F-Secure Internet Security (Release version) Trial Review.

Rusli
Rusli Posts: 1,019 Influencer

Hi All,

 

I downloaded the trial version of F-Secure Internet Security 2014. This is what I found.

 

Eicar's Virus Samples Tests.

-------------------------------------

 

First stop, I do a detecting tests of Eicar's Virus samples files.

 

The only thing that I encounter while testing the Eicar's Virus sample is under the "Download area using the secure, SSL enabled protocol https".

 

There are two files which F-Secure Internet Security 2014 did not detect. Namely eicar_com.zip and eicarcom2.zip. (via the above section of Eicar's  Download area using the secure, SSL enabled protocol https links"

 

It failed to block while downloading the files. So this is the bugs that need to be fixed!!!

 

Even though I turn on the Heuristics. It's still did not detect the files while downloading.

 

F-Secure need to fine tune it's Heuristics detections. 

 

Firewall Leaktesting

---------------------------

 

Next, I do a run down tests of Firewall leaktesting via PcFlank and GRC leaktest.

 

Both passed the test,Deep Guard detect this two test.

 

However, the only thing that Deep Guard did not detect and failed the test is Comodo Firewall leaktesting.

 

F-Secure Internet Security again failed this tests.

 

http://download.comodo.com/securitytests/CLT.zip

 

I do not recommend to use Windows Built In Firewall. It's not secure!

 

I am suggesting F-Secure to use it's own firewall.

 

Malware links.

------------------

 

Finally I do a Malware URLs links from Malware Domain Lists. It detects mostly of it. So this is a good.

 

 

Internet  Banking

-----------------------

Forget to include this one, while I go to online banking sites, a F-Secure Internet Banking drop down menu automatically detected the URL.

 

Sorry, I did not own any credit cards to do online banking. So I can't test it fully. Well at least the F-Secure Internet Banking drop down menu did comes up.

 

I did not own a handphone. To test on F-Secure Mobile Security!

 

 

Quote: "I nicked name my ice cool cat as Kimi Raggynen" My cat armed with Ubuntu Linux to do Kung Fu hacking!

 

Can't hardly wait for tomorrow F1 Night Race??? Who can win??? Kimi Raikkonen??? Vettel??? Jenson Button???

 

 

Comments

  • Blackcat
    Blackcat Posts: 503 Influencer

    Rusli

     

    thanks for the testing.

     

    But if this is a TRIAL version then this thread does not belong in the beta section. 

  • Rusli
    Rusli Posts: 1,019 Influencer

    Yeah... this is a release trial version. Not a beta version.

     

    F-Secure need to do some tweaking!

     

    The firewall is not good enough to toughen up the security protection level.

     

    This is a bad choice after all.

     

    I still believe it is vulnerable.

     

    I'm more worried on the firewall leaktesting. It did not pass the test on Comodo Firewall leaktesting.

     

    If you do pen testing, I'm sure it can get thru the Windows firewall easily!

     

    The layer of protection is still not there!

     

     

    I haven't test it on Windows 8.1 preview.

     

    But the build number is different from the Windows 8.1 RTM. (Actually it's already out but not official on 17 or 18 October)

     

    I'm not sure if microsoft release a Windows 8.1 Enterprise Evaluation version. Currently it's only a preview.

     

    I'm not sure whether my CPU support to run on it. It's require certain CPU capability on 64 bit version.

     

    The computer that I'm running on is way too outdated!

     

     

  • Simon
    Simon Posts: 2,667 Superuser

    Regarding the Eicar tests, I had the same results as Rusli, and was also concerned, especially as Windows Defender blocked the two downloads that FS failed to.  I raised this with the beta team, and received the following response:

     

    "We don't intentionally scan files that can not harm your computer. When you rename the eicar.com.txt file to executable (eicar.com), it will be immediately blocked and you will not be able to execute it. The same with zipped files, when you extract the offending file, it will be blocked at that point."

  • Rusli
    Rusli Posts: 1,019 Influencer

    Simon,

     

    Same here. I did have the same problem as you. However I have submitted the issues known to F-Secure Beta Team.

     

    It caught by Windows Defender.

     

    But I did a redo teston by disabling the Windows Defender service.

     

     

    But still it cannot detect anything from Eicar's SSL HTTPS file eicar_com.zip and eicarcom2.zip files.

     

    F-Secure suppose to detect and block from downloading those files!

     

    So I believe this is a real bug!!

     

     

    So what I did was to download the files that I mentioned.

     

    https://secure.eicar.org/eicar_com.zip

     

    https://secure.eicar.org/eicarcom2.zip

     

     

     

    But when you do a full scan it detected those files.

     

    F-Secure need to fine tune the Download block of these files.

     

    The Heuristic need to fine tune.( I did turn the heuristic option!!!)

     

     

    I have informed the F-Secure Analysis Team. By submitting the two files. And including the Comodo Firewall leak testing.

