Serious Security Flaw Still Not Fixed!!

I've reported this issue to Charter Communications twice  and the threat still remains, so I am contacting you, F-Secure, directly.  If an F-Secure client downloads a compressed or zipped file, it is not scanned during or after download, at anytime while it is on your hard drive (even when kept in Documents), or even before or during decompression, when the virus is released, undetected, onto your computer.  The damage is done and you never know where it came from, or at least your average customer doesn't.  I've been a Software/Hardware Engineer for over 25 years and a Geek for another 10 years.  The only Internet Security Software Product I've tried, (I have tested ALL of the Top 10 Internet Security Products on the market, according to cNet.Download.com) and ALL 10 of them failed to successfully detect and quarantine/remove infected compressed files.  Except Emsisoft Free Emergency Kit available free of charge on download.com   Maybe one of you guys needs to examine their code and improve F-Secure.  I lost over 40Gb of songs and irreplaceable intellectual data to the virus attack before I was able to kill it.  To be quite frank, I pay a premium price for my Charter Communications products and I expect premium performance in return.  If I want crap service and be forced to depend on whatever security product I can find other cheaper services quite easily.

Comments

  • Still haven't heard anything from F-Secure yet.  So I've re-posted this article on Facebook and am now circulating it to my 2,400 Friends, for a start.  I'm also writing a Press Release with the same accusations against Charter Communications and F-Secure. If I don't hear back soon, I will issue the Press Release to thousands of online and offline newspapers, newsgroups, newsfeeds, etc. worldwide.

  • JaniashviliJaniashvili Posts: 469
    I bet it'd be better to contact support instead. Or at least try to upload those infected files to F-Secure for scan(if it thinks those weren't malicious files, why would it stop them).

    Can you give a little detail about what scanning options do you have sat?
  • pcah4pcah4 Posts: 22

    So you registered on this site on Tuesday, can i ask how many times you have contacted support on this matter and have you detailed the virus and specific files that you rant on about to support.

    So you are going to issue a press release to thousands .....detailing what?

    In your two posts so far all you have detailed is that you enjoy a rant and rave and that you have informed us that you have 2,400 friends......SHOW US SOME FACTS.

  • alconsvralconsvr Posts: 26

    Hi,

     

    A similar question was asked back in 2012. You might wish to have a look at the reply I got from F-Secure. I don't use torrent services. But I do receive a lot of emails with various file type attachments. These mostly come from people that I know. But having received a virus laden email from a security company, I always manually scan every download. Especially considering the reply I received.

     

    http://community.f-secure.com/t5/Security-for-PC/how-to-set-fsecure-to-check/m-p/11433#M2384

  • JaniashviliJaniashvili Posts: 469
    That's absolutely different question and there's no flaw there actually..
  • alconsvralconsvr Posts: 26

    @Janiashvili wrote:
    That's absolutely different question and there's no flaw there actually..

    Assuming you are replying to me. If you had read the whole thread in the link. Then you would see that the reply given to me, is applicable to the question asked by the OP in this thread. Malware inside an archive/zip  can't self-launch, but it can be launched via other means - code within a modified archive, that can auto-launch files within it. Or simply launched by another piece of malware/script, running on the system. There is a recent windows shell vulnerabilty that can launch code without clicking on it.

  • JagadesanJagadesan Posts: 129 Former F-Secure Employee

    Hi TwistedTwerp,

    With regards to your problem, is there an SRID given to you by the Charter Security agent? If yes kindly provide us your SRID so that I can help you to speed up the process. SRID is normally stated in the subject of the email.

     
    Thanks.

    Best Regards,
    Jagadesan

  • SimonSimon Posts: 2,653 Superuser

    When testing using the Eicar files, I also found that FS (2014 Beta) didn't detect anything when downloading the zipped files, but immediately blocked any attempts to unzip or run the compressed files.  It also detected them using the manual 'right click' scan.  As long as the files are blocked from activating, the machine will still be protected, won't it?

  • JaniashviliJaniashvili Posts: 469
    The machine will be protected.
This discussion has been closed.