F-Secure Ultralight Anti-Virus
Comments
-
@Simon wrote:@Petrovic - How did you manage to create that screenshot? When I try to do it, I get the screen underneath, but not the FS overlay.
F-Secure Ultralight Anti-Virus installed on a virtual machine. I use ashampoo snap.
-----------------------------------------------------
How to completely delete history / records in the GUI?
-
Currently we don't have a UI element designed to delete all records.
Some records are intentionally non-deleteable, since they are associated with configurable settings. For instance, if a file is stored in quarantine, the event associated with that is non-deleteable to avoid preventing the user from restoring the file later. The same applies for decisions made by web traffic scanning (such as blocked URLs, etc.)
All other events can be deleted by clicking the trash can icon associated with the event. We also provided various filters to make it easier to search for relevant events - the idea being that you don't really deal with those too often anyway.
If you amass a huge number of events during testing and want to simply clear them all, the easiest way is to uninstall and then re-install the product (which is also a fairly fast thing to do).
-
It's certainly different. Were it any other antivirus, and not from a company I trust, I too would have serious doubts about the level of protection. As it stands, I'm not quite confident enough to replace FSP with Ultralight on my main machine, but hopefully as it develops, that confidence will grow.
-
Time to respond to a few more comments here!
As far as our plans for this product go, it's still open. This beta is targetted as a concept and technology validation. There are no current plans to bring this particular product into our portfolio, and therefore no plans to make this a paid product. The underlying technologies will likely find their way into our existing Windows products and, if the UI concepts are well-received, they may affect future UX design.
We are working on a 32-bit version of Windows Ultralight. The project was initially scoped as 64-bit Win7 and up. This allowed us to use many of the new features provided only by the newer versions of Windows to improve performance and security. However, in order to support our other product lines in the future, we are porting everything to 32-bit. No ETA on that one yet.
I understand that many of you are finding it hard to believe that such a lightweight product can provide security similar to existing "heavy" AV products. I'd like to address that.
Over the years, AV products have evolved. Back in the old days, when the number of malware in the wild could be counted in the thousands, simple methods, such as pattern checks and full-file signatures could be used to blacklist those specific files. As the numbers grew and grew, and with the addition of things like server-side polymorphic malware, these methods were no longer sufficient. Generic detections that analyzed the structure of files and looked for specific patterns of attributes were created. A single generic detection can catch hundreds of thousands of malware from a single family and variant.
Protection is slowly moving forward from this file-detection based paradigm. We now have technologies that can analyze the execution of files and detect malicious behaviour. Technologies also exist to detect when a malicious file attempts an exploit. We can analyze network traffic and block malicious files from even arriving, as well as block malicious sites from being accessed. Many features in modern operating systems render old malware unuseable.
Cloud-based scanning technologies give us the ability to send files for deep analysis on our backend. Once we've seen a file and analyzed it, that information is available to every user of this technology.
Bringing all this together means that we can drop the heavy local databases of old, make the product lighter, and more importantly, respond a lot quicker to threats that our customers are seeing. As the user base grows, so does the protection level. Putting all these new technologies together ultimately provides a superior level of protection, and with the backends at our disposal, there's a lot more innovative ways we are going to be able to protect systems in the future.
-
I would have liked to be able to read it BEFORE I had a peek at this app, the direction taken is very promissing but, as fas I am concerned, I can difficultly think of beta testing a fully cloud based AV, depending on a narrow bes of beta testers, on my main rig... Am I right thinking there is no offline protection. Anyway congrats for the the dev team, you really rock
-
Yes, this product does heavily rely on having the upload file feature turned on. Our thinking is that if you're not online, you're probably not going to get owned. Of course there is the exception if you are not on the internet and plug in a USB stick, and that's something we'd like to address in a future update. Many of the protection components do not fully rely on an internet connection and there is a lightweight local scanner.
