1 edit |
to claudiubotez
Re: Webroot SecureAnywhere scanning PC - suspiciously fast....A great Blog on how Webroot SecureAnywhere works and protects your system by the the VP of Development Joe Jaroch: » blog.webroot.com/2012/07 ··· results/ also from the Webroot Community Forums:» community.webroot.com/t5 ··· 884#M133TH |
|
|
Despite these "innovative" techniques WSA still managed to come last out of 21 scanners in av.comparatives recent protection test March-June 2012. » www.av-comparatives.org/ |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Yes..but they have great PR. |
|
trparky Premium Member join:2000-05-24 Cleveland, OH ·AT&T U-Verse
|
trparky
Premium Member
2012-Jul-19 4:36 pm
Just like anything new, it needs to be perfected. I read the blog article and it does indeed sound interesting in how they are handling threats as versus the old way of doing things.
Anyways, lets face it... traditional definition-based antivirus is a cat-and-mouse game with usually the bad guys winning. Something needs to be done, something better than definitions will have to be deployed because it's definitely a losing battle. |
|
1 edit |
said by trparky:Just like anything new, it needs to be perfected. I read the blog article and it does indeed sound interesting in how they are handling threats as versus the old way of doing things.
Anyways, lets face it... traditional definition-based antivirus is a cat-and-mouse game with usually the bad guys winning. Something needs to be done, something better than definitions will have to be deployed because it's definitely a losing battle. But that's the whole point on how Webroot SecureAnywhere handles infections by Monitoring & Journaling unknown processes and if they are marked bad then it will roll back to the state before the infection without the need to download any definitions! TH |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to Triple Helix
Obviously, they knew the AV-Comparatives test was not designed for the way their innovative AV works. So, my immediate question to the blog authors is why did they join and pay for AV-Comparatives testing at this time? If they are working with IBK to get his tests to work better with Webroot methods then why did they not wait until then to join the testing? Were they just curious or what? Did they decide that the poor score Webroot was bound to have was good publicity for them as they could then write this blog and get more attention, etc.??? I think they should have waited to do AV-Comparatives tests. This smells a bit fishy. I think it strange that IBK did not put a comment in about why WebRoot scored poorly. I think there is more to this than we are currently seeing and it would be nice if IBK would clarify this. Maybe Webroot specifically requested that IBK not clarify? |
|
1 edit |
to Triple Helix
Hi TripleHelix,
I asked the same question on WSA forum, but maybe you have a different opinion;
The original blog says" Of the 68 misses, 34 of the files were seen for the very first time during the test[...],So this begs the question, how did WSA protect these infected endpoints while the infections were still unknown to the cloud user base"
Now my question is: Does WSA have any other mechanism to detect "zero day malwares" or is based solely on signatures from the cloud?
When I scan my PC (full/deep) my firewall doesn't show any activity , so basically WSA doesn't comunicate with the cloud, so is scanning based on WHAT? if doesn't have any sort of heuristic?
Thank,
Claudiu
|
|
trparky Premium Member join:2000-05-24 Cleveland, OH |
trparky
Premium Member
2012-Jul-20 8:34 pm
There is behavioral analysis (sometimes known as HIPS) as part of the program but HIPS can only do so much. |
|
|
Indeed, WSA has a Heuristic module and a Behavior Shild , which is amazing! What is more amazing is all these are packed in only 600kb when Mamutu from EmsiSoftware (a pure Behavior blocker) has 4.8Mb (only the installer!) and Treatfire (another behavior blocker ) has 9,5MB.
This raises the question: are these two components (Heuristic module and a Behavior Shild) fully functional when WSA is offline or they depend on a permanent internet connection?
Thanks,
Claudiu |
|
2 edits |
This is the best setting for offline protection! And again if an infection does execute when offline this setting will stop it as it very sensitive and also the things I mentioned above in my last post! TH |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2012-Jul-20 9:49 pm
In other words, you are at the mercy of what other people do or don't do. I could never use something like this because I blaze my own trail. This AV's heuristics would be constantly alerting. Plus, why would I want to trust what a bunch of mostly ignorant users have for programs? Depending on the crowd always turns me off. |
|