Not many AV's impacted by this. But the big one is Avast. They've been leeching from VT for years and well, that party is over. Most of the important AV's are already contributors and not impacted by this.
And that's a major reason I don't use it and would never use it or recommend it. I don't trust companies that don't play nice and fair with the other members of the community of which they are a part. This just confirms IMO why Webroot should be at the bottom of all users list of anti virus programs to choose from.
Alex's blog was a trip down memory lane in the responses. I haven't had contact with many of those guys in 10 years or more. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
And that's a major reason I don't use it and would never use it or recommend it. I don't trust companies that don't play nice and fair with the other members of the community of which they are a part. This just confirms IMO why Webroot should be at the bottom of all users list of anti virus programs to choose from.
Alex's blog was a trip down memory lane in the responses. I haven't had contact with many of those guys in 10 years or more.
I'm glad and please don't use it. More for us smart users that are not stuck in the past. -- Triple Helix - Microsoft MVP Consumer Security Calendar of Updates
You have to admit though, a scanner that can be installed and do a good job without a "cloud" detection engine will work better on machines with no internet or infected machines that are taken off the internet.
There are good points for both but relying heavily on cloud detection can leave you open in certain circumstances.
As for the decision in this topic, best news I've heard in ages. If an anti virus program is just working off a database, then not a lot of research is going on either and you will always be on the back foot if you pay for subscription for such software because it scores high as well due to the leaching of known examples form somewhere else.
Both my comments on database and cloud can give you a false sense of security.
-- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
For a moment, I thought VT was going to stop allowing users to upload files to be checked. I have VTZilla extension for gecko browsers which makes it really fast and easy to submit to VT. I wouldn't want to lose that. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
Psst...the blog repliers (along with Alex himself) whom I was referring to are among some of the most stellar names in the Antivirus field in the past 30 years. I'm puzzled why you would refer to "smart users" as those who want nothing to do with the greats of the Antivirus field historically and today.
Interesting that you publicly characterize the greats in the field of antivirus as being "stuck in the past". Today, only Webroot is "worthy"...ummm,,, yeah......no wonder Webroot is afraid of VirusTotal just as it is of test organizations and ATMSO. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
And that's a major reason I don't use it and would never use it or recommend it. I don't trust companies that don't play nice and fair with the other members of the community of which they are a part. This just confirms IMO why Webroot should be at the bottom of all users list of anti virus programs to choose from.
Alex's blog was a trip down memory lane in the responses. I haven't had contact with many of those guys in 10 years or more.
I agree with Melee.
There are numerous reasons to not use Webroot. Namely, the WRDATA ballooning issue where Webroot hides a ton of data in that directory so it looks tiny. Until one day you realize it's 80GB and WSA has failed to clean it or worse, it dumps off enough to fill your SSD and fail boot windows. The usual support response is 'delete' or 'reinstall'. Then you have WSA hiding much of it's ram/cpu use in windows system processes, exploding explorer.exe up 10 times larger than usual. Then your 'endless' hours a year opening tickets to whitelist things that shouldn't need to be whitelisted. Finally, the fact that Webroot hires ex-NSA goons. Oh, and a recently reputable AV house test scored webroot UNDER Windows Defender in terms of real world protection.
But I guess we're all 'stuck in the past' and aren't smart enough to understand the advanced witchcraft technology used in Webroot. Spare me the nonsense.
And that's a major reason I don't use it and would never use it or recommend it. I don't trust companies that don't play nice and fair with the other members of the community of which they are a part. This just confirms IMO why Webroot should be at the bottom of all users list of anti virus programs to choose from.
Alex's blog was a trip down memory lane in the responses. I haven't had contact with many of those guys in 10 years or more.
I agree with Melee.
There are numerous reasons to not use Webroot. Namely, the WRDATA ballooning issue where Webroot hides a ton of data in that directory so it looks tiny. Until one day you realize it's 80GB and WSA has failed to clean it or worse, it dumps off enough to fill your SSD and fail boot windows. The usual support response is 'delete' or 'reinstall'. Then you have WSA hiding much of it's ram/cpu use in windows system processes, exploding explorer.exe up 10 times larger than usual. Then your 'endless' hours a year opening tickets to whitelist things that shouldn't need to be whitelisted. Finally, the fact that Webroot hires ex-NSA goons. Oh, and a recently reputable AV house test scored webroot UNDER Windows Defender in terms of real world protection.
