Avid readers of mine who have followed my articles over the last few years know that periodically I’ve been known to review Security Suites, i.e. antivirus programs. For those who didn’t know, well, now you do too.
Today I’m writing about Webroot SecureAnywhere antivirus 2014. This program came to my attention a few months ago. I gave it a quick whirl and was impressed on the light footprint it has and yet how it manages to have plenty of different functions. But I never put it under a formal test, like I usually do when evaluating security programs. Today, however, its turn finally came.
As many of you know, my basic test consists of installing the security program in question in my Windows-7-based test computer, and then proceeding to visit malicious websites and in general try to infect the test computer while keeping records of the security program’s behavior. The only passing grade is 100% success in thwarting efforts to infect the computer. And in this case… Webroot kind of failed. Let me explain what I mean by “kind of”.
On the plus side, its very, very light footprint makes it ideal for old and basic computers, since the average antivirus program these days will take a good amount of memory and computer processing power to operate. Not Webroot though. The claim that it doesn’t slow down one’s computer is true.
On the negative side, I was, strictly speaking, able to infect the test computer after a few attempts. But it’s not black and white, so allow me to explain what happened. I visited a couple of malicious websites that initiated infected files downloads onto the test computer. Initially Webroot caught and blocked the first attempts. But then came a particularly deceiving trojan.
I downloaded and opened the infected file without Webroot protesting or alerting me at all. Bad. But when the program tried to connect to the Internet to “call home”, Webroot did alert me that an untrusted program was trying to connect to the Internet (the antivirus has an outgoing firewall, meaning it monitors outgoing connections. More on that later). That was good. The bad part is, Webroot is designed to block any suspicious action by default while prompting the user for a decision on whether or not to let the program carry on with the suspcicious action. That’s not so bad. The bad part is that by default, after 2 minutes, if there is no response from the user one way or the other, Webroot’s default action is to allow it (and I didn’t find anything in the program interface to change that behavior, i.e. a setting that would allow one to change the default action if there is no response from the user).
So potentially, if the user could not or would not respond to the prompt ,the malicious action would be carried out. That’s not good. Anyways, since I was evaluating, I allowed the action. Next I got an alert that a change to the registry was being attempted by this suspicious file. Again good. And again, unfortunately Webroot waited for 2 minutes for a decision as to what to do (allow or block the action) and when no response from the user, it allowed the action.
I then proceeded to ask Webroot scan the downloaded file to see if it would be recognized as a malicious file. Webroot failed to recognize the file as malicious. Then again a percentage of these malicious files get missed by the antivirus because they’re too new to be recognized as malicious, a subject I’ve covered extensively in earlier articles.
Circling back to the firewall, it is a good thing to have Webroot’s firewall in and the fact that it’s an outgoing firewall makes it a perfect complement of the firewall that comes built into your Windows computer, since that one is only incoming. So they complement each other and in fact one is normally supposed to have only one active firewall to avoid conflicts in function. But in this case, not only is it possible to have both the Windows firewall and Webroot’s at the same time – it is advised.
So all in all the program performed very well and under normal circumstances probably provides good protection at a ridiculously low resources consumption. But again, strictly talking, it did not pass the test. If, for example, you’re the type of user who pays attention to all windows pop-ups and alerts from their antivirus program, this might be sufficient, and a plus if your computer resources are somewhat scarce. If you abide by my security model, the protection provided by Webroot as an antivirus would be sufficient as well.