Hello,
i was reading the thread the other day about the many engines of f-secure.
i tryed the lastest f-secure technology preview beta.
i changed the manual scan settings to scan all files and started a scan.
i cancelled the scan and read the html scan report.
i have uploaded a text file of it.
the engines are as follows
AVP
F-Secure Hydra
F-Secure BlackLight

what is F-Secure Hydra?
im wondering if it still uses ad aware for its antispyware.
thanks in advance
lodore

-{ Quote: "F-Secure AVP: 7.00.171, 2008-02-21
F-Secure Hydra: 2.04.7360, 0-00-00
F-Secure BlackLight: 1.00.65 " }-
The amount of engines reduced! ;D
Anyway, I think the new Hydra engine might be a combination of their previous own engines (Libra/Orion) and Norman's Sandbox (Pegasus). Correct me if I'm wrong.

As I heard they dropped Ad-aware, wich was named Draco in F-Secure.

their mobile antivirus uses a next-generation scanning engine called Hydra 2, which makes it even more efficient at detecting viruses before they cause damage to a phone

so, something similar?

probably not, but similar name :D

@C.S.J
Probably their new (generic) name for in-house (or combined) engines.

-{ Quote: "@C.S.J
Probably their new (generic) name for in-house (or combined) engines." }-

My bet is on combined engines as an Hydra has multiple heads(or scanning engines)

-{ Quote: "My bet is on combined engines as an Hydra has multiple heads(or scanning engines)" }-
Correct kinworlf
http://upload.wikimedia.org/wikipedia/commons/6/6c/Hydra_04.jpg

But I doubt they'll use multiple engines on a mobile antivirus?

answers on the F-Secure forum are really vague.

"Hydra is a new scan engine and it's far more capable than Orion and hence we're adding lots more detections to it."

"Quick answer:
Hydra is a new general purpose scanning engine."

-{ Quote: "The amount of engines reduced! ;D
Anyway, I think the new Hydra engine might be a combination of their previous own engine (Libra) and Norman's Sandbox (Pegasus). Correct me if I'm wrong.

As I heard they dropped Ad-aware, wich was named Orion in F-Secure." }-
I always thought the modded F-Prot engine was Libra, Ad-Aware was Draco, and the in-house heuristics was Orion.

-{ Quote: "I always thought the modded F-Prot engine was Libra, Ad-Aware was Draco, and the in-house heuristics was Orion." }-
You are correct about Draco and Orion, all those names... :wacko:

Anyway, the Libra engine might find it's base at F-Prot, but I'm not really sure about this though.

-{ Quote: "You are correct about Draco and Orion, all those names... :wacko:

Anyway, the Libra engine might find it's base at F-Prot, but I'm not really sure about this though." }-
In my testing I noticed that the naming format of things detected by Libra always were in a similar format to that of F-Prot or Norman (more like F-Prot and less like Norman actually). Based on the detection names I saw I am inclined to think Libra is indeed having something in common with F-Prot. What I did notice is that Libra is NOT the complete F-Prot scan engine as files detected by F-Prot's heuristics are not usually caught by Libra.

Orion is an engine developed solely for detecting Win32 viruses. As such it wasn't very significant most of the time.

Interestingly; during my time using F-Secure, I noticed that the Draco engine would only work real-time and not on-demand. I tried working with F-Secure to correct the problem but eventually ran out of time as my life got busier and busier....:(

Hopefully that bug is fixed for good with the next release!

PS: To all of you who have sent me PMs within the past week, I have read them and will try to reply within the coming days (Darn, I've never been this busy my entire life!). :)

ok test number two. i just ran the f-secure online scanner link (http://support.f-secure.com/enu/home/olsbeta.shtml)
once again canceled the scan and uploaded the scan report file as a text document.
Scanning engines:
F-Secure USS: 2.20.0
F-Secure Hydra: 2.6.7470, 2008-02-22
F-Secure AVP: 7.0.171, 2008-02-23
F-Secure Pegasus: 1.20.0, 2008-01-20

so the online scanner beta uses pegasus where as the technology preview doesnt seem to. and what is f-secure USS? is it blacklight and another engine combine?

the f-secure forum has updates on what new malware is added to the datebase and to which engine. mostly avp but some for orion and hydra.

I learnt in this forum that F-secure have changed its AV engine(s).
Can anybody tell me if running F-secure AV 2006 is ok at this moment.
Fact is I got a 6 month trial for free.

-{ Quote: "I learnt in this forum that F-secure have changed its AV engine(s).
Can anybody tell me if running F-secure AV 2006 is ok at this moment.
Fact is I got a 6 month trial for free." }-
The new engines are still only used in the TPB. So no need to worry.

My F-Secure for Workstations still shows all the good old scanners ;) ;D
-{ Quote: "Scanning Engines:
F-Secure AVP: 7.00.171, 2008-02-25
F-Secure Libra: 2.04.01, 2008-02-21
F-Secure Orion: 1.02.38, 2008-02-25
F-Secure Draco: 1.00.35, 2008-02-13 " }-

@Firecat
You are right about Orion indeed. I've been thinking, and remembered that the Libra engine was mainly about macro viruses. Taking in account that this always was F-Prot's strongest point this might be logical as well.

Yep, I've always been told that Libra is F-Prot's macro/scripting signatures/engine.

@lucas1985
F-Prot 3.x always had a separate macro database (as shown on the screenshot), maybe this part of F-Prot is used?

Not sure, but it's highly likely.

-{ Quote: "The new engines are still only used in the TPB. So no need to worry." }-

Thanks Sputnik, for your kind response - Century

-{ Quote: "@lucas1985
F-Prot 3.x always had a separate macro database (as shown on the screenshot), maybe this part of F-Prot is used?" }-

F-Secure used to use the complete F-Prot engine, but later they only used the macro and script scanning parts of F-PROT 3.x.

As there has been very little evolution in macro viruses in recent years, it should not be a surprise that the macro scanner is not under very active development - in fact, apart from fixes to a few heuristics that caused occasional FPs, the 4.x macro scanner in F-PROT is virtually identical to the 3.x macro scanner, so even though we consider the 3.x engine obsolete, the macro scanning part of 3.x (what F-Secure is using) is still up-to-date.

Script scanning is a different issue, and we will be replacing the 3.x script scanner with more advanced technology.

-{ Quote: "
Script scanning is a different issue, and we will be replacing the 3.x script scanner with more advanced technology." }-

Now I wonder whether F-Secure will get this new technology.....But I assume you may not be able to answer that. :)