We get a lot of questions/issues/complaints around PUA's. They are one of the most irritating things. WSA blocks many of them, but for a variety of reasons not all. Specifically PUA's that are bundled with other software, are not hidden, have an opt out ability, are not currently blocked by Webroot.
Would it be possible to add a feature that the end user can choose when installing new software to block ALL bundled software? That would:
1) Be an active choice by the user to block the bundles
2) Reduce vastly the number of PUA issues that we see
3) Keep things quite legal.
4) Help keep Webroot above and beyone the competition.
As I understand it, the Web Threat Shield blocks sites based on a reputation score, and sites that are believed to be new are automatically given a low reputation score -- so any new site is automatically blocked. The problem is that in the user interface, when a site is blocked, the user is not told whether it is blocked because there is actual evidence of real threats or simply because the site is believed to be new. The result is that users will be frightened away from any relatively new site, even if they have personal knowledge of its reputation (i.e., they might assume that evidence of an actual threat has been detected on the site). This problem is exaccerbated by the fact that Webroot apparently has no reliable way of determining the age of a site, so a site that has been around a long time but simply isn't yet in the Webroot database will be considered new and therefore a threat.
Instead, why not give users more information and let them decide? Rather than giving a new site a low reputation score and scaring users into thinking it is likely to contain threats, instead provide a message like the following:
Webroot does not have any information about the reputation of this website. It may be a relatively new website or an older website that is not popular enough for us to have encountered it before. You may be comfortable using this website if you have personal knowledge of its reputation, but otherwise we suggest you proceed with caution.
A message like that would provide a sufficient warning without misleading users into thinking an actual threat has been identified on a site with which they are already comfortable. If several users choose to unblock the site and proceed, you might then use that information to bump up the site's reputation and stop blocking the site altogether.
Note, this request is motivated by a recent negative Webroot experience with a site that I maintain. The site is for a small local church, so it is not widely popular and was therefore not known to Webroot. One of our church members recently reported that the site was blocked by Webroot and showed me the message indicating that the site was deemed to have a high likelihood of containing threats. Despite the fact that she knows the site and has been to it many times before, she assumed a real threat had been detected. And despite the fact that I am the creator and maintainer of the site, when I saw the warning message, I too thought perhaps some real threat had been detected. Upon further investigation, I learned that no specific threats had been detected, and that Webroot was blocking the site merely because it thought the site was new. The problem is that the site is not new -- it has been up for a full three years.
I believe Webroot is doing its customers a disservice by misleading them into thinking sites they already know and trust have been determined to have real threats, when in reality Webroot simply has zero information about the site. If you have no information about a site, simply tell the user that, and let the user decide what to do based on their personal knowledge of the site.
[Using Google Chrome on Windows 7 and Windows 8]
When we use Google Chrome to visit an HTTPS website, Chrome shows us a padlock to the left of the URL.
Sometimes, though we see a gray-padlock-with-yellow-triangle. The gray-padlock-with-yellow-triangle is also a native part of Chrome. You can see that icon when you go to a website that is SSL secure, but, say, embeds an image or banner or something from another server that isn't SSL secure.
The issue is that users never see any green padlocks when Webroot Filtering Extension is enabled. The extension acts as "something on the page that's embedded from another server". Thus, a user can never tell the difference between a 100% secured website and once that's only partially secure. In other words, the extension reports a false-negative for every legit HTTPS website.
Since I own and run an insurance website, I would very much like users to see the green padlock on my site. But if they have Webroot Filtering enabled, they'll only see the partially-secure gay-and-yellow icon... and it looks like it's my company's fault that we're not 100% secure.
I want to be clear about this, the issue is not how secure the extension really is... but how secure my website appears to Webroot users. Right now, this extension makes my website appear untrustworthy.
What I'd like to see from Webroot:
- fix the problem, or...
- add a note to the gray padlock for safe sites (like mine) explaining that the website is actually safe, or...
- upon the extension being enabled (and whenever a browser is launched) make a splash page that educates the user about how they will never see green padlocks again and why (user can disable the splash page in preferences), or...
- take down the extension and do an update that force-disables the extension until it's repaired, or...
- remove the part of the extension that is causing the problem (perhaps put that part into a second, separate extension that can be optionally enabled)
If it cannot be fixed, Webroot at least needs to do something to educate its users about why they never see green padlocks anymore.
