How Good Is WebRoot Complete?


Malwarebytes shows 30+ instances of spyware....
Webroot shows 3
 
So there seems to be a conflict of who is right, who is wrong....
If Malwarebytes is right, that means Webroot isnt that good...
If webroot is right, then malwarebytes is lying....
 
Every antivirus wants to claim how good they are...
Just have not seen it yet, or been proven otherwise.....
 
however I am tired of running this for spyware, running
that for antivirus, then find out that neither was any good
because I still have spyware and viruses....
 
 

30 replies

Userlevel 7
"If Malwarebytes is right, that means Webroot isnt that good...
If webroot is right, then malwarebytes is lying.."
 
Malwarebytes detection criteria for Potentially unwanted programs differs from ours. So it may very well be detecting 30 items, but they may not be malicious. Also Malwarebytes detects every component of one toolbar, so a toolbar detection in Webroot wil show 1 item detected (wont show all its components but it does remove them) where as Malwarebytes will show every component of it (registry/files/folders/plugins) so it can be 30.
 
If you paste the log from Malwarebytes in here I will take a look. But I will take a guess that its non-malicious detections and Malwarebytes hasnt removed it by default.
I understand what you are saying, but my reasoning is fairly simple, if it is not supposed to be
on my computer, then it is all malicious, regardless of its intent. regardless of how evil
or not the hostile invaters are, I try to rambo them all, but get tarazon instead....
I will see if I can post something later on today...
 
Thanks
Userlevel 7
I am afraid it not so simple as that.That type of reasoning is why people start deleting random files that they think are bad and then end up with a non-booting system! If you post the logs later I`ll look at them and see what it detected.
Userlevel 7
Hello dsimms, welcome to the Community.  Rakanisheu is entirely correct and I urge you to post the log samples he has requested.  While many of us on the Community are volunteers, Rakanisheu is a Webroot Employee and one of the top Threat Researchers there is in my opinion.  You are in very good hands here.
Userlevel 7
Good morning @  and as @  said, "Welcome to the Webroot Community"!! 
 
Please do post the log samples so that Rakanisheu can help you out.  DavidP is right, "You are in very good hands here" with @ 
 
From a purely personal perspective, I run both Malwarebytes and Webroot SecureAnywhere Internet Security Complete.  I understand your frustration, but there's no 'one size fits all' solution — at least not that I have found so far.
 
It is a bit outdated, but I think this sums it up quite well:
 
You are correct that malware is a very general term, however Malwarebytes' is not an antivirus, it is basically a program designed to detect and remove infections that most antivirus programs tend to miss or are unable to remove. You should absolutely have an antivirus software along with a good firewall and of course a good antispyware/antimalware app like Malwarebytes' Source: Is AntiMalwareBytes an Anti Virus program?
Userlevel 7
Completely second that, David
 
And so the great what is one persons PUA/PUP is another persons favorite addon/app...hence the need for caution and there being no blanket solution as Rakanisheu has so eloquently indicated.
 
Baldrick
 
 
Userlevel 7
Hello LabVIEW707 and welcome to the Webroot Community.
 
In my experiences, most of what WSA misses on download tend not to be true malware but what the Commumity calls PUA's.  Potentially Unwanted Programs.  I call them annoyware.  They cause pop-ups and needless ads, and they slow down the computer, particularly the browser.  Some AV's catch them, some don't.  Webroot is catching more amd more of them.  Usually a PUA is determined to be 'listable' by Webroot if even though it is not really malware if it is intentionally hidden, difficult to remove, etc.
 
Since WSA works so very differently than traditional AV software, some tests simply do not effectively test.As a result, Webroot has chosen not to participate in some.
 
Please note that any PUA that is currently not detected can be submitted to Webroot for review and inclusion.
 
Please note that the Community Guidelines prohibit discussion of private malware testing.  If you feel safe doing so, that is quite fun but we do ask that it not be discussed on the Community.  We DO encourage you to submit any malware amd PUA-s to Webroot for review.
 
Due to the Guidelines, would you mind editing your post to remove testing references as well as the name of the website from which you obtain samples and the discussions thereof.
 
I hope to continie to see you here on the Community!  While most of us are volunteers, we have some very good and talented people here as well as some Webroot Mods amd Threat Researchers as well.
Userlevel 7
Hello LabVIEW707
 
Welcome to the Webroot Community
 
As David has pointed out WSA works in a radically (some might say) different way to all the other mainline security apps out there at present.
 
To try to explain the WSA approach please take a look at this article & this previous post (a bit long but worth reading IMHO) which will hopefully explain the behaviour that you are commenting on.  I am not trying to persuade you of WSA's prowess...just inform.
 
Hope that this is of use?
 
Regards
 
 
Baldrick
Userlevel 7
Are you sure that Esset is not giving a False Positive on some of these?
 
Again, please do continue to submit samples to Webroot.  That helps make the product better for you, and everyone else too!  But also please ahdere to the Community Guidelines as well :-) 
Userlevel 7
Hi LabVIEW707
 
Apologies if you found my post condescending...please believe me it was meant to be informational given that I had no knowledge of your knowledge of WSA...:$
 
As you are obviously aware WSA does not care about malware that is inactive/dormant (as it is not viewed as dangerous in that state) but jumps in as soon as malware attempts to run/execute....but it was not clear if you were just scanning or executing apps when making the comparison between WSA and other security apps.  Clearly you cannot compare in terms of scanning.
 
So again, my apologies.
 
In terms of "...its hard to believe that WSA is effective."...well, would there be 30 million users (and growing) worldwide if it was as poor as would seem to being suggested?  I think not.
 
