FSecure 2013 firewall options

I understand that the firewall is different from 2012 and has no Application Control.

So how can I choose what applications should not connect to the Internet?

 

Alternatively: I could presumalbly deactivate the FSecure firewall and install another - OK?

Or could I even unistall the FSecure firewall?

 

Or is it, maybe , better to forget about FSecure and get another internet Security?

 

Best Answer

  • JaysonJayson Posts: 595
    Accepted Answer

    Hello,

    F-Secure Internet Security 2013 includes a new Cloud-based firewall with intelligent control by DeepGuard, which is the essential to counter today’s malware and online attacks! It automatically prevents exploits from entering the computer and malware from stealing private data.

    For manual firewall rules, we utilize the built-in Microsoft firewall, which offers better compatibility with IPv6 and third party applications. The Windows's Port Filter for inbound protection which in practice will be blocking all inbound traffic. There is not much room for improvement here and one port filter is as good as the other.

    Please find the article explaining what happened to the new firewall functionality and find more detail comments here. Also, find the review of F-Secure Internet Security 2013 by PCMag.com here and AV-Test.org here.

    Hope this helps you understand the new implementation of the firewall in Internet Security 2013 better.

    Thanks.

     

    Edited: Review by AV-Test added.


    Best Regards,
    Jayson

Comments

  • F-Secure IS 2013 has no Firewall, but it has application control..
    F-Secure internet security 2013 uses windows firewall for allowing/blocking connections; which, in fact, isn't bad firewall(at least compared to what F-Secure had in past).


    Well, that's what I think...
  • AllesokAllesok Posts: 12
    So can I then deactivate the 2013 use of the Windows firewall and, instead, install a third party firewall? The way this is now handled by FSecure 2013 doesn't really make me feel that I want it! Maybe I should consider another Internet Security ... If I had known that before paying for FSecure another year, I suppose I may not have wanted it! Not really a good sales argument for FSecure ...
  • etomcatetomcat Posts: 1,312

    Hello,

     

    > F-Secure internet security 2013 uses windows firewall for allowing/blocking connections

     

    That is a correct statement.

     

    > which, in fact, isn't bad firewall (at least compared to what F-Secure had in past)

     

    I cannot agree with that. F-Secure's Distributed Firewall is a full-fledged packet filtering firewall module, which works, but its rule-creation logic is a bit convoluted. F-Secure DFW continues to serve well within the F-Secure Client Security corporate desktop protection product.

     

    In contrast, the Microsoft factory built-in firewall in Windows XP is a sad joke. That is important, because F-Secure Internet Security 2013 does support Windows XP SP3, which still has a strong user base worldwide. I wish F-Secure spoke about the security situation of Windows XP users following the omission of DFW from FSIS 2013.

     

    Regards: Tamas Feher, Hungary.

  • AllesokAllesok Posts: 12

    Well, that F-Secure now relies on Windows' "firewall", that is a "sad joke", is in my view really a good reson to use ANOTHER Internet Security. Too bad that I didn't know that before I paid the subscription for another year... (But I can, of course, keep F-Secure 2012, so far.)

     

    Unless - of course - I can deactivate that "firewall" and use a third party firewall!

     

    So please, someone, tell me if and how I can!

     

  • AllesokAllesok Posts: 12

    Since I don't receive a helpful reply that would enable me to use a third-party firewall, I have to consider version 2013 to be a DOWNGRADE of F-Secure Internet Security and I am now planning to end my relationship with F-Secure, as good as it has been until now, and choose another one.

     

    Sorry about that! It was good as long as it lasted, but as it has become now, having to rely on the Windows firewall that is known to not be the best (rather a bit far from it), it looks that this will have to be my decision.

     

  • AllesokAllesok Posts: 12

    I am skeptical about "cloud based " applications and the PCMag article isn't as positive as one would like to see it. Read the cons, also.

    So I wonder how many users will back off from F-Secure after this "development"...

    At least I will... There are better solutions!

