To Customer Support To Customer Support
Solved

Webroot unsecurity. Lack of support (legal customer)

  • 1 February 2014
  • 33 replies
  • 219 views
V
Rank
  • vx
  • New Voice
  • 14 replies
"For technical support inquiries that require immediate assistance, please use the official Webroot support system."
 
 
It took hours to get the first answer and after around 30 posts conversation I did not get the answer for a simple question:
 
   Where is safe download link (https) and the control sum of the file available?
 
 
Instead after thet extreme waste of time that's what I get:
 
"I have posted your suggestions to the developers, another thing that you can do to get more people looking at your suggestions is if you join the Webroot Community you can go to the ideas exchange and then post your idea, if you get enough votes then the developers will add that to the top of their list of things that they can change with the software. Below is a link to our community.
http://community.webroot.com/"
 
"Again I am sorry for any confusion, I can send your suggestions up to the developers but we have our downloads on a secure server so it is not an issue for the consumer who wants to install our software."
 
"Our secure download for consumers is below.
http://anywhere.webrootcloudav.com/zerol/wsainstall.exe "
 
 
 
   That is a request (facing a threat), not suggestions.
 
 
I don't like that impression to talk with idiots.
(If I could be an idiot, all what I needed was the controll sum - I don't trust the file,
connection, certificates on my system or any, neither your governmnent.)
 
threats detected:
 
https://www.virustotal.com/uk/file/7cca5216736ed43ea20ce1bca1d95da32d34c1a1f9535a7ab859cf5da18320f5/analysis/
 
http://virusscan.jotti.org/en/scanresult/13cc2f2eab3352527556685d4b44c568c840e7b2/9a08ee0336035cfc3ad6d7973760f874d51d7532
 
http://www.herdprotect.com/wrsa.exe-a50fa9a3e928713b3f2c6bb74c79e02907634f28.aspx
 
 
but:
 
http://www.herdprotect.com/wrsa.exe-954eea818edd5226a7615b431f6ae51d860958b9.aspx
 
statest the same version which is clean.
 
 
If webroot support won't help in this case, it can only mean that they were
aware of it (and they are after my notice) and don't give the answer or
a signature by intention for some reason.
 
I'm requesting again, as there is no safe way of delivery provided to let
me use it, to give my money back and to no more argue, as is obviously
not posible for webroot to fulfill the contract without any suspection.
 
 
 
-----
http://theinvisiblethings.blogspot.co.uk/2006/06/introducing-blue-pill.html
icon

Best answer by JoeJ 2 February 2014, 03:17

View original

33 replies

acooldozen
Rank
Userlevel 7
Badge +36
"I don't like that impression to talk with idiots.

(If I could be an idiot, all what I needed was the controll sum - I don't trust the file,

connection, certificates on my system or any, neither your governmnent.)"
 
Then stay off the Internet!
 
Webroot: Give him his money back and get rid of him!
..........and make yourself a Great Day! Cheers, Lyle
Rakanisheu Retired
Userlevel 7
I am not exactly sure what your initial issue is? Are you saying that you think the main Webroot executable is an infection? WRSA.exe from the links has been detected by one AV as being an infection. Its a false positive from that vendor which isnt our fault. We dont have access to there database and if you are one of there customers you can report the false positive.
 
Edit:
 
I have just read the support ticket and I am sorry your questions are very cryptic and hard to understand. My colleague was just confused about what your intial problem is/wa I do apologise if there was any confusion on the behalf of the support staff.
 
The webroot installation file is digitally signed and can be verified just right click and look at the security details. The Virus Total link is a FP from one AV vendor. All information from the sent from the client is encryped and no personal information is transmitted.
V
Rank
What made my distrust is the different checksum for the same verion of WRSA.
That one, not suspicious, earlier version is no more available  (but it mean Webroot
is able to do that), instead I can dowload the same version number different checksum
executable only - what make it suspicious. Consider routine agency operations or
whatever.
 
