Thanks,
TH ;)
Best answer by Kit
View originalQuestion: Is Webroot SecureAnywhere a Full Anti-Malware or just an AV?
Userlevel 7
+56
I'm just looking for Community input and how they regard WSA as a Full Anti-Malware or just an Anti-Virus. We know that WSA is designed to work with other AV's and other AM's so give us your feedback and lets keep it on topic and not get into details of other products as this is the Webroot forum. Like ProTruckDriver uses WSA with MBAM and I use WSA alone with Look'n'Stop Firewall as it was a one time payment.
Thanks,
TH ;)
Thanks,
TH ;)
Page 1 / 2
Userlevel 7
@ Kit
Thanks for the great explanation and I fell in love with your statement "... however WSA doesn't waste time focusing on the avenues, but rather on the threats themselves" :D
Thanks for the great explanation and I fell in love with your statement "... however WSA doesn't waste time focusing on the avenues, but rather on the threats themselves" :D
Userlevel 7
Yes, I rely solely on WSA and apart a few issues which stem from my unsupported OS language all is fine ;)@ wrote:
And if WSA runs good on Vista, then you know it is a great program! :p@ wrote:I strongly believe it's a full security suite as I am using it alone with Vista firewall (with tight rules) :D
Userlevel 7
Thanks Kit for that excellent reply. :D
Userlevel 7
Kit, thank you very much for that detailed reply.
Kit Wrote: "If BOTH find something, WSA will ignore it. Why? When WSA tries to look at something, MBAM will want to look first. WSA steps aside and lets MBAM look first because WSA knows MBAM is a legitimate security program."
That explains a lot about the behaviors I have noted and been asked about. I came on here to learn.. and I am :D
I appreciate the explanation of how WSA deals with tracking cookies and javascript as well... I personally do consider them a potential threat (or threat precursor as per your explanation), but I dont mind a quick manual clearing of the cookies at shutdown time either. That is faster than the hit on system resources by doing it continually.
Might have been your $0.02, but it was worth gold to me.
Kit Wrote: "If BOTH find something, WSA will ignore it. Why? When WSA tries to look at something, MBAM will want to look first. WSA steps aside and lets MBAM look first because WSA knows MBAM is a legitimate security program."
That explains a lot about the behaviors I have noted and been asked about. I came on here to learn.. and I am :D
I appreciate the explanation of how WSA deals with tracking cookies and javascript as well... I personally do consider them a potential threat (or threat precursor as per your explanation), but I dont mind a quick manual clearing of the cookies at shutdown time either. That is faster than the hit on system resources by doing it continually.
Might have been your $0.02, but it was worth gold to me.
Userlevel 6
Nice synopsis, Kit. You make a good case for running both WSA and MBAM as a layered approach to broad AV/AM protection. :D
Userlevel 7
Virus: A file infector that replicates by inserting its code into existing executable files.
Malware: All malicious software, of which a virus is just one example.
Why "Anti-Virus"? Because a lot of people know that a "computer virus" is bad, but don't know what "malware" is. Case in point: I've had a customer tell me that they were upset about anti-male-ware and not anti-female-wear, and said it sounded sexist.
MBAM:
Broad spectrum antimalware. Similar to powerful antibiotics, it takes a shoot first and ask questions later approach to detection and cleanup. This gives it a tremendous leg-up on things, but can also have detrimental side effects on occasion. It will also look for remnants, hints, and other such things that could be related to or previously dropped by something that could be related to or even resemble malware. It will also examine javascript and java files that WSA ignores (intentionally). In those files, it will trigger an alert even if the file is unable to infect anything newer than Firefox 1.3 or IE 6. This is legitimate, since it -IS- a potential avenue for infection, however WSA doesn't waste time focusing on the avenues, but rather on the threats themselves.
Installing MBAM and WSA at the same time...
If BOTH find something, WSA will ignore it. Why? When WSA tries to look at something, MBAM will want to look first. WSA steps aside and lets MBAM look first because WSA knows MBAM is a legitimate security program. MBAM flags it as bad, removes it, and WSA never even has a chance (or need) to look at it. If MBAM missed it and let WSA see it, WSA would remove it since MBAM would be ignoring it. If MBAM missed it and WSA didn't know anything about it at all, MBAM would completely ignore it and WSA would watch it like a hawk in case it did something bad, then roll back everything it did up to the point it did something bad.
