dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4814
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to Triple Helix

Re: Webroot SecureAnywhere scanning PC - suspiciously fast....

More here also....

»community.webroot.com/t5/Webroot···818#M229



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

I joined in on that thread over there.

In some ways, we are arguing semantics. What a word or phrase can mean to one person can mean something different to another.

Myself, I've never ventured into manual HIPS or Host Intrusion Prevention System apps. I've looked at a few of them but from the looks of some of them they can be downright annoying to the user. Myself, I like my computer to work with as little annoying things as I can.

I'm a set it up and forget it kind of person. Once I have my security software in place I want to be able to forget that it's there and not bother me unless it absolutely has to.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | Galaxy Nexus LiquidSmooth by TeamLiquid



norwegian
Premium
join:2005-02-15
Outback

said by trparky:

I'm a set it up and forget it kind of person. Once I have my security software in place I want to be able to forget that it's there and not bother me unless it absolutely has to.

When setting up something of this nature, there should be a lot of prompts at the beginning when software starts up, but once everything has had time to run, the alerts should stop coming, except when something has changed, IE; update software, changes in running processes, or processes not added that might be downloaded by a drive-by download exploit.

Really though, and I ask this as well; as I tell you; because I believe it to be so; a limited user account will help a lot of the same things from happening. The only problem with LUA is there are user-land type malware that looks for these accounts because it can reside in memory and not be there on logging off/reboot.

I think items like BOClean might have concentrated on memory objects (don't quote me), where as Process Guard, anything new trying to start would create an alert, and all alerts you allowed were remembered so you could click and forget and get back to computing. I never found them obtrusive, but know there was a lot more to it than just basic process watching.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 edit
reply to Name Game

said by Name Game:

said by Triple Helix:

As I can't IM anonymous users Kit has a comment on the Webroot Communitiy forums for Trel, Mele20, ZapZap and Name Game and for anyone that's wants to read it with the same link posted earlier just scroll down!

TH

Webroot SecureAnywhere delivers protection from the cloud.

I am no fan of the Cloud..especially for Security.
»Can you trust Cloud for Security and Redundancy

Yep. I won't use the cloud for security or really for anything. I amopposed to anything in the cloud. It is one reason I am buying a computer before Windows 8 is out. I use a very old version of Avira that has NO cloud crap but the more recent versions do and I would turn off the cloud part.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

saw this today "My particular cloud is a 1 terabyte Western Digital disk pluged into my router. Disk cost $99.95 at WalMart."


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Triple Helix

Webroot uses AMAZON cloud? That really does it for me. I would NEVER touch anything using Amazon as OF COURSE Amazon is spying on the users! GEEZ. This kind of crap is why you don't trust the cloud EVER. Instead you have Process Guard and delay buying a Vista/Win 7 computer for as long as possible and, if you have more guts than I do, you leave Windows at this point and go to Linux. (And, of course, if you value privacy, you never ever touch an Apple computer).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

1 edit

I buy stuff from Amazon.com all the time. It's the only place I buy stuff these days. They have the best deals.

So I really don't see why Amazon gets the hate in this thread.

Expand your moderator at work


Triple Helix
Go Blue Jays Go
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed

1 edit
reply to claudiubotez

Re: Webroot SecureAnywhere scanning PC - suspiciously fast....

A great Blog on how Webroot SecureAnywhere works and protects your system by the the VP of Development Joe Jaroch: »blog.webroot.com/2012/07/19/webr···results/ also from the Webroot Community Forums:»community.webroot.com/t5/Securit···884#M133

TH

--
Triple Helix - Microsoft® MVP Consumer Security 2012
VIP Member Of ASAP - (Alliance of Security Analysis Professionals™)
Official Webroot SecureAnywhere (Prevx) Support Forum Helper.
(H59 Clan)


BlackSpider

join:2003-03-07
UK

Despite these "innovative" techniques WSA still managed to come last out of 21 scanners in av.comparatives recent protection test March-June 2012.

»www.av-comparatives.org/



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Yes..but they have great PR.



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Just like anything new, it needs to be perfected. I read the blog article and it does indeed sound interesting in how they are handling threats as versus the old way of doing things.

