F-Secure Exploit Shield

Discussion in 'other anti-malware software' started by Sportscubs1272, Dec 18, 2008.

Thread Status:
Not open for further replies.
  1. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    I was looking at F-Secure's Weblog and I found this:

    http://support.f-secure.com/beta/estp/estp.shtml
     
    Last edited: Dec 18, 2008
  2. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Look here for a pc mag review.

    Seems promising.
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    someone asked the other day if AVs would eventually disappear. I made the comment, not as long as they continue to evolve new ways of fighting malware. This is a perfect example of a vendor that intends to stick around with new technology.:thumb:
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I guess, it may be like Link Scanner.
     
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Anybody out there trialling this? F-Secure seem to be persisting with their technology preview, as they call it...and I was just wondering how it compares with the likes of Prevx Edge and other such security toolso_O
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i would try it when i can.
    doesnt work on 64bit vista yet.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well, tried on XP

    Has some pretty old exploits in it, two reasonable new. EDIT: All were installed on my system, except for two of which I did not had teh software which had to be patched installed on my system (so an irrelevant patch fo rme).


    What it does:
    a) provides hot patches from the day exploits are known (so you do not have to wait to microsoft comes out, or you update your mickesoft aps)

    b) provides some proactive protection against shell scipts etc for IE (not yet FF)

    Conclusion
    - when you do not have a policy or virtualisation sandbox or disk/partition virtualisation it is a :thumb: :thumb: :thumb:
    - it checks every hour for updates
    - I have disabled the individual hot patches for the exploits, I hope it will stil check websites I visit on these exploits (A website using these exploits should not be visited), I have not disabled the module, so fingers crossed.
    - This exploit checking is simular to BrowserDefender.
    Regards Kees
     
    Last edited: Feb 28, 2009
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Quick question-

    On my laptop I have Vista basic with Kaspersky av and ZA Pro firewall. Could my laptop benefit from this F-Secure Exploit Shield even if I run IE7? I believe Kaspersky av has some of its security features unavailable for Vista. I am also considering changing ZA Pro firewall for something else.

    On my desktop I have Vista Premium with Nod32, SAS Pro and PC Tools firewall. I also run MS Defender form time to time (spynet w/advanced memberships so a pseudo HIPS). Would the F-Secure Exploit Shield benefit me if I choose to not run MS Defender?

    I am basically concerned with not having a behavior blocker in Vista- although ZA Pro and PC Tools firewalls offer some.

    Thanks for any info
     
    Last edited: Feb 27, 2009
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It's an interesting tool. I'm sure will get only better over time.

    I wonder if they'll keep it free, though?

    Regards
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It uses minimal resources. It also claims to investigate websites on exploits. when using IE, you have the bonus of some proactive protection. So I can't think of a reason why not.
     
  11. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Going off at a tangent a little bit but have you considered or tried Prevx Edge? Not a behaviour blocker per se but it provides:

    - Realtime protection against zero-day and even zero-hour threats
    - Ultra-Strong rootkit prevention
    - Advanced behavior monitoring and "in the cloud" sandbox analysis
    - Blocks known and unknown infections with advanced heuristics
    - Identifies and prevents targeted attacks and mutating infections
    - Almost-silent operation with the absolute minimal user interaction required
    - Light footprint and compatible with all other security products

    and is designed to complement and work in conjunction/along side other security applications...which is a first!

    It is free as a scanner, ie, notifies you but does not block or clean up infections. You need to purchase a license if you want it to do the latter as well.

    I am a fan but it may serve your purpose...worth consideration if nothing else.

    :D

    Read more at: http://www.prevx.com/prevxedge.asp
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    I gave it a quick test drive. On Vista Business SP1 x86 it noticeably slowed logging in to the desktop. I'm already running NIS 2009, SAS Pro (real time monitoring enabled) and Winpatrol Plus. The slowdown may be the result of some interaction with these other security applications (?) I uninstalled F-Secure Exploit Shield since I don't want the additional overhead. I like the concept though and may try it again when a new version is available.

    I should add that FS Exploit Shield places two entries in the Add/Remove Programs list ("Programs and Features" in Vista) so the uninstall requires two steps.
     
    Last edited: Feb 28, 2009
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Thanks for the reply. After reading the description a little closer I am assuming the F-Secure Exploit Shield is a type of http scanner. Is that essentially correct? If so, what does this product provide that the KAV http scanner does not yet provide?

    thanks
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It is not an incoming webscanner like KAV, I have no idea how they implemented. They read incoming webtraffic for specific exploits and some generic shell code exploits for IE. It just makes sure that your browser and plug-ins are properly patched, before software producer publishes a fix.
     
  15. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Norton has a similar feature, dubbed Intrusion Prevention. Symantec created a signature to block Conflicker/Downadup from exploiting the Server service, and thus infecting a computer. Been incorporated in Norton AV/IS/360 since 2008. Maybe 2007; not sure.
     
  16. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    Firefox is now supported. The latest release was twelve days ago. Does it interfere with Antivir's WebGuard?
     
  17. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    No problems with Avira Webguard here.
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    If I am not mistaken, during February I got in touch with F-Secure saying that it wasn't compatible with IE 8 RC, and I was told that they were going to change the text on the Exploit Shield Beta site, to mention only up to IE 7.

    Nothing was changed.

    I also asked if they were going to keep it free, as a stand-alone tool or implement it in one of their other products (anti-virus or suite).
    I was told that, they didn't plan to keep it as a stand-alone tool, but that they also had no intentions to kill the beta version, which every month a new one would come out so people could give feedback about it. March's gone and I haven't seen any update to the tool or any added shields, so far.

    I wonder if they changed ideas?
     
  19. Caimbeul

    Caimbeul Registered Member

    Joined:
    Nov 1, 2006
    Posts:
    9
    That would be of intrest to me too, as i think the idea of a light programm like this is kinda neat.

    At this point it seems that v6.0 build 77 from 16th February 2009 is the last Beta Version.

    Would be sad seeing Exploit Shield beeing integrated exklusively in the Internet Security Technology Preview (ISTP) which is way to much to test for me as i hate suites.
     
Loading...
Thread Status:
Not open for further replies.