Does anyone have any news about when/if version 4 of F-Prot for Windows might be released? Is it even in public-beta?

Late in 2004 the scuttlebutt was that version 4 would be released early in 2005. Are we now looking at early 2006... or what???

{QUOTE-> Does anyone have any news about when/if version 4 of F-Prot for Windows might be released? Is it even in public-beta?

Late in 2004 the scuttlebutt was that version 4 would be released early in 2005. Are we now looking at early 2006... or what??? <-QUOTE}

I've heard nothing but rumors about someday. By the way (slightly off topic) how's the new DrWEB running for you. Other then a few minor annoyances it's running fine here...;D

It will be released only when FRISK thinks we are ready for it. ;D

I'm not gonna touch it for as long as they don't provide actions when malware is detected On-Access. Tghey just warn you and leave the file there to delete it manually or perform full system scan to clean the mess.

{QUOTE-> I'm not gonna touch it for as long as they don't provide actions when malware is detected On-Access. Tghey just warn you and leave the file there to delete it manually or perform full system scan to clean the mess. <-QUOTE}
Yeah... I don't understand why they told us to wait until 4.0 to get that function under XP. They could have at least updated the current versions to have that basic feature.

Latest news I received from F-Prot about F-Prot 4 for Windows,

Thank you for your e-mail.

According to the latest news we have from our development team it should be
released before the end of this year.

Have a nice weekend.

Best regards,
Elsa Kristjansdottir
F-Prot Antivirus Sales Department

Interesting news eh?....:o

Ok,thats new. I just hope they'll keep the promise :P

{QUOTE-> According to the latest news we have from our development team it should be released before the end of this year. <-QUOTE}
Unless they have carried out a LOT of closed beta-testing in-house, I would be very surprised if there was a full release by the end of this year. Maybe by the end of 2006!

Well if there will be as much features as in F-Prot 3.x then they don't have many things to test imo.

I recently asked again. They said they planned on it being released by the end of this year, with a beta version coming out before that.

I think Frisk does most of their beta testing in house. Many of their products don't have public betas, and the ones that have had public betas were fully released not long after the test started.

They have been more confident about the release date recently, as well as what features will be included. Hopefully it will be released soon.

{QUOTE-> I've heard nothing but rumors about someday. By the way (slightly off topic) how's the new DrWEB running for you. Other then a few minor annoyances it's running fine here...;D <-QUOTE}
DrWeb continues to be my *main man* & is running just fine. However, 4.33 HAS slowed things down a bit on my computer. Moreover, I am slightly distressed by the deafening silence from DRW's gurus concerning on-going issues with 4.33.

Therefore, I hope for the best for DRW, but feel I must prepare for the worst. F-Prot has long been on my short list of possible replacements for DRW should I need one. So also are NOD32 & Bit Defender.

Reference Jim_K's comment that FP does most of its beta testing in-house. It seems DRW did the same with respect to 4.33. Seems to me it is a questionable practice. No doubt 4.33 worked just fine on the computers which DRW used for testing it. However, it seems evident that DRW's customer base is using a much more varied mixture of computers, OS, & possibly conflicting programs, than was the case for the computers used by DRW in beta-testing.

I hope Frisk doesn't make a similar error. For example, there are lots of folks here at Wilders who would be valuable additions to any beta test.

{QUOTE-> DrWeb continues to be my *main man* & is running just fine. However, 4.33 HAS slowed things down a bit on my computer. Moreover, I am slightly distressed by the deafening silence from DRW's gurus concerning on-going issues with 4.33.

Therefore, I hope for the best for DRW, but feel I must prepare for the worst. F-Prot has long been on my short list of possible replacements for DRW should I need one. So also are NOD32 & Bit Defender. <-QUOTE}

DrWEBs silence is getting a bit bothersome. Nothing in their forums and no answer to 2 emails I have sent in the last 2 weeks. My license runs out in 3 weeks and just don't know if I will stay with them or not. Customer care isn't always their hallmark. Heck my inquiry to F-Prot got a response in less than a day. I may just trial F-Prot over the weekend and see how it drives...cheers...;D

i have the feeling Dr.web 4 and NOD 3 will come before F prot 4.......

{QUOTE-> i have the feeling Dr.web 4 and NOD 3 will come before F prot 4....... <-QUOTE} Your definitly right about Dr Web 4 considering it is at 4.33! ;D ;D

{QUOTE-> It will be released only when FRISK thinks we are ready for it. ;D <-QUOTE}

Hmm.... what kind of alien technology does it have? :P

{QUOTE-> Hmm.... what kind of alien technology does it have? :P <-QUOTE}
It contains "Alien Stealth" technology with stealths it from hackers and malware. It is reverse-engineered alien technology. :P;D

:thumb:
Hi folks I have received this reply (news) from F-Prot Antivirus Technical Support now promissing a release candidate (beta version) before my subscription expires in June 2006. This is my last effort to believe them. Because if not I will give it up.