     

  • AllesokAllesok Posts: 12

    The new arrangement with the firewall is, as far as I could see when quickly looking into your webpage, not mentioned there. Only at one place did I see the word “cloud based”, but not in respect to the firewall. Apparently one has to dig deeper to find this information there. Many may hesitate when they read “cloud based”, since most will want to have everything in their own computer and not spread out in clouds… At least for essential software like this one.

     

    It is worse for updaters, who want to renew their subscription and at the same time update to 2013. They will not first look into your webpage and are taken by surprise with this “innovation.” I suppose that they then face a choice when they install the new version. A choice between 1) a firewall in the clouds or 2) using Windows’ firewall, which is not considered to be the best, especially for Windows XP (that many still use or even prefer to use). They will miss a third option, that in my opinion MUST be there in a transitional version, as 2013 can be called: 3) the same firewall as in 2012. But it isn’t there… However, those who choose whatever they choose will in many cases not renew their subscriptions next year… So you have caught them, after all, for another year, and what the world looks like then is in the clouds…

     

    This to me is not a fully honest marketing strategy… It MUST be made CLEAR to customers, especially for subscription renewers, what they will get this time! Otherwise they buy the pig on a poke…

     

    Luckily, I discovered this game in time and can still reconsider my choice and get the money back for the renewal, since I didn’t use it yet. 2012 still works two weeks more for me, enough time for a refreshing change.

     

  • I agree with Allesok
  • AllesokAllesok Posts: 12

    I appreciate that I have by F-Secure been raised in rank to "Occasional Advisor, Founder"...

    I know it is their way of joking with me, but I take it as a sign that they do take my opinion seriously.

     

    So to accordingly give some more advice:

    As concerns possible choices of firewalls, there should in any case be the option of choosing a third-party firewall.

     

    There may, however, be such an option indirectly in installing only the Anti-Malware and adding your own firewall, instead of installing the whole Internet Security.

     

    Janiashvilisiramic
  • AllesokAllesok Posts: 12

    ... unless, of course, the Antimalware is also in the clouds ...

     

    Read in the German PC-Magazin, 2/2013, p.20:

    70 % of the Germans distrust the clouds.

    82 % request that cloud users should have a legal certification,

    The main worry: The security of private data in the clouds. Are data securely erased when so is requested?

    Cloud services abroad are even more distrusted since privacy rukes are often less strict.

     

    ....

     

  • RusliRusli Posts: 991

    What other firewall are you intend to use???

     

    Comodo???

     

    The thing is that Deep Guard is fully integrated with Microsoft Windows firewall.

     

    I'm not so sure if deep guard will still function properly if you were to use with other firewall.

     

    If you intend to use other firewall. Then use F-Secure Antivirus instead.

  • This is my concern:

    I used to have F-Secure Internet Security and still use version 2012. Now version 2013 is there and I – luckily before updating – discovered that it no more has its own firewall, at least not in the computer. Instead, it uses the Windows firewall that is known to not be the best one (rather a bit far from it…), especially for Windows XP. Later I found out that it, after all, does have an own firewall, but it is no more in your computer – it is “in the cloud”! That will be a potential risk, since the connection between your computer and the firewall in the cloud could be vulnerable and attractive for hackers and viruses. It will only be a matter of time until Hackers find a way to hack into it between the computer and the cloud. Furthermore, you never know how secure your data are that are stored in the “firewall in the sky”. Cloud-based applications may be OK, but certainly not in the case of an essential and “hacker-attractive” application as an Internet Security suite!

    It seems that other Internet Security suites now are beginning to do it in similar ways. I don’t want a cloud-based Internet (In-)Security application.

     

    So I want an Internet SECURITY that has everything essential in the computer,also the firewall. There atill are such suites.

     

  • RusliRusli Posts: 991

    Hi,

     

    The thing is Deep Guard is sitting right on top of the Microsoft Default Firewall.

     

    Can you tell me what is the difference with the previous version of F-Secure 2012 Firewall?

     

    Well I suggesting if you guys can write feedback base on your findings with F-Secure.

     

    In a way, you are right.

     

    So, what firewall did you intend to use?

     

    There are some here which you can choose from.

     

    http://www.matousec.com/projects/proactive-security-challenge-64/results.php 

     

  • Win XP + FS IS 2012

     

    Could someone please give details about the "cloud based firewall" that is mentioned in this thread. Do you mean, that the firewall has to connect to an external database to check the application?

