F-Secure far behind competition

Looks that this article should be considered by F-Secure developers looking for program enhancements http://www.gartner.com/technology/reprints.do?id=1-18TSH6H&ct=120117&st=sb

Accepted Answer

Comments

  • DmitriyDmitriy Posts: 212 F-Secure Employee

    Yes, according to Gartner, we are behind competition. However, according to AV-test.org, we are the best. Read on at: http://www.av-test.org/fileadmin/pdf/avtest_award_2011_english.pdf

    Antti
  • You misread my post. I was referring to your program weakness (i.e. dependency on others) as well as the lack of features pointed out in the article.

    I am not going to discuss the issue of vision, since this may change as soon as tomorrow,  redefining who is right or wrong :)

    Andrzej

  • Matthias,

    Last words before I accept your answer as solution.

    By no means I would ever consider Gartner as expert in any field. I thought it will be a good idea to share this opinion/review by an external source, summarizing accomplishments and weakness of F-Secure along with the competition.

    While AV-Comparatives or AV-Test, which both rate F-Secure really high, both focus primarily on consumer products the above article discussed the business oriented end-points.

    In my opinion there is a lot of room for improvement in Policy Management Console interface, but after reviewing multiple products last year I must admit that none of them is perfect (at least not to my expectations).

    F-Secure is rated relatively high wrt false positive detection, I submitted second sample this week Smiley Sad - this is of course not really relevant to the current thread.

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    Agree, Gartner has a certain focus. F-Secure is placed very much on the diagonal line in the center o fthe grid and it might only take a few features to move from "niche" to "leaders" next year. This is what R&D have to keep in mind!

     

    Concerning the False positives:

    In times when 150.000 samples are submitted per day and databases have grown to enormous sizes at all vendors generic detection is the only possible way to handle this. On the other side generic detection means that a peace of software that was not alerted about til now can suddenly match a detection. I do not remember a false positive (FP) that was not "generic" for a long time now.

     

    To avoid these "generic FPs" F-Secure has designed ORSP and whitelisted certain OS files from beeing tempered with even if a FP comes up on them. ORSP is not only able to confirm a malware detection but also to confirm a good file.

     

    The number of FPs counted in a test is a sign for the quallity (or better age of the binaries listes) in the database and the preciseness of the generic detections. F-Secure is VERY high in detection and has some FPs. Others have lower detection, but no FPs.

     

    The "ability to execute" depends on how fast the vendor can escalate and react on a FP-alert. F-Secure can react within 30 mins after escalation and provide a fixed update. I guess that is pretty fast?

     

    Remark 1: If you are sure the file is OK then you can alsways exclude it from scanning and have immediate "No detection")

    Remark2: If a FP is only reported by one or a few (private) customers the time to fix might be higher as then the root cause for the FP is removed, which takes more time than adding the biary to a whitelist.

     

    Thanks!

    Matthias

  • We are really drifting away from the original subject :)

    Internally controlled scan exclusion is something I do not have much luck with.

    According to http://www.f-secure.com/en/web/home_global/support/article/kba/7423/k/7423/p/1 exectuable will always be scanned.

    When specific FP is being installed on multiple systems in user defined location my only option is to include trusted hash in the DeepGuard, this unfortunately works for me for on average 30% cases.

    On the other hand I must admit that Analytical lab is very responsive and they promptly provide solutions to my submissions

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    Not really drifting away - if other readers want to understand my conclusion they need to have a bit more background.

     

    I have no idea what goes wrong in you place, but the fact that you get help is exactly the point that ALL tests including the gardner study miss.

     

    AV is not a product it is a service!

     

    Have a nice Weekend!

    Matthias

  • If this is really true, I will definitely recommend F-Secure to other friends..

     

     

    _______________

    Business is the game!!image

This discussion has been closed.