I was looking at F-Secure's Weblog and I found this:

-{ Quote: "About F-Secure Exploit Shield
F-Secure Exploit Shield is an application that protects users from web-based malicious exploits and stops malware at the first point of infection. All malicious, exploit-hosting URLs it detects are automatically reported back to F-Secure's Real-time Protection Network, which helps our Security Labs discover new exploits on the Internet and react to protect all our existing customers.

F-Secure Exploit Shield features

* Zero Day Protection: Protects unpatched machines even before patches are available from the software vendor.
* Patch-equivalent Protection: One 'shield' update per vulnerability stops all exploits targeting it.
* Proactive Measures: Heuristic detection techniques block exploits even for unknown vulnerabilities.
* Protects against both malicious websites and good websites that have been hacked.
* Automatically sends detected malicious URLs from users to F-Secure." }-

http://support.f-secure.com/beta/estp/estp.shtml

Look here (http://www.pcmag.com/article2/0,2817,2337242,00.asp?kc=PCRSS05079TX1K0000992) for a pc mag review.

Seems promising.

someone asked the other day if AVs would eventually disappear. I made the comment, not as long as they continue to evolve new ways of fighting malware. This is a perfect example of a vendor that intends to stick around with new technology.:thumb:

I guess, it may be like Link Scanner.

Anybody out there trialling this? F-Secure seem to be persisting with their technology preview, as they call it...and I was just wondering how it compares with the likes of Prevx Edge and other such security tools???

i would try it when i can.
doesnt work on 64bit vista yet.

Well, tried on XP

Has some pretty old exploits in it, two reasonable new. EDIT: All were installed on my system, except for two of which I did not had teh software which had to be patched installed on my system (so an irrelevant patch fo rme).


What it does:
a) provides hot patches from the day exploits are known (so you do not have to wait to microsoft comes out, or you update your mickesoft aps)

b) provides some proactive protection against shell scipts etc for IE (not yet FF)

Conclusion
- when you do not have a policy or virtualisation sandbox or disk/partition virtualisation it is a :thumb: :thumb: :thumb:
- it checks every hour for updates
- I have disabled the individual hot patches for the exploits, I hope it will stil check websites I visit on these exploits (A website using these exploits should not be visited), I have not disabled the module, so fingers crossed.
- This exploit checking is simular to BrowserDefender.
Regards Kees

Quick question-

On my laptop I have Vista basic with Kaspersky av and ZA Pro firewall. Could my laptop benefit from this F-Secure Exploit Shield even if I run IE7? I believe Kaspersky av has some of its security features unavailable for Vista. I am also considering changing ZA Pro firewall for something else.

On my desktop I have Vista Premium with Nod32, SAS Pro and PC Tools firewall. I also run MS Defender form time to time (spynet w/advanced memberships so a pseudo HIPS). Would the F-Secure Exploit Shield benefit me if I choose to not run MS Defender?

I am basically concerned with not having a behavior blocker in Vista- although ZA Pro and PC Tools firewalls offer some.

Thanks for any info

It's an interesting tool. I'm sure will get only better over time.

I wonder if they'll keep it free, though?

Regards

-{ Quote: "Quick question-

On my laptop I have Vista basic with Kaspersky av and ZA Pro firewall. Could my laptop benefit from this F-Secure Exploit Shield even if I run IE7? I believe Kaspersky av has some of its security features unavailable for Vista. I am also considering changing ZA Pro firewall for something else.

On my desktop I have Vista Premium with Nod32, SAS Pro and PC Tools firewall. I also run MS Defender form time to time (spynet w/advanced memberships so a pseudo HIPS). Would the F-Secure Exploit Shield benefit me if I choose to not run MS Defender?

I am basically concerned with not having a behavior blocker in Vista- although ZA Pro and PC Tools firewalls offer some.

Thanks for any info" }-

It uses minimal resources. It also claims to investigate websites on exploits. when using IE, you have the bonus of some proactive protection. So I can't think of a reason why not.

