Webroot SecureAnywhere AntiVirus Review: The Most Comprehensive Review

Pros

• Manages to score very high scores on all tests
• Is effective in recovering files from ransomware attacks
• Is very lightweight
• Has a fast scan
• Can handle unknown malware
• Has a bonus firewall feature

Cons

• There aren’t many independent lab tests available

Bottom Line

The quality of Webroot SecureAnywhere AntiVirus is unquestionable.

It is one of the smallest, if not the smallest, Antivirus product in the market today.

Webroot SecureAnywhere AntiVirus is also the fastest antivirus in the industry.

Moreover, it backs that up with tremendous scores on malware-blocking lab tests.

Full Review

Most online users are educated people.

In other words, they have a vague idea of how most antivirus products work.

Basically, a typical antivirus product is able to calculate the fingerprint of a given file.

It then checks that fingerprint against a big list of nasty files.

And then it raises the appropriate alarm if it matches something.

That sounds reasonable, right?

Well.

Most modern antivirus products now use multiple layers of security.

But that doesn’t mean they don’t have the old-school signature-based virus detection ability.

The latest version of Webroot SecureAnywhere AntiVirus takes user security very seriously.

But it employs a different approach to protecting the user.

For one, the new approach allows Webroot SecureAnywhere AntiVirus to scan a user’s computer very quickly.

It also uses a minuscule amount of hardware resources.

Most of all though, it still manages to provide a powerful protection for its size and speed.

In tests, Webroot SecureAnywhere AntiVirus performs almost as well as any other antivirus product.

Price

If you want to subscribe to Webroot SecureAnywhere AntiVirus for one year then it will set you back about $39.99.

If you want multiple licenses, then Webroot SecureAnywhere AntiVirus gives you three for $49.99.

While the number of protected devices is three, you can only install Webroot SecureAnywhere AntiVirus on either,

• PC
• Mac

There is hardly a difference between the PC version and the Mac version.

So this Webroot SecureAnywhere AntiVirus review will hold true for both versions.

User Interface

The main window of Webroot SecureAnywhere AntiVirus has a green tone.

But a lighter panel dominates most of the viewable area.

This area includes information regarding statistics along with recent antimalware scans.

It also has a button that launches a quick scan.

You don’t ever have to use that button though.

Webroot SecureAnywhere AntiVirus goes through all its scanning abilities during installation.

Moreover, it schedules and then runs a scan every single day.

There is another pretty big panel.

This panel shows the user the links to the Webroot Community forum.

There is also a button present that lets the user join the discussions there.

If a user wants to access the rest of the Webroot SecureAnywhere AntiVirus features then there is a separate panel for that on the right.

This panel contains the whole collection of Webroot SecureAnywhere AntiVirus features.

Features

Webroot has these cloud-based servers.

There, the company maintains a massive database that consists of known programs.

It doesn’t matter if the program is bad or good.

Both are present in that database.

Webroot tries to not maintain a local program database.

That method of storing a database comes with the huge downsides of having to update the database on a regular basis.

Webroot installation queries something else.

It contacts the cloud-based database about potential programs it wants to analyze.

If the software finds that the program is legit, Webroot SecureAnywhere AntiVirus leaves it.

But if it identifies the program as a threat, then Webroot SecureAnywhere AntiVirus moves in and cleans it up.

That Does it For Known Programs. What About Those Unknown Programs?

Well, there is where things start to get a bit interesting.

But generally speaking, they go like this:

Whenever Webroot encounters one of those unknown programs, it does two things:

First, it sends one of those detailed telemetries directly to Webroot HQ.

The HQ performs an analysis on the sent data.

Then Webroot starts to monitor that unknown program.

The suspect program is kept under a strict watch.

Webroot SecureAnywhere AntiVirus journals all of its actions.

And maintains the possibility of a rollback if required.

Of course, hackers will always come up with bad programs whose effects Webroot SecureAnywhere AntiVirus won’t be able to reverse.