Is WSA just an AV? No. It detects more malware than just viruses.
Is WSA a full AM? Subject to opinion. Some people consider third party tracking cookies to be malware, or javascript exploit files to be malware. WSA ignores both of these. Cookies are harmless and the JS exploit file is nothing but a way to try to load an actual threat onto the system... It's a delivery method, but WSA does not consider it a sufficient threat in and of itself to warrant using the user's system resources examining the JS.
My $0.02
Malware: All malicious software, of which a virus is just one example.
Why "Anti-Virus"? Because a lot of people know that a "computer virus" is bad, but don't know what "malware" is. Case in point: I've had a customer tell me that they were upset about anti-male-ware and not anti-female-wear, and said it sounded sexist.
MBAM:
Broad spectrum antimalware. Similar to powerful antibiotics, it takes a shoot first and ask questions later approach to detection and cleanup. This gives it a tremendous leg-up on things, but can also have detrimental side effects on occasion. It will also look for remnants, hints, and other such things that could be related to or previously dropped by something that could be related to or even resemble malware. It will also examine javascript and java files that WSA ignores (intentionally). In those files, it will trigger an alert even if the file is unable to infect anything newer than Firefox 1.3 or IE 6. This is legitimate, since it -IS- a potential avenue for infection, however WSA doesn't waste time focusing on the avenues, but rather on the threats themselves.
Installing MBAM and WSA at the same time...
If BOTH find something, WSA will ignore it. Why? When WSA tries to look at something, MBAM will want to look first. WSA steps aside and lets MBAM look first because WSA knows MBAM is a legitimate security program. MBAM flags it as bad, removes it, and WSA never even has a chance (or need) to look at it. If MBAM missed it and let WSA see it, WSA would remove it since MBAM would be ignoring it. If MBAM missed it and WSA didn't know anything about it at all, MBAM would completely ignore it and WSA would watch it like a hawk in case it did something bad, then roll back everything it did up to the point it did something bad.
Is WSA just an AV? No. It detects more malware than just viruses.
Is WSA a full AM? Subject to opinion. Some people consider third party tracking cookies to be malware, or javascript exploit files to be malware. WSA ignores both of these. Cookies are harmless and the JS exploit file is nothing but a way to try to load an actual threat onto the system... It's a delivery method, but WSA does not consider it a sufficient threat in and of itself to warrant using the user's system resources examining the JS.
My $0.02
Userlevel 7
And if WSA runs good on Vista, then you know it is a great program! :p@ wrote:I strongly believe it's a full security suite as I am using it alone with Vista firewall (with tight rules) :D
Userlevel 7
I strongly believe it's a full security suite as I am using it alone with Vista firewall (with tight rules) 😃@ wrote:
Is Webroot SecureAnywhere a Full Anti-Malware or just an AV?
Userlevel 6
It was meant as a compliment, Muddy7. :D
RWM: "I assume, from your reply, you are a highly placed individual in the company."
Certainly not!!! I am just a humble user who over the years has been so blown away by the effectiveness of Prevx->WSA that I have become a real fanboy, I'm afraid to say :8 :8
If you need proof of that, just look at my posts on Backup & Sync (see https:///t5/Webroot-SecureAnywhere-Complete/Backup-amp-Sync-Transition-2013/m-p/14108#M1314 for example), which have been highly critical.
Certainly not!!! I am just a humble user who over the years has been so blown away by the effectiveness of Prevx->WSA that I have become a real fanboy, I'm afraid to say :8 :8
If you need proof of that, just look at my posts on Backup & Sync (see https:///t5/Webroot-SecureAnywhere-Complete/Backup-amp-Sync-Transition-2013/m-p/14108#M1314 for example), which have been highly critical.
Userlevel 6
Thanks, Muddy7. I assume, from your reply, you are a highly placed individual in the company. You've satisfied me that WSA is also an AM product. So, why doesn't WSA market itself more strongly as an AM product?
