Webroot® SecureAnywhere™ - Antivirus doesn't find all viruses.

  • 16 January 2019
  • 44 replies
  • 1803 views

Userlevel 1
Badge +3
I run a side line pc tech business out of my house. Most of my customers usually have some virus or another. 9 times out of 10 they take my recommendation to install your antivirus software but it doesn't find all viruses. I have to use adwcleaner, malwarebytes, and mbar (made by malwarebytesJ) and in some occasions tdsskiller by Kapersky.

I almost always have to run four programs to clean their pc's.

Can someone explain to me why webroot can't find all these viruses?



TIA

Dave

This topic has been closed for comments

44 replies

Userlevel 7
Badge +35
I run a side line pc tech business out of my house. Most of my customers usually have some virus or another. 9 times out of 10 they take my recommendation to install your antivirus software but it doesn't find all viruses. I have to use adwcleaner, malwarebytes, and mbar (made by malwarebytesJ) and in some occasions tdsskiller by Kapersky.
I almost always have to run four programs to clean their pc's.
Can someone explain to me why webroot can't find all these viruses?

TIA
Dave


We would need more information. If you believe that Webroot missed an infection, please contact support.


-Dan
Userlevel 1
Badge +5
Hello,

Since no third party ever certified the performance of Webroot as an antivirus, is logical to believe that , indeed, misses A LOT of malwares.

Otherwise, the company would be proud to display the software performance against the well known antiviruses on the market.
Userlevel 7
Hello,

Since no third party ever certified the performance of Webroot as an antivirus, is logical to believe that , indeed, misses A LOT of malwares.

Otherwise, the company would be proud to display the software performance against the well known antiviruses on the market.


No AV/IS/AM will catch 100% of the nasties 100% of the time...yes, there are some that do in 'the tests' but when compared to what is out there the test samples are relatively small.

Not going to go into a polemic on 'the tests'...it has been done to death and will continue to be...as like AV/IS/AM software no test is 100% either.

In fact WRSA does not "misses A LOT of malwares"...and there are test that show that...but is it any better than the other key players in the market space...that is a moot point.

Plus one has to factor in the way WRSA is designed to work. To quote the latest review by Neil J. Rubenking, of PCMag:

"For the past few years, Webroot has done very well in my own hands-on malware protection tests, though it handles them differently from most other products. When I downloaded my folder of samples from Dropbox and opened it, Webroot didn't react immediately, the way many products do. However, the first sample I launched triggered a kind of chain reaction."

The full review can be read HERE.

And in addition, you may also be interested in THIS previous thread on the topic.

Personally, I think that one should be informed before making statements that are questionable in some peoples' minds.

But that is just my opinion...of course.

Regards, Baldrick
Userlevel 1
Badge +5


Personally, I think that one should be informed before making statements that are questionable in some peoples' minds.

Regards, Baldrick


I agree with you about being better informed.
It is impossible to be informed though if Webroot is not tested by anyone in the last 6 years ; PC Mag is insignificant in the market and for every software in the market if you look long enough , you can find a positive review...

Bottom line, as long as Webroot stays "in the house" and doesn't get exposure to third party testers I will not touch it....
Userlevel 7
That is where we have to agree to disagree.

A. PCMag is far from insignificant in the market (at I would say it is not about the magazine but rather the reviewer...and in this case he is extremely well regarded in the milieu).beg to differ. Likewise the view can and is taken that some of the 'testing organisations' are dubious to say the least. Again, do not wish to start a polemic on this as it has been oft done.

B. The article that I linked to explains as to why this whole area is an issue re. WRSA. So to quote from that PCMag article:

"As noted, Webroot handles new, unknown programs by letting them run under strict monitoring.

It prohibits irreversible actions like sending personal data to the internet, and keeps a journal of reversible actions, all while awaiting a verdict from Webroot's cloud analysis system. If the program under judgment proves to be nasty, Webroot wipes it out and reverses all its changes.

This system just isn't compatible with many independent lab tests. Labs like AV-Test Institute and AV-Comparatives expect antivirus programs to act right away on malware they recognize, whether detection occurs using signatures, heuristics, or behavioral analysis. Webroot's relationship with the labs has been rocky, but two of the four that I follow have recently included Webroot in their testing, with decent results."

If you read on from that point in the article you will further explanation...assuming that you are minded to read it.

I am not saying that all this proves a point but rather helps to inform on the original point...which is backed up by the experience of the vast majority of Community members who have expressed themselves. In my own case WRSA has, on a number of occasions in the past, 'saved my bacon', since I started using it . I cannot say the same for a couple of the other solutions I used prior to that.