But that is okay.

One of the examples that personify the above situation is when there is a transmission of data to a given outside source.

No unknown program can perform the above-mentioned action when Webroot is around.

And that comes with its own downside.

Mostly that even if an unknown program is valid, it can’t perform all its functions.

At least for a while.

After that, it may or may not become fully functional depending on what Webroot SecureAnywhere AntiVirus finds.

Practically speaking, valid programs hardly ever spend a lot of time in the monitoring chamber.

Sometimes, Webroot uses correlation rules that allow the server to watch an unknown app to an already existing threat.

This results in a quick real-time security response.

Other times, teams that consist of human researchers located all around the globe work on the unknown file.

PCMAG reports that Webroot has these weekly internal reports.

These reports show that human researchers can sometimes spend as much as 90 minutes analyzing unknown files.

Once the cloud and the ‘human team’ are done analyzing the unknown program, they send a notification to the server.

Then the server notifies the user’s local Webroot SecureAnywhere AntiVirus.

As mentioned before, if Webroot SecureAnywhere AntiVirus finds that an unknown program is legit, the probation period ends.

If it is the other way around, then Webroot SecureAnywhere AntiVirus terminates the unknown program.

Then it gets to work and reverse the unknown program’s actions.

All of them.

If another Webroot SecureAnywhere AntiVirus user faces the same unknown program, which is now deemed as a threat, then Webroot SecureAnywhere AntiVirus can terminate it right away without any delay.

What If I Don’t Have A Stable Internet Connection?

Then you could face some problems.

Webroot SecureAnywhere AntiVirus can’t contact the company’s cloud server if there is no internet connectivity.

With that said, it most likely already knows about the user’s existing trusted programs.

So it won’t face problems managing those.

In the offline mode, Webroot SecureAnywhere AntiVirus treats all programs that have never launched on the user’s machine as unknown programs.

Then, after the user connects to the internet, Webroot SecureAnywhere AntiVirus checks stuff with the server.

And then releases these new programs once they are deemed as trusted.

The cycle basically continues once again as Webroot SecureAnywhere AntiVirus also looks to roll back any other malicious unknown programs.

But users don’t need to worry about what would happen if they don’t have an internet connection.

Why?

Because without an internet connection, there is very little chance that you might encounter a new malware.

A Thing About Mac Version

Webroot SecureAnywhere AntiVirus Mac version doesn’t have the journaling and the rollback feature/technique.

Why?

According to some Webroot representatives, the company doesn’t see a need for it.

Of course, Webroot can always add the feature to the Mac version if there is a need for it in the future.

Malware Testing

Webroot SecureAnywhere AntiVirus makes use a delayed-action response.

One the face of it, it takes time.

But really, it is a very clever method to manage malware the security product has never seen before.

Here is the thing though:

This new method of detecting malware doesn’t roll well with some malware protection tests.

Security researchers expect all antivirus products to take appropriate action against malware right way.

They also want these products to block installation of unknown malware samples immediately.

Moreover, researchers want to see antivirus products clean up any existing malware infestations as quickly as possible.

At the max, these researchers can allow antivirus products a total of few minutes to finish up their security responsibilities.

As mentioned before, Webroot can take significantly more time.

Some researchers say it doesn’t matter if Webroot reverses and cleans up any malware activity after forty-five minutes or so.

After so much time has passed, these researchers automatically mark an antivirus product as a failure.

So of course, malware test labs and Webroot SecureAnywhere AntiVirus aren’t exactly compatible.

In other words, there is no viable way to report on Webroot SecureAnywhere AntiVirus malware results.

Why?

Because it doesn’t work with many antivirus testing labs.

Luckily, MRG Effitas, the London-based security firm does include Webroot in its scheduled tests.

Webroot earned an impressive Level 2 certification from MRG Effitas.

The security firm carried out the tests just a little while ago and award Webroot the official certification.

What Does That Certification Mean?

It means that Webroot did not block all malware samples.