I'm just an average consumer, and I would not have considered WSA an AM tool. It seems there might be a whole other market for WSA to exploit out there. Of course, WSA could also acquire MBAM. :p
(BTW, WSA needs a spell correction icon in the toolbar.)
I'm just an average consumer, and I would not have considered WSA an AM tool. It seems there might be a whole other market for WSA to exploit out there. Of course, WSA could also acquire MBAM. :p
(BTW, WSA needs a spell correction icon in the toolbar.)
Userlevel 7
Correct. Any program that is shown as "Monitored" is not known to be 100% safe by Webroot yet, so the program is watching it and whatever changes it makes. At the same time, it is journaling any changes that the process is making. When Webroot determines that the process is safe, it will move to Active by itself. IF Webroot determined that it was malware, it would move to Clocked and the journaling would rollback any changes that it had made.@ wrote:
Thanks. All of my Active Processes are marked "Allow" with the exception of one, which is marked "Monitor." That one is nvsvc32.exe. I assume these are default settings.
In this way, not only would it stop the bad process, it would actually be able to change any modified files back to their previous state as they were before the malware tampered with them, so it is as if the computer never had the malware.
RWM, I also believe in a multi-layer approach.
However, it is important to understand the history of WSA Cloud AV/AM. It began as a small, innovative product created by British company Prevx in 2004. Prevx was purchased by Webroot in October 2010 to replace their old AV/AM products because they believed that the future of AV/AMs lay in Prevx’s different approach. Now, it is very important to understand that from the very beginning Prevx was marketed as an “anti-malware” not an “anti-virus” programme.
What is the difference between malware and viruses? I find dictionaries don’t tend to be very specific, however if I understand correctly (and I stand to be corrected by someone else more competent than me as I am no computer nerd!!), it is Wikipedia that accurately nails the definition when it says: “Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, spyware, adware, malicious BHOs and other malicious programs". And my shorter Collins dictionary says: “a computer program designed specifically to damage or disrupt a system, such as a virus.” In other words, malware is the term used for all types of computer infections, whilst virus is just one type of computer infection.
Never have I known Prevx concentrate on saying that it deals with viruses only, always it has emphasised the word malware, and for many years it has been explicit in listing all the different types of malware as being those that it protects against.
As a sidenote, it should be pointed out that one of Prevx’s (now Webroot’s) many employees, Marco Giuliano, has particularly concentrated on rootkits, and as far as I know he was the first person in the world to properly analyse and create a 100% effective removal tool for the first seriously nasty rootkit seen in the wild, Gromozon (back in 2006). It was this removal tool offered free by Prevx that convinced me to adopt Prevx as a seriously effective antimalware programme. So I have never associated Prevx with Antivirus only, always with Anti-Malware in general.
As I said, Prevx was bought in 2010 by Webroot as they believed that the future lay with Prevx's different and innovative approach. WSA is basically Prevx v.4 but now under the hood of the new company Webroot. Now, for some strange reason, they have decided to label their core version of WSA as Webroot Anti-Virus rather than Webroot Anti-Malware, thus unfortunately leading to the misleading impression that WSA is an AV only and not an AM in general.
So to return to your question: Why do other AV/AM programmes detect malwares that WSA appears not to detect? Basically three reasons:
However, it is important to understand the history of WSA Cloud AV/AM. It began as a small, innovative product created by British company Prevx in 2004. Prevx was purchased by Webroot in October 2010 to replace their old AV/AM products because they believed that the future of AV/AMs lay in Prevx’s different approach. Now, it is very important to understand that from the very beginning Prevx was marketed as an “anti-malware” not an “anti-virus” programme.
What is the difference between malware and viruses? I find dictionaries don’t tend to be very specific, however if I understand correctly (and I stand to be corrected by someone else more competent than me as I am no computer nerd!!), it is Wikipedia that accurately nails the definition when it says: “Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, spyware, adware, malicious BHOs and other malicious programs". And my shorter Collins dictionary says: “a computer program designed specifically to damage or disrupt a system, such as a virus.” In other words, malware is the term used for all types of computer infections, whilst virus is just one type of computer infection.