All components are updated frequently, and there are local databases for some of the components. To see updates click the filter shown here:
You can get that menu to appear by hovering over the "Important" button.
-
@AndyP wrote:Time to respond to a few more comments here!
As far as our plans for this product go, it's still open. This beta is targetted as a concept and technology validation. There are no current plans to bring this particular product into our portfolio, and therefore no plans to make this a paid product. The underlying technologies will likely find their way into our existing Windows products and, if the UI concepts are well-received, they may affect future UX design.
I hope the F-Secure Anti-virus Ultralight will as a standalone product. This is a great development.
Thanks for your work
-
With regards one of Andy's previous comments, I would certainly suggest looking again at the branding. Something like Internet Security Light, or IS Ultralight might be better.
I would also suggest that maybe the current FSP product could be redisigned with a 'Light' option, keeping all the security features, but removing the Firewall and Parental Control components, which are largely given over to Windows anyway. -
From what I understand, YOF, it has the same protection levels as the current security products, except for isolating the connection to banks and other secure sites (so, no Banking Protection), and it doesn't currently have offline protection, ie, for if you're offline and plug in a USB stick, for example.
So, in short, it is missing some of the features of the current security products. Personally, I'm keeping it on a spare machine at the moment, as I don't want to compromise security on my main machine for banking, etc, but I am eager to see how Ultralight evolves. -
I have been using this product on my main rig for the good part of a month already. I'm happy with the protection level if offers. However, in my line of work, I know very well what to look out for, where the product has shortcomings, etc. I'm also sitting with the guys developing it, malware analysts and a large number of experts in the field
Bear in mind that this is a beta product. That means that you will be receiving more cutting-edge changes than a production product. I would advise against using any beta product on any system you would consider mission-critical.
-
---------------------
and it doesn't currently have offline protection, ie, for if you're offline and plug in a USB stick, for example.
---------------------
How I can to understand......
SpoilerIn fact... there have offline protection during USB/CD/DVD connection or other variants of malicious files transferring to system (when network disabled).
There just will be basic, low.... and not full meanings of protection.
Will be work just "offline core". Such as.... OK... it can be Hydra -engine as example;
Or just "core" with signatures (or patterns, hashes or other) about MOST of critical (?! but outdated), engine-depended or important known files/signatures/patterns/hashes.
Such as .... will be detection for most of related files for current engine as main F-Secure's basic core.
Will be normal detection about some of files (it's can be malware, spyware or suspicious files), but it should be known for "offline"-engine (which same with basic-core... about default level of checking around. Such as known viruses maybe). Such as... it's F-Secure ULAV - small and ultralight. It's of course.. not really biggest collection can be. But maybe about most important. There I can just create a suggestion... that current basic-core should be also with updates for "last three days" new discovered malware/spyware/suspicious files as "offline". After that... goes be "just under cloud" and offline version with "next last three days".
It's probably will be still around "small size", but with protection against NEW and modern malicious things EACH day... with offline-protection too. If it's on current time.. same things - good. Such as "basic-core" of detections and "some of last days around all new known malicious files" (which after day goes be just under cloud and offline-protection based on basic-core and "new-fresh detections").
And during offline-protection.... will be dropped a lot of advanced things. Maybe it's will be include: aquarius-core under cloud, advanced-scanning patterns under cloud, Security-Cloud as protection behavior-based for "known files" and other variants of "static/dynamic/virtual analysis" under Cloud during launch or "trying to launch" files. Also maybe it's related with hooks... such as... not available to re-get "result" of checks during launch.
So... such as... there still have offline-protection, but around "default one" with dropped all of advanced-mechanism-detection-steps, which comes just by Cloud.
In fact.... it's also can be same with FS Protection (about some of things), but FS Protection also have a lot of cache-history and more local database... which enough for most of "visible" advanced detection. And it's required to get more space.... more perfomance-usage... and all of other things, which certainly not related with ultralight
But FS Protection/F-Secure IS close to be friendly with system too (for me).
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!