But Webroot did remediate their effects.

And it managed to do so before the machine’s next reboot.

The only other antivirus product that has outperformed Webroot on this test is Kaspersky Anti-Virus.

Kaspersky received a level 1 certification.

That means Kaspersky eliminated each and every malware sample before it got a strong foothold on a given machine.

The best thing about MRG Effitas tests is that banks rate it as a great lab.

And hence its results are given much consideration when banks advise their customers on their choice of antivirus product protection.

MRG Effitas also carries out a certification test for protection against financial malware.

In those tests, only Kaspersky, Webroot and two other antivirus products managed to score a “pass”.

That might not seem impressive but consider the fact that 14 other antivirus products failed the test.

And you can bet that you would find some big names among those 14 failed antivirus products.

In other words, Webroot did well in earning a certificate from MRG Effitas.

Is Webroot Good At Malware Protection?

As indicated earlier as well, Webroot has a tiny installer.

But how tiny is it?

Well, it is less than a megabyte.

Moreover, the full Webroot SecureAnywhere AntiVirus installation takes just a little more space than the installer.

So your disk space doesn’t get much smaller after you install Webroot SecureAnywhere AntiVirus.

The Webroot Installer is unique.

How?

Well during installation it does more than just install the product.

It performs several different configuration and optimization tasks.

These tasks include malware scans.

Most other antivirus products can’t do that quickly enough.

But Webroot only takes from three to four minutes to perform a full malware scan.

That is quite impressive.

Especially given the fact that most other prime antivirus products take around 45 minutes to perform a full scan.

Webroot detects and cleans up malware after every scan.

But users should perform the malware scan again just to make sure everything is safe and clean.

This Is How You Test An Antivirus Product.

You use a collection of new malware samples.

Then you throw them at the antivirus product under testing.

Our research for this Webroot SecureAnywhere AntiVirus review shows that Webroot SecureAnywhere AntiVirus didn’t react to malware samples immediately.

But it did spring into action once the malware samples moved to a new folder.

Webroot SecureAnywhere AntiVirus detected some malware samples and then removed some.

It also displayed impermanent notifications for all its actions.

A little while later, the Webroot SecureAnywhere AntiVirus main window changed its color to red.

And then displayed a big list of malware samples.

Then the antivirus product requested the user a scan which would remove all those samples.

Once the process reached its completion stage, Webroot rescanned for more malware samples.

It found some more and hence repeated the process.

After the third scan, everything went back to normal i.e clean.

At this stage, Webroot SecureAnywhere AntiVirus had removed all malware samples from the placed folder.

But it did not remove legitimate files that came with the malware samples.

Of course, that is perfection.

And hence Webroot gets a ten on malware blocking tests.

But this isn’t new for Webroot.

It has consistently scored high marks on all malware tests.

The only other antivirus product that comes close to this score is Avira Antivirus and it handles malware samples pretty well as well.

More precisely, Avira scored a 94 percent detection rate.

This is also pretty high.

But sometimes it allowed malware samples to install some, rather few, executable traces.

Hence we think Avira deserves a score of less than nine out of ten.

Is It Fair To Compare Antivirus Products With Different Malware Sample?

Perhaps not entirely.

Because you have to measure their efficiency on the same tasks.

But there is little other choice than to test them with different malware samples.

Most of the top antivirus products have scored close to or above 9 out of ten in this category.

Some of those antivirus products are,

• BitDefender Antivirus Plus
• Avast Pro Antivirus

Our research for this Webroot SecureAnywhere AntiVirus review has shown us that some time is it better to use a second folder of malware samples to really test an antivirus product.

Then change the name of the folder and then change the length.

After that, one could also tweak some of those non-executable bytes.

Good antivirus products must pick up these small tweaks to malware files and folders.

If it catches both the tweaked version and the un-tweaked version, then it is indeed a decent antivirus product.

As mentioned before, Webroot caught and eliminated all previous malware samples.