Rakanisheu Retired
Userlevel 7
Why would you want an earlier version of our product? There are different download links given to different customers so the checksum may very well be different. Its not an indication of anything malicious. 
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
I agree Rakanisheu as users of Best Buy Subscription services have there own links to download which can only be used for there customers and there customers can't use the standard download link that the rest of us do. http://www.webroot.com/us/en/home/products/geeksquad-dl
 
TH
V
Rank
If I didn't know about the earlier checked unsuspicious version, I would not wonder.
 
 
"There are different download links given to different customers so the checksum may very well be different. Its not an indication of anything malicious."
 
- thanks for the confirmation. It is the parttial answer for my question. It didn't mind it shall be obviuos that uneaqaulity.
 
What was the key to download that other version which would make no suspicions ?
 
It doeasn't mean that I want dowlnoad the earlier tested version if that one could somehow special.
 
I asked what is the checksum ov the version that I was supposed to download.
V
Rank
"Why would you want an earlier version of our product?"
 
earlier tested, different checksum, same version product
('unsuspicious')
V
Rank
(edited) to https:///t5/user/viewprofilepage/user-id/3786: (/edited)
 
Are you that kind of american who thinks it owes others communications
 
or imagines that can order anyone what to do ?
 
 
Rakanisheu Retired
Userlevel 7
I am not American and that has no relevance at all to this discussion. I still dont know exactly what the issue is. Different builds will have different MD5`s as will different downloads. Our installer is not an infection and its digitally signed.
 
You can test the installer in a VM and look at what it does if you dont believe me. The one AV that detected our installer as infected gave it a Zeus defintion, if you look up what Zeus is you will see why its quite clearly a FP. If you are a customer of Rising AV I would drop them an email about the detection. Apart from that there isnt much we can do. 
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
(edited) to : (/edited)
 
Are you that kind of american who thinks it owes others communications
 
or imagines that can order anyone what to do ?
 
 
If you look at his profile you will see he is not American either well maybe you can't see that so what do you have against Americans? Also have you read the Community Guidelines? If not I suggest you do https://community.webroot.com/t5/Community-Announcements/Webroot-Community-Guidelines/td-p/2#.Uu077bQaquI
 
TH
V
Rank
You are right. Believing to owe the internet could be widely spreaded.
Baldrick
Rank
Userlevel 7
Hi vx
 
Part of the problem is that a lot of what you are posting does not make complete sense in English.  I am not trying to be condecending or to put you down, when I say this but rather concerned as you are trying to express an issue you have, and we are not really understanding.
 
A bit of clarity would be appreciated.  m
May I ask if you are a native English speaker and if not whether you are using online translation in your posts?
 
Regards
 
Baldrick
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
V
Rank
to Baldrick:
 
Thanks for your attempt to help, but I would appreciate if you could focus
on things for which you can find the sollutions but not to shift that focus
on some person as suggestion I'm the part of the problem, because of
my questions.
 
 
I would also suggest to delete your post if it wasn't your intention to put
me down what you did already. And keep focus!
 

This kind of talk, without intention to change a topic, but to help
someone you shall do privately.
Baldrick
Rank
Userlevel 7
vx
 
The lack of clarity and information in your posts IS part of the issue with us not being able to resolve your issues...hence the reason I brought it up.  It was an attempt to try to allow focus on the issue you are trying to raise...by getting a better understanding as to what the problem is and pointing out one of the impediments to reaching that objective.
 
There was no intention to be personal but my post stands...I am however very happy for you to PM me if you feel that would assist in the process of helping you in clarifying things.
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
V
Rank
I'm just tired of it.
 
