F-Secure 2010 A sneak peak

OK, it is the 2009 technology preview, but as I was told, it is about what you will see in September. They have done a lot. First, gone is the bad, bad Kas 6 AV engine and the new,new Bitdefender AV engine. Better or worse? Time will tell. I know to me, it is the new best product for 2010 at this point. Their parental control module alone is by PureSight and if you were to just buy a yearly subscription to it, it would cost you $60.00. It is the best and most configurable parental module I have seen since K9 web browsing, which Computer Associates dumped this coming year for PureSight.

I know they have enhanced their own engines, lower the number of processes by 2 I think. So let me walk you through the screenshots. Get the popcorn and butter ready.

First shot: the updating is very quick on install. No more rebooting to get the remainder of the download.

Second shot: Whats this? You mean I finally get to see the number of files scanned. Heaven help us.

Third shot: Handle automatically, a brilliant idea. About time.

Fourth shot: DeepGuard finally gets the dues what it is deserved.

Fifth shot: I like the ability to edit and change this new module, which works very good.

 

One last one, as you can see by the update screen, DeepGuard gets its on update section. This is a very nice suite and will have no problem competing with the rest.

 

Looking good. Does it still have those GIGANTIC icons on the main-screen or have they been toned down just a tad?

 

Thanks for the kind words, appreciate the feedback so please keep it coming (good and bad).

The icons in the current ISTP build are not final ones and will be changed a bit in the next version. They look a bit smoother and nicer now

Also a clarification, the Parental Control used to be based on PureSight but isn't anymore. Now it's using our own technology.

We still have some changes coming in the next build like the option to set Advanced Heuristics for manual scans, renamed some of the options, some additional UI options, more performance optimizations etc.

Patrik,
F-Secure

 

Well if not Puresight, very similiar and very good. I know or think there is another build getting ready to be released. But I have always loved F-Secure and feel that with the upcoming version, they can easily be rated as the top Suite. If any of you know me, I dont play games or try to mislead you, but I really, really like this suite. Its time is coming.

Patrik, my sardines and herrings have not yet arrived?

 

Hey Jeff what build are you testing?

 

Hi, Patrik - good to see you here! I've tested 2010 before and it does seem nice, being continually improved and all on top of it. Something I thought about were the pop-ups when for example a threat is automatically blocked. The automatic-operation is excellent, but it's kinda big and won't go away after a while like say in Norton, where the pop-ups are considerably smaller as well. That makes it feel kinda intrusive as it's not much information to fit into that big pop-up and Norton handles this without a problem.


EDIT: Come to think of it... is the browser protection of F-Secure browsing independent, or is it the same story as always; only IE and FireFox?

 

The pop-up for blocked malware is bigger than Norton's and it doesn't fade away automatically, that's true. I do think that normal users (ie those who never visit forums like this ) want the information to be clearly visible and to remain on-screen until they manually close it. In our experience most users only get a malware alert on occasion, not every day like most people here
But it's an easy enough change to do if the majority of users want it to be smaller, fade away or something else. We're very open to feedback on that.

The browsing protection is somewhat browser independent but at the same time not. The URL ratings is based on plug-ins so that is definitely browser specific. But the ExploitShield is slightly different in that we don't use any plug-ins/add-ons or anything like that but at the same time, there is some browser-specific code so at release we'll only support IE and FF. But we can add support for additional browsers automatically through the update channel.

Patrik

 

well Patrik, I think we are looking forward to see how this pans out. Especially with the new AV engine. Dont be such an infrequent poster. You have the info we want and need.

 

I tested your ExploitShield not long ago. Am I correct in saying it is similar (not the same) to LinkScanner? Also, in my tests I found it did not block as much as it should of

I have high hopes for the 2010 version, and look forward to see what comes next

By the way...downloading now and gonna throw some malware at it (real world scenario)

 

I was testing the 9.40 version on Windows 7 for a while and liked it a lot but I've since uninstalled Windows 7 I was dual booting with Vista and wasn't really using it that much.

However, I did get an email from F-Secure offering me to test an experimental build 9.50 which I downloaded but have never had chance to try out.

 

Don't know if you've seen it, but Sean made an interesting post on the F-Secure blog about the Exploit Shield in the ISTP.

 

Thanks Patrik! Indeed, Norton's pop-up will be there as long as the user sees it - if the user is away, it'll remain there till he or she gets active again. If it won't be made fading, could you atleast consider making it somewhat smaller, since it's not much information to go into that pop-up?

On a another note, I would personally wish that Opera is supported in the browser protection as it's the browser I always come back to.

 

My biggest rue with F-Secure is that it uses too much resources and a full scan takes too much time.

The last time I checked the F-ISTP beta, things hadn't changed much. So has it changed now ? Or is it just the same but now with a new coat of paint ....