But we didn’t get to know how it performed against unknown files.

This is where the tweaked versions of those files always come in handy.

Webroot removed over 40 percent of the tweaked malware samples very quickly.

This means, there is plenty of room for experimentation.

Webroot SecureAnywhere AntiVirus also block some malware samples when these samples reached launch stage.

As far as user intervention is concerned, users can request for another sweet cleanup after the initial malware cleanup reaches its completion stage.

Our research shows, that Webroot did leave some of the malware alone.

But it did monitor them as it did not put them in the trusted list of programs.

Webroot SecureAnywhere AntiVirus also asks users for successive scans if it wants to make sure all malware is either removed or contained.

Again, after the third malware scan, Webroot cleaned up the system from top to bottom.

Webroot’s Database

As mentioned before, it basically tracks bad programs and files.

But it does quite a few other things as well.

First, it can note down a list of dangerous websites.

Webroot has a browser extension for this purpose.

It supports the following browsers,

• Chrome
• Internet Explorer
• Firefox

This feature basically allows the user to stay safe from accidental surfing right into the mouth of a dangerous website.

So how do we test this feature?

Well, it is simple enough.

You try to go to a couple of hundred, or maybe just one, newly discovered dangerous and malware-hosting websites and URLs.

Then you see how many Webroot blocks.

Our research shows that Webroot blocked over 80 percent of these dangerous URLs and downloads.

Sometimes it even steered the user away from the malicious URL.

And sometimes it just quarantined the dangerous payload.

That score is pretty impressive.

Other antivirus products such as Avira block about 99 percent of the same malicious URL list.

And Avira blocks all of them at the URL level.

But Avira has a downside as well.

It only supports Firefox and Chrome.

In other words, it doesn’t support Internet Explorer.

Which is of course unfortunate.

Avira has held the crown for blocking the most number of malicious URLs for quite some time now.

Before Avira, antivirus products struggled to go past the 90 percent mark.

But it totally changed the way antivirus products blocked malicious URLs.

Other great antivirus products such as Symantec Norton AntiVirus and McAfee Antivirus Plus managed to score a 90 percent on these tests as well.

What About Anti-Phishing Protection?

What are phishing websites anyway?

Well, they are websites that pose as legitimate websites (or secure sites) but are actually fraudulent websites.

To put it another way, they try to steal your sensitive information including financial credentials.

Some of the industries these phishing sites target are,

• Dating sites
• Gaming websites
• PayPal
• Banks

They basically cover everything.

Once a user ends up at one of these websites and inputs the appropriate username and password, he or she is toast.

Hackers behind the site take over the account.

Of course, security researchers quickly identify these websites and blacklist them.

But there is a slight time lag between a phishing site’s appearance and its death.

Perpetrators behind these sites try to harm as many users as possible and as quickly as possible.

So, the best anti-phishing tools don’t wait for these sites to reach the “blacklist” stage.

They actively hunt them.

In other words, they perform real-time analysis.

This is the way they detect phishing sites which are absolutely new.

And we are happy to inform you that Webroot SecureAnywhere AntiVirus is in the real-time camp.

When you have Webroot SecureAnywhere AntiVirus and you accidentally try to access a phishing site, it replaces the phishing site loading page with another page.

This new page warns the user that there is a phishing attack right ahead.

How To Test For Phishing Sites?

Again, it is rather simple.

Gather some URLs which are confirmed as fraudulent but haven’t secured their spot in any blacklist.

Basically, you want to test for URLs which are at the maximum two hours old.

Then try to visit them to see how your antivirus product performs.

After that, you compare the performance with five browsers.

And you do this simultaneously.

One of the browsers should use the antivirus product under test.

Another one should use Norton.

And the rest, three, should rely only on their built-in phishing protection.

The three browsers in our case are,

• Chrome
• Firefox
• Internet Explorer

Most antivirus products don’t perform as well in this test.

More specifically, almost two-thirds can’t even match the performance of these browsers.

