applies of course for all of the AV products, but I don’t know the other ones well and so I limit myself to the one I do know.

Looking at this report, the first thing I notice is a mistake that MRG has made (albeit the only mistake I have found—so far). They say that the “table is sorted by smallest amount of failures”. But this means that Webroot should not be in second to last place but next to Microsoft as the “Miss” rate is 0.30%, less than ESET and McAfee and equal to Microsoft. Also, this means that Webroot missed just 1 of the 329 samples. Not a disaster by a long stretch. And I will come back to that “miss” in a moment.

What else do we discover? We find that Webroot is monitoring and journaling some of the malware samples before making a determination, just as it is designed to do: in this case 88 of them—which it subsequently determined to be bad. But is it 88? Or is it 89? The one that it “missed”: Would it have “missed” it had the period been 25 hours instead of 24? Or 36 hours? etc. I assume that Webroot was still monitoring that file at the end of that 24-hour period.

Now you might not agree with Webroot’s methodology (I know people don’t here ), but you have to agree that it is behaving precisely as it is designed to do. And that the “miss” of 1 out of 329 malicious files/processes is maybe, depending of course on your point of view, not a “miss” at all.

I would go one step further. I said that Webroot should have been placed next to Microsoft. I would imagine that you assumed that was to the right of Microsoft as Microsoft makes far less determinations in the 24 hour period following insertion of these malicious files into the machine and far more immediate determinations. But I would disagree. I do not know Windows Defender in depth but I assume that, unlike Webroot, it has two not three classifications: Good and Bad. I assume it does not have an Unknown classification that automatically triggers close monitoring and journaling—not to speak of imposing highly restricted privileges for that Unknown file. And if this is true, this presumably means that those malicious files on the machine protected by Windows Defender have free rein to do whatever harm they wish, up and until they are determined as bad. I would therefore put Webroot very much to the left of Microsoft.

Also please don’t forget: it is very possible that that “missed” file (1 out of 329) was maybe not really missed at all.

-----------------------------------------------------------------------------------------------------------------------------------------------

Let’s move to the second chart



Not much to speak of here.



The only thing I would express is my surprise that there are only TWO ransomware samples. I would have preferred rather more.


-----------------------------------------------------------------------------------------------------------------------------------------------

Chart 3

Financial Malware



Once again, Webroot is behaving exactly as it is designed to do. And once again, I would place Webroot to the left of Microsoft.



And please note that, according to Webroot’s paradigm, it has successfully detected 100% of the malicious samples.

-----------------------------------------------------------------------------------------------------------------------------------------------

Chart 4.
PUAs/Adware

Here I have an issue. So incidentally do most of the helpers at the Webroot Community Forum. Although Webroot has become somewhat more proactive regarding PUAs than hitherto, in our opinion not enough so!

Maybe it’s a question of priorities for Webroot(1). After all, it is true that PUAs are not malicious per se. But they can be a confounded nuisance. And Webroot’s ambivalent attitude to them could in the long term affect customers’ perception of their product.

-----------------------------------------------------------------------------------------------------------------------------------------------

Chart 5.
Fileless exploits.

This looks bad…at first blush. But wait a moment. What was the point of entry for these exploits? “Some URLs come from our regular honeypots” (p.7). Is this where the (three) exploits came from? In real life, dodgy stuff comes from dodgy URLs. And the Webroot Web Threat Shield is particularly good at singling out those dodgy URLs (even Umbra admits that lol—see his post above regarding this). And I believe that the Webroot BrightCloud bots revisit each website every 24 hours (!!!) to search for any negative change in a URL status. I therefore doubt that, in a real life situation, these exploits would have got through.

Incidentally, as most people know, Webroot is currently developing and beta-testing an anti-exploit module that will even further strengthen protection against this threat.

-----------------------------------------------------------------------------------------------------------------------------------------------

Chart 6.
FPs

Webroot scored 0.10% false blocks. According to my calculations, that is one false block out of 997 samples.