To remind you:
 
According to http://www.herdprotect.com:wrsa.exe, v8.0.4.46, 954eea818edd5226a7615b431f6ae51d860958b9, tested 1/14/2014, no infections
wrsa.exe, v8.0.4.46, a50fa9a3e928713b3f2c6bb74c79e02907634f28, tested 1/19/2014 - and every other    have PE:Stealer.Zbot!1.6524 suspection detected by Rising Antivirus. The anomaly is that there was a file signed by you which was _'not suspicious'_ and is no more available,instead _later_ tested and the only available file is 'suspicious' - the same as all other _earlier_ versions.And no checksums provided upon request. If you are able to provide 'unsuspicious' version - which was available for few days probably,then why you prefer to provide 'suspicious' version - what is against logic?  
Baldrick
Rank
Userlevel 7
You and me both...and I believe that Roy (Rakanisheu) has explained why this could happen, etc.
 
If you are not happy with that reply, and given that you are not happy with the responses from Support, that you move on.
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
We can see if @ the VP Endpoint Solutions Engineering will come by and answer your question! Also I see you started a thread at Wilders about this Topic. http://www.wilderssecurity.com/showthread.php?t=359484
 
TH
V
Rank
"Also I see you started a thread.."
 
Yes, waiting to long. All files signed. No checksums provided.
I would wish to no have never to wonder about this kind of things.
Another day wasted.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hopefully Joe will come by this weekend he is a busy man but I did ping him to visit this thread so come back later and see if he has replied because he's the one!
 
Cheers,
 
TH
J
Rank
Userlevel 5
As has been stated before, different download locations have different checksums, and every update will change the checksum. The link you've been provided is one of the more common download locations ( http://anywhere.webrootcloudav.com/zerol/wsainstall.exe ). You can right click the file, click Properties, Digital Signatures, click on the Webroot Inc. signature, Details and see that "This digital signature is OK."
 
The file is not infected despite what a few AVs are saying: that is a false positive (a detection of a file as malicious when it is not) and there is nothing that Webroot can do. If you use one of the AVs, you can locally allow the file or submit it to their threat research team to have it re-assessed, but there is nothing malicious about the download you have received.
V
Rank
Citing self:
 
The anomaly is that there was a file signed by you which was _'not suspicious'_ and is no more available,instead _later_ tested and the only available file is 'suspicious' - the same as all other _earlier_ versions.And no checksums provided upon request.
 If you are able to provide 'unsuspicious' version - which was available for few days probably,then why you prefer to provide 'suspicious' version - what is against logic?
V
Rank
Now on http://www.wilderssecurity.com/showthread.php?t=359484 I'cant post
anymore in the reply to:
 
[virtuo]        >> I did not posted any MD5.
[PrevxHelp] > Yes you did, in your post #7 above.

That are SHA-1

[PrevxHelp] > Both are 100% legitimate, virus free copies of WSA.

That would be the answer, earlier.

Are the signatures of Webroot files available only on 3rd party sites ?

And you are saying there are useless ?
J
Rank
Userlevel 5
@ wrote:
Now on http://www.wilderssecurity.com/showthread.php?t=359484 I'cant post
anymore in the reply to:
 
[virtuo]        >> I did not posted any MD5.
[PrevxHelp] > Yes you did, in your post #7 above.

That are SHA-1

[PrevxHelp] > Both are 100% legitimate, virus free copies of WSA.

That would be the answer, earlier.

Are the signatures of Webroot files available only on 3rd party sites ?

And you are saying there are useless ?
 
Could we keep the conversation in just one thread (here) rather than across multiple forums? We don't publish the hashes of WSA binaries (there are many different download locations which would be confusing to users as we would have to publish hundreds of hashes for each new build), but you can validate that a binary is properly signed and originating from Webroot by right clicking on it and checking the digital signature as I have outlined several posts ago.
V
Rank
Hunderds of specialised targets are over my imagination 😉
Dermot7
Rank
Userlevel 7
Badge +3
@vx  Let's be straight and clear....basically you're just trolling I'd say. You're wasting people's time...it's become childish now.
 
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.