But as ever, only my experience of WRSA.

Regards, Baldrick
Userlevel 1
Badge +5

It prohibits irreversible actions like sending personal data to the internet, and keeps a journal of reversible actions, all while awaiting a verdict from Webroot's cloud analysis system. If the program under judgment proves to be nasty, Webroot wipes it out and reverses all its changes.

This system just isn't compatible with many independent lab tests. Labs like AV-Test Institute and AV-Comparatives expect antivirus programs to act right away on malware they recognize, whether detection occurs using signatures, heuristics, or behavioral analysis.
Regards, Baldrick



Hello Baldrick,

Thank you for clarifications!

Typically, the cloud analysis of an unknown application is very fast , almost instantaneous , so if Webroot has something to say this will happen in a few seconds.

So I believe that "Jurnaling" issue is just an excuse for non detection; of course , after a while most antiviruses will detect the "unknown" malware and then Webroot will claim " finally , we finished the analysis and , if we had the chance, we would revert the malicious changes"

I do not see a scenario when Webroot will journal for days , only to make a decision a week later.

The "journaling" approach, while seems "advanced" has major flaws, and has not been embraced by other major players on the market (only few anti-ransomware software employ this)

  • the computer is not boot-able after a malware attack , so the user cannot start it. Webroot cannot restore files from jurnaling if the computer is not bootable
  • The malware (ex: non Petia) destroyed MBR , so again PC is not bootable
  • the user has no internet connection ( example a flight Amsterdam- Australia) for extended number of hours and is inserting an infected USB drive. Webroot has a minimal signature database stored locally , so cannot juornal for 16 hours or handle this situation
In my own case WRSA has, on a number of occasions in the past, 'saved my bacon', since I started using it . I cannot say the same for a couple of the other solutions I used prior to that.
Ditto for me.
Userlevel 1
Badge +5

In my own case WRSA has, on a number of occasions in the past, 'saved my bacon', since I started using it . I cannot say the same for a couple of the other solutions I used prior to that.Ditto for me.


Nothing unusual here: go to other forums (Avast , Avira, Kasbersky, Bitdefender" and you will find people saying the same :

"Avast / Avira / Kasbersky / Bitdefender on a number of occasions in the past, 'saved my bacon', since I started using it"

Your own experience with WSA cannot substitute professional third party testings.

Imagine going to University, and instead of participating to the admission exam , you will come with a friend to testify that you are a good guy and you never created problems to anyone 😀....
Well, that's my regularly being infected while using various well-known AVs pre-2006, and then never knowingly being infected since—plus others who I refer to serving large customer bases and reporting similar results—dexterously dismissed.
Userlevel 7


In my own case WRSA has, on a number of occasions in the past, 'saved my bacon', since I started using it . I cannot say the same for a couple of the other solutions I used prior to that.Ditto for me.
...Your own experience with WSA cannot substitute professional third party testings.

Imagine going to University, and instead of participating to the admission exam , you will come with a friend to testify that you are a good guy and you never created problems to anyone 😀....


With respect...yes, real life experience (good & bad) can if the 'professional third party testings' do not make sure that that the 'tests' are fair and representative (and your analogy leaves much to be desired, by the way).

That would be akin to emissions testing a diesel engine car using ALL of the parameters & tests applied to petrol engine cars...clearly that is not the case...whilst there are many tests that can be applied to both the fact that the technologies/the way the different engine types work are not identical is taken into consideration when setting up & undertaking the engine tests.

As has been clearly stated in the articles linked to (and indeed acknowledged by some of the so called 'professional third party testings') the tests do not cater for the rather unique way that WRSA works compared to the run of the mill rest of the field.

Having said that I know that Webroot is working with some of the testing organisations to get the 'playing field' levelled...hopefully soon.

Baldrick
Userlevel 1
Badge +5


the tests do not cater for the rather unique way that WRSA works compared to the run of the mill rest of the field.


Baldrick


So what about what I mentioned above????

"The "journaling" approach, while seems "advanced" has major flaws, and has not been embraced by other major players on the market (only few anti-ransomware software employ this)

  • the computer is not boot-able after a malware attack , so the user cannot start it. Webroot cannot restore files from jurnaling if the computer is not bootable
  • The malware (ex: non Petia) destroyed MBR , so again PC is not bootable
  • the user has no internet connection ( example a flight Amsterdam- Australia) for extended number of hours and is inserting an infected USB drive. Webroot has a minimal signature database stored locally , so cannot juornal for 16 hours or handle this situation"
On top of that I can add the situation when a malware is stealing personal info (banc accounts, login info) , while Webroot is "journaling"

After 1 hour of analyzing , restoring the files modified will not do anything , as the info is already stolen.
Webroot has one of the better feature sets we’ve seen from an antivirus. The most impressive feature, though, is Webroot’s unique approach to malware detection and monitoring.

