Their AV is Sophos which is considered amongst the best in the corporate world and Webroot has the only consumer edition of it. Please explain how you determined that their AV is crap.
There are many reasons which contributed to my determination that Webroot AV based on Sophos is crap:
1) It *seems* to not use the Sophos heuristic engine because Sophos does some runtime compressor detections as "Mal/Packer" which is not there in Webroot Spy Sweeper + AV.
2) AV-comparatives tested this product and it achieved a very nice 77% detection rate. In AV-comparatives, it is generally accepted that even a moderately good AV product will score at least 85% in detection rates. Thus, according to AV-comparatives, Sophos was behind all of the following vendors:
AVIRA (AntiVir)
GDATA
Avast!
AVG
BitDefender
Dr.Web
Fortinet
F-Prot/Authentium Command AV
F-Secure
Kaspersky
McAfee
Microsoft OneCare (even this one didn't reach the minimum certification of 85% detection, but it was still better than Sophos)
NOD32
Norman
Norton
TrustPort (uses Norman+BitDefender+AVG+Ewido, not available for purchase globally)
Trend Micro
ArcaVir
You can see the thread discussing Sophos' poor result here:
http://www.wilderssecurity.com/showthread.php?t=170097
However, you can no longer see the results because Sophos made a hue and cry and demanded that the results be removed as it was degrading to their reputation. However, the tester himself has made a post highlighting Sophos' detection rates since 2004 in the same above thread. See below for post number 53 of that thread
http://www.wilderssecurity.com/showpost.php?p=980923&postcount=53
I will quote him here:
IBK said:
feb04 86%
aug04 82%
feb05 79%
aug05 78%
feb06 ??
aug06 ??
feb07 under 77%
AV-comparatives' testing practices are reliable and are widely well-regarded in the industry as being one of the most comprehensive testing authorities. Companies like Eset, AVIRA and Kaspersky have frequently made articles on AV-comparatives, which means they have accepted the correctness of the results. Obviously, Sophos does not want any of it...do I smell a chicken?
2) AV-test.org, which is another industry-recognized and highly reliable testing authority has also tested Sophos in the past. See two threads of this discussion:
- AV-test.org test published in German PC Welt magazine, October 2006:
http://www.wilderssecurity.com/showthread.php?t=148622
Sophos scores a mediocre 65.55% as you can see in the thread. I'll reproduce the entire test results here for your convenience (300, 000 trojans were used as the sample set):
1 WebWasher 99,97%
2 Antivir 99,952%
3 AVK 2007* 99,951%
4 AVK 2006* 99,89%
5 Symantec 99,04%
6 Kaspersky 98,86%
7 F-Secure 98,24%
8 Bitdefender 96,51%
9 Norman 96,34%
10 Nod32**** 95,80%
11 Avast!**** 95,17%
12 AVG**** 94,78%
13 Fortinet 94,65%
14 McAfee 93,99%
15 Rising 91,18%
16 Panda 90,45%
17 Dr Web 90,38%
18 Trend Micro 90,03%
19 Ikarus 84,77%
20 VBA32 81,28%
21 F-Prot** 77,88%
22 Command** 77,11%
23 Microsoft 76,18%
24 Ewido 74,67%
25 Sophos 65,55%
26 eSafe 59,34%
27 UNA 58,76%
28 QuickHeal 55,72%
29 Proventia-VPS 51,76%
30 ClamAV 48,71%
31 eTrust-VET*** 48,37%
32 eTrust-INO*** 41,92%
33 VirusBuster 40,94%
A second test published again in November on the same magazine and again performed by AV-test was not so favourable towards Sophos (see thread below):
http://www.wilderssecurity.com/showthread.php?t=155906
1 WebWasher 99.89%
2 AntiVir 99.86%
3 AVK 2007* 99.78%
4 Fortinet 99.75%
5 AVK 2006* 99.63%
6 Symantec 99.08%
7 Kaspersky 98.96%
8 F-Secure 98.27%
9 BitDefender 97.45%
10 Norman 96.01%
11 Avast**** 95.91%
12 NOD32**** 95.65%
13 AVG**** 95.25%
14 McAfee 94.88%
15 Ikarus 93.55%
16 Trend Micro 93.46%
17 Dr.Web 91.11%
18 Panda 90.37%
19 Rising AV 90.11%
20 Ewido 81.71%
21 F-Prot** 81.56%
22 Microsoft 81.22%
23 Command AV** 81.00%
24 VBA32 80.99%
25 Sophos 75.62%
26 eSafe 68.84%
27 UNA 65.54%
28 QuickHeal 57.48%
29 eTrust - INO*** 55.39%
30 Proventia-VPS 53.95%
31 eTrust - VET*** 53.11%
32 VirusBuster 51.08%
33 ClamAV 48.76%
The test set used for this test was:
83.000 Worms
86.000 Bots
218.000 Trojans
79.000 Backdoors
* = GDATA AntiVirusKit (AVK) 2006 used BitDefender+Kaspersky engines, while the 2007 version uses Avast+Kaspersky engines.
** = Due to product immaturity of the latest version F-Prot 6.0 at the time of testing, the older version 3.16f was used for testing. Command AV was also using the F-Prot 3.x technology at that time. Both products have upgraded their engine to version 6.0, and both are MUCH better today in terms of detection rates.
*** = eTrust has two engines, InnoculateIT and VET. Both are usually close to each other in terms of detection rates though.
**** = In the PC World article I linked to in one of my previous posts, it is important to know that AV-test also performed the malware detection tests in the PC world article. The PC World article was published April 23, 2007 and shows that both AVG and Avast have higher malware detection rating than NOD32 (However, this is not the only consideration PC World used to determine overall product rating). Also, it is to be remembered that
AVG Professional was used (which detects adware/spyware), not AVG Free edition (which doesn't). AVG also now has a newer product which integrates the Ewido engine alongside with AVG. This product is called
AVG Anti-Malware, and tests at AV-comparatives have shown that this product raises AVG's protection level to be on par with BitDefender, while costing only US $5 more than AVG Professional. But
spyware detection does not matter in the PC Welt tests, because no spyware samples were used. However, the PC world test does use spyware samples.
So basically, Avast>NOD32>AVG Free, or AVG Pro = Avast>NOD32, or AVG Anti-Malware>Avast>NOD32. But regardless, the protection level offered by all AVs is very good, and one should not change his/her AV for this purpose. Also, NOD32's heuristics is a lot better than both AVG and Avast, which will help protect users from the latest malware.
I hope this was enough proof to show you that Sophos is not up to par. And since Webroot appears to not even have Sophos' heuristics engine, it is even more crippled than Sophos itself. Spy Sweeper's inherently good Anti-Trojan/Spyware capabilities are not enough to offser Sophos' bad detection rates in terms of trojans/worms/bots/dialers/otherOS malware detection. It is best to use Spy Sweeper with some other *good* AV for maximum protection.
Also, NOD is very reasonable -- here in HK at least you can buy a 5-seat license for ~$125 US. For the first time, ever, an AV is affordable enough for me to protect all of our machines with legal licenses on commercial AV software. They also have a free 30-day trial... I imagine that, in a few years, NOD will be famous enough to be bought out by McAfee or Norton or some new giant looking to make a name for themseves in AV, and become teh suck, too... 
