Solved

Does WR SecureAnywhere Complete Defend against Browser Hijackers?

  • 23 November 2013
  • 20 replies
  • 115 views

One more question folks. A few months back (before switching to Webroot SecureAnywhere Complete)  I went to what I thought was a reputable download site (cnet download). I'd used it in the past and had no problems but upon download, I found I had been hit with a browser hijacker. Sure enough in the EULA was the agreement to add accept some browser options in whatever terms were used. I know, should have read the EULA completely. Believe me I do now! Problem is it's hard to have confidence that this won't happen again with or without EULA from "reputable" download sites. Does WR provide any protection against Browser Hijackers? It takes over your computer like a virus and in most cases is quite difficult to remove, like a virus. 
 
Thanks much for any information.
 
JB
icon

Best answer by shorTcircuiT 24 November 2013, 05:18

View original

20 replies

Userlevel 7
Hello CoyAhi, 
 
To the best of my knowledge, and I hope we see additional comments as well to confirm or deny, those hijackers that are without doubt viral or malware would be blocked.  However, some hijackers of the type you describe, such as search helper toolbars, would possibly not be blocked as they are not malware, they are considered to be Potentially Unwanted Applications.
 
While some of these may be detected, many will not be.  Please see This Reply regarding Webroot's historical postition on such software.
David,
 
Thanks for the reply. I went back and looked and turns out it was Delta Search courtesy of a CNET download that got me over the summer. I think the surprise was that it was in a download from a site I had considered, up until then, trusted. Again my fault for not paying close attention to the EULA.
 
At the time, there was little info on Delta Search and how to remove it. Now I see even CNET has a removal tool (kinda ironic). Based on its behavior (removal resistant, etc)  it would save others a lot of aggravation if WR can warn against a download of this type vs a PUA situation, say ASK.com toolbar being added during a JAVA update. Funny thing was I had Norton then and was ticked with the software for not picking it up. 
 
After getting burned on that download I guess that's why I asked in a separate question if WR had the Secure Web Browser for Windows. Better to avoid a known malicious site than to stumble across one and hope WR treats add-ons (stated in EULA or not) such as Delta Search as malware. Then again I doubt anyone of the software security firms categorizes CNET download as a malicious web site. 
 
JB
 
Userlevel 7
There is a Web Threat Shield that protects against known bad URL's.  Unfortunately, something like that PUA coming from CNET will not likely be flagged as bad and blocked.
Userlevel 7
Badge +56
Crapware providers! :@ Users must take the time when installing any software to make sure to uncheck any unwanted add-ons.
 
Daniel
Userlevel 3
I am with you on that fight but truthfully just read the agreement and ALWAYS select advanced or custom install when there is a choice as usually there will be a box to uncheck for all that, and one other way which is far to indirect for most is to see if you can get the download on a disk at a store, since sometimes they will leave that out of the disk, emphasis on sometimes.....
Problem is there there are several good programs out there (CCleaner, Audacity, Faststone, VLC, etc.) that I probably wouldn't have found without a download from good ole CNET. Guess the rules of the game have been changed. Before I had looked at EULA's as efforts by the source to protect their product, explain privacy issues, etc. Now it's also a way to bag the unwary with "bonus" code that, in the case of Delta Search, by all rights acts like a virus vs a POA.
 
I suppose I could put the ball in CNET's court and ask why they allowed said code to be available in the first place.
 
Perhaps a more fundamental question arises. Delta Search is a virus as far as I'm concerned due to it's behavior. If you've got to use a removal tool to get rid of it, it's a virus. If that's the case why wouldn't say a Norton AV have picked it up? Would WR have treated it as a virus and blocked it? 
 
JB
Userlevel 3
Delta, buzzsearch, searchprotect, conduit, mypcbackup are all technically not a virus which is why most any a/v won't pick it up, and something else I noticed that you stated was Norton, did you have that before? If so did you run the removal tool for that or just the built in? Because if you don't use the removal tool then it will actually alot of times mess up network stacks and also will sometimes create a backdoor for viruses, crapware, etc. And won't be noticed by any publicly available a/v. And so far with webroot I have not seen anyone with delta yet unless they previously have McAfee or any symantic a/v installed previously. And if you want further control make sure to use custom installed, I went and tried a download from cnet to see if the option was there and in custom install you can uncheck all the extras that no-one should ever have.
Yep, had Norton before and that was when I got Delta. I actually downloaded Norton's Power Eraser and it didn't recognize Delta as malware. I understand that Delta isn't technically a virus but if you get it you'll spend just as much effort getting rid of it as you would a virus. Didn't want to focus as much on Delta as much as on vulnerability when downloading from recognized download sites such as CNET. Based on your research it sounds like I'm ok as long as I read the fine print. :) 
 