"Dear Frisk Support Team,
I have read at wilders security forum about f-prot 4. When will It really be
coming? Because on june, 2006 my license will expire and I am not certain
about renewing with you If won't get more competetive like others AV
scanners.You heuristik is not so effective; you do not have any password
protection and there is no option to quarentine instead of deleting the
file. I forgot to mention about unpacked files. I know you use light
resources but avira does too. I wanna keep up on you but you may to shift
your scanner dramatically sooner. I expect you hear your faithful
customers.I wanna thumbs up for you again sooner. Best regards.your frequent
customer.

Hello and thank you for your mail.

I agree with you that the release of version 4 has been delayed for too long
time.

Our developers are currently still working on this version but we should see
a release candidate (beta version) before your subscription expires in June.

Please do not hesitate to contact us again if you need further information.

Best regards,
Valtýr Jónasson
F-Prot Antivirus Technical Support

support@f-prot.com
http://www.f-prot.com
Tel: +354-540-7400
Fax: +354-540-7401"

F Prot 4 = Duke Nukem Forever ??

We have same reply every year. And yet we haven't seen anything. Although Mike do have words on FProt 4 saying it is close to completion.
So for now KAV 06 does the job. ^

Hope they have many new features in it so as our waiting haven't been in vain...

I have been an F-prot antivirus user since 1999, recently I tried NOD32 and KAV 5.0.527, and think both of these antivirus programs are outstanding, but, today I re-installed F-prot antivirus, I just like this antivirus and look forward to F-prot V4.

{QUOTE-> F Prot 4 = Duke Nukem Forever ??

We have same reply every year. And yet we haven't seen anything. Although Mike do have words on FProt 4 saying it is close to completion.
So for now KAV 06 does the job. ^ <-QUOTE}

Is there any chance that Frisk will be bought out by some larger companies, like Ewido taken over by Grisoft, so that 4.0 was delayed and delayed? :P

Users of NOD32 and Norman Virus Control are also waiting eagerly for 3.0 and 6.0 respectively.

{QUOTE-> Is there any chance that Frisk will be bought out by some larger companies, <-QUOTE}

Lord, help us.

It will be released soon like they said. Really. So just be patient.

{QUOTE-> It will be released soon like they said. Really. So just be patient. <-QUOTE}

another confirmation :D

Nice to hear.

{QUOTE-> It will be released soon like they said. Really. So just be patient. <-QUOTE}
Thats good news to hear. :)

But I do hope that future versions of F-Prot (version 5.0 and onwards) are not delayed the way version 4 was, or FRISK may eventually have to go the 3DFX way.

{QUOTE-> another confirmation :D

Nice to hear. <-QUOTE}

It is now sounding more and more like it will happen very soon.

Here's another sign: http://www.frisk.is/fpwini.html. I have no idea what most of the site says, but there are two things I noticed:

It is now called F-Prot Antivirus in Iceland (used to be Lykla-Pétur). It looks like they are trying to get people over there used to a new name (well, new for them). This seems like a strange thing to do if something new isn't real close to arriving.
Notice the new product logo? This has been used for the Exchange version of F-Prot on the U.S. site for a while, but this is the first time I have seen it used for the regular antivirus program.
I really do hope it gets here soon.

Latest news on F-Prot 4 is as follows,

soon.

Private email removed except one word - Ron

{QUOTE-> Latest news on F-Prot 4 is as follows,

soon. <-QUOTE}

Hopefully, this "soon" will not be 2007.

{QUOTE-> Hopefully, this "soon" will not be 2007. <-QUOTE}

No worries.

I can confirm that. I mean the beta product i got was far more mature than any beta program i've tested so far. Thats certanly a good sign. I can't tell for the engine part though (Thats Inspector's playground hihi), but everything else was already very polished. All i can say is stay tunned and you'll see 8)

@Clouseau What about the Armadillo unpacker mentioned in your blog? DilloDie is far too slow and too unreliable to be implemented into an AV scanner. Is your unpacker so much faster?

{QUOTE-> I can confirm that. I mean the beta product i got was far more mature than any beta program i've tested so far. Thats certanly a good sign. I can't tell for the engine part though (Thats Inspector's playground hihi), but everything else was already very polished. All i can say is stay tunned and you'll see 8) <-QUOTE}

So nothing more can be disclosed at the moment because of the non-disclosure agreement for the being a beta tester?

Some say the next version will be F-PROT 4 while some say it is F-PROT 6. May I know if F-PROT 4 or 6 will include anti-spyware functionality? :P

v6 with spyware detection..

Well Inspector said it's engine version 4 and interface version 6.
Thats why the 6 in the program...

Pretty similar with BitDefender. Their engine is version 7, but program is already at version 10.

I hope F-Prot can catch up with the other top preformers again. I'll keep an eye on it.

yes it will

Sounds like the long-long wait is going to have a very good finish for the folks at Frisk..:thumb:

I can't wait to test it....it was a time when I used it and thought it was number one. Hope this version will make me reconsider it again as the best. ;D

Inspector is working pretty hard according to his blog ;) Adding generics and stuff ;D

yeah...now I've read again its blog...seems promising. :)

{QUOTE-> Inspector is working pretty hard according to his blog ;) Adding generics and stuff ;D <-QUOTE}

So you and Inspector were selected beta testers of internal builds of F-PROT?

