Can someone from Webroot state its stance on Potentially Unwanted Applications? Other vendors seem to be more aggressive against this type of software while the impression I've gotten from Webroot in the past is that they wish to mostly focus on explicitly malicious software, regardless of ill repute or deleterious effects of a PUA. Feel free to correct me/take issue with any of these statements.
Here are some links that describe these issues:
https://www.stopbadware.org/badware
https://en.wikipedia.org/wiki/Privacy-invasive_software
https://en.wikipedia.org/wiki/Malware#Grayware
Can you also comment on a technical level how browser modifications including toolbars and software that injects/modifies content inside of a webpage is handled by Identity Shield?
I'm posting this in the consumer forum since business mostly have WSAWSS and other controls to guard against these issues.
This is something I've been wondering for quite awhile. Thank you!
Solved
Webroot's position on PUA
+6Best answer by Rakanisheu Retired
We have a set guidelines on what we can mark as bad and we follow them to the button.We mark a large number of PUA`s every day in fact I marked about 75 thousand bad yesterday.
A large amount of the tickets I see about customers having an issue about PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad (thats not set in stone of course!).
In the links you posted the first one isnt really PUA they are talking about malware (password stealers etc) which we of course we block. The grayware def again is a little vague they talk about Dialers (which we block), Adware which there a varying types of some we block some we dont (it varies for each program).
What people forget is that "free" programs often use advertising in order for the creater to make some money. Its extremely common on mobile applications but for some reason when its on a PC platform people get really annoyed 🙂 Toolbars are a pet hate of mine, if I had my way I`d mark them all bad but to be honest the majority of them will tell you what they do before the install! My rule of thumb is to avoid them all.
View originalA large amount of the tickets I see about customers having an issue about PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad (thats not set in stone of course!).
In the links you posted the first one isnt really PUA they are talking about malware (password stealers etc) which we of course we block. The grayware def again is a little vague they talk about Dialers (which we block), Adware which there a varying types of some we block some we dont (it varies for each program).
What people forget is that "free" programs often use advertising in order for the creater to make some money. Its extremely common on mobile applications but for some reason when its on a PC platform people get really annoyed 🙂 Toolbars are a pet hate of mine, if I had my way I`d mark them all bad but to be honest the majority of them will tell you what they do before the install! My rule of thumb is to avoid them all.
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
Hello explanoit and thanks for the great topic. :D
I am also curious to hear Webroot's standpoint to PUAs. I agree with you that WSA is not so hard towards those applications. On the upside ESET and NIS are quite paranoid as regards the PUAs. I used the both applications in the past and sometimes it was a real pain. I would like to see an approach that is just in the middle.
As for the identity shield, all browsers are added automatically to the Protected applications list with status Protected what secures them against information-stealing, injections, man-in-the-middle attacks, clipboard stealers etc. It means the browsers are in fact isolated (not accessible) from the system but also have full access to data on the system.
Hope someone more technically erudite will correct me if I am wrong or will complement me.
I am also curious to hear Webroot's standpoint to PUAs. I agree with you that WSA is not so hard towards those applications. On the upside ESET and NIS are quite paranoid as regards the PUAs. I used the both applications in the past and sometimes it was a real pain. I would like to see an approach that is just in the middle.
As for the identity shield, all browsers are added automatically to the Protected applications list with status Protected what secures them against information-stealing, injections, man-in-the-middle attacks, clipboard stealers etc. It means the browsers are in fact isolated (not accessible) from the system but also have full access to data on the system.
Hope someone more technically erudite will correct me if I am wrong or will complement me.
We have a set guidelines on what we can mark as bad and we follow them to the button.We mark a large number of PUA`s every day in fact I marked about 75 thousand bad yesterday.
A large amount of the tickets I see about customers having an issue about PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad (thats not set in stone of course!).
In the links you posted the first one isnt really PUA they are talking about malware (password stealers etc) which we of course we block. The grayware def again is a little vague they talk about Dialers (which we block), Adware which there a varying types of some we block some we dont (it varies for each program).
What people forget is that "free" programs often use advertising in order for the creater to make some money. Its extremely common on mobile applications but for some reason when its on a PC platform people get really annoyed 🙂 Toolbars are a pet hate of mine, if I had my way I`d mark them all bad but to be honest the majority of them will tell you what they do before the install! My rule of thumb is to avoid them all.
A large amount of the tickets I see about customers having an issue about PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad (thats not set in stone of course!).
In the links you posted the first one isnt really PUA they are talking about malware (password stealers etc) which we of course we block. The grayware def again is a little vague they talk about Dialers (which we block), Adware which there a varying types of some we block some we dont (it varies for each program).
What people forget is that "free" programs often use advertising in order for the creater to make some money. Its extremely common on mobile applications but for some reason when its on a PC platform people get really annoyed 🙂 Toolbars are a pet hate of mine, if I had my way I`d mark them all bad but to be honest the majority of them will tell you what they do before the install! My rule of thumb is to avoid them all.
That is a good point. Howver, many computer users are very click happy and the way some of these PUA's are written, it can mislead a user into thinking that it is a required part of the legitimate program the are installing.
+6Webroot's public approach to PUA appears to have been changed. Your blog is now focusing extremely closely on how PUA is acting as a conduit to malware and we have learned about a new option in the interface (to be unveiled) that specifically deals with this class of software.
Does Webroot have any new statements on changes to internal policies or their new public focus on PUA?
Does Webroot have any new statements on changes to internal policies or their new public focus on PUA?
+56If it's true it would be nicely accepted by advanced users and any user really as the security forum that I'm an admin on has a long list of such unwanted add-ons even though some of them need to be updated: http://calendarofupdates.org/index.php?topic=2.0
Daniel
Daniel
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.