We test every antivirus using hands-on and lab results to get an overview of how it performs. Our hands-on tests establish a baseline for home machines, while lab results provide performance numbers with a high sample size.

Webroot doesn’t take well to this approach. It uses a different method of identifying malware than most other antiviruses. Running malware through it may not return a block, at least, initially.

Instead of using a signature database, Webroot monitors metadata and behavioral patterns. Unknown programs are put under scrutiny, with Webroot suppressing irreversible actions and logging the program’s behavior. In some cases, a human malware expert will look into the program to determine its safety.

Instead of a reactive model, Webroot is proactive in real-time endpoint monitoring. It defends each endpoint individually while gathering and analyzing data to grow the cloud database of malware.

New malware from MRG Effitas wasn’t blocked right away. Webroot monitored these programs for a while and, eventually, blocked them. In the end, it blocked 100 percent of the infected files we threw its way.

Some of those files were ransomware, a nasty virus that will encrypt your local data and hold you hostage to get it back. It monitored, then blocked the ransomware and reverted the files to their original state.

It’s scary leaving malware on your machine, but Webroot shows the approach is safe. It doesn’t allow anything to happen that’ll hurt your machine. Rather, it allows you to take part in growing the database, so the antivirus can be stronger in the future.


https://www.cloudwards.net/webroot-secureanywhere-review/
Userlevel 1
Badge +5

Webroot has one of the better feature sets we’ve seen from an antivirus. The most impressive

https://www.cloudwards.net/webroot-secureanywhere-review/





So bjm, you gave a "like" to your own posting???? That is unusual!
Thanks for the link, bjm_. Interesting read. (I think I'd seen it before but I hadn't paid it such careful attention)

As you might put it, a different take from MT's—aaarghh sorry 😨 slip of the tongue 🤐—Locomotive's 🤔
Userlevel 7


the tests do not cater for the rather unique way that WRSA works compared to the run of the mill rest of the field.


Baldrick
So what about what I mentioned above????

"The "journaling" approach, while seems "advanced" has major flaws, and has not been embraced by other major players on the market (only few anti-ransomware software employ this)

  • the computer is not boot-able after a malware attack , so the user cannot start it. Webroot cannot restore files from jurnaling if the computer is not bootable
  • The malware (ex: non Petia) destroyed MBR , so again PC is not bootable
  • the user has no internet connection ( example a flight Amsterdam- Australia) for extended number of hours and is inserting an infected USB drive. Webroot has a minimal signature database stored locally , so cannot juornal for 16 hours or handle this situation"
On top of that I can add the situation when a malware is stealing personal info (banc accounts, login info) , while Webroot is "journaling"

After 1 hour of analyzing , restoring the files modified will not do anything , as the info is already stolen.


What you are missing here locomotive is a very salient point...when an object cannot be determined as good or bad,; so that specific action can be taken, WRSA will start monitoring that object journaling its actions but ALSO severely restricting the actions it can perform...and one of those is communication to the outside world...therefore whilst you certainly can "can add the situation when a malware is stealing personal info (banc accounts, login info) , while Webroot is "journaling"" you would be completely wrong as the 'addition' is irrelevant/cannot happen.

One should really do some more focussed research rather than just spouting the some old diatribe that has been seen/heard before...it is like a broken or scratched record.

Some points have been raised...they have been responded to appropriately as it happens...and there is an end to it. We have to beg to differ, and go our separate ways on this.

Wishing you ease of being...elsewhere.

Baldrick

So bjm, you gave a "like" to your own posting???? That is unusual!

Yes, does seem bizarre. I've commented re "unusual" in another thread.
May be by design or new Community ?

Webroot same as all programs may not not satisfy all users, all the time.
Userlevel 1
Badge +5

So bjm, you gave a "like" to your own posting???? That is unusual!
Yes, does seem bizarre. I've commented re "unusual" in another thread.
May be by design or new Community ?



Usually Triple Helix is the one to give "Kudos" left and right and to applaud everyone who praises WSA.

A "like" to your own posting is the new low here , on Webroot forum.


So bjm, you gave a "like" to your own posting???? That is unusual!
Yes, does seem bizarre. I've commented re "unusual" in another thread.
May be by design or new Community ?

