Score - 4.5 stars out of five
Webroot is a high-speed scanner and needs only a morsel of your computer's resources. In our real-life tests, it scored extremely well and even outfoxed some ransomware behavior.
USA price - circa $39.99
Almost perfect scores in our phishing and malware tests
Fixes ransomware damage
Restricted testing only due to Webroot's special detection methods
Manually modified ransomware met with mixed results
The firewall was not functional during testing
Back in the day, antivirus apps relied on consulting a signatures database. The flaw in this plan was these signatures didn't change and could be used for ID purposes. Unfortunately, it didn't take malware authors long to realize a program that changed with every copy would foil simple signature detection. Databases were, however, only ever going to be a short-term fix due to the growing volume of malware.
Webroot SecureAnywhere AntiVirus gets around this by using a completely different method. When Webroot finds an unknown piece of software, it quarantines the suspect app and runs it in a secure sandbox. This technique prevents any unknown apps from making system changes until it proves to be harmless. If deemed malicious, the app is wiped, and any actions reversed.
How much is Webroot SecureAnywhere AntiVirus?
Like Kaspersky, Bitdefender et. al, Webroot is sub-$40 per year. You can add $10 to that to get three licenses. But this is half what the other two will ask.
Norton's antivirus, meanwhile, doesn't have a multi-license option and costs just under $60. On the other hand, McAfee AntiVirus Plus costs the same but gives unlimited protection for all your devices. You may find lower prices, but they are first-year-only discounts.
Webroot, though, provides you with licenses for PCs and Macs. Both versions are almost identical. The security features are similar, but there are fewer advanced tools for the Mac.
The Webroot installer is small, less than six MB, and installs rapidly.
The first time it runs, Webroot goes through a start-up routine of tasks. This includes:
● active malware scanning
● analyzing all your installed apps for future reference
● creating a baseline
● optimizing your system configuration to improve performance.
This one-time routine doesn't take long.
Webroot's appearance has remained largely unchanged for some time. Its familiar green color scheme in the main window comprises a stats panel and an on-demand scan button. But you can ignore this button as Webroot will carry out a full scan on installation and then daily. A panel on the right-hand side lets you manage the other security features.
To get started with Webroot, you need to create an online profile. In addition, you will need to provide a strong password; it will reject anything weak.
You are also required to set a secondary access code that you need to remember. Then, each time users log in, they will be asked to provide two specific characters from the access code.
You will also be encouraged to protect your profile with two-factor authentication. If you opt for two-factor, this does away with the access code requirement.
Webroot's online dashboard lets you manage a lot of things. For example, you can add protection to an extra device. You can also select your devices and view their scan results. Or send remote commands to a particular device.
The remote control is a big bonus point. You can restart, shut down, or lock computers. Handily, you can also remove a license from an old device to use on a new machine.
Lab test shortcomings
Due to Webroot's isolation of suspect files and cloud-based analysis, it is not independent lab test-friendly. This incompatibility has led to widely inaccurate lab tests, mainly because Webroot does not act in an expected way.
Security software that doesn't perform near-perfectly automatically fails. This holds as MRG-Effitas researchers failed Webroot for apparently not dealing with banking Trojans and coming up short in a comprehensive malware test.
Webroot used to ace these tests, particularly the all-forms of malware test, as it fitted well with their log-and-rollback approach. However, it is now some time since Webroot took this test.
Meanwhile, SE Labs researchers test numerous antiviruses simultaneously by packaging real-world malware attacks in a capture and recall system. The certification system used by the lab has five tiers. Webroot gained a creditable AA award. To be precise, all but one of the test software gained AA or AAA status. Only Malwarebytes Premium came up as a B. In common with Webroot, the Malwarebytes system does not fare well using conventional testing methods.
We used an algorithm to arrive at an aggregated lab score for software tested by a minimum of two labs. With only one test, Webroot did not get an aggregate score.
Predictably, Bitdefender and Kaspersky achieved perfect or almost perfect lab scores. With four perfect scores under its belt, Kaspersky earned a perfect 10. With three lab test results, AVG achieved an impressive 9.9, while not far behind on 0.8 were Bitdefender and ESET NOD32 Antivirus.
First-class malware defense
For many years now, Webroot has performed well in our malware protection testing. This is because of the different ways that Webroot handles malware. For example, instead of reacting to our inputs, such as clicking on a test folder, Webroot analyzes every process as soon as it starts.
In many instances, Webroot detected and quarantined the test malware almost immediately. Other test samples were restricted for a short time before being deleted.
However, Webroot always asked to run a scan after each malware removal to ensure nothing remained.
Often this second scan would uncover one or two test samples and set off a chain reaction. Once it had removed these further threats, Webroot asked to scan once again. Each scan took about five to ten minutes, so it was not as tedious as it sounds. That's not a great burden for average users, only for testers.
Overall, the success rate for detection by Webroot was 99% of the test malware samples picked up at launch or through multiple scans. This gave Webroot a score of 9.8 out of 10.
This was the same score for PC Matic Home, but this is qualified as its deny default system does not actively identify most malware. Instead, it checks against a safelist of approved programs.
Malwarebytes and McAfee narrowly beat Webroot by a whisker. Faced with identical test samples, both rivals captured every item. Malwarebytes obtained a perfect ten, while McAfee was marginally behind on 9.9 points.
Webroot also creditably picked up our manually-coded test tools and slammed them in the cooler. But this was hardly surprising for software designed to launch dangerous URLs and never before being seen by Webroot's cloud-based analysis system.
We used the same test malware samples for weeks, chiefly because collection takes a long time. To test against the newest threats, we use URLS that MRG-Effitas researchers recently discovered as malware hosts. Typically, they are no older than a few days. We launch each in turn and check whether browser access is prevented, the downloaded file is immediately eliminated, or the malware unnoticed.
Of the more than 100 dodgy URLs, Webroot halted 85% in the web browser and destroyed a further 11% of the malware payload. This gives a total protection score of 96%.
While that's a pretty good score, eight newer products have performed even better. So yes, it may not be like-for-like testing, but each is tested with the most recently discovered malware-hosting URLs.
McAfee is in front, with a 100% score. Coming close on 99% are Bitdefender, Sophos, and G Data.
We were pleased with the success of Webroot and its counterparts. What better time to squash malware than before it reaches your computer?
In reality, there's little innately harmful in a phishing site. There's now downloads per se, no malevolent scripts or active threats, only a well-worked secure website imitation.
You are completely safe so long as you recognize these pages for what they are and avoid them. But it's the careless web visitor to blame if they are duped into entering their login credentials on a fraudulent website. If you fall for it, you have given away access to the legitimate site, be it your bank, favorite e-commerce retailer, or dating site.
These dangerous sites are shut down and blocklisted rapidly. But those behind these scam sites pop up again with another fake and start luring new victims.
To test a product's phishing capabilities, we use both verified phishing websites and reported frauds which are so recently there's been little time for them to be analyzed and blocklisted.
With the product in place, we launch each URL in the browser. At the same time, we launch the same URL in other browsers relying on the anti-phishing protection integrated into Chrome, Firefox, and Microsoft Edge. We then discard any that won't load in one or more browsers or fit the precise description of phishing. Once we have sufficient data points, we then crunch the numbers.
Webroot successfully locked out 99% of the verified URLs and outstripped all three built-in browser tools. Norton and Bitdefender achieved the same, while McAfee and F-Secure got 100%.
Phishing, it should be noted, is entirely platform-independent. For example, say your smart fridge has a full browser; you could find yourself getting scammed while creating a shopping list. And no one wants that!
Phishing protection, on the other hand, varies by platform. Previously, we have seen numerous occasions where a Windows product outperforms the macOS version in the same test. However, with Webroot, the Mac and Windows versions are almost identical, with the Mac product scoring a fractionally better 100%.
Ransomware experiments throw up mixed results
The log and rollback system used by Webroot can even reverse the impact of encrypting ransomware. However, the company warns that limitations, such as available drive capacity, can influence this ability.
In reality, it is very unlikely ransomware would be able to dodge the other protection layers. Webroot deleted all our ransomware test samples by recognizing they were harmful or picking up on suspicious activity after launch.
We tried a simple ransomware simulator that encrypts text files with XOR encryption. As we had previously used the simulator with Webroot, we modified the software, so Webroot would not instantly wipe the app as soon as it launched.
We were then able to run the masked program unhampered. Next, we checked that the files were encrypted as planned. The next step was to verify Webroot was running in monitored mode and keeping tabs on the activity.
We then short-circuited Webroot's cloud analysis by blocking and terminating the simulator and launched scanning. Sure enough, our test malware was removed, its actions reversed, and the encrypted files restored.
Webroot's detection and monitoring work well against all types of malware. Trend Micro uses a similar monitoring tool to focus on ransomware. At the first hint of ransomware activity, important documents and files are backed up. If ransomware activity is confirmed, the malware is terminated and the back-ups restored.
The experiment with the manually modified ransomware simulator prompted us to try using modified file-encrypting malware test samples. The results were a mixed bag. Webroot detected that two of the ten file-encrypting test samples attempted to change the registry at boot up. However, when we stopped these actions, the test samples did succeed in encrypting files.
Three other test ransomware samples were launched but did nothing. This suggested that test samples had detected the presence of Webroot. Equally, having modified the files, we could have unwittingly tripped an integrity check.
Five more of the samples completely defeated Webroot by either encrypting files or launching ransom notes. Again, we inspected the Active Processes tool but could only see one process being monitored. So we blocked that ourselves and ran a scan to reverse its activity.
As far as we could tell, this restored all the encrypted files. It didn't, however, remove the ransom notes and left the encrypted files behind. Moreover, all the restored files were date/time stamped as per the recovery.
