Security Basics mailing list archives
RE: F-Secure 2006 Review
From: "Douglas Schlachta" <DSchlachta () gildan com>
Date: Tue, 13 Dec 2005 10:37:35 -0500
I have had some experience with researching and choosing enterprise based antispyware Solutions. I have found that the webroot product to be of very high quality. May I suggest that you contact them for more information. There sales and tech support are very knowledgeable. I have used there product in the past, and not only does it cover well but I have found that the overlap in to the antivirus realm to be very impressive. There definition library is also impressive at over 100000 signatures, as well as there update network is very fast and diligent. They are a best of breed product, and I personally do not believe in the one stop shop idea of a lot of the main AV vendors out there at the moment as there methodology of dealing with viral issues does not cover into the area or spyware/adware. IMHO Regards Douglas Schlachta Information Security Coordinator Gildan Activewear Inc. -----Original Message----- From: Ross, George [mailto:george.ross () atlahq org] Sent: Friday, December 09, 2005 7:05 PM To: ldruger () gmail com; security-basics () securityfocus com Subject: RE: F-Secure 2006 Review I know this is an old post but could someone give me an idea what they think about a 200 user environment choosing Webroot or F-Secure as their spyware choice. I know that F-secure requries the removal of many other things, which Is fine because we are not running a local firewall and we have CA as an anti-virus. Just want to get an idea about The spyware comparision, which F-Seucre is Lavasoft. Any help is much appreciated. -----Original Message----- From: ldruger () gmail com [mailto:ldruger () gmail com] Sent: Tuesday, October 11, 2005 5:28 PM To: security-basics () securityfocus com Subject: F-Secure 2006 Review OVERVIEW F-SECURE 2006 I've been running the trial of the security suite and I'm pretty pleased thus far. It's more resource heavy than ZA, but 3 AV engines two in house and Kaspresky's AV have all tested better than CA's engine (which powers ZA's product). My main issue is incompatibility with Spybot, F-Secure doesn't want to play in the same sandbox, but it works with MS-anti-spyware beta. I'm writing this due to a dearth of actual reviews on the web for this product. I have tried to be impartial with regards to F-Secure to the best of my ability. That being said I feel it's necessary for the reader to understand my expectations as they will invariably influence my opinion. I expect my firewall company to be paranoid, because people may be out to get me as their customer. I expect the firewall to protect my computer, even on open ports. I want to be able to let my wife, who knows nothing about security, use my PC when I'm out and not come home to find my PC on the top ten list of spam zombies. I don't need the UI to be a work of art, but the controls needn't be too dumbed down. Allow me the flexibility to customize every aspect of my connections and work habits. I did not start using the software planning to write this, so I didn't take notes or do as detailed analysis as I could (Hey, nobody's paying me for this). ANTI-VIRUS I've tested a few firewall testers and a "fake AV file" the fake will download, the zip file open, but it will not allow you to double click on the file. I miss is the context sensitive right clicking in explorer a file to scan, but the active agent should catch it when it attempts to execute so this is strictly a nice to have. The AV claims to incorporate an anti-rootkit engine called "Blacklight". I didn't have the opportunity or desire to test the accuracy of this scanner. Scan times are acceptable, but on a laptop drive any actual timing data would be negatively skewed so not timing was done. This can be set to run during idle system time and Anti-spyware is integrated with the virus scan. Also the application had to be disabled when installing most software. This is a limitation of many AV products, but F-secure seemed to have more issues than other AV products I've used in the past, this could be related tot eh three AV engines. It was easier to disable the whole program rather than the AV when doing an install (via right click on the taskbar). Ideally I should have the option of temporarily disabling just the AV from the taskbar, after a configurable amount of time it should be able to automatically restart, FIREWALL The only firewall "weakness" is the lack of a browser header referrer block. (Using PC Flank/Sygate's test site/ GRC) F-Secure withstood anything I threw against it. Leak tests simply didn't leak. Because the referral header is not spoofed web admins can see where you came from which I dislike. I've found a Firefox extension that does the same thing so I can do without this function. The other non-intuitive thing is, if you want to add a rule, you must first set the protection to "custom". The system should do this automatically. The rules have a plethora of options and may be confusing to neophytes. I had issues attempting to open a range of ports for an application (thereby limiting its outbound/inbound access. The help claims you can do this, but the fields were not editable for some reason (I suspect this is due to something I didn't do and plan play with this more later). This can be taken as an unclear UI or user error, or combination of the two. ANTI-SPAM F-Secure 2005 rated poorly in spam prevention and I have no reason to assume it's changed as I did not test this feature. I will say it's not very customizable or adaquitly explained. Does block go to the trash or Outlook 2003's Spam folder. Outlook 2003's filter has been sufficient for my needs. If there is a request from someone on this list I will test this, but did not do it for myself. ANTI-SPYWARE Seems effective, but at this juncture it's primarily been for cookie deletion, it seemed to find Alexia on a system that probably didn't have it, though fixing it hasn't done any harm and the notification did not recur, so it's possible I had some traces that were not fully removed by oter anti-spyware applications. Scan times are acceptable, but on a laptop drive any actual data would be skewed so no timing was done. The system notifies you if your startup has been changed and the details tab explains the application attempting to make a change. RESOURCES Thus far I haven't seen any significant slowdown on a virgin rebuild of Win XP (1GB RAM 40GB HD on a 1GHZ system). The program was run with parental rules off and takes up about 16MB of RAM with the various TSR's. I feel this could be improved, but not at the expense of security or AV detection/removal. SUPPORT Support is available via e-mail and phone (if you can find the phone number) they responded to e-mails within ~24 