Some ideas on what to investigate in fixing this bug:
There is more on this issue on the forum here:
Also, I had previously filed a support ticket regarding this issue on Oct 25, 2013 18:04.
Have noticed in the Fora that there have been a number of users reporting dissatisfaction at the way that the Personalised Security Report is notified and the control that they have over how it interacts with their systems/themselves, etc.
As a result I am starting a feature request to try to capture this centrally as this is really the place for such views to reside if change is to have a chance of being achieved IMHO.
So common issues that users feel that they need rectified are:
1. Seeing the notification message on every login.
Suggested that that the frequency should be much more limited (maybe only show the message once per month and that the prompt should disappear by itself if not interacted with by the user after so many seconds. As it is, the prompt only goes away if you click on "Learn More" (which opens the web page with the stats) or the "X" in the upper right (which closes the window).
So extrapolating from this the conclusion to draw here is the provision of user definable parameters for (i) number of prompts to be shown & interval (in secs) before stopping & (ii) time after which prompt/notification will auto disappear if not responded too.
2. Ability to turn off notification
User defined setting that allows the user to decide whether they are interested in even receiving sucha report, and therefore associated notification (not that I can understand why one would not want too...)
3. Control to be provided via My Account/Web Console
And one of my own, given the above:
Provision of the above above suggested settings to be handled as another option in the Web Console, very much in the same way as control of the Advanced Settings can be handled that way. Believe that as the deployment of the report "is controlled by the backend rather than the agent" to quote JoeJ, it makes sense for any new user settings that may be provided to also effectively reside at the backend rather than the client.
Well, I hope that provides a suitable starter for further comments by those who want to make them so that we can see if the feature (which I personally like) can be enhanced.
So please post & comment away, folks...
EDIT: To add point 4. (from David's comments below)
Provision of the ability to be able to view the latest/last Report published "On Demand". Suggestion is the addition of a permanent tool or option, to access this, under the Utilities, Reports tab. Thanks, David...a very good one!
Webroot really needs a mac forum due to the differences in the product between windows and mac. Reading about issues on WSAC running on a windows machine does not help those of us who use a mac. Webroot could be a leader for other companies to follow. I believe this could benefit Webroot in increased subscriptions and more satisfied customers. This is my 2 cents worth.
I think it would be cool if we could get some of your bloggers and other employees to randomly post up threads asking for questions and providing answers about the security industry, life at Webroot, their background in tech, etc.
I know that the new Web Threat Shield is under a slow rollout, and that not everything is 'set in stone' so to speak. One thing that has been noticed by several users is a lack of usable User Interface with the new 2014 versions. I am only human, so I make mistakes, we all do. In the situation that a user clicks to Allow (WhiteList) a URL, and then realizes that was not the right decision, there is currently no way other than uninstalling/re-installing WSA to correct that.
Would it be possible to provide us with an interface on which locally WhiteListed URL's are shown and allow us to edit/remove listings in the event a wrong button is pushed?
To the Webroot Software Engineer Team,
I would like to suggest that an option be added to the Advanced Options in order to use the System Optimizer on all or multiple user accounts on a home computer or business network. Currently I am only able to clean my own personal user account and being the system administrator of my family pc I would like to have the option and ability to clean all other user account which are password protected on the pc without having to ask my 9 and 12 year old and my wife to log in to their accounts and bring up the Webroot program and go to System Optimizer to clean up their own data. I also have another software in which it allows me to go to options and select various users to be able to clean which are: Current user only, All users and Selected users. This option allows me to clean and optimize the whole family PC in one click of the button without having to go to each individual user. Before I had the Pro version the software I had just the free version which only allowed me to clean whichever user I was logged into. But that is not practical when each user account is password protected. But when I found out the the Pro version gave me the ability to clean all or multiple users at once I purchased it. I think adding this feature or option to the Webroot SecureAnywhere software under Advanced Setting it will give the system administrators more manageability over thier systems whether it is a family pc or business network. I hope this suggestion and idea will help with the overall Webroot SecureAnywhere usability. I look forward to hearing back from the Webroot Software Engineer Team after looking into the feasibility of this capability added to the software. I really like the new Webroot interface and think this would be a great addition.
It would really be useful if a member's contacts or friend list that is present in the profile is added to private message list. The friend list would appear same as in profile, on the right hand side with little icons of links for sending private messages beside the contact names.
