Detection rate

  • 24 July 2022
  • 7 replies
  • 353 views

Hello,

From 136 malware samples in my PC, Webroot detected ...3.

 

How do you guys stay in business?????


7 replies

Userlevel 7
Badge +24

@kapa 

 

What kind of files were these as Webroot detects executable files (PE files). We wont detect docs until they try to do something malicious like macros into downloading something executable. Document files are benign sitting on disc.

 

Also note that if 1 executable file would create 30-40 registry entries or other reliant files or changes, that when detected it would reverse all those registry entries, dependent files, but still only show the original source file as quarantine, while other security solutions would inflate the detection count to 40+ “malware found” This is the common misalignment when comparing detection results 

 

Let us know more details and I would be happy to assist

Hello TylerM,

Just go to MalwareBazaar and download ANY malware discovered in the last 48 hours.

 

None of them are detected by Webroot, but 99% are by Windows Defender.

I tried over 200, 2-3 were detected by Webtroot while wast majority were detected by Defender.

Realistically, I do not see a reason for anyone to use Webroot.

 

I do have several 2-3 years Webroot licenses which will be left unused.

 

 

 

Userlevel 7
Badge +63

Hello TylerM,

Just go to MalwareBazaar and download ANY malware discovered in the last 48 hours.

 

None of them are detected by Webroot, but 99% are by Windows Defender.

I tried over 200, 2-3 were detected by Webtroot while wast majority were detected by Defender.

Realistically, I do not see a reason for anyone to use Webroot.

 

I do have several 2-3 years Webroot licenses which will be left unused.

 

 

 

If you didn’t know @TylerM is a Webroot Sr. Security Analyst I’m also sure he has better places to get malware and malware that is running in the wild. Most on that site people will never see so why worry!

 

Also see here: https://community.webroot.com/community-101-2/webroot-community-guidelines-297902

 

No Private Testing Discussions
We do not condone private malware testing by end-users. This is never a good idea, and in some areas it's actually illegal. The whole point of antivirus software is not to get infected, and unfortunately when somebody sets a bad example, there will always be others who are influenced into following the same path. It's not something we want to encourage.

Hello Daniel,

First, is this a new trend to “like” your own postings????

 

Second, who is TylerM is irrelevant, as long as my statement is true.As a customer I have the right to know what I am paying money for.

As long as Webroot does not participate in ANY official testing, We, as consumers, have no choice than to educate ourselves.

 

I spent over 60 hours (accumulated) restoring my PC to start over and over again with my testings. For ZERO DAY, Webroot has less than 5% detection rate.

If the sample is 3-5 days, the rate is around 40%.

Regardless how old is the sample, rate will never be more than 60%

 

This is my finding, in line with all the tests from Youtube, pertaining Webroot.

Userlevel 7
Badge +24

You are more than welcome to reach your own conclusions using youtube and malwarebazaar. A good portion of the files on the download page are for linux or scripts that would need to execute to pull binaries and will not get detected as is sitting dormant on disc. Most zoo tests where the malware is sitting on disc are not effective or an accurate representation of real infection scenarios.

 

I highly suggest you use reputable testing orgs that go through these actual testing scenarios - that we are a part of and perform well in

 

That being said, I have passed along the API to our threat research team for evaluation. 

Hello TylerM,

Thank you for your answer and for being open minded….

I “clicked” on the AWARDS button (out of curiosity).

Webroot, with 96%, finished  last  from 8 participants , so nothing to be proud off.

Microsoft Defender (enterprise) had an accuracy rate of 100%

Userlevel 5
Badge +1

It’s a valid question being asked. SE Labs are very thorough with their testing. Webroot Home is particularly poor compared with the rest.

It is what it is, but what steps are being taken to improve detection ? 

Is the ownership by Open Text hindering further improvement and development ? The interface needs a refresh for a start, and it’s very blurred on high res monitors. But what’s happening to improve the technical capabilities of this product ?

For transparency, I have one installation of WR Home on a low risk PC, but would buy many more for my business if I was more satisfied about the product and direction.

 

Reply