Regards
 
 
Baldrick
Userlevel 7
From the Community Guidelines:
 
No Private Testing Discussions.
"We do not condone private malware testing by end-users.  This is never a good idea, and in some areas it's actually illegal.  The whole point of antivirus software is to not get infected, and unfortunately when somebody sets a bad example, there will always be others who are influenced into following the same path.  It's not something we want to allow to be encouraged."
 
The reality is that it requires a very talented professional to so this safely, otherwise there exists huge risks of damage not only to your own computer but also a risk of releasing the malware to others. The average user is simply not safe in attempting this, yet discussion regarding it would encourage others to try it, with potential disasterous results.
 
Think of it like a beginner PC tech working from home with no real training or experience. How often have we heard stories of a PC being brought to the 'kid next door' to be worked on with disastrous results? Plenty!
 
We always advise that general users never attempt hardware repair on their own due to the risks, and the same holds true here.
 
This Forum, provided by Webroot, is designed with the average user in mind, to help them with day to day problems using the software, just as many PC troubleshooting forums sponsored by the PC manufacturers do not go into the technical areas of hardware repair.
 
We therefore are asking you to remove any references regarding the testing of malware and refrain from doing so in the future. But we are also happy to answer any questions, that conform to these guidelines. If you have some specific details of malware tests that you wish to present and/or query with Webroot then this is best done directly rather than here, and can be accomplished by Opening a Support Ticket, which will most probably be passed to one of Webroot's professional Threat Researchers for review & progressing.
 
Thank you for your understanding and co-operation in this matter.
Userlevel 7
I am sorry LabVIEW707 but the forum that you mention can IN NO WAY be compared to this Community...and I will go no further along that path as I may say somethng that will be misconstrued.  And in any case we are the Webroot Community and what members do in other fora is of no or little concern here.
 
I believe that we here are all perfectly happy with the way WSA performs and have many years of experience as well with it as well as numerous other security apps.
 
You are not happy with what you see WSA as doing...well, that is your perogative...and you are entitled to it.  As we are to ours.
 
Regards
 
 
Baldrick
Userlevel 7
No one here questions your experience: we have to make our replies NOT knowing what a persons experience is.  You would appear to be a professional, and quite safe in how you handle malware, but a majority of the users on this Forum are not as experienced and so we have to, when making a reply, assume that the OP is not as highly experienced as you are.
 
Your efforts to improve detection are to be applauded, and please keep doing so.  No AV is perfect and Webroot knows that, and all submissions are checked carefully.
Userlevel 7
You IMHO clearly are not serious if you post that.  As far as I am concerned I am bowing out of this discussion.
 
I wish you well for the future.
 
 
Baldrick
Userlevel 7
@ wrote:
I will also add this. Every single antivirus has a recovery system. Such as a bootable disk or USB drive. Why doe Webroot not have such a feature? 
That is a good point.  You can find an Idea regarding that, as well as the discussions, Here.  Personally, I also would like to see a recovery CD or USB Drive capability.
Userlevel 7
As I have said in the past we do have a bootable image that we use to fix damaged OS installations or remove malware on a pre-infected PC but its not something we give out to the public. Most of the time WSA journaling will roll back the changes
Userlevel 7
Badge +56
Here you go: https://www.brighttalk.com/webcast/8241/95617
 
TH
Userlevel 7
Badge +56
Well you did ask I joined it's a great place here is another but it only talks about ransomware a little not like the link above! This one is just over an hour.
 
TH
 

 
 

Userlevel 7
Badge +56
Your questions have been answered by other members and Webroot Staff and you don't seem to be to nice what are you doing Trolling?
 
TH
Userlevel 7
Badge +56
Sorry I don't play with Trolls!
 
TH
Userlevel 7
Badge +56
https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202
Userlevel 7
At this time, given that you have refused to follow Community Guidelines, refused any attempt to explain how WSA works, including that which was provided by a Webroot employee as well as the video presentations created and posted by Webroot to demonstrate the features you are asking about, I think a Trouble Ticket and/or simply waiting to see a reply from one of the Admins would be a good idea.
 
 
Userlevel 7
Badge +56
https://community.webroot.com/t5/Security-Industry-News/How-To-Avoid-CryptoLocker-Ransomware/m-p/63647#M2466
 
https://community.webroot.com/t5/Security-Industry-News/How-To-Avoid-CryptoLocker-Ransomware/m-p/65059
 
https://community.webroot.com/t5/Webroot-Education/CryptoLocker-Malware-What-you-still-need-to-know/ta-p/69057
 
Business: http://www.webroot.com/ca/en/business/products/endpoint/operational-risk/forensics
It looks like some stuff has been going on since I have been busy...
Sorry, I did not mean to cause a stir-fry in the forum :)
 
I noticed one of the first few posts stated "do not do private testing"
Does this mean "do not post logs"? So I am not sure, one asked
to post logs, then another said no testing, and I am not sure
exactly what he meant by that....
 
Thanks
Userlevel 7
Hi dsimms
 
Good question...by 'private testing' we mean were an individual undertakes the testing of security apps by using malware samples.  Now whilst there is nothing to stop an individual from doing so (except common sense and a host of other valid reason that I will no elucidate here) what is against the Community Guidelines is the discussions  & representation of such activity and/or its results...there are numerous other sites where one can do that...BUT NOT HERE.
 
On the other hand the posting of logs (and by these we mean WSA Scan or Threat logs) is sometimes requested to assist in clarifying an issue and the like...that is fine although one should take care that the log posted does not reveal private informatison, etc., that one would not want to share...;)
 
So two different, but potentially confusing terms.
 
Hope that helps?
 
Regards
 
 
 
Baldrick

Reply