So many (techie) product questions...

@
 
Well as far as the install you are correct but I do still need to un-install my current product and get it cleaned off in entirety prior to installing the new product and thus it would require a reboot (if not 2) to ensure all remnants of the prior product is gone for good...
 
During the un-install processes and reboot(s) prior to starting the new products install I do not want to have an open Internet connection.
 
I feel pretty confident that staying disconnected up to the point of the install complaining about the lack of connection will reduce the risk to bare minimum.
 
I guess I wish security software vendors would at least lock down connectivity and only allow traffic for their proprietary software to access the Internet during these "less than secure" windows during install/authentication processes... (I also do some MSI packaging)
 
Regardless I guess the proof will be forthcoming as I intend to give this product a shot. (thanks in a big part to the helpful and knowledgeable community here)
 

Hi RussH
 
Apologies if we have not been as responsive as you would like but most of us here are volunteers and therefore have day job too...and so our time available to come into the Community and help is can be irregular and sometimes limited (I knoe that my time recently has been more than I would like).
 
In terms of what yo are seeing the first thing that I would do is to review the Scan Log for each system and see if there are any significant difference in terms of the number of Good [g] and Unknown [u] files found on each...more [u]s wcan mean a longer scan time for reasons that are...well, obvious really.
 
IMHO the only option that you have is a Support Ticket so that the Support Team can investigate the make up of each system & the installation of WSA to determine is there is some conflict there.  They will most likely send you some system investigation tools and as you to gather logs and configuration details for analysis back at the ranch.
 
That is what I would do.
 
Hope that helps?
 
Regards, Baldrick

Enjoyed this entire post! Paranoia vs Caution...I remember what it felt like to hang out, unprotected while removing old security---keeping offline till new security refused to go further without phoning home to validate my purchase and update definitions. All the while, holding my breath and hoping there was no breach of ports. (I was glad when RussH suggested that security may want to look at that weak link.) The others did a good job of addressing every point--explaining how WSA works well with most other security--so LAYERED security is the way around some vulnerabilities. And I learned more about how WSA works in the process. I can also identify with RussH when it comes to who controls the running processes. With a PC it was often me in charge but Mac has a different idea. I do think that computers are a lot better at handling resources today. And I can say that WSA is not a resource hog. I avoid frivolous or risky apps. The Webroot features mentioned are optional when it comes to Mac and would seem to be so for PCs too. Best wishes y'all!

Creating a support ticket makes sense to find how to streamline WSA scans---or to put in a feature request for it. IDK what table or index the scan refers to and how it varies on other boxes but hope to hear more about this. No "bait and switch" tactics here. In this community, I found other inquisitive folks who care to help and are wise enough to know where to refer questions to. Like you, I wrote to potential internet security providers. For whatever reason, I did not get an answer from this community at the time. But in fairness, did not check for one--once I realized that WSA is the best thing available for Mac. Health permitting, I follow this community and learn. For most folks here it is probably time permitting. I appreciate the attitude and spirit of this community.

Hi RussH
 
Just tried the "Can I download... disconnect from the internet and safely install at least the base product before re-connecting to the internet and doing updates?"
 
And can confirm that WSA will not install indicating that you have no internet connection, cannot verify activation keycode and asking you to try again when an internet connection is avaialble.
 
Sorry about that...but that is just the way it is.
 
Personally, as I said before I do not believe that you are in any danger in the few minutes between the start and end of the install.
 
Regards, Baldrick

Hi RussH
 
I think that you are splitting hairs re. what you say...as the premise for the responses is in relation to the amount of time you have to connect to the intenet to install WSA, assuming that you get a CD-based copy.
 
And, not wishing to put to fine a point on it...as I said before, and confirmed by what I tried I installed WSAC on my tablet (which is far from being a speedy beast by any means) in just under 3 minutes...and I was probably protected by WSA almost immediately I started the install...but even if for argument one discounts that then we are talking about a 3 minute window (and you are being very well protected by the Windows Firewall...re. inbound intrusions, and most likely by Windows Defender or MSE assuming that you have not disabled them as they are on by default in Windows).  And finally, if you are behind a router then you have even more protection against the intrusion you are presenting as a danager...they will not even have reached you system if the router got them.
 
