So many (techie) product questions...

  • 17 October 2014
  • 38 replies
  • 144 views

Userlevel 1
Please pardon all of my techie questions but I want to ask them before I spend more cash on yet another product that may or may not really fit my needs.
 
Are there "basic" versions that do NOT want to manage my passwords and/or credit card information? (like so many other products want to point to as some wonderful "feature" aka: wonderfully packaged and sold security risk IMHO when there is no way to actually stop the underlying processes from still gathering and storing your passwords etc...)
 
I am very particular about system resource use, running process, and communication ports being held open. (as another product  wanted to hold 24 ports open at times - in port matched loop-back pairs... totally wasted resources, running process, services, threads, and handles.)
 
Will these products potentially cause any unsolicited inbound packets to show up at my router? (I had issues with other products that were not using TCP/IP communication correctly causing hundreds a week at times)
 
All that I want and need is coverage for 3 PCs with:
  1. Basic Anti-virus that is lightweight and reliable.
  2. Basic Internet Security (without any account, identity, or credit card information storage)
  3. Basic Firewall management functionality (able to block and report attempts at intrusion)
I DO NOT want or need an on-line backup system, password manager, credit card information cache, or auto fill in for passwords and or credit cards. (I will manage all of that on my own thank you!)
 
 
Which product would fill my needs if any?
 
Thank you very much for any clear and honest information!
 

38 replies

Userlevel 7
Hello RussH, welcome to the Webroot Community.
 
The list of very specific must haves and must NOT haves is rather difficult to say the least I think.  I think that this will be best answered by our Community Admin @ or a member of the Sales department.  You can reach Sales at 1-866-612-4268.  I believe the hours are 8:00 AM to 5:00 PM, Mountain Time, Monday through Friday.
 
To be quite honest, I think no matter which vendor's product you end up with, given the features that you MUST have, you are going to end up with features that you do not want.  That does not mean you have to use them.
 
As for lightweight, minimal system impact, yet reliable, WSA is the hands down winner in my opinion.
Userlevel 1
Thanks and thank you for your reply!
 
The issue I have with options that you can turn off is that the "turning off" is mostly nothing more than a visual representation and in reality the underlying service/mini-driver monitoring the keyboard input (for password/credit card collection for instance) is still running. Even when the user has turned off that "feature" in most products out there.
 
Call me paranoid but I really don't want ANY software sniffing my keyboard input regardless of the up front intent...
If credentials capture and storage was not a real security issue we could all simply let Windows do it... I think we all felt a chill down our spine at that thought right?
It is really nothing more than a big bulls-eye for hackers to target and potentially exploit. (Same reason Windows credentials manager is a known target for hackers) Worst case your credit card information gets accessed by hackers without your knowledge (access anywhere - cloud types especially)
 
I have a feeling the sales department will not be in-depth technical people that would have the answers to my questions and will just read off the same product features list shown on here on the products page...
Userlevel 7
Badge +56
Sounds like you just want the base version of our product:
http://www.webroot.com/us/en/home/products/av
 
That gives you the AV & malware protection, identity shield, and firewall, but no password manager or online backup.
Userlevel 1
Yes I saw the product features...
 
But the real question is are those other versions "features" installed but "turned off" (off and greyed out in the settings interface for instance) via product key in the basic version and thus still leaving background services/mini drivers running as I mentioned so many others do?
 
I just don't want to purchase yet another product that installs things or leaves things running even though you turn them off or don't expect they are installed/exist due to product feature lists such as these...
 
Are they totally not installed or are they installed with all versions but other wise disabled/enabled via product key?
Userlevel 7
Me again  :)
 
You know the product features of AV, IS+ and Complete... so you know that:
 
IS+ also includes the Password Manager.  This is a separate browser extension.  I have never installed the plain AV, so I really cannot say if it will put the PM in, but I do not believe so.  Even if it does... you can of course remove.  The same goes for the Web Threat Shield extensions for the browser.
 
The Complete also provides Backup&Sync.  This is also a separate download once enabled, so your basic AV install will not install the components for this service either.
 
Does this help?
Userlevel 1
Thanks for the quick reply!
 
Well right now I am "fighting" with a different product that keeps trying to run a "password wallet" application regardless of configuration setting...
 
I have even gone so far as to boot into safe mode with the software totally off and deleting the offending executable replacing it with a blank file of the same name and then removed all permissions on the file... yes I am serious...
 