But I guess we're all 'stuck in the past' and aren't smart enough to understand the advanced witchcraft technology used in Webroot. Spare me the nonsense.
There is no nonsense and yes they are always working on WSA and it's on the list for WSA to clean up old monitoring files in the WRData Folder. And it's just not true that WSA is hiding much of it's ram/cpu use in windows system processes, exploding explorer.exe up 10 times larger than usual. and when the Explorer issue came up using 300MB's of RAM it was a Microsoft Issue and a patch from them fixed it so Webroot had nothing to do with it. I'm on Windows 10 Enterprise x64 and that issue was gone for a long time and has never resurfaced since. -- Triple Helix - Microsoft MVP Consumer Security Calendar of Updates
I tried WSA on a test machine in our lab just 6 months ago and explorer ballooned to half a gig. If it has been fixed since then that's fine. But it sure felt like a beta product and when WRDATA jumped to 80GB it become a bit of a problem. Opening tickets to whitelist something every few days was tiresome.
Here's a video demonstrating the explorer.exe issue with WSA;
I do not feel it's a trustworthy, dependable product. Recent real-world testing seems to show pretty mediocre performance. I'd recommend people stick with one of the reputable, big name AV firms. Especially keep an eye on ones with strong penetration in the enterprise market. Most recently our experience has been mostly 'removing' WSA from systems and even then it's uninstaller rarely works correctly.
... Most recently our experience has been mostly 'removing' WSA from systems and even then it's uninstaller rarely works correctly.
That's an often greatly under-appreciated selection factor when choosing AV or backup-imaging software: how easy it is in the real world to thoroughly uninstall or remove the product. Both types of software, perhaps of necessity, can entangle themselves deeply into a system, and can be really awkward to fully remove... but, if not fully removed, can cause all manner of grief when installing a different such product. Too often, users adopt a particular product only to later discover that it can be truly awful to remove when/if they want to change to another product. Better to have considered ease of removal before ever installing that first product. -- The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville
... Most recently our experience has been mostly 'removing' WSA from systems and even then it's uninstaller rarely works correctly.
That's an often greatly under-appreciated selection factor when choosing AV or backup-imaging software: how easy it is in the real world to thoroughly uninstall or remove the product. Both types of software, perhaps of necessity, can entangle themselves deeply into a system, and can be really awkward to fully remove... but, if not fully removed, can cause all manner of grief when installing a different such product. Too often, users adopt a particular product only to later discover that it can be truly awful to remove when/if they want to change to another product. Better to have considered ease of removal before ever installing that first product.
Well said, and very true. I think companies need to realize that many of us actually won't use products that can't cleanly uninstall. It's a major nuisance, and in the enterprise world managing thousands of machines can cost multiple thousands in labor to manually remove things.
With that being said, the last WSA removal I did was a BYOD device brought into an enterprise environment. WSA was pre-installed from Best Buy and had to be removed because it's not compatible with our MSP software. It took a good hour to fully remove it, first trying to the tools. Reinstall, then removal with Revo-type applications, finally it was a safe-mode removal, with tedious registry editing. After that an ESET BYOD from Microcenter, that one required Safe-Mode, special command line tool, and then registry work as well but less involved than the WSA removal.
The joke in some IT circles is WSA is like a virus. Kaspersky is also legendary for destroying OS installs. When you deal with thousands of endpoints and servers you tend to get a good 1,000ft up view of these types of things. Patterns develop. Speaking of clean removals, Zemana always leaves a service installed and I have had it added to their bug tracker for most of this year and it's still not resolved. (SC Delete ZamSVC required to remove it each time) I'm unsure why products can't have properly setup and tested uninstaller scripts. It's not rocket science. I suspect they just don't 'care' when their product is to be uninstalled and it's a low priority.
... I'm unsure why products can't have properly setup and tested uninstaller scripts. It's not rocket science. I suspect they just don't 'care' when their product is to be uninstalled and it's a low priority.
I believe this ^ has a LOT to do with it.
In countless areas involving customer returns, cashing-in insurance policies, uninstalling software, long-term product support, etc, companies which are focused on the prospects of immediate-revenue bottom line (too often where many companies 'are' these days) will choose to short circuit their attention to those areas in order to "lower costs". Long-term, in-depth corporate service reputation seems increasingly neglected until it's gone and the damage has already been done.