 

I'm not sure how relevant this will be with the 2010 commercial version(s). I'm currently running the latest 8.01.xx version of F-Secure Client Security. Compared to earlier builds, it's like night and day as far as resource use and system responsiveness goes. Currently running it with AV and AS settings maxed out alongside Prevx 3 and Zemana AntiLogger with only the slightest noticeable system hit on my 3.0 GHZ HTP4 XP Pro SP3 box w/ 4GBS RAM. With the trend toward powerful and light running security products, the wise heads at F-secure must be paying attention.

 

Hello,
ever since the ISTP has removed the KAV engine and replaced it with the bitdefender engine scans are alot faster and the resourse usage of the realtime protection is defiantly the difference between night and day.
You should try it.

I was sent an email with a link to build 9.50 and its getting better every build. im gonna retry it when i have time since i know it will download program updates and hopefully fix the bugs i reported.

 

Yes and no. The Browsing Protection feature consists of two parts:

URL reputation
This is similar to LinkScanner, SiteAdvisor, Norton SafeWeb and others. It checks URLs you visit against our backend database of known URLs and tells you whether or not it's a good or bad site. It also uses community feedback. We have a blog post about how it works here:
http://www.f-secure.com/weblog/archives/00001697.html

Exploit Shield
This is what's really different from the tools mentioned above. Exploit Shield is an *active* exploit protection technology that protects against drive-by downloads. So it's kind of like a behavior based blocker but for web based threats.

We've got a pretty good description of how it works here:
http://www.f-secure.com/weblog/archives/00001562.html

Go for it and please let me know what it doesn't block.

 

I know I'm partial to what we're doing but it's a BIG difference, both in terms of memory usage, resources used in real-time protection and system scan speed. For example (and this is how most vendors are doing it these days). If you do a quick system scan it might take 3-5 minutes the first time. When you do it the second time it takes 3-5 seconds because we utilize exclusions in a totally different way compared to before. And we utilize those same performance enhancing techniques in the full system scan too.

We still have some more optimizations before release but it's pretty sweet already.

Patrik

 

And the things I mentioned yesterday (changed graphics etc) are now available in the 9.50 build which you can download here:
http://www.f-secure.com/en_EMEA/support/home-office/beta-programs/istp/index.html

Patrik

 

@QBGreen: My test machines are usually the old machines lying around. Like the Celeron with 512 MB RAM and a old P4 with 1 GB RAM. Both crawl and cry out loud on sight of F-Secure (when last tested).

@Lodore: F-Secure shifted to BD That's great news.... I believe the version I tested still used KAV engine. Most vendors have been dumping Kaspersky SDK in favour of BitDefender. Escan, Gdata all have gone to BD now. I think ZA is their last major proponent.

@Patrikr: Nice too see F-Secure has rewired the AV. One question, does F-Secure still do a compulsory quick scan when it finds any infection ?? As I stated in some thread before this too you, IMO its an unneeded feature. As the scan is quite a drag (on my test systems earlier) and not all infections like EICAR and other minor viruses (macro, jokes) deserve a quick scan.

 

Someone said: "On a another note, I would personally wish that Opera is supported in the browser protection as it's the browser I always come back to."

I agree! Opera is my default browser for years and probably will still be for more years and we still see poor compatibility from almost all software companies.

The improvements of F-Secure are visible particularly when we talk about resource usage and client. A big positive aspect of F-Secure team is that people are totally open about comments and suggestions. I send some troubles and I criticize sometimes and I always get a reply about my feedback. F-Secure general support is very good too. I still miss advanced options as an option for advanced users (what to do with found malware, quarantine, clean, delete?). The handle automatically option is very good but sometimes we want something more.

I'm still waiting to verify detection changes now that Kaspersky is out and BD is in but I'm optimistic.

 

Yep, that's gone (thanks to user feedback). If the malware is not running we'll just quarantine it immediately, no questions asked (unless you've set the option to be asked every time) and without running the mini-scan.

If the found malware is running we will do the mini-scan. One difference from before is that previously we filtered the results and *only* removed files/registry keys related to the found malware and actually left other malicious files behind. Now the mini-scan will remove *everything* it finds, including malware that are unrelated to the one that triggered the mini-scan.

Some of the above has already been implemented in the current product too in the normal updates but not all.

Patrik

 

You can easily change the option to have the product ask you every time so no problem there.

From what we can tell from our own and privately ordered tests the detection rates in the new product are really awesome and it's not all thanks to the engine change. Our own Hydra engine is now much more mature and the detections we're now doing in-house are working really well and adding a lot of value to the product. Can't wait for the next round of public tests.

Patrik

 

We will add additional browsers but not sure in which ones. Logic states that we'll add those with the biggest user base first which probably means that Opera won't be the first one we'll add support for but let's see what happens.

Patrik

 

Glad to be here. Just keep the questions coming.