And the "auto-update" now continually tries to "update" the application and can't so it keeps telling me I need to reboot to update... I guess programmaticly they assume the file is in use if they cannot complete their update...
 
This is after I have already also disabled other "features" by stopping their services as well...
 
Sorry long story but I think you can see what I mean about unwanted things running in the background... even though they are "turned off" and unavailable for use from the end users perspective... >.< 
 
I mean really that's practically virus/malware like activity if you think about it.
 
Userlevel 1
Okay I guess the 3 PC deal is what I am thinking I will do...
 
A few last questions...
 
For the digital install (download) is this a complete install that can be run off-line as stand alone?
 
I am not going to be interested in a web-install as you are simply at risk without virus software at all while the web-install would run... (yet another flaw in many anti-virus/security products)
 
Can I download... disconnect from the internet and safely install at least the base product before re-connecting to the internet and doing updates?
 
 
Ah never mind I can just run to Best Buy and get the physical product
 
I will be sure to post back here with the answers I find...
Userlevel 7
Hi RussH
 
Let me see if I can chip in and help here:
 
"For the digital install (download) is this a complete install that can be run off-line as stand alone?"
 
No, as one needs to enter the keycode at the start of the install process and it get validated before proceeding, and during the install the installer runs a scan for which it needs to connect to the Cloud.
 
"I am not going to be interested in a web-install as you are simply at risk without virus software at all while the web-install would run... (yet another flaw in many anti-virus/security products)"
 
Apologies but I really think that you are being overly paranoid there (and I say that sincerely).  The install takes 2-3 minutes depending on processor speed and once installed, right at the beginning of thescan & optimise stage of the overall install you are already well protected.  I have uninstalled and re-installed many many times as part of the testing I do to help other users here, and my system has have never, ever been compromised at that time.
 
"Can I download... disconnect from the internet and safely install at least the base product before re-connecting to the internet and doing updates?"
 
I do not believe so but I will go away and try this and post back in about 15 minutes time withthe result.
 
Regards, Baldrick
Userlevel 7
Hi RussH
 
Just tried the "Can I download... disconnect from the internet and safely install at least the base product before re-connecting to the internet and doing updates?"
 
And can confirm that WSA will not install indicating that you have no internet connection, cannot verify activation keycode and asking you to try again when an internet connection is avaialble.
 
Sorry about that...but that is just the way it is.
 
Personally, as I said before I do not believe that you are in any danger in the few minutes between the start and end of the install.
 
Regards, Baldrick
Userlevel 6
Baldrick is right, you'll need an active Internet connection in order to install WSA. You can download WSA on a different client, then connect the one on which you want to install it to the Internet and start the installation; the installation itself won't even take a minute.

There's also no need to be afraid of connecting to the Internet without an Antivirus. An active Internet connection alone can't get you infected; there always has to be an action from the user(you) like browsing the Web or running malicious applications. So as long as you only start the installation nothing can happen.
By the way depending on your operating system you could also have an basic Antivirus running by default; like in Windows 7/8/8.1 with Windows Defender.
Userlevel 7
Hi regnor
 
You make a good point about Windows Defender/Microsoft Security Essentials as a temporary backstop at that time...quite forgot about that...;)
 
Regards, Baldrick
Userlevel 1
Thank you all for trying to be helpful!

I do have to point out there is an issue with the following statement:

"There's also no need to be afraid of connecting to the Internet without an Antivirus. An active Internet connection alone can't get you infected; there always has to be an action from the user(you) like browsing the Web or running malicious applications. So as long as you only start the installation nothing can happen."

You ABSOLUTELY CAN "potentially" get infected simply by being connected to a home network that is connected to the Internet without anti-virus and firewall protection even if you do not visit any sites at all...
 
I happen to be a programmer by trade and do know a bit about how these things work...
Have you ever heard of an injection attack? What about port 0 attacks? Simple penetration testing exposes these types of security threats and if in the hands of hackers? Points them right to the open door...
 
There is always a potential risk for infection even with anti-virus and local firewall configured and running (so without?)...
 
You are however correct in that the potential for this to happen given the somewhat short time frame is lower of course but it does still exist!  (please do NOT lul yourself and potentially others into a false sense of security in that regard)
 
I can pull up my router logs right now and point out unsolicited inbound packets that it has stopped/dropped.
But obviously a router is not perfect and there are things that still get past it's simplistic firewall protection: If they didn't have flaws we would have no need for anti-virus and other security protection on the PC's connected to them.