-{ Quote: "...I am basically concerned with not having a behavior blocker in Vista- although ZA Pro and PC Tools firewalls offer some.

Thanks for any info" }-
Going off at a tangent a little bit but have you considered or tried Prevx Edge? Not a behaviour blocker per se but it provides:

- Realtime protection against zero-day and even zero-hour threats
- Ultra-Strong rootkit prevention
- Advanced behavior monitoring and "in the cloud" sandbox analysis
- Blocks known and unknown infections with advanced heuristics
- Identifies and prevents targeted attacks and mutating infections
- Almost-silent operation with the absolute minimal user interaction required
- Light footprint and compatible with all other security products

and is designed to complement and work in conjunction/along side other security applications...which is a first!

It is free as a scanner, ie, notifies you but does not block or clean up infections. You need to purchase a license if you want it to do the latter as well.

I am a fan but it may serve your purpose...worth consideration if nothing else.

;D

Read more at: http://www.prevx.com/prevxedge.asp

-{ Quote: "Anybody out there trialing this? F-Secure seem to be persisting with their technology preview, as they call it...and I was just wondering how it compares with the likes of Prevx Edge and other such security tools???" }-

I gave it a quick test drive. On Vista Business SP1 x86 it noticeably slowed logging in to the desktop. I'm already running NIS 2009, SAS Pro (real time monitoring enabled) and Winpatrol Plus. The slowdown may be the result of some interaction with these other security applications (?) I uninstalled F-Secure Exploit Shield since I don't want the additional overhead. I like the concept though and may try it again when a new version is available.

I should add that FS Exploit Shield places two entries in the Add/Remove Programs list ("Programs and Features" in Vista) so the uninstall requires two steps.

-{ Quote: "It uses minimal resources. It also claims to investigate websites on exploits. when using IE, you have the bonus of some proactive protection. So I can't think of a reason why not." }-

Thanks for the reply. After reading the description a little closer I am assuming the F-Secure Exploit Shield is a type of http scanner. Is that essentially correct? If so, what does this product provide that the KAV http scanner does not yet provide?

thanks

-{ Quote: "Thanks for the reply. After reading the description a little closer I am assuming the F-Secure Exploit Shield is a type of http scanner. Is that essentially correct? If so, what does this product provide that the KAV http scanner does not yet provide?

thanks" }-

It is not an incoming webscanner like KAV, I have no idea how they implemented. They read incoming webtraffic for specific exploits and some generic shell code exploits for IE. It just makes sure that your browser and plug-ins are properly patched, before software producer publishes a fix.

Norton has a similar feature, dubbed Intrusion Prevention. Symantec created a signature to block Conflicker/Downadup from exploiting the Server service, and thus infecting a computer. Been incorporated in Norton AV/IS/360 since 2008. Maybe 2007; not sure.

Firefox is now supported. The latest release was twelve days ago. Does it interfere with Antivir's WebGuard?

No problems with Avira Webguard here.

If I am not mistaken, during February I got in touch with F-Secure saying that it wasn't compatible with IE 8 RC, and I was told that they were going to change the text on the Exploit Shield Beta site, to mention only up to IE 7.

Nothing was changed.

I also asked if they were going to keep it free, as a stand-alone tool or implement it in one of their other products (anti-virus or suite).
I was told that, they didn't plan to keep it as a stand-alone tool, but that they also had no intentions to kill the beta version, which every month a new one would come out so people could give feedback about it. March's gone and I haven't seen any update to the tool or any added shields, so far.

I wonder if they changed ideas?

That would be of intrest to me too, as i think the idea of a light programm like this is kinda neat.

At this point it seems that v6.0 build 77 from 16th February 2009 is the last Beta Version.

Would be sad seeing Exploit Shield beeing integrated exklusively in the Internet Security Technology Preview (ISTP) which is way to much to test for me as i hate suites.