Thanks to All
 
JB
Userlevel 3
And yes delta is really annoying, but I still put conduit as way more annoying to get rid of, but everything can be taken care of, and the easiest way to get rid of those annoying things is revo uninstaller and also if you research it ALOT before using it d7 works wonders
Haven't had the misfortune of running across conduit. Bad thing for me with delta was there wasn't much info on getting rid of it so many months back. Now there seems to be plenty of tools out there to remove it. Still think it would be a good idea to have WR Secure Search for windows. Only reason I say this is I also recall my son downloading a browser redirect over the summer when he couldn't view a music video and he downloaded an "upgrade". This happened within days of my mishap with Delta. He didn't recall  seeing a EULA on the site he'd been to.  It'd be nice to have WR Secure Browser Search available to see what WR thinks of a site before my son (or I) take a chance on it. Maybe the phrase "take a chance" on a given site provides it's own answer. :)
 
Thanks for the info on revo uninstaller and d7. I'm no techie, just a guy trying to keep the family computers healthy and avoid those nasty traps and snares lurking on the web. 
 
I've only been with WR for a couple of months but I like what I see so far including this forum. 
 
Cheers,
 
JB
 
 
Userlevel 7
It depends on the program, not every toolbar is a browser hijacker. If a program tells you what its going to do during the install and you choose to install any way then it not really a hikacker as you have been told of its intention and you hit allow. While thats not a golden rule its always worth doing a custom install of these programs to see if it installs unwanted software.
Right. Got that. Earlier in my thread I mentioned an example of Java update and the invariable do you want to add the ASK.com toolbar. Difference being, if I forget to uncheck (notice those crafty rascals always have it checked for you) I get the bonus toolbar, grumble cause I forgot to uncheck, and then delete. Not so easy with the Browser Redirects I'm inquiring about. Ask.com isn't going to disable my existing browsers and then make me jump through hoops trying to get rid of it. 
 
Don't want to take up your time if your not seeing BR's as a problem from your customers (at least those willing to admit they downloaded one). :)
 
Would still like to see WR Secure web browser available for windows so I can see what WR thinks of a site before I go to it. ;) 
 
Thanks very much for taking the time to provide feedback on this topic.
 
JB
Userlevel 7
I never said they werent a problem or an issue. We blocks tens of thousands of these toolbars but there are a large number of them that are good. If one of our customers wants help to remove them we will always help out even if its a good toolbar that they want removed. Most of these dont cause any permenant damage to the browser, its just a case of removing the extension and reset the homepage. 
Good to know WR's got my back on that. How bout that Secure Browser for Windows?
 
JB
Userlevel 2
Most browser hijacks are actually caused by the user. Failure to unecheck things you do not when installing software is directly the users fault. People amously click next, next and next then wonder why they get toolbars and such. 
Userlevel 3
As far as using d7 and revo anyone can be a techie, all it takes is YouTube, but don't take that as me saying don't go to a shop to remove viruses that make there way through, because d7 and revo have a good chance of messing up your system as well if your not careful, but if you train yourself on it it becomes rather easy and it seriously made life way to simple for removing viruses, crapware, Trojans, rootkits, and all those nasty things. But if you don't want to learn there is an easy way and rather thorough way to remove them if they do happen to make there way through, and that is FixMeStick. But the downfall is the $300 price tag, but webroot is becoming safe enough that really you shouldn't have to worry about viruses, because lets be honest, how many other a/v's actually have the ability to get live tech support and let alone have them remote in to try and solve virus issues? Because I can't think of any, and not only that but the support of the community is incredible, one thing I wish is that web root would come out with a version for Linux that had the ability to fix the grub boot loader as some commands you run to get new things are "viruses directed toward messing it up.
Userlevel 3
Also not to mention that I am a tech who honestly can say has not come across a virus, rootlit, malware, crapware, or Trojan that I couldn't get rid of and I've never had to worry while using webroot.
Userlevel 7
Badge +56
I would like to add if you do become infected while using WSA the first place you should go to is Webroot's Support Inbox as they will remove the malware free of charge. Please don't use other tools before contacting Support.
 
Thanks,
 
Daniel
Userlevel 3
I did forget that, and agree with that, the tools I said are last ditch efforts for end users to try and use, always contact support and they will be more than happy to get rid of anything for you.
Thanks again to all who've given a wealth of advice on Browser Hijackers. I'm hoping to check out some of the tools suggested by JHLittleDogTech. Thanks also to TripleHelix and JHLittleDogTech for advising that, if your stuck, WR support will assist in malware removal.
 
It's great that WR has this community forum and online resources available to users. Got the community newsletter today and enjoyed the articles.
 
Best Regards and Happy Thanksgiving.

Reply