I suspect a lot has to do with how business schools now teach 'professional' managers to focus on short-term cash flow and "the next quarterlies", along with a market trend to short-sightedness on the part of investors/stockholders and the demands they make for quick returns and sales growth. There's a pervasive underestimation these days of the ultimate value of customer "good will".
From another perspective: make it easy to uninstall, and I might try the product again later; make it hard to uninstall and I'll never forget that - I'll never try it again. But many companies just don't think about that any more... -- The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville
I tried WSA on a test machine in our lab just 6 months ago and explorer ballooned to half a gig. If it has been fixed since then that's fine. But it sure felt like a beta product and when WRDATA jumped to 80GB it become a bit of a problem. Opening tickets to whitelist something every few days was tiresome.
Here's a video demonstrating the explorer.exe issue with WSA;
(youtube clip) do not feel it's a trustworthy, dependable product. Recent real-world testing seems to show pretty mediocre performance. I'd recommend people stick with one of the reputable, big name AV firms. Especially keep an eye on ones with strong penetration in the enterprise market. Most recently our experience has been mostly 'removing' WSA from systems and even then it's uninstaller rarely works correctly.
I never said the issue was never there but is was not Webroot's problem and in time one of Microsoft's patches fixed it, the issue also showed up on Windows 8.1 x64 as well and was short lived on Win 10 x64 so I don't see your point? Well I don't really care as you have nothing good to say or add. Oh yea doesn't this describe WSA an it's protection? »www.darkreading.com/vuln ··· /1325450 so you can stay in the past with your old technology I will stay in the future with mine!
I tried WSA on a test machine in our lab just 6 months ago and explorer ballooned to half a gig. If it has been fixed since then that's fine. But it sure felt like a beta product and when WRDATA jumped to 80GB it become a bit of a problem. Opening tickets to whitelist something every few days was tiresome.
Here's a video demonstrating the explorer.exe issue with WSA;
(youtube clip) do not feel it's a trustworthy, dependable product. Recent real-world testing seems to show pretty mediocre performance. I'd recommend people stick with one of the reputable, big name AV firms. Especially keep an eye on ones with strong penetration in the enterprise market. Most recently our experience has been mostly 'removing' WSA from systems and even then it's uninstaller rarely works correctly.
I never said the issue was never there but is was not Webroot's problem and in time one of Microsoft's patches fixed it, the issue also showed up on Windows 8.1 x64 as well and was short lived on Win 10 x64 so I don't see your point? Well I don't really care as you have nothing good to say or add. Oh yea doesn't this describe WSA an it's protection? »www.darkreading.com/vuln ··· /1325450 so you can stay in the past with your old technology I will stay in the future with mine!
TH
Can you substantiate the 'old technology' claim?
Let's take Trend Micro for example, which you seem to think is 'old' technology.. Just in the last few months they've added a very advanced anti-ransomware system. Not only does it prevent unauthorized encryption, it backs up any encryption done with 'suspect' applications. They've added a new memory injection detection engine in it over the last few months. Now the consumer product leverages the TDS web domain DNA testing/fingerprinting system. Hit a web exploit? Trend goes and finds all exploits done/touched/changed hands by anyone remotely related to the first exploit designer.(DNA)
But all of that is 'old' tech compared to Webroot's Voodoo I guess. Whatever floats your boat, but people should know about the downsides of Webroot, and make an informed decision. Don't blame me when someones 120GB Boot SSD is filled with 60GB of WRDATA trash that never cleans itself up.
I tried WSA on a test machine in our lab just 6 months ago and explorer ballooned to half a gig. If it has been fixed since then that's fine. But it sure felt like a beta product and when WRDATA jumped to 80GB it become a bit of a problem. Opening tickets to whitelist something every few days was tiresome.
Here's a video demonstrating the explorer.exe issue with WSA;
(youtube clip) do not feel it's a trustworthy, dependable product. Recent real-world testing seems to show pretty mediocre performance. I'd recommend people stick with one of the reputable, big name AV firms. Especially keep an eye on ones with strong penetration in the enterprise market. Most recently our experience has been mostly 'removing' WSA from systems and even then it's uninstaller rarely works correctly.
I never said the issue was never there but is was not Webroot's problem and in time one of Microsoft's patches fixed it, the issue also showed up on Windows 8.1 x64 as well and was short lived on Win 10 x64 so I don't see your point? Well I don't really care as you have nothing good to say or add. Oh yea doesn't this describe WSA an it's protection? »www.darkreading.com/vuln ··· /1325450 so you can stay in the past with your old technology I will stay in the future with mine!