Anyways, lets face it... traditional definition-based antivirus is a cat-and-mouse game with usually the bad guys winning. Something needs to be done, something better than definitions will have to be deployed because it's definitely a losing battle.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | Galaxy Nexus LiquidSmooth by TeamLiquid



Triple Helix
Go Blue Jays Go
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed

1 edit

said by trparky:

Just like anything new, it needs to be perfected. I read the blog article and it does indeed sound interesting in how they are handling threats as versus the old way of doing things.

Anyways, lets face it... traditional definition-based antivirus is a cat-and-mouse game with usually the bad guys winning. Something needs to be done, something better than definitions will have to be deployed because it's definitely a losing battle.

But that's the whole point on how Webroot SecureAnywhere handles infections by Monitoring & Journaling unknown processes and if they are marked bad then it will roll back to the state before the infection without the need to download any definitions!

TH
--
Triple Helix - Microsoft® MVP Consumer Security 2012
VIP Member Of ASAP - (Alliance of Security Analysis Professionals™)
Official Webroot SecureAnywhere (Prevx) Support Forum Helper.
(H59 Clan)

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Triple Helix

Obviously, they knew the AV-Comparatives test was not designed for the way their innovative AV works. So, my immediate question to the blog authors is why did they join and pay for AV-Comparatives testing at this time? If they are working with IBK See Profile to get his tests to work better with Webroot methods then why did they not wait until then to join the testing? Were they just curious or what? Did they decide that the poor score Webroot was bound to have was good publicity for them as they could then write this blog and get more attention, etc.???

I think they should have waited to do AV-Comparatives tests. This smells a bit fishy. I think it strange that IBK did not put a comment in about why WebRoot scored poorly. I think there is more to this than we are currently seeing and it would be nice if IBK See Profile would clarify this. Maybe Webroot specifically requested that IBK See Profile not clarify?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


claudiubotez

join:2009-06-28

1 edit
reply to Triple Helix

Hi TripleHelix,

I asked the same question on WSA forum, but maybe you have a different opinion;

The original blog says" Of the 68 misses, 34 of the files were seen for the very first time during the test[...],So this begs the question, how did WSA protect these infected endpoints while the infections were still unknown to the cloud user base"

Now my question is: Does WSA have any other mechanism to detect "zero day malwares" or is based solely on signatures from the cloud?

When I scan my PC (full/deep) my firewall doesn't show any activity , so basically WSA doesn't comunicate with the cloud, so is scanning based on WHAT? if doesn't have any sort of heuristic?

Thank,

Claudiu



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

There is behavioral analysis (sometimes known as HIPS) as part of the program but HIPS can only do so much.


claudiubotez

join:2009-06-28

Indeed, WSA has a Heuristic module and a Behavior Shild , which is amazing! What is more amazing is all these are packed in only 600kb when Mamutu from EmsiSoftware (a pure Behavior blocker) has 4.8Mb (only the installer!) and Treatfire (another behavior blocker ) has 9,5MB.

This raises the question: are these two components (Heuristic module and a Behavior Shild) fully functional when WSA is offline or they depend on a permanent internet connection?

Thanks,

Claudiu



Triple Helix
Go Blue Jays Go
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed

2 edits

Click for full size
This is the best setting for offline protection! And again if an infection does execute when offline this setting will stop it as it very sensitive and also the things I mentioned above in my last post!

TH

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

In other words, you are at the mercy of what other people do or don't do. I could never use something like this because I blaze my own trail. This AV's heuristics would be constantly alerting. Plus, why would I want to trust what a bunch of mostly ignorant users have for programs? Depending on the crowd always turns me off.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Triple Helix
Go Blue Jays Go
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed

1 recommendation

reply to claudiubotez

Let me rephrase my comment above in the settings if you want Paranoid mode when offline use this setting! I don't have my settings set to paranoid mode!

TH

--
Triple Helix - Microsoft® MVP Consumer Security 2012
VIP Member Of ASAP - (Alliance of Security Analysis Professionals™)
Official Webroot SecureAnywhere (Prevx) Support Forum Helper.
(H59 Clan)