Heuristics and cloud based AV is the future, definition based AV are dinosaurs that will eventually go extinct. That said, even while offline Webroot marks any unknown processes and begins journaling everything they do at the block level so when the threat engine eventually identifies the process as good/bad it can roll back every change the virus made and then deletes it. Webroots reasoning for this design is sound, if you are offline you most likely will not be receiving any emails with malicious attachments, or downloading anything bad since.you're not connected to the internet. No internet connection, no access to the threat engine.
This is why Webroot isn't testable because it relies on it's cloud threat engine, and why the installer is like 700kb, and the program itself is only a few megabytes. It works because traditional AV is all definitions based, but it's a poor real world example because especially now with the cryptovariants and ransomware, the authors are constantly spitting out slightly modified payloads multiple times a day to evade the daily definitions.
#Webroot review reddit software#
They take identical VMs, load each testing AV software, and then load known virus payloads to see if the software catches it.
0 kommentar(er)