TH
Can you substantiate the 'old technology' claim?
Let's take Trend Micro for example, which you seem to think is 'old' technology.. Just in the last few months they've added a very advanced anti-ransomware system. Not only does it prevent unauthorized encryption, it backs up any encryption done with 'suspect' applications. They've added a new memory injection detection engine in it over the last few months. Now the consumer product leverages the TDS web domain DNA testing/fingerprinting system. Hit a web exploit? Trend goes and finds all exploits done/touched/changed hands by anyone remotely related to the first exploit designer.(DNA)
But all of that is 'old' tech compared to Webroot's Voodoo I guess. Whatever floats your boat, but people should know about the downsides of Webroot, and make an informed decision. Don't blame me when someones 120GB Boot SSD is filled with 60GB of WRDATA trash that never cleans itself up.
I will repeat myself it's on the list for WSA to clean up itself after the unknown files are whitelisted in the Webroot Cloud database. Also you would be glad if you got infected and Webroot Rolled-back to the pro-infection state wouldn't you? So I'm not here to argue Semantics with you or anyone else. And for exploits WSA doesn't concern itself with Exploits but the payload that they try to download. Average Consumers don't even keep there systems updated so why worry about Exploits when the problem is the Payload?
I can't argue rollback isn't handy, thats good for people that don't normally concern themselves with backups.
Another issue we noted, Webroot was pretty bad with Riskware/Grayware which is a huge problem for consumers. Even Trend and Symantec added deeper detection for low-risk threats because it's such an issue. We noticed WSA largely ignored most of them and when we contacted support they said they generally don't consider them a threat. Not a true threat in my view but a nuisance to the point they can really impact performance and impede productivity so we consider them malware. Maybe Webroot improved, this was last year when the majority of the riskware samples walked through Webroot like it wasn't even installed.
I'd prefer Zemana w/Pandora activated as a complete prevention and stacked behind a qualified, paid traditional AV. That's based purely on experience.
Not many AV's impacted by this. But the big one is Avast. They've been leeching from VT for years and well, that party is over. Most of the important AV's are already contributors and not impacted by this.
Do you have a source where we can read more about the Avast leaching? -- If we quit voting, will they all just go away?
... Most recently our experience has been mostly 'removing' WSA from systems and even then it's uninstaller rarely works correctly.
That's an often greatly under-appreciated selection factor when choosing AV or backup-imaging software: how easy it is in the real world to thoroughly uninstall or remove the product....
How true !
Norton AV and NIS used to have similar issues regarding removal.
It got so severe and prevalent that they had to offer (and maybe still do) a free standalone app to download and run, to clean up anything which their included uninstaller missed (or may have failed completely during the attempt to uninstall).
....From another perspective: make it easy to uninstall, and I might try the product again later; make it hard to uninstall and I'll never forget that - I'll never try it again. But many companies just don't think about that any more....
THIS ^^^^
BTW, Microsoft could benefit from doing this better too.
I keep reading horror stories about how their big new app called Windows 10 does not uninstall cleanly during the 30 day grace period which they say that we have, in the event that we do not adore it as much as THEY do.
....From another perspective: make it easy to uninstall, and I might try the product again later; make it hard to uninstall and I'll never forget that - I'll never try it again. But many companies just don't think about that any more....
THIS ^^^^
BTW, Microsoft could benefit from doing this better too.
I keep reading horror stories about how their big new app called Windows 10 does not uninstall cleanly during the 30 day grace period which they say that we have, in the event that we do not adore it as much as THEY do.
I second THIS ^^^^^
I literally will never try anything AVG or Kaspersky put out because of a 'potential' to ruin an OS and a lack of proper uninstalling. That's two out of many, but it basically removes those products from contention.
Remember how bad Norton used to be a decade ago? Nearly impossible to remove without extensive work. They learned. Norton uninstalls fairly clean now. But I refused to touch their products for nearly a decade as a result. (even just to test new versions)
Not many AV's impacted by this. But the big one is Avast. They've been leeching from VT for years and well, that party is over. Most of the important AV's are already contributors and not impacted by this.
Do you have a source where we can read more about the Avast leaching?
Still waiting for a source. As someone who installs Avast on family member's computers and suggests Avast on forums this info is pretty important to me. -- If we quit voting, will they all just go away?
·
·
