f-secure scan report.

Discussion in 'other anti-virus software' started by lodore, Feb 24, 2008.

Thread Status:
Not open for further replies.
  1. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,041
    Hello,
    i was reading the thread the other day about the many engines of f-secure.
    i tryed the lastest f-secure technology preview beta.
    i changed the manual scan settings to scan all files and started a scan.
    i cancelled the scan and read the html scan report.
    i have uploaded a text file of it.
    the engines are as follows
    AVP
    F-Secure Hydra
    F-Secure BlackLight

    what is F-Secure Hydra?
    im wondering if it still uses ad aware for its antispyware.
    thanks in advance
    lodore
     

    Attached Files:

  2. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    The amount of engines reduced! :D
    Anyway, I think the new Hydra engine might be a combination of their previous own engines (Libra/Orion) and Norman's Sandbox (Pegasus). Correct me if I'm wrong.

    As I heard they dropped Ad-aware, wich was named Draco in F-Secure.
     
    Last edited: Feb 24, 2008
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    their mobile antivirus uses a next-generation scanning engine called Hydra 2, which makes it even more efficient at detecting viruses before they cause damage to a phone

    so, something similar?

    probably not, but similar name :D
     
  4. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @C.S.J
    Probably their new (generic) name for in-house (or combined) engines.
     
  5. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    My bet is on combined engines as an Hydra has multiple heads(or scanning engines)
     
  6. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
  7. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,528
    Location:
    St. Louis, MO
    answers on the F-Secure forum are really vague.

    "Hydra is a new scan engine and it's far more capable than Orion and hence we're adding lots more detections to it."

    "Quick answer:
    Hydra is a new general purpose scanning engine."
     
  8. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I always thought the modded F-Prot engine was Libra, Ad-Aware was Draco, and the in-house heuristics was Orion.
     
  9. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    You are correct about Draco and Orion, all those names... o_O

    Anyway, the Libra engine might find it's base at F-Prot, but I'm not really sure about this though.
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,104
    Location:
    The land of no identity :D
    In my testing I noticed that the naming format of things detected by Libra always were in a similar format to that of F-Prot or Norman (more like F-Prot and less like Norman actually). Based on the detection names I saw I am inclined to think Libra is indeed having something in common with F-Prot. What I did notice is that Libra is NOT the complete F-Prot scan engine as files detected by F-Prot's heuristics are not usually caught by Libra.

    Orion is an engine developed solely for detecting Win32 viruses. As such it wasn't very significant most of the time.

    Interestingly; during my time using F-Secure, I noticed that the Draco engine would only work real-time and not on-demand. I tried working with F-Secure to correct the problem but eventually ran out of time as my life got busier and busier....:(

    Hopefully that bug is fixed for good with the next release!

    PS: To all of you who have sent me PMs within the past week, I have read them and will try to reply within the coming days (Darn, I've never been this busy my entire life!). :)
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,041
    ok test number two. i just ran the f-secure online scanner link
    once again canceled the scan and uploaded the scan report file as a text document.
    Scanning engines:
    F-Secure USS: 2.20.0
    F-Secure Hydra: 2.6.7470, 2008-02-22
    F-Secure AVP: 7.0.171, 2008-02-23
    F-Secure Pegasus: 1.20.0, 2008-01-20

    so the online scanner beta uses pegasus where as the technology preview doesnt seem to. and what is f-secure USS? is it blacklight and another engine combine?

    the f-secure forum has updates on what new malware is added to the datebase and to which engine. mostly avp but some for orion and hydra.
     

    Attached Files:

    Last edited: Feb 24, 2008
  12. century

    century Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    92
    I learnt in this forum that F-secure have changed its AV engine(s).
    Can anybody tell me if running F-secure AV 2006 is ok at this moment.
    Fact is I got a 6 month trial for free.
     
  13. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    The new engines are still only used in the TPB. So no need to worry.
     
  14. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    My F-Secure for Workstations still shows all the good old scanners ;) :D
     
  15. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @Firecat
    You are right about Orion indeed. I've been thinking, and remembered that the Libra engine was mainly about macro viruses. Taking in account that this always was F-Prot's strongest point this might be logical as well.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yep, I've always been told that Libra is F-Prot's macro/scripting signatures/engine.
     
  17. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @lucas1985
    F-Prot 3.x always had a separate macro database (as shown on the screenshot), maybe this part of F-Prot is used?
     

    Attached Files:

  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Not sure, but it's highly likely.
     
  19. century

    century Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    92
    Thanks Sputnik, for your kind response - Century
     
  20. Frisk

    Frisk AV Old-Timer

    Joined:
    Jan 28, 2008
    Posts:
    31
    Location:
    Iceland
    F-Secure used to use the complete F-Prot engine, but later they only used the macro and script scanning parts of F-PROT 3.x.

    As there has been very little evolution in macro viruses in recent years, it should not be a surprise that the macro scanner is not under very active development - in fact, apart from fixes to a few heuristics that caused occasional FPs, the 4.x macro scanner in F-PROT is virtually identical to the 3.x macro scanner, so even though we consider the 3.x engine obsolete, the macro scanning part of 3.x (what F-Secure is using) is still up-to-date.

    Script scanning is a different issue, and we will be replacing the 3.x script scanner with more advanced technology.
     
  21. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,104
    Location:
    The land of no identity :D
    Now I wonder whether F-Secure will get this new technology.....But I assume you may not be able to answer that. :)
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.