     

    Have been using F-Secure products since 2003. These have proved really effective, and best in class. Though IS 2012 was suddenly a problem, because you couldn't turn off automatic updates. This was a real problem when logging on to my company network, because IS 2012 thought it had an internet connection, and stomped all over the log on and various security id protocols. Also the update attempts happening during use, caused me to lose data. I cured this by installing this firewall which works on the internal XP firewall, to block the IP addr of the update site. It has most of the features you need for configuring a firewall. I am guessing that it might not work with IS 2013. Not sure whether to renew or move on. Even Kaspersky 2012  allowed you to configure update times, and installation times of thew updates. I see that the business version of F-Secure comes with a Firewall and configurable update settings. It would seem tha F-Secure have removed useful features from the Home edition. Anybody know the cost of the business edition? I don't want to leave F-Secure, so that suite might be the answer, but real overkill.

  • It is not up to me to give details about cloud-based functions here, I can only refer to the post by Jayson above.

    As concerns firewalls. Of course one of the best!

     

  • AllesokAllesok Posts: 12

    I used to have F-Secure Internet Security and still used version 2012. Now version 2013 is there and I – luckily before upgrading – discovered that it no more has its own firewall, at least not in the computer. Instead, it uses the Windows firewall that is known to not be the best one (rather a bit far from it…), especially for Windows XP. Later I found out that it, after all, does have an own firewall as an alternative, but it is no more in your computer – it is “in the cloud”! That will be a potential risk, since the connection between your computer and the firewall in the cloud could be vulnerable and attractive for hackers and viruses. Furthermore, you never know how secure your data are that are stored in the “firewall in the sky”. Cloud-based applications may be OK, but certainly not in the case of an essential and “hacker-attractive” application as an Internet Security suite!

     

    It seems that some other Internet Security suites now are beginning to do it in similar ways. I don’t want a cloud-based Internet (In-)Security application. I have since quite some time been interested in Xxxx’s Internet Security that makes a good impression. In my computer, I have, in separate partitions, Windows XP Pro, Windows 7 Ultimate and Linux Mint. So I uninstalled F-Secure in Windows XP and installed Xxxx. The installation seemed to run OK, but when I at the end clicked “Finish”, a BSOD (“Blue Screen of Death”) came up!! Reason: “BAD_POOL_CALLER”, suggestion: reboot. So I rebooted. Windows XP started up OK but then ended with a blank desktop. No icons at all and no start button! Nothing but Windows’ wallpaper. I rebooted again (even twice) and the same thing happened. It looked like explorer.exe was not running. The file was still there (I could look into that partition from Windows 7), but apparently didn’t get started. It looked like Xxxx deleted or quarantined some system file that would have started it. But the cause really was another.

     

    It was not the fault of Xxxx! The real cause was an unclean uninstallion of F-Secure. The F-Secure Uninstaller failed and gave an error message, and I, therefore, uninstalled the “Windows” way. Then I again ran the F-Secure Uninstaller (after rebooting), which now seemed to work, and I ran it twice in the attempt to get rid of everything left behind by F-Secure. Still, the registry had many entries from F-Secure that had not been removed, so I had to remove them manually. Then I reinstalled Xxxx. It then turned out that the delayed appearance of the icons (2 minutes in the beginning) had to do with a learning procedure of the software after starting Windows. The delay became less at every start until it disappeared.

     

    And what if this then should happen again in Windows 7? Even though I am using almost only that one for the time being, I am tempted to return to Windows XP because of all the annoyances with Windows 7 (see below). I could, however and after much work, overcome most of them and get Windows 7 reasonably the way I want to have it. This is, however,  one of the reasons why I certainly will not install the “annoyances galore” Windows 8 (see below), but rather dig much deeper into Linux! Where, so far, viruses are much less of a problem, anyway… But I learned from this experience with the Windows XP partition and am now ready to switch to another Internet Security also for Windows 7.

