Best answer by KitView original
Best answer by KitView original
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Thanks for the great explanation and I fell in love with your statement "... however WSA doesn't waste time focusing on the avenues, but rather on the threats themselves" :D
Kit Wrote: "If BOTH find something, WSA will ignore it. Why? When WSA tries to look at something, MBAM will want to look first. WSA steps aside and lets MBAM look first because WSA knows MBAM is a legitimate security program."
That explains a lot about the behaviors I have noted and been asked about. I came on here to learn.. and I am :D
Might have been your $0.02, but it was worth gold to me.
Malware: All malicious software, of which a virus is just one example.
Why "Anti-Virus"? Because a lot of people know that a "computer virus" is bad, but don't know what "malware" is. Case in point: I've had a customer tell me that they were upset about anti-male-ware and not anti-female-wear, and said it sounded sexist.
Installing MBAM and WSA at the same time...
If BOTH find something, WSA will ignore it. Why? When WSA tries to look at something, MBAM will want to look first. WSA steps aside and lets MBAM look first because WSA knows MBAM is a legitimate security program. MBAM flags it as bad, removes it, and WSA never even has a chance (or need) to look at it. If MBAM missed it and let WSA see it, WSA would remove it since MBAM would be ignoring it. If MBAM missed it and WSA didn't know anything about it at all, MBAM would completely ignore it and WSA would watch it like a hawk in case it did something bad, then roll back everything it did up to the point it did something bad.
Is WSA just an AV? No. It detects more malware than just viruses.
Certainly not!!! I am just a humble user who over the years has been so blown away by the effectiveness of Prevx->WSA that I have become a real fanboy, I'm afraid to say :8 :8
If you need proof of that, just look at my posts on Backup & Sync (see https:///t5/Webroot-SecureAnywhere-Complete/Backup-amp-Sync-Transition-2013/m-p/14108#M1314 for example), which have been highly critical.
I'm just an average consumer, and I would not have considered WSA an AM tool. It seems there might be a whole other market for WSA to exploit out there. Of course, WSA could also acquire MBAM. :p
(BTW, WSA needs a spell correction icon in the toolbar.)
In this way, not only would it stop the bad process, it would actually be able to change any modified files back to their previous state as they were before the malware tampered with them, so it is as if the computer never had the malware.
However, it is important to understand the history of WSA Cloud AV/AM. It began as a small, innovative product created by British company Prevx in 2004. Prevx was purchased by Webroot in October 2010 to replace their old AV/AM products because they believed that the future of AV/AMs lay in Prevx’s different approach. Now, it is very important to understand that from the very beginning Prevx was marketed as an “anti-malware” not an “anti-virus” programme.
What is the difference between malware and viruses? I find dictionaries don’t tend to be very specific, however if I understand correctly (and I stand to be corrected by someone else more competent than me as I am no computer nerd!!), it is Wikipedia that accurately nails the definition when it says: “Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, spyware, adware, malicious BHOs and other malicious programs". And my shorter Collins dictionary says: “a computer program designed specifically to damage or disrupt a system, such as a virus.” In other words, malware is the term used for all types of computer infections, whilst virus is just one type of computer infection.
Never have I known Prevx concentrate on saying that it deals with viruses only, always it has emphasised the word malware, and for many years it has been explicit in listing all the different types of malware as being those that it protects against.
As a sidenote, it should be pointed out that one of Prevx’s (now Webroot’s) many employees, Marco Giuliano, has particularly concentrated on rootkits, and as far as I know he was the first person in the world to properly analyse and create a 100% effective removal tool for the first seriously nasty rootkit seen in the wild, Gromozon (back in 2006). It was this removal tool offered free by Prevx that convinced me to adopt Prevx as a seriously effective antimalware programme. So I have never associated Prevx with Antivirus only, always with Anti-Malware in general.