Never have I known Prevx concentrate on saying that it deals with viruses only, always it has emphasised the word malware, and for many years it has been explicit in listing all the different types of malware as being those that it protects against.
As a sidenote, it should be pointed out that one of Prevx’s (now Webroot’s) many employees, Marco Giuliano, has particularly concentrated on rootkits, and as far as I know he was the first person in the world to properly analyse and create a 100% effective removal tool for the first seriously nasty rootkit seen in the wild, Gromozon (back in 2006). It was this removal tool offered free by Prevx that convinced me to adopt Prevx as a seriously effective antimalware programme. So I have never associated Prevx with Antivirus only, always with Anti-Malware in general.
As I said, Prevx was bought in 2010 by Webroot as they believed that the future lay with Prevx's different and innovative approach. WSA is basically Prevx v.4 but now under the hood of the new company Webroot. Now, for some strange reason, they have decided to label their core version of WSA as Webroot Anti-Virus rather than Webroot Anti-Malware, thus unfortunately leading to the misleading impression that WSA is an AV only and not an AM in general.
So to return to your question: Why do other AV/AM programmes detect malwares that WSA appears not to detect? Basically three reasons:
- WSA takes a backseat when another AV/AM programme detects a malware. This is how it manages not to be in conflict with other AV/AM programmes. And this is why it is the only AM programme that can live in harmony with all other AV/AM programmes. It is deliberately designed that way.
- WSA is also designed to detect malwares that execute or that are likely to execute, not to search every crook and cranny for files that may contain malwares and that may never execute. This is one reason why it manages to remain so light. It is also another reason why you will often see your other AV/AM detecting a malware that WSA does not.
- If WSA is unsure of whether a file is a malware or not, it does not immediately delete/quarantine it, rather it monitors that file’s activity, and all the changes it makes to the computer, and if and when it determines that the file is a malware, it deletes it and reverses all the changes that it has made to your computer. So there can be a time lapse between WSA’s discovering the file and its taking remedial action, unlike other AV/AM programmes. Which is the third reason why WSA appears not to be detecting a malware that your other AV/AM has.
Userlevel 6
Thanks. All of my Active Processes are marked "Allow" with the exception of one, which is marked "Monitor." That one is nvsvc32.exe. I assume these are default settings.
Userlevel 7
I am just going to copy from the user guide as they do a better job of explaining it than I ever could:@ wrote:
Cohbraz, I do not know whether any of the items that MBAM and SAS have picked up were showing in the Control Active Processes listed on WSA. I’m not even sure I would know how to go about ascertaining that since I am not familiar with what you describe as “Control Active Processes.”
Controlling active processes
Using Active Processes, you can adjust the threat-detection settings for all programs and processes running on your
computer. It also includes a function for terminating any untrusted processes, which might be necessary if a regular
scan did not remove all traces of a malware program.
To adjust settings for active processes:
1. Open SecureAnywhere.
2. Click the System Tools tab.
3. Click System Control on the left.
4. Click the Start button under Control Active Processes. [This brings up a list of all active processes running on your computer.]
5. For each process, you can select the radio button for:
Allow: The process is allowed to run on your system.
Monitor: Webroot SecureAnywhere will watch the process and open an alert on suspicious activity.
Block: The process is blocked from running on your system. Do NOT block a process unless you are absolutely certain it is non-essential.
If you want to terminate all untrusted processes, click Kill Untrusted Processes.
Userlevel 6
Muddy7, what makes you think it is “deliberate” on WSA’s part that other AMs have caught bugs that WSA has missed, or that WSA has been programmed to take a “back seat” when another resident AV/AM detects an infection?
I have run WSA’s various programs, including (I guess) its AM. I have then run MBAM’s and SAS’ programs and I can state that both MBAM and SAS detected bugs that WSA missed. How or why is that “deliberate” on WSA’s part? Why would WSA take a “back seat” to MBAM or SAS in certain malware detection, quarantine and removal areas when its primary purpose is AV and not AM? Isn’t WSA primarily marketed as an AV program and not as an AM program? I mean, I view WSA going head to head with Norton 360 or McAfee or Kaspersky or Vipre … not with MBAM or SAS. Am I wrong?