The web-install if it has to download the remaining product and it happens to be someone that only has a dialup? then their risk is increased as the time without protection is longer...
 
Now on to the physical product on CD/DVD can it be installed (even in say a trial mode) without being connected to the Internet? That would at least give "Some" added protection while completing the authentication.
 
I don't mean to sound so negative or paranoid but we live in the real world and I do have an understanding of the very real security threats that do exist on the Internet. They are out there just waiting for any potential weakness to take advantage of.
 
Did anyone else notice the port 0 attacks on the 6th? (this was in just over 4 minutes)
 
[DoS Attack: WinNuke Attack] from source: 220.165.8.25, port 0, Monday, October 06,2014 07:34:48
[DoS Attack: WinNuke Attack] from source: 199.91.67.202, port 0, Monday, October 06,2014 07:34:33
[DoS Attack: WinNuke Attack] from source: 162.243.172.187, port 0, Monday, October 06,2014 07:34:19
[DoS Attack: WinNuke Attack] from source: 209.59.252.42, port 0, Monday, October 06,2014 07:33:49
[DoS Attack: WinNuke Attack] from source: 82.222.7.139, port 0, Monday, October 06,2014 07:33:47
[DoS Attack: WinNuke Attack] from source: 91.205.172.31, port 0, Monday, October 06,2014 07:33:15
[DoS Attack: Xmas Tress Scan] from source: 220.249.124.226, port 0, Monday, October 06,2014 07:32:01
[DoS Attack: WinNuke Attack] from source: 195.154.7.226, port 0, Monday, October 06,2014 07:31:39
[DoS Attack: IMAP Scan] from source: 184.106.142.243, port 0, Monday, October 06,2014 07:31:03
[DoS Attack: WinNuke Attack] from source: 143.107.97.106, port 0, Monday, October 06,2014 07:30:35
[DoS Attack: WinNuke Attack] from source: 211.110.212.10, port 0, Monday, October 06,2014 07:30:34
 
So you have to ask yourself how many did the router potentially miss...
Userlevel 7
Hi RussH
 
I think that you are splitting hairs re. what you say...as the premise for the responses is in relation to the amount of time you have to connect to the intenet to install WSA, assuming that you get a CD-based copy.
 
And, not wishing to put to fine a point on it...as I said before, and confirmed by what I tried I installed WSAC on my tablet (which is far from being a speedy beast by any means) in just under 3 minutes...and I was probably protected by WSA almost immediately I started the install...but even if for argument one discounts that then we are talking about a 3 minute window (and you are being very well protected by the Windows Firewall...re. inbound intrusions, and most likely by Windows Defender or MSE assuming that you have not disabled them as they are on by default in Windows).  And finally, if you are behind a router then you have even more protection against the intrusion you are presenting as a danager...they will not even have reached you system if the router got them.
 
I do not dispute any of the information you provide in your post (and by the way I have been in IT since 1982, and for many years a programmer and more recently a consultant...so you are not alone in knowing something of what you are talking about) I would just say that you are EXTREMELY, EXTREMELY, EXTREMELY unlikely to fall victim to an attack by malware in the circumstances  we are debating....I have never heard of it happening to a WSA user (perhaps a fellow Community member would confirm or disabuse me of this view?)...but one cannot say absolutely now way it can happen.
 
I am afraid to say, and I do respectfully, that to me you are sounding overly cautious (even paranoid).
 
And to answer your question, in terms of my router...none.
 
Anyway, I do n ot want to start a polemic on this subject.  We have provide all the information we can and therefore the decision as to how you proceed is up to you.  I hope that you chose to join the Webroot Community as a user...but if WSA is not for you then I sincerely wish you well and go luck in finding the right solution for you.
 
All the best, Baldrick 
Userlevel 1
"and by the way I have been in IT since 1982, and for many years a programmer and more recently a consultant"
 
Glad to hear there are knowledgeable folks helping users here!
 
1985 for myself working with both hardware and software development...
 
One of my major concerns is my huge source code repository I have built over the years though I do keep it on external drives.
 
Not to mention current client source and data that I do not want to have potentially exposed or infected...
 
Well from my perspective I suppose I can run the install from CD off-line until it complains about no connection for authenticating and then connect at that point to reduce that window of opportunity even further.
 