Is that a big drama? You be the judge.

-----------------------------------------------------------------------------------------------------------------------------------------------

Conclusion.

According to MRG’s criteria (p.5), AV products must make "initial" detection to make it to Level 1 Certification. That automatically rules Webroot out of Level 1 due to its particular methodology.

Given the results and Webroot’s way of working, I am very satisfied with this report for Webroot (bar the PUAs).



(1) also btw economics: potential ruinously costly lawsuits by those pesky PUA makers

 

[Deleted Member 3a5v73x]

What I can't understand is the people here, that seemingly hate WRSA.

Because you talk from your own perspective, stating your own opinion from your experience, it's not about you. Facts throughout the years hows Webroot been doing is not hating. Get a fresh air yourself, you're just too emotionally attached to Webroot.

 

[Nevi]

Yes. Of course I am "emotionally attached" to Webroot.

 

[Handsome Recluse]

Before then, I was absolutely regularly infected although I used reputable AV products, all of which score higher, often far higher, on the AV tests you refer to than Webroot does. The day I changed to Prevx(2), that stopped dead. Please address these facts I am presenting you. Cut the insults. Reason, data, please.

Nice N=1 data.

Now to come to your post, Burrito—may I call you Frank? I would ask you, Frank, could you address the, yes, facts that we are presenting here? You could start by addressing the question I asked: why out of the 143 reviews of Webroot on Spiceworks by MSPs, many of whom serve Webroot to hundreds of clients and some to thousands, more than 94% are very satisfied and less than 3%

Could be because people who are willing to review are the ones who does good reviews. The rest just uninstall and not even leave feedback. Self-selection bias.

 

[BoraMurdar]

Imagine the world where everyone agrees on everything. Boring, isn't it?
I can imagine MalwareTips where people discuss just without personal inflictions. Am I asking too much?

 

[Muddy7]

Now to come to your post, Burrito—may I call you Frank? I would ask you, Frank, could you address the, yes, facts that we are presenting here? You could start by addressing the question I asked: why out of the 143 reviews of Webroot on Spiceworks by MSPs, many of whom serve Webroot to hundreds of clients and some to thousands, more than 94% are very satisfied and less than 3% are dissatisfied

Could be because people who are willing to review are the ones who does good reviews. The rest just uninstall and not even leave feedback. Self-selection bias.

I am sure there is some truth in that, Terrakion. I tend to be the same when I give reviews. That said, I find the percentages rather exceptional. And I have come across too many similar stories (including of course mine!) to explain it completely away.

I have also heard (but I don't personally have enough data to confirm this) that the MSP side of Webroot's business is by far the strongest performing at the morning. Given the incident back in April 2017 (are you aware of it?), that would be pretty remarkable if it is true as of today..

Thanks for your thoughts on this matter. I would like to discuss this in a dispassionate and reasoned way with those who many not necessarily agree with me. Hopefully without the florid language we've seen in the past

 

[Muddy7]

and not "many not disagree" but "may not disagree"

Uurgh!!

 

[bjm_]

Citibank
HSBC
Danskebank
American River Bank
Union Bank
Ally Bank
BB&T
etc. etc.

some above links point to Webroot SecureAnywhere Identity Shield.....not Webroot SecureAnywhere AntiVirus.
Identity Shield cannot remove malware already installed on your computer. To fully protect your computer, you should upgrade to one of the following Webroot SecureAnywhere versions:
AntiVirus l Internet Security Plus l Complete

Webroot® Identity Shield provides safe Internet browsing and data protection. As you perform online transactions, it watches for Trojans or phishing sites that try to steal personal data – including user names, passwords, security codes, account numbers, and credit card numbers.
Identity Shield blocks any attempts to gain personal information, so you can rest assured that the details you provide on a website are always secure.
Two versions of Identity Shield are available:
Identity protection only – Blocks threats that try to steal information during your online activity.
Identity protection, plus threat detection – In addition to protecting your online activity, this version scans for threats on your computer. If you want to be able to remove threats, you must upgrade to a full version of Webroot SecureAnywhere.

