SecureAnywhere Antivirus 2017 Free Download – Webroot’s cloud-based servers maintain a giant database of known programs, good and bad. Rather than maintain a local database, with all the headaches of keeping it up to date, your local Webroot installation queries that database about the programs it sees. If the program’s legit, Webroot leaves it alone. If it’s a known threat, Webroot cleans up its traces. SecureAnywhere Antivirus 2017 Free Download
What about unknown programs? This is where it gets interesting. When Webroot encounters an unknown program, it sends detailed telemetry to HQ for analysis, and starts monitoring that program. Every action by the suspect gets journaled for possible rollback. Of course, some events can’t be rolled back. Transmitting data to an outside source is one example. Webroot doesn’t let an unknown program perform that sort of action. Yes, that means a valid unknown program might not be fully functional for a while, but in truth, valid programs almost never spend time in monitoring limbo.
This delayed-action response is a clever way to deal with never-before-seen malware, but it just doesn’t jibe with current antivirus tests. Researchers expect the antivirus products to take action right away, blocking installation of new malware samples and cleaning up any existing infestations. They may allow a few minutes to be sure the antivirus has finished. But Webroot’s analysis can take quite a bit longer. So what if it completely reverses the malware activity after an hour. At that point, it has already been marked as a failure. Due to this incompatibility, I have no results to report from my usual group of antivirus testing labs.
I do note that London-based MRG Effitas includes Webroot in its regular testing. In a recent certification test Webroot received Level 2 certification. That means that although some of the malware samples did run, their effects were completely remediated on or before the next reboot. Only Kaspersky Anti-Virus (2016) received Level 1 certification, meaning none of the samples even got a foothold.
SecureAnywhere Antivirus 2017 Free Download Review
Banks look to this lab’s results to make sure their customers can make an informed choice of antivirus protection. In another certification test for financial malware protection, only Webroot, Kaspersky, and two others passed. The other 14, including many well-known names, failed to achieve certification. SecureAnywhere Antivirus 2017 Free Download
As always, I keep a second folder containing hand-modified versions of my samples. I change the name, append nulls to change the length, and tweak some non-executable bytes. Normally all I do is note whether an antivirus misses the tweaked versions of files whose untweaked versions it caught. Since Webroot eliminated all of my regular samples, I got no chance to see how it handles unknown files. So, contrary to my usual style, I tried launching the tweaked versions. SecureAnywhere Antivirus 2017 Free Download
Webroot wiped out 40 percent of the samples right away, which left me with plenty for experimentation. Webroot blocked some of the samples when I launched them, and requested a cleanup scan for others, but it let quite a few of them run, while monitoring them as untrusted. By the time I worked through them all, though, they had all been identified as malicious. Webroot requested a scan, and another, and another. After the third scan, all of the modified samples were gone. Impressive!
Webroot’s journaling and rollback feature should be able to recover from almost any attack, even encrypting ransomware. In fact, the company devoted quite a bit of developer energy specifically to the ransomware problems. At Webroot HQ last year, I saw a live demo of the recovery process. That was impressive, but how much more so if I could demonstrate it for myself.
I started off using one of my new malware samples, a nasty encrypting ransomware attack. I had to cut off the test system’s Internet connection, because otherwise Webroot wiped out the sample before I could try anything. Alas, although the attacker displayed its ransom message, it did not actually encrypt any files, no matter how I tried. Quite possibly it’s smart enough to refrain from chicanery when it detects an antivirus present.
SecureAnywhere Antivirus 2017 Free Download Link
So, I created a simple program to simulate an encrypting malware attack. My little program finds all the text files in and below a specific folder and encrypts them using simple-minded XOR encryption. The nice thing about using XOR encryption is that the same function decrypts the file, so a second run of the program puts things back to normal. I added some suspicious-looking behaviors, such as setting itself to launch at startup, things that would get it flagged as untrusted. And I turned it loose on my test system.