And over twenty-five percent display performance that is worse that all three browser’s built-in protection.

There is hardly an antivirus product that can beat Norton’s detection rate.

But Webroot is different.

It beat Norton.

But only so by a single percentage point.

The only other antivirus product we know that has beaten Norton is BitDefender.

And it did so by 2 percentage points.

Ransomware Protection

Webroot SecureAnywhere AntiVirus has features such as journaling and rollback.

These features alone should recover the user’s machine from any cyber attack.

And that includes ransomware that encrypts like hell.

Webroot has spent a significant amount of resources to develop solutions that are effective against ransomware.

Webroot HQ has even shown people a live demo of how its products begin the recovery process against ransomware.

Some reviewers have said that the live demo impressed them.

But can we take their word for it?

Mostly yes.

But what about tests?

Again, you have to test the product using samples.

This time, malware samples that are actually ransomware.

And nasty ones at that.

Most of the ransomware in the wild world of the internet is the encrypting one.

And hence an antivirus product has to protect against those and not just the normal ones.

To test against ransomware, first, one has to cut off the user’s system’s internet connection.

Why?

Because if one doesn’t then Webroot would simply recognize the sample and wipe it out of existence before it could do anything.

Our research for this Webroot SecureAnywhere AntiVirus reviews shows that that Webroot successfully prevented the ransomware samples from encrypting the test subject’s machine.

Yes, the ransomware did show the hacker’s test message.

But it could not encrypt any folders or files.

This is what we all a smart antivirus product.

Hackers wouldn’t want to mess with a system that has this good of an antivirus product.

You can expect Webroot to perform the same in any other ransomware attack as well.

You could design one for yourself and test the system out with that when Webroot is running.

But you’ll find that Webroot will quickly hop into action and stop the ransomware from performing any encryption.

And when there is no encryption, there is practically no successful ransomware attack.

Even if you see a ransomware message.

Webroot is good enough to monitor even the newest of ransomware samples.

As mentioned before, even if a new ransomware sample encrypts the user’s files, the user can manually use Webroot SecureAnywhere AntiVirus and block the program.

Webroot SecureAnywhere AntiVirus will then terminate the ransomware sample and with the help of scan, restore the encrypted files.

All of this is undoubtedly great news.

Webroot SecureAnywhere AntiVirus Bonus Features

Firewall

As noted before, Webroot works by classifying programs.

It classifies them into either bad, good or unknown.

And just like other top antivirus products like Norton, Webroot leaves the good programs alone.

It eliminates the bad programs.

And, what do you know, it monitors those unknown programs.

As described before, if Webroot SecureAnywhere AntiVirus finds an unknown program, it monitors the program.

And While doing that notices its behavior.

If the program tries something funny like exfiltrate the user’s private data, then Webroot SecureAnywhere AntiVirus stops it.

What Is The Firewall then?

Webroot SecureAnywhere AntiVirus comes with a dedicated Firewall protection.

We don’t think there are many standalone antivirus products that offer a firewall as well.

Of course, Webroot’s firewall is different from the rest in many aspects.

For one, it doesn’t try to put the user’s system ports in something like stealth modes.

That’s a task that is reserved for the Windows Firewall which comes built-in in the newer versions.

Webroot keeps it as it is.

With that said, always make sure that your Windows Firewall is turned to ON when using Webroot SecureAnywhere AntiVirus.

Moreover, Webroot SecureAnywhere AntiVirus Firewall doesn’t try to prevent the occurrence of network-based exploits.

When tested against several exploits generated via the Core Impact penetration tool, Webroot’s firewall did not try to interfere with them.

Of course, these samples won’t hurt the user’s system if the user’s system is fully patched.

The Firewall kicks into action when Webroot SecureAnywhere AntiVirus detects a new and active infection.

Whenever this happens, the main windows changes its color from the peaceful green to a dramatic red.

This indicates that Webroot SecureAnywhere AntiVirus is doing some serious work.