I do not dispute any of the information you provide in your post (and by the way I have been in IT since 1982, and for many years a programmer and more recently a consultant...so you are not alone in knowing something of what you are talking about) I would just say that you are EXTREMELY, EXTREMELY, EXTREMELY unlikely to fall victim to an attack by malware in the circumstances  we are debating....I have never heard of it happening to a WSA user (perhaps a fellow Community member would confirm or disabuse me of this view?)...but one cannot say absolutely now way it can happen.
 
I am afraid to say, and I do respectfully, that to me you are sounding overly cautious (even paranoid).
 
And to answer your question, in terms of my router...none.
 
Anyway, I do n ot want to start a polemic on this subject.  We have provide all the information we can and therefore the decision as to how you proceed is up to you.  I hope that you chose to join the Webroot Community as a user...but if WSA is not for you then I sincerely wish you well and go luck in finding the right solution for you.
 
All the best, Baldrick 

@ 
 
Yes I have only had these Port 0 attacks show up twice as I mentioned so it has not been a big issue if they persist I will obviously speak with my ISP. (I still find it odd that it only ever happened shortly after installing BitDefender and then again shortly after removing BitDefrender)
 
As to configuration my IP is configured as DHCP at the cable modem BUT... The cable modem is controlled by the ISP (including firmware version) and is serial number matched and locked with its physical MAC address to what is basically an externally static IP.
 
My router is configured to use the Modems provided local IP as DHCP so if I lose connection with my ISP(Internet) my local network (Intranet) is still functional and reverts back once the ISP is re-connected.
 
This seems to be a pretty safe configuration as the connection to the ISP is physically secured using the serial number and hardware MAC. Pretty hard to spoof something like that without having the actual Serial number and Physical MAC of the modem.
 
Even if something does get through the modem my router is then the second line of defense as I have Ping, FTP, uPNP, remote admin, wireless,  all turned off,  as well as having other specific address/site blocks set up on it.
 
Then if all of that fails each connected device still has its own firewall and anti-virus/anti-malware system installed and configured.
 
I feel I am likely much safer than many of the corporate/government networks that have outsourced their IT support... *cough* *cough* that's real safe...

Hi practicality! 
 
Good to see you again!  Admittedly we can't always fix everything, but we do always do our best to try to help.  Sometimes the best we can do is figure out who or where to refer someone to :(
 
I have been on here a while obviously, but I still learn every day.  No one ever knows everything, but I learn a lot just by trying to help others out!

Yes I saw the product features...
 
But the real question is are those other versions "features" installed but "turned off" (off and greyed out in the settings interface for instance) via product key in the basic version and thus still leaving background services/mini drivers running as I mentioned so many others do?
 
I just don't want to purchase yet another product that installs things or leaves things running even though you turn them off or don't expect they are installed/exist due to product feature lists such as these...
 
Are they totally not installed or are they installed with all versions but other wise disabled/enabled via product key?

Thanks for the quick reply!
 
Well right now I am "fighting" with a different product that keeps trying to run a "password wallet" application regardless of configuration setting...
 
I have even gone so far as to boot into safe mode with the software totally off and deleting the offending executable replacing it with a blank file of the same name and then removed all permissions on the file... yes I am serious...
 
And the "auto-update" now continually tries to "update" the application and can't so it keeps telling me I need to reboot to update... I guess programmaticly they assume the file is in use if they cannot complete their update...
 
This is after I have already also disabled other "features" by stopping their services as well...
 
Sorry long story but I think you can see what I mean about unwanted things running in the background... even though they are "turned off" and unavailable for use from the end users perspective... >.< 
 
I mean really that's practically virus/malware like activity if you think about it.
 

Hi RussH
 
Let me see if I can chip in and help here:
 
"For the digital install (download) is this a complete install that can be run off-line as stand alone?"
 