Thank you again for all of your insight and assistance!
Userlevel 7
Hi RussH
 
I do completely understand the reasons for your caution and I think that you are exceptionally wise to have that sort of precious and sensitive data/source held on extrenal drives that are hopefully disconnected from the internet unless they need to be.
 
I also think that your approach of "run the install from CD off-line until it complains about no connection" does reduce the 'window of opportunity' but sadly by very little as when I trialled the disconnected install (prior to one of my posts) it was a matter of seconds, from clicking to run the installer, to the installer advising that it could not authenticate, and offerring to abort the install....but on the positive side...it will reduce the window by a few seconds more than if connected.
 
I do hope that you do take the plunge and do finally join our Community.  Please let us know what you decide either way.
 
Regards, Baldrick
Userlevel 1
@
 
Well as far as the install you are correct but I do still need to un-install my current product and get it cleaned off in entirety prior to installing the new product and thus it would require a reboot (if not 2) to ensure all remnants of the prior product is gone for good...
 
During the un-install processes and reboot(s) prior to starting the new products install I do not want to have an open Internet connection.
 
I feel pretty confident that staying disconnected up to the point of the install complaining about the lack of connection will reduce the risk to bare minimum.
 
I guess I wish security software vendors would at least lock down connectivity and only allow traffic for their proprietary software to access the Internet during these "less than secure" windows during install/authentication processes... (I also do some MSI packaging)
 
Regardless I guess the proof will be forthcoming as I intend to give this product a shot. (thanks in a big part to the helpful and knowledgeable community here)
 
Userlevel 7
Hi RussH
 
You are most welcome...that is what we are here for in part (as well as having some fun, learning lots, and of course, making new friends).
 
I follow what you are saying, but would provide the following snippet.  Are you aware that WSA is designed to be compatibile/play well with all other major AV/IS products around...and it is 99% successful as far as I am aware.  I have run it successfully in tandem with KIS, and there are other members who have do ne the same with NIS and some other of the major players, all with no ill effects...but of course more drain on one's system (usually due to the other AV/IS used).  The only one that I am aware of that WSA does not play well with is BitDefender.
 
I am not aware of what yo are currently running but unless it is BitDefender I do not see why you cannot install WSA with your current security apps installed & running and then, once WSA is installed, uninstall your curent app.
 
Worth considering I would suggest and if you go with that then the 'window of opportunity' we were discussing is reduced to zero.  If you are tempted to try then let us know what you currently use/what WSA will be replacing and we can poll around the Community to see if anyone has any experience; positive or negative re. using both at the same time.
 
Regards, Baldrick
Userlevel 1
@ 
 
Yes oddly you mention BitDefender...
It is the current "offender" I didn't want to give a specific product name but there you have it.
and no It does not play well with hardly anything else (it even forced me to uninstall Spy-Bot before it would allow the install to run)
 
My system...
3.4Ghz i7 (real quad core hyper-threaded to 8 cores)
12GB of DDR3 1600
240 GB SATAIII  SSDx2
1.5 TB 10K RPM SATAIII data drive
3 x USB 3.0 externals (2x500GB and a 4TB)  of course my externals are never connected other than when in actual use
Nvidia (EVGA) GTX 660 Ti OC 3GB PCIe
Creative Labs X-Fi titanium PCIe
RAIDMAX 850 Watt quad rail
A UPS for each PC as well as the Modem/Router having their own shared UPS.
Hardwire only GB speed network.
 
So I am expecting this product will run pretty well in this environment.
 
Anyway off to Best Buy it shows they have the 3 PC product in stock...
 
Again thanks to everyone and I will pop back and give you my thoughts once I get it installed
 
Userlevel 7
Hi RussH
 
Well, that is a shame...and just our luck...so we cannot close the 'window of opportunity' as you are quite right that with what you are currently using you must uninstall and cleanse your system just to be on the safe side.  What a shame.
 
Still, given the specs of your system I can say without feasr of contradication that WSA will fly and that you will see quite a difference when compared to your current security solution.
 
Look forward to hearing how you get on and of course, we are here should you have any further questions or need further assistance.
 
Regards, Baldrick
Userlevel 1
Alrighty...
Well it took me a few to get BitDefender beat into submission but I finally won. The uninstaller is not very good and it left several things behind that I had to go manually remove. (surprise!)
 
Installing WSA took maybe 15 seconds for the authentication and download to complete as I have a pretty fast Internet connection (50Mbps)
 
I was very surprised by the light weight footprint of this product...
 
