Webroot Antivirus with Spy Sweeper PDF Print E-mail

Webroot Antivirus with Spy SweeperLast year Webroot took the bold step of completely junking their existing antivirus technology and replacing it with something completely different. The latest edition, Webroot SecureAnywhere AntiVirus 2013, is still under 1 MB in size, but it does even more. In addition to excellent antivirus protection, it includes firewall-style program control, an antiphishing component, and powerful protection for your browser and your secure connections.

If you install a trial version, you'll get an offer of help deciding which product is best. The installer collects answers to a few questions, analyzes your system status, and suggests a product or combination of products. For example, if you have multiple browsers it recommends password management, but if you have very few personal documents stored it figures you don't need a backup solution.

The actual installation of this antivirus takes just seconds, but the installer performs a number of additional tasks. Where the old installer just showed a simple progress bar, the installer for the 2013 edition clearly displays what it's doing. In particular, at install time it analyzes your system and configures the product for best performance.

A high-level collection of settings lets you tweak the product's overall behavior. For example, you can move a slider between "Set and forget" protection and "Hands-on security," or between "Minimal system resource usage and "Fastest scanning." Most users won't need to dig any deeper. In fact, if you do go to change any of the product's advanced settings it gently points out that you really don't need to and offers you a chance to reconsider. Of course, if you do want to continue you're free to change anything you like. For testing, I left the advanced settings alone.

The new main window offers live up-to-the-second statistics such as how long the product has been active, when the next automated scan will occur, and how many files the product is monitoring. It also links to various pages of the advanced settings dialog. It even reports the average CPU usage (0.18 percent on my test system) and disk space usage (0.006 percent). This version is definitely more informative than its predecessor.

It's worth noting that Webroot SecureAnywhere Business offers exactly the same protection for businesses. The IT team will appreciate the way it installs quickly and doesn't require signature updates. The business edition adds full-scale remote management and deployment, with centralized control over security policies.

Fast Install and Scan

As noted, Webroot performs a full system scan as part of the installation process. On my standard clean test system, a full scan took about six minutes. That's vastly less than the current average of 39 minutes. If the scan does detect any threats, Webroot launches another scan after cleanup, to ensure that it caught everything.

The installation problems that plague so many of my malware-removal tests were refreshingly absent this time around. Webroot installed and scanned without any problem on all of my 12 malware-infested test systems. One system lost network connectivity after cleanup; Webroot tech support checked the logs and quickly supplied a script that fixed that problem. I managed to install the product, scan the infested systems, and record the results all in a single day.

Superb Malware Blocking

To check Webroot's ability to protect my clean test system, I opened a couple of folders containing a mix of malware samples and valid (but not digitally signed) utility programs. It didn't immediately start wiping out threats the way some products do. Webroot tech support explained that in order to minimize system impact, the realtime protection doesn't check files on every access, just on access that might lead to executing the file.

I single-clicked to select each file in turn, which was enough to trigger a realtime check. Webroot wiped out almost all of the samples at this point. Interestingly, when I tried the same test on a folder containing hand-modified versions of the same files, Webroot ignored half of them. However, when I tried to launch one of them it suddenly took an interest and wiped out the rest.

Hardly any samples remained after Webroot's initial assault, and when I launched those that remained it detected all of them. With 100 percent detection and 9.9 points, Webroot once again leads the pack with the best score for malware blocking. Trend Micro Titanium Antivirus+ 2013%displayPrice% at %seller%, SecureIT, and Daily Safety Check Home Edition%displayPrice% at %seller% came close, with 97 percent detection. SecureIT achieved 9.7 points, which puts it in second place.

Excellent Malware Cleanup

As noted, Webroot's full system scan runs quickly, but after removing threats it always scans again, just to be sure. In many cases it requested a reboot before running that followup scan. If the followup scan detects something, it runs yet another scan after cleanup. One test system needed five scans. You have to admire Webroot's persistence!

Webroot doesn't use file-based signatures to identify threats; that's part of why it can be so small. Instead, it examines hundreds of file characteristics and behaviors and checks them against its cloud database. That means it can detect a never-before-seen zero-day threat just as easily as a well-known one. It also means the antivirus doesn't have a standard template of known file and Registry traces to check when removing a threat.