     

    Deep Guard Failed on detecting Comodo Firewall Leak Testing.

     

    F-Secure need to detect those rootkits vulnerabilities. It cannot detect any testing done on Comodo Firewall Leak Testings!

     

     

    I hope F-Secure Finland read this messages!

     

    As you would already know, I can't email F-Secure Beta Team directly.

     

    As the channel have directed to F-Secure beta sites!

     

     

    So, I already let the matter known to them.

     

    I hoping they get the message and do something to it.

     

     

  • Rusli
    Rusli Posts: 1,019 Influencer

    Seriously, my opinon, F-Secure need it's own firewall !!!

  • Blackcat
    Blackcat Posts: 503 Influencer

    If you are a person who worries over any possible outbound leaks on your PC, then leak tests may be relevant.

     

    Many people, including myself, however, view leak tests such as the Comodo one as worthless, attempting to test HIPS against scenarios that have no real bearing to real world malware. Even if malware did use some of the techniques in the Comodo LT/other leak tests, any good anti-executable would stop the malware before it launched.

     

    F-Secure have given their reasons why they have dropped their inhouse firewall and gone for the present one, using the basic Windows firewall for basic functionality. 

     

    If users are still concerned about possible outbound connections, just use a "Windows Firewall control program"; and there is a lot of them about now;  http://www.binisoft.org/wfc.php

     

    Capture 2.GIFCapture.GIF

  • Rusli
    Rusli Posts: 1,019 Influencer

    I did try to install a third party firewall on top of F-Secure Internet Security 2014.

     

    Such as Privatefirewall.

     

    And come to find out that F-Secure only supports natively Windows Integrated Firewall.

     

    So there is no way of you to change other firewall software to run.

     

    So, if you intend to use F-Secure Internet Security 2014 and wanted to use other firewall like Comodo on top of F-Secure IS2014.

     

    It's not possible!!

     

    It will disable the Windows Integrated Firewall!!

     

    I've done that. And it not advisable to use other third party firewall program with F-Secure Internet Security 2014.

     

     

     

    Blackcat, can the firewall which you mention can run along side with F-Secure Internet Security 2014???

     

    Under Matousec reports, F-Secure built in windows firewall failed many tests.

     

    http://www.matousec.com/projects/proactive-security-challenge-64/reports/PSC64%20report%20-%20F-Secure%20Internet%20Security%202013%2012.71.102.pdf

     

    Go to the link above and see the review that Matousec done testing with F-Secure Firewall.

     

    Don't be surprise of many failures!!!

     

    Okay, look at the ranking of firewalls results from matousec.

     

    http://www.matousec.com/projects/proactive-security-challenge-64/results.php

  • Simon
    Simon Posts: 2,667 Superuser
    Surely though, if you were to install a third party firewall, you would disable the Windows Firewall, and the third party one would run independantly from F-Secure, as you would turn the F-Secure firewall setting to Off.

    With respect, I can't help but feel that you may be overly concerned about the lack of an integrated firewall in FS, and I do agree with Bleckcat's comments above.

    What I would like to see, though, is more user interaction with DeepGuard and the Application Control. It really needs an option for the user to be able to add or deny permissions for themselves. To be honest, the Windows Firewall is not the easiest to adds or remove permissions from manually.
  • Blackcat
    Blackcat Posts: 503 Influencer

    @Rusli

     

    Windows Fire Control is not a firewall; 

     

    "Windows Firewall Control is a nifty little application which extends the functionality of the Windows Firewall and provides quick access to the most frequent options of Windows Firewall. It runs in the system tray and allows user to control the native firewall easily without having to waste time by navigating to the specific part of the firewall. This is the best tool to manage the native firewall from Windows 8, Windows 7, Windows Vista and Windows Server 2008. Windows Firewall Control offers four filtering modes which can be switched with just a mouse click: "

     

    It probably will not help in the leak tests but it will block any outbound connections which do not match a rule. I have tried it for a short while with F-Secure and although there did not appear to be any incompatibilities it was not a long term test.

     

     

    Capture.GIF

     

     

    Capture 2 .GIF

     

     

    I know of Matousec's tests and I consider them as worthless as Comodo's for the reasons I gave above.

     

    Windows Firewall is good enough for the majority of users if they are behind a router and it is an even better choice with Advanced security settings. 

     

    Capture 3 .GIF

     

     

     

    But if you want to dig deeper into the settings then you will find one of the Windows Firewall Control programs offer an easier-to-use interface; these include Sphinx Firewall Control, and the one above, BiniSoft Firewall Control.

     

    Outbound protection is overated in my opinion;  Data/Information flows out from incoming connections and in from outgoing ones. Therefore you mostly only have to worry about incoming connection attempts since they are the ones that can be used to steal your data. The only way personal data for example can be stolen is by keyloggers and possible interception of wireless signals and the like but in these cases firewalls offer no protection.  