One thing that caused a slight knee jerk reaction on my part was the 14 second initial scan... Granted it decided that it only needed to scan 16k or so files...
 
I would think doing an initial system scan you would want to do a "complete" system scan. IE: scan all files to ensure there is nothing currently hidden anywhere but I guess the constant process monitoring should flag any threats and stop them before they get far enough to do any damage.
 
I am still wondering about the potential for TCP/IP communication issues causing my router to flag as unsolicited inbound packets but that remains to be seen and of course time will tell there...
 
So far so good a simple basic product that seems to only do what I really need.
 
So now I am off to go get my trusty Spy-Bot back...
Userlevel 7
Hi RussH
 
Thanks for coming back and posting on progress.  I am not surprised at anything that you report, not even the "slight knee jerk reaction on my part was the 14 second initial scan".  A lot of people using WSA for the first time do that...the reason for this is the way that WSA works...the philosophy is that malware is only dangerous as and when it is active so WSA monitors for malware activity both using Cloud-based whitelisting, and heuristics both does nothing with any file  or app that is not active.
 
So you may have the largest repository of malware packages residing on your system but if they are all inactive/dormant then it will pay no attention to them...BUT...the merest sniff of activitty and WSA will pounce, analyse and block...in otherwords WSA does not waste time or resources on things that cannot cause damage etc., but rather focusses on those that can.  Particularly clever and effective is what it does if it cannot determine whether an active file is malicious or not...in that case it monitors/journals the file's activities (which it also limits as well) and if eventually determined to be good it then stops the monitoring/restriction, etc., but if bad it it rollsback back any journalled activity so to negate the impact of the 'now determined to be malicious' file. :D
 
I hope I have described the philosphy properly.  I am sure that with your background you have probably researched this but for more information please take a look at this previous post, especially the three vidoes, for more information on the unique way that WSA works to protect the system it is installed on.
 
Of course, post back if you have any more questions.
 
All that I will say more at this oint is sit back, relax...you are well protected.
 
Regards, Baldrick
Userlevel 1
Back again!
 
Well 24+ hours and no router issues with packet traffic, the second system has it installed now as well.
 
Firewall port testing came back good as well.
 
So far so good!
 
Userlevel 4
Badge +10
Enjoyed this entire post! Paranoia vs Caution...I remember what it felt like to hang out, unprotected while removing old security---keeping offline till new security refused to go further without phoning home to validate my purchase and update definitions. All the while, holding my breath and hoping there was no breach of ports. (I was glad when RussH suggested that security may want to look at that weak link.) The others did a good job of addressing every point--explaining how WSA works well with most other security--so LAYERED security is the way around some vulnerabilities. And I learned more about how WSA works in the process. I can also identify with RussH when it comes to who controls the running processes. With a PC it was often me in charge but Mac has a different idea. I do think that computers are a lot better at handling resources today. And I can say that WSA is not a resource hog. I avoid frivolous or risky apps. The Webroot features mentioned are optional when it comes to Mac and would seem to be so for PCs too. Best wishes y'all!
Userlevel 7
Hi RussH
 
How are you doing? Many thanks for coming back and providing an update. This helps us to checked that the advice, assistance, guidance, etc. provided is appropriate and correct.
 
Glad to hear that not one but two pf your systems have WSA covering their backs now...looking forward to whenyou advise that you have the full set moved over/sorted.
 
Please do come back and hang out/contribute what you can and when...this is the big part of what this Community is about...not just issues...but so much more.:D
 
Regards, Baldrick
Userlevel 1
Pardon my delay in getting back again...
 
I had about a 3 hour Port 0 attack again last night starting at about 10:07PM and lasting till about 1:00AM that was stopped by my router again...
 
This is only the second time I have had these port 0 attacks happen and not to point fingers but it seems odd that the first time (which lasted just short of 24 hours) was shortly after installing BitDeffender...
And then last night almost 14 days later exactly (and 2 days after removing BitDefender) it happens again...
 
Not that it affected anything on my machines as in both instances the router stopped/dropped all of the packets.
 
Beyond that everything seems to be running smoothly, though I have noticed some streaming content will buffer a bit at the start but it then smooths back out after several seconds.
 
Even my DiabloSport inTune updates worked fine (after allowing it through the firewall)
Yes I am a performance car buff too... :S
 

Reply