I am certainly willing to accept the fact that WSA is designed to deal with malware, if that has been satisfactorily demonstrated to me. I can only say that I have used programs specifically and uniquely designed to deal with malware that have detected bugs that WSA has not.
Regardless of the reasons MBAM has detected bugs that WSA has missed, I could care less. If the two programs do not compete and can co-exist, what’s the harm running both, especially when MBAM is so good and so inexpensive?
Cohbraz, I do not know whether any of the items that MBAM and SAS have picked up were showing in the Control Active Processes listed on WSA. I’m not even sure I would know how to go about ascertaining that since I am not familiar with what you describe as “Control Active Processes.”
Coincidentally, I installed WSA, MBAM and SAS around the same time and tested them. I have since removed SAS because MBAM is as at least as effective and is cheaper than SAS. Since I have installed these programs I have not had any infections, but I cannot say that is because of WSA, or MBAM, or SAS, or all three.
I am a believer in multiple programs that do not compete and will continue to believe that way until I am convinced that one program does it all. I think WSA is an excellent product, but imho, it has its limitations.
I have run WSA’s various programs, including (I guess) its AM. I have then run MBAM’s and SAS’ programs and I can state that both MBAM and SAS detected bugs that WSA missed. How or why is that “deliberate” on WSA’s part? Why would WSA take a “back seat” to MBAM or SAS in certain malware detection, quarantine and removal areas when its primary purpose is AV and not AM? Isn’t WSA primarily marketed as an AV program and not as an AM program? I mean, I view WSA going head to head with Norton 360 or McAfee or Kaspersky or Vipre … not with MBAM or SAS. Am I wrong?
I am certainly willing to accept the fact that WSA is designed to deal with malware, if that has been satisfactorily demonstrated to me. I can only say that I have used programs specifically and uniquely designed to deal with malware that have detected bugs that WSA has not.
Regardless of the reasons MBAM has detected bugs that WSA has missed, I could care less. If the two programs do not compete and can co-exist, what’s the harm running both, especially when MBAM is so good and so inexpensive?
Cohbraz, I do not know whether any of the items that MBAM and SAS have picked up were showing in the Control Active Processes listed on WSA. I’m not even sure I would know how to go about ascertaining that since I am not familiar with what you describe as “Control Active Processes.”
Coincidentally, I installed WSA, MBAM and SAS around the same time and tested them. I have since removed SAS because MBAM is as at least as effective and is cheaper than SAS. Since I have installed these programs I have not had any infections, but I cannot say that is because of WSA, or MBAM, or SAS, or all three.
I am a believer in multiple programs that do not compete and will continue to believe that way until I am convinced that one program does it all. I think WSA is an excellent product, but imho, it has its limitations.
Cohbraz: "...were showing up in the Control Active Processes list on WSA?..." and "...if they simply were not active and not being executed..."
Which are both also very relevant, considering the somewhat different way WSA works.
Which are both also very relevant, considering the somewhat different way WSA works.
Userlevel 7
RWM, I am curious. Do you know if any of the items that MBAM picked up were showing up in the Control Active Processes list on WSA? And if they were, were they being monitored? Or were these files in a location where WSA does not scan during it's normal scan?@ wrote:
Good question, TH.
It is my belief that WSA is really only an anti-virus, not an anti-malware, program (regardless of what the company's official position is on this). I base this on the following.
I have used both Malwarebytes Anti-Malware (MBAM) and Super Anti-Spyware (SAS) freeware, which programs are exclusively anti-malware. Each of them has caught bugs that WSA has missed. I have now settled on MBAM, which I purchased and use in conjunction with WSA. I have the MBAM full version, which costs only about $20.00 for a lifetime license for one machine. The full version of SAS is more expensive and is a one year renewable license for two machines.
I am curious if WSA just completely missed them, or if they simply were not active and not being executed/scanned.
RWM: "I have used both Malwarebytes Anti-Malware (MBAM) and Super Anti-Spyware (SAS) freeware ... Each of them has caught bugs that WSA has missed."
