Protecting small firms from computer disasters
Cart 0

Torture-Testing Webroot

antivirus malware protection


Vendors can make all sorts of statements about how wonderful their products are. But there is nothing like a tough independent test to see how well a product performs.

Kit Parenteau, a 23-year IT veteran, created three heavy-duty, original viruses including a crypto-virus of the sort used by ransomware criminals. He used them to attack computers protected by Webroot in his test environment.

Webroot is a next-generation security service designed to stop malware that has never been seen before (zero-day attacks). Traditional antivirus programs that rely on downloading virus updates just cannot keep up with the proliferation of newly created malware. Webroot uses behavior-based protection, cloud processing and other state-of-the-art techniques to stop ransomware and other malware cold.

I have sharply condensed Parenteau's long-form technical explanations of the test viruses, testing procedure and results. Here is the essence of his testing never-seen-before viruses against Webroot:

1. I wrote a keylogger that would attempt to connect to a server across the internet and send the keylogging results.

Results: On the Webroot computer, zero data was captured. After four hours, Webroot flagged it as malicious and [the] normal process for cleanup removed both it and its empty log file.

2. [I wrote a] crypto malware that took action on a different server,

Results: On the Webroot computer, it ran quickly and just over 400MB of data was encrypted before Webroot killed it. Webroot's clean-up process restored the encrypted data to a pre-encrypted state.

3. [I wrote a virus] that searched the entire system for "interesting" things, watched for network connectivity, exfiltrated the data via encrypted connection to a third [internet server], and then used a mini-compiler to make a second program to self-destruct both itself and the infected system. Should the secondary program fail, the original program would try to take the same action after thirty minutes.

Results: Webroot caught the file. The Webroot system killed the test malware with no connection successfully established to the [internet] server. The cleanup process also removed the data payload. On the network machines, Webroot once again caught the executable immediately when it was copied, similar to the Crypto package.

After the testing, the lab samples [test viruses] were submitted to VirusTotal for verification. The only detection at all [from any traditional antivirus program] was AVG saying that the Crypto was a heuristic detection.

[On all the tests] no data leaked and no repairs had to be done despite the Crypto getting a foothold at first.

So Webroot passed all three tests: no data was lost or compromised. The crypto-virus encrypted some files but Webroot restored the files to their original condition.

If you are using a traditional antivirus program that periodically downloads updates, I strongly recommend that you add next-generation protection like the type that Webroot offers.

Older Post Newer Post

Leave a comment

Please note, comments must be approved before they are published