As I said, Prevx was bought in 2010 by Webroot as they believed that the future lay with Prevx's different and innovative approach. WSA is basically Prevx v.4 but now under the hood of the new company Webroot. Now, for some strange reason, they have decided to label their core version of WSA as Webroot Anti-Virus rather than Webroot Anti-Malware, thus unfortunately leading to the misleading impression that WSA is an AV only and not an AM in general.
So to return to your question: Why do other AV/AM programmes detect malwares that WSA appears not to detect? Basically three reasons:
Controlling active processes
Using Active Processes, you can adjust the threat-detection settings for all programs and processes running on your
computer. It also includes a function for terminating any untrusted processes, which might be necessary if a regular
scan did not remove all traces of a malware program.
To adjust settings for active processes:
1. Open SecureAnywhere.
2. Click the System Tools tab.
3. Click System Control on the left.
4. Click the Start button under Control Active Processes. [This brings up a list of all active processes running on your computer.]
5. For each process, you can select the radio button for:
Allow: The process is allowed to run on your system.
Monitor: Webroot SecureAnywhere will watch the process and open an alert on suspicious activity.
Block: The process is blocked from running on your system. Do NOT block a process unless you are absolutely certain it is non-essential.
If you want to terminate all untrusted processes, click Kill Untrusted Processes.
I have run WSA’s various programs, including (I guess) its AM. I have then run MBAM’s and SAS’ programs and I can state that both MBAM and SAS detected bugs that WSA missed. How or why is that “deliberate” on WSA’s part? Why would WSA take a “back seat” to MBAM or SAS in certain malware detection, quarantine and removal areas when its primary purpose is AV and not AM? Isn’t WSA primarily marketed as an AV program and not as an AM program? I mean, I view WSA going head to head with Norton 360 or McAfee or Kaspersky or Vipre … not with MBAM or SAS. Am I wrong?
I am certainly willing to accept the fact that WSA is designed to deal with malware, if that has been satisfactorily demonstrated to me. I can only say that I have used programs specifically and uniquely designed to deal with malware that have detected bugs that WSA has not.
Regardless of the reasons MBAM has detected bugs that WSA has missed, I could care less. If the two programs do not compete and can co-exist, what’s the harm running both, especially when MBAM is so good and so inexpensive?
Cohbraz, I do not know whether any of the items that MBAM and SAS have picked up were showing in the Control Active Processes listed on WSA. I’m not even sure I would know how to go about ascertaining that since I am not familiar with what you describe as “Control Active Processes.”
Coincidentally, I installed WSA, MBAM and SAS around the same time and tested them. I have since removed SAS because MBAM is as at least as effective and is cheaper than SAS. Since I have installed these programs I have not had any infections, but I cannot say that is because of WSA, or MBAM, or SAS, or all three.
I am a believer in multiple programs that do not compete and will continue to believe that way until I am convinced that one program does it all. I think WSA is an excellent product, but imho, it has its limitations.
Which are both also very relevant, considering the somewhat different way WSA works.
I am curious if WSA just completely missed them, or if they simply were not active and not being executed/scanned.
Surprised that no-one here has mentioned that this is deliberate on WSA's part. WSA is able to co-exist with other AV/AM's because (and this is very important to understand) it has been programmed to take a backseat when another resident AV/AM detects an infection. This is why it is unique in being able to exist alongside any other AV/AM. If it was a standalone AV/AM, the story would be completely different!
And btw I have a similar experience to other people who have posted on this thread that I have never had an infection since installing Prevx->WSA—and that was more than 6 years ago. May I add that this was certainly not the case before then!
Coming back to the subject, I agree with TH that WSA does what Prevx (now purchased by and subsidiary of Webroot) has long claimed it does (WSA is after all built on the Prevx engine), it deals with all kinds of infections.
It doesn't matter to me whether the company considers itself both an A/V and an A/M product ... I feel better knowing I'm running MBAM as well.
I still think that WSA is a comprehensive solution for malware/spyware/antivirus, but that does not mean one should rely on only WSA.