I thought of that when I noticed that the cleanup scan was leaving behind an unusual number of executable traces. It almost always got the main malicious program, but missed some supporting files. When I clicked on these files or, in some cases, launched them, Webroot quickly wiped out most of them. No, I don't do this in every test, but I consider it a reasonable accommodation for Webroot's unusual detection technology. In the real world, those files couldn't have done any harm because they'd be whacked before they could execute.

Phishing and Privacy Protection

Webroot checks every Web page you visit to ensure that it's not fraudulent. In order to avoid slowing down your browser, it lets the page download and then checks it for signs of fraud. If the page is indeed fraudulent, Webroot overlays a warning on the browser window and suggests you navigate away.

According to my contact at Webroot, the phishing protection is going to improve markedly in a few weeks. That's good, because at present it's not terribly impressive. In my standard antiphishing test, its detection rate was 45 percent behind Norton's and 10 percent behind Internet Explorer alone. It did seem to complement IE well; the two combined would have been just 13 percentage points behind Norton. Be sure to leave IE's Smart Screen Filter turned on.

Keeping you from giving up your passwords to fraudulent websites is one way Webroot protects your privacy. The Identity Shield feature is another, but it works almost entirely invisibly. Identity Shield's features include preventing websites from "creating high risk tracking information," denying programs access to your login credentials, and verifying domains to avoid what's called a Man-in-the-Middle attack.

Webroot also applies specific protections to different types of websites. Secure (HTTPS) sites get the maximum protection. This includes, among other things, blocking keyloggers, preventing screen capture, protecting data in the clipboard, and isolating untrusted browser add-ons. The Facebook and Twitter networks get most of the same protection. You can add any URL you want and specify its level of protection.

I tested this feature with a couple of commercial keyloggers. The keyloggers definitely captured keystrokes in non-secure browsing sessions and in programs other than the browser. Just as definitely, they didn't capture anything I typed in a secure session, nor did they manage to snap a screenshot of my secure activity. Do note that Identity Shield only works when the protected browser is the active window. If you switch away to another window, it's possible that a keylogger might capture the visible portion of the current Web page.

For testing, I temporarily set it to the "always warn" mode. When I launched a tiny browser that I wrote myself, it popped up a notification and asked whether to allow or block access. Next I tried a dozen-odd leak test programs, utilities that demonstrate techniques malicious programs can use to evade program control. Initially, the antivirus component quarantined almost all of them. I had to rescue them from quarantine and tell Webroot to just monitor the programs. It did detect a couple of the leak tests, but most of them made their sneaky connections without being caught.

Webroot plans to include general-purpose exploit protection, but at present the firewall only blocks exploits of the type that drop a malicious executable. I verified that fact using the Core IMPACT penetration tool; Webroot didn't block any of the thirty-odd exploits I tried. It's tough, though. I couldn't find any way to disable its protection the way a malicious program might.

Advanced Tools

The average user can rely on Webroot for set-and-forget protection. For experts and enthusiasts, it offers tons of advanced tools. You can view all applications using the network and optionally block any that look suspicious. A special set of antimalware tools lets you do things like restore a screensaver or wallpaper damaged by malware, reset system policies for proper security, or reboot in Safe Mode.

When Webroot finds a threat, it analyzes the file system and Registry for connected elements and cleans those up too. You can, if you wish, manually wipe out any arbitrary file along with elements that Webroot finds as connections.

Task Manager lets you view running processes and optionally terminate them. With Webroot's System Control you can both terminate a process and block it from restarting, or tell Webroot to monitor the program's activity. And if you're desperate to run a program that might well be a Trojan or other threat, you can run it in the SafeStart Sandbox, which allows execution but protects important system elements.

An Excellent Choice

Webroot SecureAnywhere AntiVirus 2013 gives you speedy scanning and excellent malware blocking in a ridiculously small package. The whole product would fit on a 3.5" diskette, if you could find one. Its detection technology differs greatly from virtually all the competition, but it sure seems to work. The only worry I can think of is that a new, unknown threat might not be properly contained during the time it takes Webroot to analyze it online, and I can't say I have any evidence that could happen. Webroot remains an Editors' Choice for antivirus protection.

  • NEW! Kaspersky Anti-Virus 2013. Essential Protection with Hybrid Technology - the combined power of the cloud and your PC. Click Here

Kaspersky Internet Security 2012. $79.95. 3 PC - 1