Serious work like clamping down on the user’s network traffic that comes via the unknown program.

Most of all, Webroot SecureAnywhere AntiVirus doesn’t obstruct the user’s normal activities.

Users can carry out their web browsing activities as usual even when Webroot SecureAnywhere AntiVirus is working.

But what about users who want that prominent, in your face, old-school behavior.

Older firewalls always showed the user a popup warning message every time an unknown and untrusted program tried to access the internet.

Well, good news, those users can have that by changing some Firewall settings in Webroot SecureAnywhere AntiVirus.

What’s more?

Users can even set Webroot SecureAnywhere AntiVirus firewall to block all internet access for all untrusted programs.

We know one thing for sure:

Anyone who can code some malware, can’t disable Webroot SecureAnywhere AntiVirus protection.

Why?

Because Webroot SecureAnywhere AntiVirus does not expose any of its settings via the Registry.

It has a total of two processing running.

And it forbids the user from terminating them.

You can’t disable or stop even a single Webroot Windows service.

That is how you protect a user against everything bad on the internet.

More Advanced Features

Webroot SecureAnywhere AntiVirus has a lot of tools and features.

But it only shows you those when you try to poke into them.

Otherwise, if you don’t want extra features then it leaves you alone with a simple interface.

If you want to then you can just install Webroot SecureAnywhere AntiVirus and forget about viewing, using or configuring some of its advanced features.

Identity Protection

This feature basically prevents multiple types of malware attacks.

Some of these attacks include,

• Man in the middle attacks
• Keylogging
• Modification of browser processes

This feature can also protect specific applications.

Of course, users will have to specify those applications first.

By default, it applies to protection to Internet Explorer.

Other Antimalware Tools

There is another set of tools which let the user take care of the collateral damage.

Or repair it, in other words.

What are these collateral damage scenarios?

Well, they include malware-modified,

• Wallpaper
• System policies
• Screensaver

One of these tools allows users to quickly reboot the system into Safe Mode.

It also helps the user to instantly reboot the system if a need arises.

Users with more tech skills can use manual methods to remove malware.

They can also clean up the relevant Registry data.

Moreover, Webroot SecureAnywhere AntiVirus also comes with tools that enable users to run removal scripts.

Of course, these removal scripts must come from the Webroot technical support team.

There is also a Reports page which allows the user to see how Webroot works or is working on.

Users can also check Webroot’s current activity.

There is also an option to view history.

We are totally aware of the fact that most user would not want to waste time and read all the available scan logs.

Or even threat logs.

But Webroot technical support team may require them to fix a potential problem.

Webroot SecureAnywhere AntiVirus allows the user to view any and all activities processes.

And also the ones that Webroot is currently monitoring.

Needless to say, these are some really advanced features.

But Webroot has some more advanced features.

One of these is called SafeStart Sandbox.

What is it?

Well, to really understand it, you would have to go through some antivirus researcher training.

What we can tell you is this:

Users can make use of this feature to launch a suspected program under some very detailed user-specified limitations.

Of course, there is a good chance that you don’t have a degree in antivirus research.

So it is better if you leave it.

Webroot SecureAnywhere AntiVirus Conclusion

We mentioned in the beginning that independent labs can’t really test Webroot because it has a unique malware-catching system in place.

But regardless, it is still one of the best antivirus products available in the market.

Webroot SecureAnywhere AntiVirus performed well in,

• Malware-blocking tests
• Malicious URL blocking tests
• Antiphishing test

Moreover, it scores either an excellent or a perfect in most of the tests that matter to security experts.

Overall it is an impressive piece of technology.

Webroot SecureAnywhere AntiVirus remains at the very top best antivirus products lists.

As far as commercial antivirus products go, there is hardly a better option than Webroot SecureAnywhere AntiVirus.

But of course, other contenders like Bitdefender Antivirus Plus, Kaspersky Anti-Virus, and McAfee AntiVirus Plus all can give it a good run for its money.