hours. The E-mail support seemed a bit more knowledgeable than the phone support though both were helpful. USER INTERFACE Upon getting the product users must tell it to scan within archives. I think this should be on by default, but the engine stops malware when it attempts to execute. The UI is usable, and for the most part intuitive with some oddities that could be improved. But the firewall has an IDS/IPS which ZA and MacAfee lack (IPS is untested as of this writing). Unfortunately the dialog cannot be resized and may be hard to read on high resolution monitors. COMPARISONS Zone Alarm 6 Suite - Zone Alarm users have had numerous problems with version 6, my issues continue even though the last build was supposed to rectify this issue. Average to poor AV coupled with the lack of an IPS has prompted this search for a new product. ZA is lighter on resources than F-secure and the spam filter is better, but Outlook 2003 seems to do a better job, but is less full featured. Support for Zone Alarm, I'm sorry to say is, USELESS. I've had 2 of the three E-mails I've sent completely ignored (including an incompatibility that prevented the use of some features). The third answered a completely different question and bore no relation whatsoever to the question asked. I didn't care for the forum, and feel that as the most wildly used firewall it's the most likely to be attacked. Needs two scans, one for AV and one for Viruses. Conflicts with some software that was compatible with Sygate and disabled several features because of the aforementioned incompatibility. Sygate - Best firewall IMHO. Lite on resources, excellent IPS, no AV in the version I used but this product has been effectively discontinued. Support was virtually useless, but the forum members were knowledgeable, helpful, and responsive and the product was quite intuitive. Norton 2003 - Bloated, good AV, good UI, uninstall can create serious issues and I have horror stories even using their "clean tool" it doesn't clear all of their software from the registry. I stopped using Norton's in '03 and it would require a lot of work to get me to re-install or even review this product unless it has been re-coded from scratch (hopefully by the recently acquired Sygate team) and new programming methodologies were used. Tiny - Good firewall bad UI Kerio - discontinued AREA'S FOR IMPROVMENT Scanning inside archives should be on by default as should scan all file types (since the jpeg exploit nothing is safe in my mind). Context sensitive virus scanning should be added to explorer and browser header spoofing should be added to the core product as well. The product should be able to live harmoniously with Spybot or a better explanation should be given. The administrative window needs to be resizable and currently is difficult to read, especially in the rules section. Where the text is cut off by the small window, the UI, especially for the advanced configuration options, is really the weakest point of this product and should be re-evaluated and re-built. I'd also like to be able to see a list of all the ports in use on the system as part of the interface (there are other utilities for this so it's forgivable). The alert and logging for F-secure is extensive, but difficult to read, I was running an app as a server and received constant alerts about UDP and ICMP from the various outside systems. The alerts didn't stop until I turned off alerts for everything but intrusion detection. The app in question seems to work with those ports blocked, so it may well be that the new version does not use those protocols and those running older apps are trying to connect to ports that F-secure did (and should if that is the case) block. When I rebooted the system F-secure began populating pop-up errors again (until the app that handles them started. I'd like better control over what causes a pop-up alert. F-Secure attempted no notification when I modified my hosts file. I would have expected some notification as it could have been done maliciously by an unknown Trojan. If I seem overly hash it is because I can always see area's of improvement (you should see write ups of things I dislike). The fact is none of the firewalls in this space is perfect, none meets all my needs. For a market as mature as security I find this disconcerting. This being said F-secure is a great product, but it's not perfect. If F-Secure wishes to contact me I have additional suggestions, but some are outside the scope of this review. I'm not looking for money, but I do want to make this a program that is both accessible and robust. SUMMARY F-secure is an excellent product, as long as you have a relatively new PC with enough RAM and understand security concepts. it seems to be the best choice based on reviews of numerous firewall products. Due to the UI, this wouldn't be my first choice for a neophyte, especially if they have my home number, but I would defiantly recommend this for an average/advanced user. F-secure Anti-virus, including Kaspesky, is the best there is and the inclusion of a rootkit sniffer makes you that much safer, as no other product attempts to find and remove this malware. (sysinternals has a scanner but lacks removal functions & you have to be able to interpret the information and that's not intuitive). One interesting side note, before re-building my laptop, I accidentally installed F-secure over Avast. The products were smart enough to turn off the real time protection of Avast while allowing manual scans without conflict, very nice. More importantly support is helpful and knowledgeable and can be reached via both email and phone (phone is at ~$4.00 a minute) E-mail responses are courteous and knowledgeable. The UI trails behind ZA for ease of use especially in the area of advanced rules. While this has an IPS I was unable to test it. The price is a little high, but I'm willing to pay for good security. Once the trial time expires I will purchase this software, I care primarily about security/virus protection/adware. I don't need another mail filter, or parental controls (my son is 11 months old, and I don't plan to let him online without my being in the room until he's ~16). These are nice to have, but not part of the equation at this point in my life. My Rating: Features - 8 AV - 10 Adware - 9 (based on others reviews of 2005 and the lavasoft pro engine 10 if this could be made compatible w/ Spybot S&D) Firewall - 10 UI - 8 for basic (7 for advanced) I'm happy to answer any questions at the address below. Lance Druger ldruger () gmail com --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfoc_ml ----------------------------------------------------------------------------
Current thread:
- RE: F-Secure 2006 Review Ross, George (Dec 12)
- <Possible follow-ups>
- RE: F-Secure 2006 Review Douglas Schlachta (Dec 16)