When can we expect "Boot Time Protection"?
Hi,
It is becoming very important these days to have "Boot time protection" or some kind of "Preferential Loading at startup of Windows". None of the F-Secure consumer products have this feature. There are certain videos on youtube which show the importance of this feature. In one particular video the F-Secure's much capable DeepGuard is immediately able to protect against a ransomware/malware sample (but this malware sample creates a daughter .js file and a startup entry for this .js file), but due to the absense of "Boot Time Protection" is not able to stop the encryption of the user files (caused by the execution of the .js file at startup). By the time F-Secure was fully up and running after startup, user files were already encrypted.
This is a must have feature and I think F-Secure team should add this to its products on a priority basis. I believe that F-Secure is one of the best products out there (I just love its DeepGuard) and am pretty sure that F-Secure's team will definitely take some positive action on this.
Thanks.
Comments
-
https://www.youtube.com/embed/Y1wTfTKjBQ0?wmode=opaque
an example which F-Secure will fail becuase of lacks of Boot Time Protection! system will infect with Ransomware in startup.. -
Thank for for informing us of this. After seeing the video, it looks like the method of the testing is not reflective of how ransomware enters the users' computer in the real world. And I'm emphasizing this because the malware's method of entry into the user's system is also part of how our detections work. Typical ransomware nowadays come in via spam emails. A minority is also propagated via exploit kits, malvertising and other web-related infection vectors. So if there are files that are coming in from those potential infection vectors, our detection layers have an extra layer of suspicion that is attributed to that file and it will most likely be detected.
That being said, the testing done in the video started with the file already in the system. The infection vector is not in the picture anymore and as such, all our network, web traffic and additional data for our Deepguard, is not available anymore. And in the real world, these ransomware files will not just appear that way. So in this testing, the only parts of the products that are tested are the file detection layers, and some parts of Deepguard. So in a way, this is not our product's full potential in protecting users against ransomware in the real world.
That being said, I've had a quick discussion with some of our engine developers, and we will still schedule an investigation into how we can load the product early enough without sacrificing performance. But of course we will also balance this if having this will truly give real protection for our users, or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses.
-
Thanks to You dear @Chris_x10
i am not that much good in English , so if i did underestand correct, i'll appreciate that if you confirm it,
you want to do an investagion on this matter to see if it's possible add this feature and in the meantime keep F-Secure Performance good right?
about this i personally as your home customer, have no problem with a little bit more protection, my system startup time increase 5-6 seconds!
"That being said, the testing done in the video started with the file already in the system."
you know that DeepGuard and F-Secure other technologies cannot protect us against 100% of cyber threats right? the same thing with any other cyber security solution exists. so imagine this Ransomware Penetrate to your Customers's systems as a Zero-Day. well what happens? DeepGuard will block it and then? system still is infected and once user restart or reboot it's cumpoter.. well i'm sure we won't that.
"or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses."this is something really sure that Ransomware as a Zero-Day, will arrives to user system somehow finally. so again, the story is the same.
at the end, Keep us Update please in this matter.
Thank You! -
@Parham: Even with zero days the files won't just automatically emerge in the system, there is still an infection vector. Whether it's browser and browser plugins exploitation, network shares, and the like. Every method of delivery of the malware into the system is still additional information that Deepguard can use. And Deepguard does use this delivery information. This is what I meant by real-world testing, to include the method through which the infection really happens.
With that in mind, I am not really worried. But of course, every single layer of protection adds to the level of security.
-
-
-
Hi. I really wonder why F-Secure not having boot time scanning. There are many tests and videos that shows it`s importance. I have Kaspersky Free installed now on my computer , but have several years had F-Secure from my ISP. I would really want to have F-Secure on my computers but wont buy it unless it fixes the important boot time scanning. I´m sure there are lots of customers that want this feature, and it would make F-Secure one of the absolutely best AV.
MVH Stan
-
This was originally suggested over 2 years ago. Has boot time protection been implemented in F-Secure Safe or other home versions?
If not, why not?
This is a 100% necessary feature. If it is not available in F-Secure, I will move on to one of the MANY competitors which has had this feature for years. Thank you.
right?
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!