Surprised that no-one here has mentioned that this is deliberate on WSA's part. WSA is able to co-exist with other AV/AM's because (and this is very important to understand) it has been programmed to take a backseat when another resident AV/AM detects an infection. This is why it is unique in being able to exist alongside any other AV/AM. If it was a standalone AV/AM, the story would be completely different!
And btw I have a similar experience to other people who have posted on this thread that I have never had an infection since installing Prevx->WSA—and that was more than 6 years ago. May I add that this was certainly not the case before then!
Coming back to the subject, I agree with TH that WSA does what Prevx (now purchased by and subsidiary of Webroot) has long claimed it does (WSA is after all built on the Prevx engine), it deals with all kinds of infections.
Surprised that no-one here has mentioned that this is deliberate on WSA's part. WSA is able to co-exist with other AV/AM's because (and this is very important to understand) it has been programmed to take a backseat when another resident AV/AM detects an infection. This is why it is unique in being able to exist alongside any other AV/AM. If it was a standalone AV/AM, the story would be completely different!
And btw I have a similar experience to other people who have posted on this thread that I have never had an infection since installing Prevx->WSA—and that was more than 6 years ago. May I add that this was certainly not the case before then!
Coming back to the subject, I agree with TH that WSA does what Prevx (now purchased by and subsidiary of Webroot) has long claimed it does (WSA is after all built on the Prevx engine), it deals with all kinds of infections.
Userlevel 7
+13
True.The 20.00 investment is a good one as MBAM PRO offers excellent zero day protection as well as the ability to co-exist well with other products.I used to be quite critical of it,but it has come a long way.I do own a few lifetime licenses,but at this moment i use it as a scan on demand and do not use the real time protection.I would recommend the MBAM PRO as an extra layer as it is quite affordable,although i think WSA alone is adequate.If you can add a layer without lagging your system in any way,why not,as it can only help.
Userlevel 6
Can't argue with you, Superssjdan, but WSA prides itself as an A/V product, whereas MBAM prides itself as an A/M product, and since MBAM is considered by many to be the best in the business, you can't go wrong investing in a $20.00 lifetime license!
Userlevel 7
+13
I definitely believe it to be a full Anti-Malware solution.I would urge any prospective buyer to educate themselves on the productline and what it does.I believe the suite to be fairly complete,although i would have loved to have seen an ad/pop up blocker within the program as well as a more robust firewall solution that does not rely on the windows firewall.My wife uses the suite along with the windows firewall and an ad blocker and has had no infections.I have never had an infection myself since the inception of the WSA product line and i use WSA along with Privatefirewall as i have been a long time supporter.If clean machines are any indication,WSA is as complete as it gets.Every single person i have ever installed WSA for,to this very day,has ever had an infection and they are all quite satisfied.They all believe it to be a very complete solution.
Userlevel 6
I agree that no A/V or A/M software is 100%. On my system, MBAM caught stuff that SAS missed, and vice versa. Of course, MBAM and SAS do not compete, so you can run both of them, but there comes a point when you have to say "enough is enough!"
It doesn't matter to me whether the company considers itself both an A/V and an A/M product ... I feel better knowing I'm running MBAM as well.
It doesn't matter to me whether the company considers itself both an A/V and an A/M product ... I feel better knowing I'm running MBAM as well.
Userlevel 7
+56
No product has100% detection but WSA has the rollback feature. I'm not sure if you seen this https:///t5/Webroot-Education/If-Webroot-quot-Misses-quot-a-Virus/ta-p/10202 And if you do have an infection it's best to let Webroot Support remove it for free because if you use other tools to remove then they can guarantee that you are fully clean or it could corrupt your system if a user doesn't know what they are doing in general. But using WSA and MBAM is good as a Layered approach to there security.
TH
TH
Userlevel 7
In reply to RWM, quite true about it being a matter of symantics probably. The fact that some other programs may catch things Webroot doesn't is true of all the programs I know of: None of them are 100% effective. But that is the reason that Webroot works so very hard to make their product capable of co-existing with others on the same machine I think. :)
I still think that WSA is a comprehensive solution for malware/spyware/antivirus, but that does not mean one should rely on only WSA.
I still think that WSA is a comprehensive solution for malware/spyware/antivirus, but that does not mean one should rely on only WSA.
Page 1 / 2
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.