F-Secure 2010 A sneak peak

Turns out I was wrong. I checked with the developers yesterday and we already support 32-bit browsers on 64-bit platforms (Vista and Windows 7). Tried it out myself using FF 3.5 on a Windows 7 64-bit build 7100 and sure enough, ExploitShield worked great.

Sometimes I don't mind being wrong

Patrik

 

About 10-11 years. We launched F-Secure CounterSign, our multi-engine architecture back in 1998 or 1999 which had three engines; Kaspersky, F-Prot and Orion.

Not really sure why people are so convinced our detection rates will drop because of the change and I don't want to get into a discussion of "Engine A is better than Engine B", there are plenty of tests around to give people an idea of how each engine works.

I've said it before, we *will do better* once 2010 is released and for those AV vendors who are on this board who get some of the non-public reports can confirm this as our 2010 engine mix has been part of the regular testing for about two months now. It's superior to 2009, no doubt about it. Until public tests are available I can't really talk to much about it but trust me when I say it will have better detection rates. We wouldn't have made the change if it didn't.

Nice! Let us know how it works out.

Cheers,
Patrik

 

That's great news Patrik! So does that mean that ExplotShield is in fact working for me (Vista x64, FF 3.5) currently in the ISTP or does it still need to be updated? Are you able to provide me with a simple test I can try to see if it is working?

 

Hmm... I'm actually using a version that's later than ISTP and it works fine there but in ISTP 9.50 it doesn't seem to work. I'll check with the developers again, should be as simple as releasing an update to ISTP.

Patrik

 

I'm sorry if I'm posting a question which is already answered but does 9.50 Exploit shield work with Firefox 3.5 on xp sp3 32 bit?

 

Yep, no problem with that combo.

 

Thanks Patrik. Will keep my fingers crossed!

 

I really do not think it is fair for the business community who rely on client security to wait. I think both home and business products should be developed on a comparative time frame.

 

I hope as well that BitDefender doesn't ruin the F-Secure's well-earned reputation for low false positive rates.
In my recent experience, it seemed they (BD) were not much in a hurry when it comes to fix their own FP's

 

I was thinking of trialing FS 2009, but it occurred to me that if I did they would not let me trial 2010. Is this correct?

Regards,
Jerry

 

It's easy to have low FP when your heuritics are so low. That's what I hope gets improved in their 2010 product. BD engine will help with that, but yes, it has somewhat high FP.

 

I think each product is trialled independently of each other but I may be wrong. I'm sure Patrik will clarify.

 

Hmm... I honestly don't know. My gut feeling is that installing 2009 shouldn't prevent trying 2010 when it's available.

Patrik

 

Thanks for the replies.
Regards,
Jerry

 

Hi!

Been following the thread while using the ISTP and it works very well, I´m really looking forward to the release of the finished product come September sometime. I´m just curious: F-Secure claim that when the product will be tested by independent labs it will achive a much better result than earlier products. I also use FSIS 2009 and the only difference (speed and system usage not taken into account, these are like night and day) as far as I can tell is the change of out-of-house scanning engine, from AVP to Aquarius/Bitdefender. Both products use the same versions of the Hydra, Deepguard and the Blacklight engine, right?

Could anyone (PatrikR would be good choice?) shed some light on the topic why the ISTP should perform so much better despite using the same engines? I would assume that the Kaspersky and Bitdefender engines are about equal since they both are signature-based. Does the Bitdefender engine contain some other technologies, heuristics for example that add so much to the suite or are we talking about general internal changes in the suite that sharpens the edge? Hydra has been mentioned and described as a more mature engine but Hydra is also used in the 2009 line, does this mean that those products if tested would get a much better result nowadays as well?

Regards,
Joakim

 

Hi,

Just to let those of you who weren't able to download ISTP know that we've re-opened the program again. The URL for registration (to get the download URL and keycode) is at http://www.f-secure.com/en_EMEA/support/home-office/beta-programs/istp/index.html

Patrik

 

That's correct.

There is a *big* difference between real-life protection rates and test results. And I used the word protection instead of detection for a reason.

Detection, in the F-Secure world, is something we detect using signatures. Those signatures could be specific, heuristic or generic in nature but at the end of the day it's a signature based detection. Then we have Protection which are things blocked thanks to a AV signatures, URL blocker, ExploitShield type technology, DeepGuard, Blacklight, in-the-cloud or a combination of them - basically our ability to block malicious content in any way we can. Some of these technologies we already have in the 2009 product so therefore the real-life protection level, while it definitely will be improved in v2010, won't be radically different. So in a real-life scenario the 2009 version should be pretty much as good as 2010.

But in testing approx 9 out of 10 tests are only testing the detection part of the protection technologies available in products and therefore doesn't show a product's real ability to protect users. Because of the way the our product works internally we did badly in these type of tests and we've done some things in the 2010 product to make it easier for testers to use some of our other protection technologies. For example, in 2010 there's a new feature called "Use Advanced heuristics" which enables part of DeepGuard when doing a manual scan. This is something we've never been able to do in earlier products. Note, this is not cheating in any way, others have been doing this for years but we haven't. In addition, while there are definitely a difference between Kaspersky and BitDefender in how they work in a testing scenario, the real-life protection level between the two engines are pretty similar. But as said, real-life protection levels doesn't necessarily help us to do well in tests.

Lastly, we'e done huge improvements in the user experience when dealing with malware. This has nothing to do with detection-type tests but will certainly help us do better in normal product reviews. Not too mention the performance gains as we were hit pretty badly in reviews because of that too.

Hope this helps a bit.

Patrik

 

Patrik - you mentioned earlier that you're using a newer build of ISTP than 9.50. Will there be any newer builds to test now that the beta program is open again? I'm particularly interested in ensuring that the expoitshield is now working in x64.

 

Thank you for a very informative answer!

I find this to be customer care at the highest level when representatives of a company not only praise their product but also admits on its drawbacks and explains what is to be done about them.

Great job Patrik, you just sold me in on a long-term usage of F-Secure products.

Regards,
Joakim

 

The engine itself is very good, even in the years when Kaspersky was considered to have the best unpacking engine (it is not known if this claim stands today), I would hear whispers and even see for myself that BitDefender was also very, very good in this regard (almost as good as KAV)......The scanner is some good technology, the problems with BitDefender are in other things (the software itself, GUI bugs, support problems etc., for me anyway )

What I don't know about is its efficiency at cleaning an infection from the computer. Whispers around the web say it is not that good at this task but one cannot say for sure just yet since there are not a whole lot of (frequent and extensive) tests on this regard

That being said, it is also true that F-Secure's Gemini heuristics and the Hydra engine are improving pretty fast!

Good times ahead for F-Secure I think

 

Hi, Does web traffic scan only work with IE? And I don't like browser toolbars (not only f-secure's, all of them) if I close them, is my system still protected by exploit shield ( I only need exploit shield as browsing protection)? Thanks

 

We won't do any new full builds but we will/are releasing updated components through the update channel. ES should work fine already on x64, I'm still waiting on word whether or not we can provide a test page for people to try with.

For example, we did an update to ES in ISTP on the 21st where we added support for FF 3.5 and 3.5.1. It also contained some other minor fixes.

 

It also works with FF 3.0.x as well and shortly with FF 3.5.x as well. And yes, you can remove the toolbar and still be protected by ExploitShield.

Patrik

 

Cool, glad to hear it.

Patrik

 

Thanks again for a quick response Patrik. I did notice the ES update installed on the 21st and glad to hear it works now with x64. And would be good if you can provide a test to see it in action.