dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11

Triple Helix
DNA
Premium Member
join:2007-07-26
Oshawa, ON

1 edit

Triple Helix to claudiubotez

Premium Member

to claudiubotez

Re: Webroot SecureAnywhere scanning PC - suspiciously fast....

A great Blog on how Webroot SecureAnywhere works and protects your system by the the VP of Development Joe Jaroch: »blog.webroot.com/2012/07 ··· results/ also from the Webroot Community Forums:»community.webroot.com/t5 ··· 884#M133

TH
BlackSpider
join:2003-03-07
UK

BlackSpider

Member

Despite these "innovative" techniques WSA still managed to come last out of 21 scanners in av.comparatives recent protection test March-June 2012.

»www.av-comparatives.org/

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Yes..but they have great PR.

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

trparky

Premium Member

Just like anything new, it needs to be perfected. I read the blog article and it does indeed sound interesting in how they are handling threats as versus the old way of doing things.

Anyways, lets face it... traditional definition-based antivirus is a cat-and-mouse game with usually the bad guys winning. Something needs to be done, something better than definitions will have to be deployed because it's definitely a losing battle.

Triple Helix
DNA
Premium Member
join:2007-07-26
Oshawa, ON

1 edit

Triple Helix

Premium Member

said by trparky:

Just like anything new, it needs to be perfected. I read the blog article and it does indeed sound interesting in how they are handling threats as versus the old way of doing things.

Anyways, lets face it... traditional definition-based antivirus is a cat-and-mouse game with usually the bad guys winning. Something needs to be done, something better than definitions will have to be deployed because it's definitely a losing battle.

But that's the whole point on how Webroot SecureAnywhere handles infections by Monitoring & Journaling unknown processes and if they are marked bad then it will roll back to the state before the infection without the need to download any definitions!

TH
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Triple Helix

Premium Member

to Triple Helix
Obviously, they knew the AV-Comparatives test was not designed for the way their innovative AV works. So, my immediate question to the blog authors is why did they join and pay for AV-Comparatives testing at this time? If they are working with IBK See Profile to get his tests to work better with Webroot methods then why did they not wait until then to join the testing? Were they just curious or what? Did they decide that the poor score Webroot was bound to have was good publicity for them as they could then write this blog and get more attention, etc.???

I think they should have waited to do AV-Comparatives tests. This smells a bit fishy. I think it strange that IBK did not put a comment in about why WebRoot scored poorly. I think there is more to this than we are currently seeing and it would be nice if IBK See Profile would clarify this. Maybe Webroot specifically requested that IBK See Profile not clarify?
claudiubotez
join:2009-06-28

1 edit

claudiubotez to Triple Helix

Member

to Triple Helix
Hi TripleHelix,

I asked the same question on WSA forum, but maybe you have a different opinion;

The original blog says" Of the 68 misses, 34 of the files were seen for the very first time during the test[...],So this begs the question, how did WSA protect these infected endpoints while the infections were still unknown to the cloud user base"

Now my question is: Does WSA have any other mechanism to detect "zero day malwares" or is based solely on signatures from the cloud?

When I scan my PC (full/deep) my firewall doesn't show any activity , so basically WSA doesn't comunicate with the cloud, so is scanning based on WHAT? if doesn't have any sort of heuristic?

Thank,

Claudiu


trparky
Premium Member
join:2000-05-24
Cleveland, OH

trparky

Premium Member

There is behavioral analysis (sometimes known as HIPS) as part of the program but HIPS can only do so much.
claudiubotez
join:2009-06-28

claudiubotez

Member

Indeed, WSA has a Heuristic module and a Behavior Shild , which is amazing! What is more amazing is all these are packed in only 600kb when Mamutu from EmsiSoftware (a pure Behavior blocker) has 4.8Mb (only the installer!) and Treatfire (another behavior blocker ) has 9,5MB.

This raises the question: are these two components (Heuristic module and a Behavior Shild) fully functional when WSA is offline or they depend on a permanent internet connection?

Thanks,

Claudiu

Triple Helix
DNA
Premium Member
join:2007-07-26
Oshawa, ON

2 edits

Triple Helix

Premium Member

Click for full size
This is the best setting for offline protection! And again if an infection does execute when offline this setting will stop it as it very sensitive and also the things I mentioned above in my last post!

TH
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

In other words, you are at the mercy of what other people do or don't do. I could never use something like this because I blaze my own trail. This AV's heuristics would be constantly alerting. Plus, why would I want to trust what a bunch of mostly ignorant users have for programs? Depending on the crowd always turns me off.