F-Secure 2007 AV only

get the suite and enjoy total protection with some new things to be added as we go.

 

Normally F-Secure does not update on weekends. However, today it updated twice I think. If there is an outbreak or threat it does update on weekends.

Of course it does not compare with KAV as far as updates are concerned.

That did bother me, but I have come to the conclusion that it is not that big a problem. I guess ZD threats are not the threats we may want to make them.

I always have to go back to so many folks that I know who use AVG and Avast both free. We post about ZD threats and think we need the latest heuristics, while they just operate without becoming infected. Normally they operate without anything else except Windows firewall, AdAware, and Spybot. I think we are paranoid. None of them has the faintest idea what a sandbox is.

All this is fun to consider, but really I am not convinced it is especially useful for the average user. If it is, then why are not those I know who can't spell the words not having all kinds of problems? But they are not. The only ones that have problems are some students I know that have no idea about updating Windows or their AV.

Added.
While most of us will disagree with Scot Finnie's choice of F-Secure as the best, I must say that he is no dummy in the security area. He is stiill convinced it is the best, although he likes NOD32. He thinks KAV6 is buggie. I have to admit that there seem to be more bugs in KAV than FS. Scot's latest thoughts are here.
http://www.scotsnewsletter.com/86.htm


Best,
Jerry

 

i do see your point.
i can also see why people recommend kaspersky to high risk surfers IMO.
lodore

~removed un-necessary whole quote of post directly above....Bubba~

 

"i can also see why people recommend kaspersky to high risk surfers IMO."

I do too. Many of the ones I am talking about are old, like me, and are very low risk surfers.
I think I have posted this before now, but I have a friend of 30 years who wanted to get some Readhead brand hunting pants for one of his sons. He was having trouble finding them so he goggled "Redhead."
WOW, guess what??

His wife was with him when he did that, and she thought the results were very funny. He didn't. I told him to never google redhead or blonde unless he wanted to be flooded with porn sites. I think he learned. That is learning by the "School of Hard Knocks."

No, I did not learn that in that manner. I just knew from Wilders.

Jerry

 

thats why when i setup a laptop for my neighbor who is an elderly gentleman
i installed site advisor and explained what the system meant and do not click on the links that have a red cross next to them.
i know siteadvisor can get it wrong but its safer this way.
lodore

~removed un-necessary whole quote of post directly above....Bubba~

 

i think this thread has gone soooooooo off topic.

its turned into yet another kaspersky one.

 

Hi,

I didn't see that before, but it looks like that there is some misunderstanding here: as far as I understand, f-secure is using its own sandbox technology (named Pegasus Sandbox, I could not find more information on it) and not Norman sandbox.

(...) the artificial intelligence first runs a scan using the Gemini heuristic scanning engine and the Pegasus sandbox and then interprets the results (...)

Since DeepGuard (f-secure's HIPS) is triggered only when the program is executed, it is not completely clear if their sandbox is similar to Norman's one (tracing the behavior of emulated code) or if it really executes the code and attempts to hook/trap it's interactions with the OS, which would be more similar to Kaspersky's proactive defense module.

However, if the pegasus sandbox were similar to norman's or to Sophos "Behavioral Genotype Protection", it could also be used during on-demand scans, for scanning incoming email or in appliances on the email gateway. Since it is apparently not the case (from what I read on f-secure's website), it's probably functionnaly equivalent to KAV's PDM, and can only be used as a "last layer of defense".

 

norman sandbox in 2007 is a blend of HIPS and heuristics for zero day,

If there are no previous user decision for the program and F-Secure DeepGuard™does not recognize the program, the artificial intelligence first runs a scan using the Gemini heuristic scanning engine and the Pegasus sandbox and then interprets the results. The Gemini heuristic scanning engine performs an in-depth analysis of the target program, looking for anomalies and signs of dangerous intent of the scanned program. The Pegasus engine, on the other side, is a sandbox -based heuristic antivirus engine.

 

if you right click the f-secure icon and clikc imformation it says trademarks of kaspersky,ad aware and norman copyright norman sandbox.
so thats what made me think its uses norman sandbox.
lodore

 

The risk of previously unknown zero-day threats being able to do damage is greatly reduced through the new F-Secure DeepGuardTM technology. Instead of just analyzing new programs once when they enter the system, F-Secure DeepGuardTM also will persistently monitor the behaviour of software in a real-time mode, scanning for suspicious program behaviour and stopping activities that might pose a risk. Competing one-time-only solutions cannot offer the same level of protection as it is possible for malicious code-writers to obfuscate, encrypt or pack the code in ways that prevent the one-time solutions from detecting it - and once the file has passed it will be free to do anything it wants.

Unlike most competing proactive detection technologies, F-Secure DeepGuardTM uses advanced real-time heuristics and works quietly in the background. It uniquely combines several proactive technologies together, bringing an unprecedented level of protection against any previously unknown threats. More detailed information about the F-Secure DeepGuardTM technology is available at http://www.f-secure.com/deepguard


maybe f-secure still uses pegasus as a backup if deepguard fails, i dont know..... but deepguard is both HIPS and heuristics.

 

3 hours to do a scan that Avira did in 32 minutes. Not for me. Hips or no Hips.

 

That's an interesting information. Another hypothesis would be that they pay a license for exploiting themselves (i.e. with their own code) the patent filed by Norman. Or that they use Norman technology for emulating the malware and logging its API calls (such output can be seen on the Norman Analyzer webpage, here is an example: http://www.norman.com/microsites/malwareanalyzer/Products/Examples_Analyzer/37906 ) and apply their own ruleset to classify the malware based on this output. I still beleive that Norman Sandbox has not shown its full potential yet (it's too "absolute").

But I must confess I don't know if these patents issues are taken very seriously in the AV world, and if it is common for a company to use IP of another company under license. Maybe AV people can comment on this if they read this thread...

 

It uses all of these. It takes forever to scan, but, there is something about the AV product that keeps me coming back. The AV alone is loaded, or in my thoughts a suite by itself. If they could only improve on the scanning speed. Of course with all of its arsenal, scanning frequency should be reduced.

 

F-Secure takes about 45 - 50 minutes to scan my machine, as compared to 30+ for NOD, and over 40 for BD when I was using it.

Not a problem for me, but my experience may be the exception with F-Secure.
I admit that it would take some very extenuating circumstances to tolerate a 3 hour scan.

Best,
Jerry

 

FSIS takes around 40 mins for me using 'full computer check' but I only have a total of 25GB used on two drives.

 

i used to use f-secure on defined it took around 2 hours i think.
kaspersky first scan on all files took 3 hours, second scan took 30 minutes and now scans take 18 and a half minutes.
lodore

 

took around 40-1hr on mine... this was 'all files' and im sure defined would have been faster.

can i ask something though, in general (including other antiviruses), is defined files, a risky thing to do? as it doesnt scan all files eh?

how many people set their antivirus to defined?
and what is the risk of doing this?

i say this, as defined is always a whole lot faster in scanning, and aint sure whether to set it to that myself.

 

I do not know how to define appropriate files. I am not sure how much faster it would be.
If one wants a fast scan, then the speed of second and subsequent scans with KAV is the way to go.

Jerry

 

sure is IMO.
first scan 3hours
second scan 30minutes
third 18minutes.
lodore

 

Hi Lodore,

I fear that the 18 minutes scan will give you too much time to get into trouble. FWIW none of the recent scans with KAV take over 7 minutes as I recall.
Best,
Jerry

 

lol my scans get shorter and shorter for a while.
but ive got 62gb to scan.
how much have you got to scan?
lodore

 

I am not sure. I am not at home and do not have access to that computer. I do not have much of the HD filled, and it is less than 62gigs. Probably on the order of half that.

Jerry

 

today's scan took only 12minutes 27 seconds. wow its getting less and less.
lodore

 

Funny!

This link:
http://www.f-secure.com/f-secure/pressroom/protected/prot-3-2006/17-459-3669.shtml
triggers Antivir heuristics HEUR/Exploit.HTML

(VDF 6.37.00.12, Search engine 7.03.00.15)

 

lmao
lodore