Webroot's position on PUA

  • 22 May 2013
  • 5 replies

Userlevel 7
Can someone from Webroot state its stance on Potentially Unwanted Applications? Other vendors seem to be more aggressive against this type of software while the impression I've gotten from Webroot in the past is that they wish to mostly focus on explicitly malicious software, regardless of ill repute or deleterious effects of a PUA. Feel free to correct me/take issue with any of these statements.
Here are some links that describe these issues:
Can you also comment on a technical level how browser modifications including toolbars and software that injects/modifies content inside of a webpage is handled by Identity Shield?
I'm posting this in the consumer forum since business mostly have WSAWSS and other controls to guard against these issues.
This is something I've been wondering for quite awhile. Thank you! 

Best answer by Rakanisheu Retired 22 May 2013, 10:45

View original

5 replies

Userlevel 7
Hello explanoit and thanks for the great topic. :D
I am also curious to hear Webroot's standpoint to PUAs. I agree with you that WSA is not so hard towards those applications. On the upside ESET and NIS are quite paranoid as regards the PUAs. I used the both applications in the past and sometimes it was a real pain. I would like to see an approach that is just in the middle.
As for the identity shield, all browsers are added automatically to the Protected applications list with status Protected what secures them against information-stealing, injections, man-in-the-middle attacks, clipboard stealers etc. It means the browsers are in fact isolated (not accessible) from the system but also have full access to data on the system.
Hope someone more technically erudite will correct me if I am wrong or will complement me.
Userlevel 7
We have a set guidelines on what we can mark as bad and we follow them to the button.We mark a large number of PUA`s every day in fact I marked about 75 thousand bad yesterday.
A large amount of the tickets I see about customers having an issue about PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad (thats not set in stone of course!).
In the links you posted the first one isnt really PUA they are talking about malware (password stealers etc) which we of course we block. The grayware def again is a little vague they talk about Dialers (which we block), Adware which there a varying types of some we block some we dont (it varies for each program).
What people forget is that "free" programs often use advertising in order for the creater to make some money. Its extremely common on mobile applications but for some reason when its on a PC platform people get really annoyed 🙂 Toolbars are a pet hate of mine, if I had my way I`d mark them all bad but to be honest the majority of them will tell you what they do before the install! My rule of thumb is to avoid them all.
Userlevel 7
That is a good point. Howver, many computer users are very click happy and the way some of these PUA's are written, it can mislead a user into thinking that it is a required part of the legitimate program the are installing.
Userlevel 7
Webroot's public approach to PUA appears to have been changed. Your blog is now focusing extremely closely on how PUA is acting as a conduit to malware and we have learned about a new option in the interface (to be unveiled) that specifically deals with this class of software.
Does Webroot have any new statements on changes to internal policies or their new public focus on PUA?
Userlevel 7
Badge +56
If it's true it would be nicely accepted by advanced users and any user really as the security forum that I'm an admin on has a long list of such unwanted add-ons even though some of them need to be updated: