Buy now and install on all your devices from one easy email. X

Webroot SecureAnywhere®
Web Security Service

Stopping Spyware & Viruses

Stopping Malware In The Cloud

To detect known and unknown web threats, Webroot leverages a combination of proprietary and best-of-breed technologies. These include a dynamic anti-phishing capability that uses heuristics to identify phishing sites and prevent zero-hour phishing attacks. Heuristics-based detection also blocks malicious JavaScript and shell code embedded in files.

Additionally, Webroot antivirus incorporates detection with genotype protection that instantly identifies different variants of malware and spam. It guards against unknown malware by analyzing behavior before code executes, detecting zero-day threats without the need for signatures.

If we didn’t have Webroot, it would be much more difficult to manage roaming users and we would need a far more manual and complex process. Most importantly, Webroot gives us peace of mind – the threats don’t even reach our network now.

- Keir Bancroft, Technical Service Director, Neopost

Active Content Threats

The Webroot anti-malware engine detects active content threats by using binary signatures. It also detects ActiveX controls heuristically, and can extract content from a variety of file types to enable detection based on different streams. For example, a single detection written for some types of JavaScript will detect the content of raw JavaScript embedded in a complex HTML file, or embedded in a PDF file. The Webroot engine extracts the relevant types of embedded content from a file, and then runs the identities against the relevant data streams.

Typical examples of files from which this technology can extract active content threats include:

This approach enables the Webroot service to detect and automatically block not only any malicious content found in web pages but also in the web traffic stream.

Automated Protection

If the Webroot service classifies a website as containing malware of any kind it is automatically blocked by default. Or rather than blocking sites completely, other settings include “coach” (warn but give the user the choice to proceed to the site) and “allow” (add the site to whitelist).

For decoding of Flash applications, the Webroot antimalware engines protect against many of the exploits seen that use Flash (e.g., Exp/SWFScene-A) by providing the flexibility to inspect these files in detail. The engines also extract embedded ActionScript content and provide a stream on which to base detection and write generic detections for Adobe AIR or Silverlight decoding. The components of these (or similar) applications include HTML, scripts and Flash, each of which are inspected by the antimalware engines in the same way as active content served from a web page.

Content Filtering Controls

Currently Webroot identifies 96 file and content types by file extension, MIME type and close examination of individual file headers (a capability not available with competitive solutions). This capability eliminates any chance a file can bypass content filtering. Webroot also blocks eight MIME type categories—e.g., if "Other Video Streams" is blocked, then any video streams identified by the general MIME type for video, regardless of whether it is in a specific list, will be blocked.  Administrators can also add ‘Custom options’ for MIME types and file extensions to be blocked.

A Layered Approach

Proprietary and best-of-breed Webroot anti-malware technologies enable a layered approach to defending against known and unknown web threats. Proven Webroot tools for stopping web-borne malware include anti-phishing heuristics and JavaScript/Shell Code analysis.  A team of over 30 dedicated threat researchers further ensures all web threats are contained.

Next: Containing Unknown Threats »