F-Protect impression

Discussion in 'other anti-virus software' started by Bunkhouse Buck, Feb 14, 2008.

Thread Status:
Not open for further replies.
  1. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I just installed F-Protect AV and it is running very light. What are your impressions of the program? I am particularly interested in your opinions about the effectiveness of the heuristics engine.
     
  2. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    can i get f-prot heuristics engine only
    man it's great
     
  3. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    No, there is no way to disable signature checking with F-Prot.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Surprisingly, FP fared rather poorly in AV-Test.org's proactive tests, as reported (in Dutch) by Security.nl on Jan 22, 2008. Also, the same test report indicates that FP did dismally bad on speed of responsiveness (sig updates) to new threats.
     
  5. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Thank you for the information.
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    F-Prot used to be one of the first pioneers of heuristics back in the DOS/Win95 era. I was still young and noobish back then, but they had excellent file infector/macro virii heuristics IIRC. Unfortunately their heuristics don't fare as well against today's new-generation threats, but from what I gather they intend to fix that with the new Maximus and Eldorado engines.
     
  7. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Hmmm... Really? Based on my experience, they fare aggressively with the new threats. The new addition of Eldorado engine to the Maximus and GSA engines has been a positive step. :)
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    how do you know this about F-Prot?
     
  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Apparently the "Heuristic" Files were mainly to trigger a Behavior Blocker response and since FPAV does not yet have that feature in its engine it's not surprising that its results looked poor.

    This is also supported further if you look at the other scanners tested. Command AV, with the old F-Prot 3 engine scored at the same low level "heuristically" as FPAV6. BUT there are very significant differences between the 2 engines. The most important being that v.4 has three independent heuristic "engines" (GSA, Maximus and Eldorado), whereas the older engine has only a partial implementation of Maximus, and is missing GSA and Eldorado altogether. But this big difference has not been shown in the results.

    The addition of the latest Eldorodo engine has made a big difference in the heuristic/detection rate of FPAV6.
     
  10. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    The Heuristic Engines have "different" purposes. Maximus was designed to identify malware BY ITS TYPE. That said Maximus detections are more "accurate" because they tell you with what you have to deal and tell you almost always to which class/family a malware belongs. Eldorado in contrast to that recognizes if something looks "suspicious". Eldorado uses ".gen" in the naming if the heuristic things it belongs to that family; Maximus uses -based for it.

    Brand new example from today's shadowserver statistic... As you see once it's in it's successful. (Note: The numbers behind it is the number of samples detected via that specific detection; the rest of the other AV programs don't even flag it or only a very few files since that is polymorphic encrypted; so you cannot detect that with a simply signature it's somehow more complex to detect that successful even if you have a good emulator) so you need a deticated detection routine for it and that's what's maximus for. Getting this detection the user knows FOR SURE that this file belongs to the Swizzor Downloader Family.
     

    Attached Files:

  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    That is good enough for me to buy it. And just hope the Vista version is out soon.
     
  12. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    I really like the feel of power in F-Prot, but I cannot handle with the interface. I just wish there was a more "tweakable" interface. Then again since I use *nix 90% of the time I am sure I wouldn't even notice...
     
  13. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I am going to buy it for XP. Yes it has a spartan GUI, but, the efficacy of the program is in what it does, not necessarily what it looks like. If the heuristics engines continue to perform as they are now, this is a big winner.
     
    Last edited: Feb 15, 2008
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    well there are 2 issues with the beta. One when setting a pre-scheduled scan it doesnt save. And when I click on logs, task scheduler pops up but nothing for F-Prot.
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    there is no question that their ability to perform is rising them to the top very quickly. But that GUI is a issue. Like the box that is checked for Internet Explorer, does that mean Firefox isnt covered. I hope they eventually clean it up and it doesnt take away from its ability to perform, which is growing by leaps and bounds.
     
  16. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Firefox is protected as are all browsers with automatic file system protection.

    http://www.f-prot.com/support/windows/fpwin_faq/459.html
     
  17. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    F-Prot license is also very cheap if you have many computers/vmwares/anything. 50$ for a 10 computers is cheapest what you can found.
     
  18. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Yes it is a great deal.
     
  19. Frisk

    Frisk AV Old-Timer

    Joined:
    Jan 28, 2008
    Posts:
    31
    Location:
    Iceland
    As the original author of F-Prot, I am obviously biased ;) but I just wanted to add one comment regarding behaviour blocking.

    Right now our focus is not on behaviour blocking, as in "allow the program to run, but stop it when it does something nasty". At this time we are focusing on improving our heuristics, which have fallen a bit behind, but a dedicated behaviour-blocking program is on the to-do list - no promises as to when it will be released, though.

    We are getting 6.0.9 out of the door, which should hopefully solve some issues people have been having, but we need a bit of time...1-2 weeks.
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I've read in the F-Prot forum that there are plans to develop a moderm successor for F-Prot for DOS in Unicode (Win 2000 and up) and non-Unicode (Win 9x/ME) variants. Is this still being considered?
    Thanks in advance.
     
  21. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    By "original author", do you mean you are Fridrik Skulason?

    Man, sure brings back memories of the old days. Would anyone happen to know what happened to products like InocuLAN and Dr Solomon, by any chance?
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    AFAIK, they were bought by CA and McAfee, respectively.
     
  23. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Ah, thanks.
     
  24. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yes, "Frisk" is Friðrik
     
  25. Frisk

    Frisk AV Old-Timer

    Joined:
    Jan 28, 2008
    Posts:
    31
    Location:
    Iceland
    I'm not sure I understand the question. F-Prot 6.x is for Win 2000 and up (although I admit there are currently some minor issues with Vista, which should get solved VERY soon)

    As for 9x/ME, we are not doing any development for those platforms. It is trivial to compile a command-line version of the program for just about any platform (even DOS, for that matter), but to release an up-to date version for those platforms would require considerable GUI development, and quite frankly it does not make any financial sense. Besides, most malware nowadays does not even run on 9x/ME.
     
Loading...
Thread Status:
Not open for further replies.