No, as one needs to enter the keycode at the start of the install process and it get validated before proceeding, and during the install the installer runs a scan for which it needs to connect to the Cloud.
 
"I am not going to be interested in a web-install as you are simply at risk without virus software at all while the web-install would run... (yet another flaw in many anti-virus/security products)"
 
Apologies but I really think that you are being overly paranoid there (and I say that sincerely).  The install takes 2-3 minutes depending on processor speed and once installed, right at the beginning of thescan & optimise stage of the overall install you are already well protected.  I have uninstalled and re-installed many many times as part of the testing I do to help other users here, and my system has have never, ever been compromised at that time.
 
"Can I download... disconnect from the internet and safely install at least the base product before re-connecting to the internet and doing updates?"
 
I do not believe so but I will go away and try this and post back in about 15 minutes time withthe result.
 
Regards, Baldrick

Thank you all for trying to be helpful!

I do have to point out there is an issue with the following statement:

"There's also no need to be afraid of connecting to the Internet without an Antivirus. An active Internet connection alone can't get you infected; there always has to be an action from the user(you) like browsing the Web or running malicious applications. So as long as you only start the installation nothing can happen."

You ABSOLUTELY CAN "potentially" get infected simply by being connected to a home network that is connected to the Internet without anti-virus and firewall protection even if you do not visit any sites at all...
 
I happen to be a programmer by trade and do know a bit about how these things work...
Have you ever heard of an injection attack? What about port 0 attacks? Simple penetration testing exposes these types of security threats and if in the hands of hackers? Points them right to the open door...
 
There is always a potential risk for infection even with anti-virus and local firewall configured and running (so without?)...
 
You are however correct in that the potential for this to happen given the somewhat short time frame is lower of course but it does still exist!  (please do NOT lul yourself and potentially others into a false sense of security in that regard)
 
I can pull up my router logs right now and point out unsolicited inbound packets that it has stopped/dropped.
But obviously a router is not perfect and there are things that still get past it's simplistic firewall protection: If they didn't have flaws we would have no need for anti-virus and other security protection on the PC's connected to them.

The web-install if it has to download the remaining product and it happens to be someone that only has a dialup? then their risk is increased as the time without protection is longer...
 
Now on to the physical product on CD/DVD can it be installed (even in say a trial mode) without being connected to the Internet? That would at least give "Some" added protection while completing the authentication.
 
I don't mean to sound so negative or paranoid but we live in the real world and I do have an understanding of the very real security threats that do exist on the Internet. They are out there just waiting for any potential weakness to take advantage of.
 
Did anyone else notice the port 0 attacks on the 6th? (this was in just over 4 minutes)
 
[DoS Attack: WinNuke Attack] from source: 220.165.8.25, port 0, Monday, October 06,2014 07:34:48
[DoS Attack: WinNuke Attack] from source: 199.91.67.202, port 0, Monday, October 06,2014 07:34:33
[DoS Attack: WinNuke Attack] from source: 162.243.172.187, port 0, Monday, October 06,2014 07:34:19
[DoS Attack: WinNuke Attack] from source: 209.59.252.42, port 0, Monday, October 06,2014 07:33:49
[DoS Attack: WinNuke Attack] from source: 82.222.7.139, port 0, Monday, October 06,2014 07:33:47
[DoS Attack: WinNuke Attack] from source: 91.205.172.31, port 0, Monday, October 06,2014 07:33:15
[DoS Attack: Xmas Tress Scan] from source: 220.249.124.226, port 0, Monday, October 06,2014 07:32:01
[DoS Attack: WinNuke Attack] from source: 195.154.7.226, port 0, Monday, October 06,2014 07:31:39
[DoS Attack: IMAP Scan] from source: 184.106.142.243, port 0, Monday, October 06,2014 07:31:03
[DoS Attack: WinNuke Attack] from source: 143.107.97.106, port 0, Monday, October 06,2014 07:30:35
[DoS Attack: WinNuke Attack] from source: 211.110.212.10, port 0, Monday, October 06,2014 07:30:34
 
So you have to ask yourself how many did the router potentially miss...