Interesting Webroot discussion.
Appreciate all thread contributions.
Thanks to all thread contributors.

 

[Muddy7]

some above links point to Webroot SecureAnywhere Identity Shield.....not Webroot SecureAnywhere AntiVirus

That's what I think he was referring to. In the days of Prevx, Identity Shield used to be called SafeOnline and was aimed particularly at banking online. I think that was what ChoiceVoice meant to refer to. You will notice that the first three banks I refer to are UK banks (or the UK arms of those banks). Prevx made a bit of name for itself concerning this module. I believe they appeared on BBC TV a couple of times.

 

[Deleted member 178]

My problem with Webroot is not the product, (not the best but not the worst in my book, I like to use it for some features, but still hate this constant stockpiling of datas in WRdata folder) , but the people around it.
Lot of serious bugs/issues were submitted and those reporting people were just ignored at best or bashed at worst...

I don't care much of those tests results
, but I can't stand people cherrypicking results that fit their opinion while denying the ones that don't.

When i like a product, im more strict with it than with others, i will criticize it harder, those I don't like i wont waste a minute talking of them.

I like Comodo and Webroot but they lost their way so I have no remorse bashing them if I don't like things.

 

[Burrito]

First as a preamble, I would part paths with you, Artek....

That's not nice to part paths with Artek. He's a good dude.

The only thing I would express is my surprise that there are only TWO ransomware samples. I would have preferred rather more.

Agree.

Now to come to your post, Burrito—may I call you Frank?

Why yes... yes you may. I would be greatly honored. And thank you for asking.



OH YEAHH!!

 

[509322]

They seemingly dont get WRSA will many times score bad in a test, because of the way it works.

If I hear "People just don't understand how Webroot works" one more time then I'm gonna puke.

You explain why Bitdefender's and Kaspersky's... almost everyone's signatures are better than Webroot's... that has nothing to do with "the way that Webroot works." Webroot, despite its claim of a vast cloud intelligence with lightning-fast detection is obviously sub-par to what its competitors offer... to the tune of a 30+ % detection deficit in the figures.

And you are assuming that rollback will work perfectly. Well, I can tell you from extensive testing that rollback fails significantly. And that is because Webroot has to create a rollback algorithm for many infections. Rollback is not an automatic process that is independent of Webroot development build-out. Without the specific rollback algorithm, it doesn't roll back the system. Now that flaw is based entirely upon "the way that Webroot works."

I can smash Webroot. It is trivial. If Webroot is put to the test, then it will fail. I reported the multiple ways to Webroot. They replied "Huh ?"

The issue with Webroot is not the product. The issue are the claims and the fanbois. For years Webroot promoted WSA as having a firewall. It did... but it was only fully operational on Windows 7. There was no mention to consumers that the firewall notifications were not present on Windows 8+. I fought for two years to get them to fix their false marketing materials. They claimed that the firewall notifications could not be put into the product because Microsoft didn't expose what they needed to do it. Guess what... they managed to do it when the heat got hot enough.

I've used Webroot. I've tested it. I've gone way out of my way to report issues to get them fixed. I've jumped though many hoops for Webroot. Therefore I have earned the right to openly explain the issues. I don't make disparaging videos. I do it the professional way... I report things via proper channels directly with the publisher. I always go through channels that involve the publisher either directly or via an intermediary. Given that experience I know why Webroot draws so much backlash.

 

[Handsome Recluse]

am sure there is some truth in that, Terrakion. I tend to be the same when I give reviews. That said, I find the percentages rather exceptional. And I have come across too many similar stories (including of course mine!) to explain it completely away.

No it doesn't. It's already bad that this self-selection bias exist. It's even worse that you say the exceptional percentages completely explain it away when you didn't even compare it to anything. N=1 sample size.
Ergo. You can't just say this explains everything completely away.
The sample of people you came across might also not be representative of the general population since what you come across also is selected - not properly randomized.