f-secure scan report.

Discussion in 'other anti-virus software' started by lodore, Feb 24, 2008.

Thread Status:
Not open for further replies.
  1. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    Hello,
    i was reading the thread the other day about the many engines of f-secure.
    i tryed the lastest f-secure technology preview beta.
    i changed the manual scan settings to scan all files and started a scan.
    i cancelled the scan and read the html scan report.
    i have uploaded a text file of it.
    the engines are as follows
    AVP
    F-Secure Hydra
    F-Secure BlackLight

    what is F-Secure Hydra?
    im wondering if it still uses ad aware for its antispyware.
    thanks in advance
    lodore
     

    Attached Files:

  2. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    The amount of engines reduced! :D
    Anyway, I think the new Hydra engine might be a combination of their previous own engines (Libra/Orion) and Norman's Sandbox (Pegasus). Correct me if I'm wrong.

    As I heard they dropped Ad-aware, wich was named Draco in F-Secure.
     
    Last edited: Feb 24, 2008
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    their mobile antivirus uses a next-generation scanning engine called Hydra 2, which makes it even more efficient at detecting viruses before they cause damage to a phone

    so, something similar?

    probably not, but similar name :D
     
  4. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @C.S.J
    Probably their new (generic) name for in-house (or combined) engines.
     
  5. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    My bet is on combined engines as an Hydra has multiple heads(or scanning engines)
     
  6. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
  7. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    answers on the F-Secure forum are really vague.

    "Hydra is a new scan engine and it's far more capable than Orion and hence we're adding lots more detections to it."

    "Quick answer:
    Hydra is a new general purpose scanning engine."
     
  8. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I always thought the modded F-Prot engine was Libra, Ad-Aware was Draco, and the in-house heuristics was Orion.
     
  9. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    You are correct about Draco and Orion, all those names... o_O

    Anyway, the Libra engine might find it's base at F-Prot, but I'm not really sure about this though.
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    In my testing I noticed that the naming format of things detected by Libra always were in a similar format to that of F-Prot or Norman (more like F-Prot and less like Norman actually). Based on the detection names I saw I am inclined to think Libra is indeed having something in common with F-Prot. What I did notice is that Libra is NOT the complete F-Prot scan engine as files detected by F-Prot's heuristics are not usually caught by Libra.

    Orion is an engine developed solely for detecting Win32 viruses. As such it wasn't very significant most of the time.

    Interestingly; during my time using F-Secure, I noticed that the Draco engine would only work real-time and not on-demand. I tried working with F-Secure to correct the problem but eventually ran out of time as my life got busier and busier....:(

    Hopefully that bug is fixed for good with the next release!

    PS: To all of you who have sent me PMs within the past week, I have read them and will try to reply within the coming days (Darn, I've never been this busy my entire life!). :)
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    ok test number two. i just ran the f-secure online scanner link
    once again canceled the scan and uploaded the scan report file as a text document.
    Scanning engines:
    F-Secure USS: 2.20.0
    F-Secure Hydra: 2.6.7470, 2008-02-22
    F-Secure AVP: 7.0.171, 2008-02-23
    F-Secure Pegasus: 1.20.0, 2008-01-20

    so the online scanner beta uses pegasus where as the technology preview doesnt seem to. and what is f-secure USS? is it blacklight and another engine combine?

    the f-secure forum has updates on what new malware is added to the datebase and to which engine. mostly avp but some for orion and hydra.
     

    Attached Files:

    Last edited: Feb 24, 2008
  12. century

    century Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    92
    I learnt in this forum that F-secure have changed its AV engine(s).
    Can anybody tell me if running F-secure AV 2006 is ok at this moment.
    Fact is I got a 6 month trial for free.
     
  13. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    The new engines are still only used in the TPB. So no need to worry.
     
  14. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    My F-Secure for Workstations still shows all the good old scanners ;) :D
     
  15. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @Firecat
    You are right about Orion indeed. I've been thinking, and remembered that the Libra engine was mainly about macro viruses. Taking in account that this always was F-Prot's strongest point this might be logical as well.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yep, I've always been told that Libra is F-Prot's macro/scripting signatures/engine.
     
  17. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @lucas1985
    F-Prot 3.x always had a separate macro database (as shown on the screenshot), maybe this part of F-Prot is used?
     

    Attached Files:

  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Not sure, but it's highly likely.
     
  19. century

    century Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    92
    Thanks Sputnik, for your kind response - Century
     
  20. Frisk

    Frisk AV Old-Timer

    Joined:
    Jan 28, 2008
    Posts:
    31
    Location:
    Iceland
    F-Secure used to use the complete F-Prot engine, but later they only used the macro and script scanning parts of F-PROT 3.x.

    As there has been very little evolution in macro viruses in recent years, it should not be a surprise that the macro scanner is not under very active development - in fact, apart from fixes to a few heuristics that caused occasional FPs, the 4.x macro scanner in F-PROT is virtually identical to the 3.x macro scanner, so even though we consider the 3.x engine obsolete, the macro scanning part of 3.x (what F-Secure is using) is still up-to-date.

    Script scanning is a different issue, and we will be replacing the 3.x script scanner with more advanced technology.
     
  21. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Now I wonder whether F-Secure will get this new technology.....But I assume you may not be able to answer that. :)
     
Loading...
Thread Status:
Not open for further replies.