     

    Overall, IMHO, the Windows Firewall with F-Secure IS 2014 and a NAT router should be sufficient at least 99% of the time.

     
  • Rusli
    Rusli Posts: 1,019 Influencer

    Hi All,

     

    As for today, F-Secure Deep Guard is detecting and blocking Comodo Leaktest Firewall.

     

    But still you can choose two option, to allow or to block.

     

     

     

    Attention to F-Secure Deep Guard:-  If the user is still allowing the program. Deep Guard must have the option to block every level of Comodo Firewall Leaktest to make it passed!!!

     

     

  • Rusli
    Rusli Posts: 1,019 Influencer

    Hi All,

     

    Here is a reply from F-Secure SAS Team, concerning the Matousec Firewall Leak Testings.

     

    Hello,

    Sorry for the delay in replying this inquiry.

    Kindly be noted that Matousec does not test with real malware.
    We focus on detecting malware that is seen in the wild. You can refer to our excellent protection score in both AV Test and AV Comparatives tests.

    We have analyzed the Matousec test results.
    Detecting those Matousec tricks & techniques that are also used by real malware have been added to DeepGuard roadmap.

    Should you have further concerns, please do not hesitate to email us again.

    Best regards,
    --------
    F-Secure Security Labs              http://www.f-secure.com/weblog/
    F-Secure Corporation                http://www.f-secure.com/

     

     

  • Blackcat
    Blackcat Posts: 503 Influencer

    "As for today, F-Secure Deep Guard is detecting and blocking Comodo Leaktest Firewall"

     

    But it only detects the .exe file; it still only scores 200/340 as before.

     

     

     

  • Rusli
    Rusli Posts: 1,019 Influencer

    Honestly,

     

    Windows firewall is hopeless!

     

    Can your Filter program block it.

     

    I'm doubtfull.

     

     

  • Rusli
    Rusli Posts: 1,019 Influencer

    This is an awkward test that I find weird with F-Secure Deep Guard. 

     

    And I found to be really horrible.

     

    Inorder to pass the GRC leaktest.

    --------------------------------------------

     

    if you wanted to PASS the test with GRC Leak testing, this is steps which you need to do.

     

    https://www.grc.com/lt/leaktest.htm

     

    1.  Run grcleaktest.

     

    2. Deep Guard detect and prompt.

     

    3. I trust the application. Let it continue.

     

    4. The go to F-Secure Tools, Select Application permission, click details to block or click the applciation select to deny.

     

    5. Go to GRCLeaktest and select test for leaktest.

     

    6. And you will get the  "Unable to connect".

     

    Then GRCLeaktest will pass the test.

     

    As for the Comodo Firewall leaktest. I will not get a perfect score of 340/340!!!

     

    If I do a first test I get a score of 190/340. That is bad!!!

     

    I find Deep Guard very weird.

     

    if you want better results than this.

     

    Again, you have to do the awkward test like the followings:-

     

    1. Run clt.exe file.

     

    2. Deep Guard detect to block it. And CLT program launches.

     

    3. Select Exit. for the CLT program. (Don't click the test  button, just exit)

     

    4. Go to F-Secure tools, Application permission. Select Allow clt program from block. click close.

     

    5.run clt.exe again.

     

    6. Goto F-Secure tools, Applications permission, Select Block or Denyt this time under the clt.exe file. click close.

     

    7. Click on Test for the clt.exe file.

     

    8. Then you will see that the Deep Guard prompts again to block. Click close.

     

    9. Then will see the score 260/340.

     

    So that is the Awkward Tests that you have to do.

     

     

     

    As for the actual test is in this manner.

     

    1. Run GRCleaktest program.

     

    2.  Deep Guard detects it.

     

    3. click ok to block.

     

    4. GRCleaktest launches.

     

    5. Application Block prompts from Deep Guard. Click close.

     

    6. Select test for leaks from GRCleaktest, it will not run anything! Connecting.... and it will stuck there forever. And failed the GRCleak test.

     

     

    As for the Comodo Firewall leaktest.

     

    1. Run CLT.

     

    2. Deep Guard detects. Click ok to block.

     

    3. CLT program launches.

     

    4. Select test button.

     

    5. CLT program will be block. And will run the program.

     

     

     

    The next one, this is a bug that I found with GRCLeaktest.

     

    Okay go to the F-Secure Status settings, Deep Guard options and click all the tab options. Yeah Including the "Use the compatibility mode (lower security).

     

    And you know what GRCleaktest failed the test. And firewall leaktest is penetrated!!!

     

    That is a bug... Deep Guard did not detect when the program runs!!! 

  • Rusli
    Rusli Posts: 1,019 Influencer

    I will submit the above report again to F-Secure.

     

    It's sucks!!

  • Rusli
    Rusli Posts: 1,019 Influencer

    PcMag F-Secure Antivirus 2014 Review.

     

    http://www.pcmag.com/article2/0,2817,2425112,00.asp

This discussion has been closed.