Usually Triple Helix is the one to give "Kudos" left and right and to applaud everyone who praises WSA.

A "like" to your own posting is the new low here , on Webroot forum.

BTW ~ as Webroot user. I'm qualified to contribute my observations, my feedback, my opinions. I'm qualified to Like others' contributions.
I'm not qualified to critique others' contributions. I'm not qualified to judge others' contributions. I'm not qualified to attack message content nor message contributor.
I'm not Webroot staff, not Webroot support, nor software engineer, nor malware expert, nor security product expert, nor Microsoft expert, nor * expert.
As a Webroot user and member of the Webroot Community. I am qualified to contribute and to Like...sans judgement.
Userlevel 1
Badge +5
As a Webroot user and member of the Webroot Community. I am qualified to contribute and to Like...sans judgement.


Not sure what you want to say by "sans judgement" , but the lack of judgement in giving yourself "likes", puzzles me.

But, I can asure you will perfectly fit in the Webroot community ...

Good luck!
But, I can asure you will perfectly fit in the Webroot community ...

Good luck!

Thanks.
Good luck 2 U 2.
Userlevel 4
Badge +12
Well, that's my regularly being infected while using various well-known AVs pre-2006, and then never knowingly being infected since—plus others who I refer to serving large customer bases and reporting similar results—dexterously dismissed.

How is it that one is "regularly infected"? I entirely do not identify with that statement. I've been online since 1997 and was infected once in my second year. I well remember coming home from vacation in 1998 and logging onto a site that was ill-advised. That was "it" for me. It was my own fault and I determined then and there to use common sense in what I downloaded, where I went online, which links I clicked on especially in my email as well as ensuring that I was always running with the latest software. I've used some of the AV programs mentioned and none of them ever found anything from that point forward (and I've used online scans to help determine whether, in fact, I was clean and I was. So how one manages to be "regularly infected" is totally beyond my grasp. No AV program including WSA will help to keep anyone 100% clean. They help but are no guarantee. To be regularly infected means you are simply not exercising common sense and if you've remained clean since 2006 and attribute that to WSA then you're being naïve. I'd say it's either more a case of uncommon luck OR the fact that you may have awakened to poor online habits.
Userlevel 1
Badge +5

Well, that's my regularly being infected while using various well-known AVs pre-2006, and then never knowingly being infected since—plus others who I refer to serving large customer bases and reporting similar results—dexterously dismissed..... and if you've remained clean since 2006 and attribute that to WSA then you're being naïve. I'd say it's either more a case of uncommon luck OR the fact that you may have awakened to poor online habits.



Neither one; he simply tries to advertise WSA as the best thing since sliced bread...
Can someone explain to me why webroot can't find all these viruses?

Curious, the thread starter has not returned, as yet.
Hope davetully returns.
Just me. Just saying.
Userlevel 4
Badge +12


Neither one; he simply tries to advertise WSA as the best thing since sliced bread...


I probably came on a bit too strong. It's just that I've been around for a while now and I know a bit about this subject. I know we tend to look for the so-called best AV program but truth be told - there is no best in anything (cars, shavers, computers, software programs). Anything we make is imperfect and with AV software there is no 100% guarantee of anything. There are always holes and always the need to patch and re-patch. I use WSA but I'm not under the delusion that it is necessarily "the" best program bar none. I use it mainly because of its low impact on system resources and its ability to scan quickly. I have a certain amount of confidence in its ability to prevent and/or root out malware but I don't ascribe anything more to it in that regard than any of the top contenders identified by AV-Test or AV-Comparatives or Virus Bulletin. The price is right... the program is light... and I'm fine with it (for now). My wife uses nothing but Windows Defender and before than Security Essentials with no problems whatsoever. I'm not here to play up to Webroot staff. I will say that the ones I've communicated with are very friendly and knowledgeable and I'm glad to be here. But I don't view the product through rose-tinted glasses. It's a program subject to errors and hopefully patched quickly. So far I'm not impressed with the inability to mend the Password feature.
So how one manages to be "regularly infected" is totally beyond my grasp.
I was just relating my experience.

I wasn't looking for the perfect AV. "Common sense" and "online habits" did not change for me in one day. I have been as surprised as anyone else with my experience. I considered and consider it worth sharing with others. And apparently I am not alone.

Obviously, I seem to have struck a nerve with some, so maybe it would be better if this is my last post on this thread.

Incidentally, I agree with @bjm_ that it would be nice if the OP @davetully could come back and elaborate a bit more. That might be an interesting discussion.