The remaining two ransomware samples went unnoticed. Unfortunately, after a full Webroot scan, we were unable to restore the encrypted files.
The good news is you're highly unlikely to be attacked by manually -modified ransomware. What the test does is test how Webroot reacts to ransomware it has not encountered before.
While our test results weren't great, you should keep in mind they are snapshots in time. What is unknown one day is quickly recognized. We ran the same test the next day, and Webroot iced them all on launch.
Often the addition of a firewall is what distinguishes a full-scale security program from a standalone antivirus.
Webroot includes a firewall, but predictably it's different in how it works. It makes zero attempt to place system ports into stealth mode. Instead, it leaves that job to the Windows onboard firewall. That's okay; the Windows firewall does a decent job. The only failing is if Windows Firewall is stood down and the substitute doesn't work correctly.
Webroot differs by classifying software as good, dangerous, or unknown. Like Norton, Webroot ignores the good ones, takes out the dangerous ones, and monitors any unknowns. If, for example, an unknown attempts something irreversible, like transferring your credit card details, Webroot steps in to prevent it.
Webroot firewall settings
By default, the Webroot firewall goes to red alert whenever an active infection is detected. The main Webroot, which is usually green, goes red. When the firewall is tripped, any network traffic by unknown software requires permission. Normal activities such as web browsing continue as normal.
In previous tests, we have seen the firewall at work by tweaking the settings. For example, it kicked in to issue warnings whenever an unknown app tried to access the internet, not merely when it detected an infection. The firewall also intervened when we requested a warning for every process not already trusted.
Of course, a firewall is worthless if malware can switch it off. Ironically, the more functionality a security tool offers, the greater the chances of it being compromised. Webroot, in contrast, runs just one service, a pair of processes, and has none of its settings exposed in the registry. It's locked down tight. Despite our best efforts, we could not switch off the firewall.
For the experts
Webroot, like most antivirus utilities today, works perfectly well without your input. It runs in the background and will even run a daily scan.
However, there's a lot more to discover if you want greater control.
Go into settings in the main Webroot window. Under Identify Protection, you will find toggle controls for the phishing and identity shields.
Meanwhile, the Application Protection tab lists all the apps Webroot is keeping an eye on for you. Its main task is to ensure your sensitive information can't be hijacked by these apps.
You can add programs yourself that you want to be monitored. An obvious example would be your web browser.
Webroot's advanced tools
Clicking the gear icon beside Utilities opens a suite of anti-malware tools to repair any damage or changes left after malware removal.
Utilities also enable you to perform an instant restart or a Safe Mode restart. You can also use a third-party tool to manually uninstall a program and its related registry data if you are tech-savvy. But even if you don't, it's easy enough to run a Webroot removal script.
If you want to get even further under the Webroot hood, open the Reports tab. This will let you see what Webroot has been doing and check on its present and historical activity. In addition, scan and threat logs are stored here, which is handy to know as Webroot tech support might want them to help resolve an issue.
To see which processes are running and those being actively monitored, go to the System Control page and then Active Processes.
Here, you will also find the SafeStart Sandbox. This is an advanced feature for antivirus professionals. The sandbox is used to launch suspicious software under the restricted conditions you specify. If you're not a trained researcher, leave this feature well alone.
A typical antivirus or security suite will occupy up to 2 GB of your disk space. But not Webroot; it is minuscule in comparison.
Open its folder, and there are very few files. The biggest is the WRSA.exe file which weighs in at less than 6 MB. That's microscopic!
Task Manager will flag up only two Webroot processes. Norton manages to squeeze its protection into the same, but others require more. In a previous test, we found McAfee running 17 processes. Webroot is lightweight in needing only one Windows service, while others need ten or more.
Admittedly, a product that needs multiple services and processes is not necessarily heavy on system resources. One resource-thirsty process could conceivably overload your computer. However, this is unlikely. By every measure we have used, Webroot remains the tiniest antivirus around.
Webroot SecureAnywhere AntiVirus doesn't resonate with many independent labs. However, it did score well in one fairly recent test. In our tests, Webroot achieved a near-perfect ranking for malware and phishing protection. And its performance against websites hosting malware URLs was creditable.
On the downside, its performance in the face of unknown ransomware was patchy. We also came across a few macOS glitches that Webroot is doubtlessly addressing.
For us, Webroot is still a pint-sized but impressive Editors' Choice winner.
Rounding out our Editors' Choice collection is Kaspersky Anti-Virus and Bitdefender Antivirus Plus. These both earned perfect or almost perfect scores in independent lab tests. And both are feature-rich.
Also making the cut is McAfee Antivirus Plus. Though not as consistent in lab tests or our testing, McAfee is still a bargain. It offers protection for all your Android, Windows, macOS, and iOS devices.
These three are fitting winners in our Editors' Choice selection of antivirus packages, having their own individual merits.