In my scheduled scan settings I have "Hide the scan progress window during scheduled scans" unchecked and "Only notify me if an infection is found during a scheduled scan" checked. The behaviour with these settings is that when a scheduled scan starts, the progress window pops up and show the progress but doesn't automatically close after the scan. Shouldn't it close automatically because I have "Only notity when infection is found.. " still checked?
I found this in the help file:
Hide the scan progress window during scheduled scans
Runs scans silently in the background. If this option is disabled, a window opens and shows the scan progress.
Only notify me if an infection is found during a scheduled scan
Opens an alert only if it finds a threat. If this option is disabled, a small status window opens when the scan completes, whether a threat was found or not.
So if only the first is unchecked it should show only the progress and then close automatically and if only the second is unchecked it should give a pop-up when the scan is completed.
I'd like to propose the option to either let me log in once in to my password manager, or have it as a per windows session, and not browser session log in.
It's annoying to have to keep logging in to my password vault in Firefox every time I close and re-open the browser. If the option is already in Webroot, please tell me where it is, I can't find it and I was surprised something like this wasn't already in it.
No one else uses this PC but myself.
I would like to see a distinct differentiation of Techie and Non-techie posts on the main web page of the community. There is a section Recent Posts where are stuffed all posts regardless on their nature. So can you kindly split section Recent Posts on Techie and Non-techie sub-sections? The reason is that we have a huge increase of non-techie posts/threads lately between which important techie posts/threads or those requiring a help are literally becoming lost and they can be easily overlooked as such.
@ attention of moderators
You're correct thinking that this idea relates to your deleted post in one non-techie thread which was closed for a while and was reopened again later. I fully agree with the content of your message, hence I decided to post this idea. Hope you understand.
I would like to see the abaility to adjust the amount of bandwidth that the backup and sync function uses. By being able to set a low, medium, or high usage, the backup feature can still run but the internet upload speed can be adjusted so it does not slow down regular usage so much.
Is Webroot planning on revamping the Reputation toolbar? Currently the bar is simply obstructive especially because it repeatedly reloads even within the same web domain. The Web of Trust has a great approach: The icon remains active and changes colors accordingly.
What do you think?
Foremost I have to say that my idea has born thanks to DavidP who put in to his signature a direct link to open a ticket.
So, credit goes to David.
I have noticed that a link to open a support case is available only on the main page of Community on the right side under "Looking For Support?". Unfortunately in other levels/sub-sections of forums there is no a direct link.
I think it would be handy if a direct link would be always available regardless on level/sub-section of Community you are in. We would need to place this link to a part of page that is always displayed. For instance the bottom part of page could be used. See below.
or in the drop down menu "Support" on top of the page or elsewhere it suits the best.
The Webroot interface is difficult for people who rely on screen readers to use. The biggest problem is a lack of keyboard control. For example, someone with a vision impairment can't independently install the product, because you need to click in the field where the license key needs to be entered (you can't tab to it). While screen readers do provide some limited review capabilities by simulating mouse movement and clicks, this is a difficult way to access an interface, particularly when you're trying to learn it, and the product could benefit greatly both from making the interface able to be controlled using the keyboard, as well as using Active Accessibility or UIA, to provide information to screen readers about major elements, e.g, what's turned on or off in status, information about scan results, etc. I could provide more information to developers if anyone is interested.
An idea was presented over in the Android forum, and I liked it enough that I am going to open the idea here.
The ability to way enter wildcards for blocked numbers. For example your getting calls from a place that has several numbers in a block like 111-222-3300 through 111-222-3320. Instead of having enter every number (21 numbers) is there a wild card that could be used (111-222-33XX) that would allow to block then all? (This would apply to ONLY the last 1 or 2 digits of the phone number(s) to be blocked, otherwise it will block too many.)
Remember, in the event that you have blocked 111-222-33xx to blocked the numbers above, if you get a call from 111-222-3344 it will be blocked, but at the same time that caller does, I believe, have the ability to leave a voicemail. If you find you have blocked numbers that you do not wish to, you could go back to manually blocking each individual.
Allow the Call Blocking to use a 10 digit phone number (Area Code + Phone Number) instead of requiring a full 11digit (1 + Area Code + Phone Number). Many times when I had tried to turn on a Call Block using a saved contact to provide the number, it would fail and return an error that the phone number is not valid. Incoming calls do not contain the 1 on my phone, so when saved to a contact, or if I use the call log to select the number to block, it require's editing of the number before the Call Blocker will accept it.