F-Secure's 4 Scan Engines

Discussion in 'other anti-virus software' started by pvsurfer, Aug 2, 2005.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Thanks pvsurfer for the information.

    F-Secure had been licensing the F-PROT engine in the past and I would be surprised if F-Secure is dropping the F-PROT engine. Since the Orion engine already existed in the previous version of F-Secure, I wonder if the Libra engine is the engine of some other antivirus software. o_O

    It seems that F-PROT is still focusing on antivirus only there is no information on the Frisk site if a new 4.0 engine would give detection for antispyware as well. It maybe the reason why F-Secure is dropping the F-PROT engine.
     
  2. Ned Slider

    Ned Slider Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    169
    F-Secure dropped the F-Prot engine somewhere around 2003 - it was in the 2002 product but not in the 2004 or 2005 products.

    As the Kaspersky engine misses so little I guess they didn't see the need any longer to licence a second outsourced engine which is effectively acting as a real-time backup scanner.

    Ned
     
  3. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Oh! Thanks for the information.

    When DataFellows first marketed their new F-Secure AntiVirus, they emphasized the ability of having 2 AV engine running at the same time. They treated the different AV engines to be plug-ins for the F-Secure antivirus main program body. Sometime before, they advocate the possibility of having more than 2 AV engines running at the same time. Maybe you are right, KAV is now powerful enough so that F-Secure can minimize the cost of licensing the F-PROT engine.

    Michael
     
  4. Ned Slider

    Ned Slider Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    169
    I don't think much has changed - F-Secure still uses multiple engines, just not the F-Prot engine anymore. I first started using F-Secure (workstation version) back in the late ninties when it had version 3 of both AVP and F-Prot. It's still a product I really trust but I find it a bit bloated compared to Kaspersky Personal which offers similar levels of protection. But I still like the concept of two scanning engines as this effectively eliminates the need to run a second manual backup scanner and thus helps make end users lives simpler :)

    JMHO

    Ned
     
  5. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,617
    Location:
    USA
    I couldn't agree more Ned... The nature of our business results in our receivng a great many daily emails (with various types of attachments) from all corners of the world. FSAVCS6 is doing a fantastic job protecting our workstations from infection. So far, it has a perfect record in catching/cleaning a great many infected attachments! I'm attributing a lot of that to its use of 4 scanning engines. In any case, we love the product. :-*
     
  6. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    Does anyone know how good is the Orion engine by itself? :)
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Can you share what types of attachments are infected? And what the infections were that were caught/cleaned?

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  8. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,617
    Location:
    USA
    Typically, the type of email attachment is an archive (zip/rar). The particular infections seems to be whatever virus/worm is predominant at the time... For example, over the past week, FSAVCS6 has been catching (and deleting) a file named 'Taxes.exe' infected with the Bagle.CF worm. This infected executable is always embedded in a zip or rar file with a name having to do with taxes or taxation.

    ~pv
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    is this infected file sent unknowingly from a trusted source, or just the usual nasty/spam that we tend to get?

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  10. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,617
    Location:
    USA
    Always the latter, but since we have hundreds of 'trusted' contacts it's often difficult to immediately recognize the source. :doubt:
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Do your users open all attachments, or is there a user policy regarding that? Such as, are they expecting a certain file from a client, etc?

    For instance, one of my email addresses has the word 'music' in it, and I receive many attachments with things about education and music, some of which are bogus, and are deleted w/o opening when I don't recognize the source, or if not expecting from that source (source's email unkowingly sending malware) upon which a quick phone call/email verifies it.

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~


     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.