{QUOTE-> I can't wait to test it....it was a time when I used it and thought it was number one. Hope this version will make me reconsider it again as the best. ;D <-QUOTE}

F-PROT, Norman Virus Control and Sophos have very good detection rates in the past, but they are somewhat lagging behind now. Some users in the Norman forum are also looking for Norman 6, but techincal support replied that it is still not yet ready for beta.

{QUOTE-> So you and Inspector were selected beta testers of internal builds of F-PROT? <-QUOTE}

Just me. He's part of FRISK team :P

{QUOTE-> Just me. He's part of FRISK team :P <-QUOTE}


WOW!!! Inspector should put a thread here when F-PROT 6 is available. Want to have first hand information ;D

I read the Inspector's blog about his work on generic banker trojan detection. I had NO idea that developing a protection for only ONE threat could be such a time-consuming & highly skilled job.

Since MANY new threats appear daily, how in the world do AV/AT outfits keep up? I am especially concerned about the capabilities of small outfits like BOClean. As far as that goes, I'm fairly certain that Frisk doesn't have hundreds of employees, either.

Does anyone have an idea as to *about* how many folks the large outfits (like Symantec & Kaspersky) have on their staffs who are doing the same sort of job that the Inspector is doing for F-Prot?

{QUOTE-> I read the Inspector's blog about his work on generic banker trojan detection. I had NO idea that developing a protection for only ONE threat could be such a time-consuming & highly skilled job.

Since MANY new threats appear daily, how in the world do AV/AT outfits keep up? I am especially concerned about the capabilities of small outfits like BOClean. As far as that goes, I'm fairly certain that Frisk doesn't have hundreds of employees, either.

Does anyone have an idea as to *about* how many folks the large outfits (like Symantec & Kaspersky) have on their staffs who are doing the same sort of job that the Inspector is doing for F-Prot? <-QUOTE}

Of course you don't spend so much time on every single threat. You can usually add them via signature/crc match which means this sample would be just detected. If you write a generic detection for a special malware type (in this case the banker trojan family) you have to spend more time and efford into researching and developing. Because you need to know "in advance" how new banker trojans will look like even if you do not have them yet as samples.
But this makes sure that you can detect a huge amount of new variants from this malware family - even if the code seems to be completely rewritten. You have to deal here with special cases, such as that the code you are looking for could be on-the-fly encrypted/decrypted (has nothing to do with simply runtime packed where the unpacking engine / emulator takes care of) - i posted several complex banker reversing informations already in the malware research forum. For instance the strings it uses to watch bank connections are usually encrypted. Sometimes they are encrypted in this way that you will not see them in plain text even if you make a memory dump because they are "on-need" decrypted and later encrypted again. As i wrote already in my log, we have somewhat above 4 Gigabytes (even 2 Gigabytes more with samples which are close to banker family but they aren't really) so that takes also a huge amount of time for the viruslab to include these critters if you get several new samples every day. Besides the generic way of detecting them is a better detection for the users since a proper written generic deticated special routine will tell you exact that we have a new banker variant, regardingless with what it would be packed. (Some other vendors flaging this as a variant if it's for instance just repacked - i do not mean just repacked here in this case)

Dear Inspector,

With great respect for all your explanations, I am enjoying your Weblog for 500 %. Man, it must be great living in a beautiful country like Iceland. Great pictures, great stories. It's great to hear some inside information about working on a virus scanner, very interesting.
But working on that and living like you do, I wouldn't mind swapping for a while.....!!!!
Good luck with F-Prot and keep up the good work!

{QUOTE-> No worries. <-QUOTE}

Just curious. Is Authentium involved in beta testing F-PROT 6? Just wonder if Authentium will continue to license the F-PROT version 4 engine in future versions of Command AntiVirus.

@Mike

Let me know when generic banker detection has been implemented. I would like to verify whether my various "investment bankers" are also detected ;-)

hxxp://img85.imageshack.us/img85/6725/investmentbankers4ez.png

Can you send this sample to me that i can check if the emulator goes through this?

I have already uploaded it to (your? and Derek's forum). See the unpacking section. (Regardless of whether it's detected or not I would be interested in your opinion on the relevance of the technique used.)

I'm right now on the mac latop so i will check this later today on a windows machine if it's detected with my generic detection as i do not have the latest development version here on this laptop.

{QUOTE-> I have already uploaded it to (your? and Derek's forum). See the unpacking section. (Regardless of whether it's detected or not I would be interested in your opinion on the relevance of the technique used.) <-QUOTE}

It's of course detected via heuristics/generic detection ;D
If i do something then i do it in a proper and working way - you should know that ;) Andreas Clementi could probably confirm it, since he has my heuristics version of f-prot since quite some time and even this version detects this banker - i just tested it (see attached screenshot) ;D

This entry point jumping actually only fools a static unpacking engine - and normally not even this if the packer recognization is proper done. If you just make a CRC over the first code after the EP for packer detection this will not work of course.