     

    So far, I kept F-Secure Internet Security 2012 in my Windows 7 partition. Recently, however, it without asking upgraded itself against my will to version 2013! I wanted to keep the firewall of version 2012, but they didn’t let me. Shame upon them! That is another complaint I have against F-Secure – besides the unclean uninstallation. So much more a reason to switch...

     

    Computer magazines and Internet discussions reveal that sensitive data and functions are potentially unsafe “in the cloud.” Personal data are more easily available to hackers and you are never sure that they really disappear if you delete them. If the firewall function is “in the cloud”, there will be several new ways for hackers to bypass the firewall or fiddle with it, or in some other way intrude into your computer, among others because there is an Internet link between your computer and that firewall that will certainly be attractive for hackers to mess with. Because of that, many an “Internet Security Suite” to day rather becomes a bit of an “Insecurity Suite”...

  • Couldn't agree more. Now a different product safeguards my laptops, mobile devices, tablet and PC's. Goodbye FS and have a great future!! It was a good ride!

  • SkugganSkuggan Posts: 25

     

    You forgot that with the Windows Firewall the steps to take to get protected or open up ports is so much longer and just doesnt make sense. You need to come up with your own firewall for the FIS 2014, it's just too much hassle to go through at the moment. And as you can read in multiple magazines and websites that have reviewed FIS2013 pretty much all of them complain about this, if that is not enough to make you change your mind then I dont know what would be.

     

    And for gods sake do something about the 4-click system you have now to reach the settings, very unfriendly towards the users.

  • AllesokAllesok Posts: 12

    With all these concerns and  reacations from the users, I think that it becomes inevitable to change your thinking and policy. It would certainly be feasible to offer an updated firewall 2012 already now. It could be a pop-up offer: "Do you want to install our renewed firewall 2013 or stay with the configuration you have now?" And not in the clouds, please!

     

  • DJ69DJ69 Posts: 15

    Although I am currently evaluating IS 2013, I like this new FW augmentation concept. Personally, I am tired of the HIPS configs (Comodo, Outpost, Privatewall and others). Likewise,  HIPS  is not perfect either and in particular, when it comes to vulnerabilities.  If, FS can do it for me and my family, all the better… Just one opinion...  Thanks.  From the link below:

     

    • Blocking download of exploits and other harmful files. Each downloaded file is scanned and all harmful files are blocked automatically.
    • Preventing suspicious applications from accessing the Internet. If the safety of an application cannot be verified, DeepGuard starts to monitor its behavior. Based on the behavior analysis, DeepGuard will either allow or deny the network access or it asks the user whether to permit the access or not.
    • Browser manipulation detection. DeepGuard detects if malware is trying to manipulate user’s browser and prevents the attempt.

    http://community.f-secure.com/t5/Security-for-PC/What-has-happened-to-the/ta-p/15392?skin=en&profile.language=en

     

  • FLACFLAC Posts: 1

    im glad i looked here before buying fsecure i didnt know it used windows firewall surely this info should be placed on the page when purchasing f-secure.Its a shame if it had its own firewall i would purchase it.

    I like plenty of settings to tweak in my security suites F-secure looks very dumbed down too me.Also will you have your own firewall in 2014 version i doudt it be ill ask any way until then ill stick with kaspersky.

     

  • DJ69DJ69 Posts: 15

    (If you are a home user…)

    New real-time paradigms must materialize to keep up with the new and forever developing threats. One area in particular is vulnerability exploits. NO firewall (such as manual HIPS) is going to plug this whole until it is to late….  I encourage you to read about Deepguard in relation to how it amends the MS firewall…

    (If you are a corp. user, consider an end-point F-Secure Solution)   

    BTY, MS Firewall standalone will "Stealth" your ports (https://www.grc.com/x/ne.dll?rh1dkyd2).

    Also see Deepguard whitepaper PDF:

    http://campaigns.f-secure.com/software-updater/deepguard_whitepaper_final.pdf

    New Firewall Functionality PDF:

    http://community.f-secure.com/fsecured/attachments/fsecured/Protection/4114/1/New%20Firewall%20Functionality%20in%20F-Secure%20Internet%20Security%202013.pdf.

  • arlyarly Posts: 1

    i am new to f-secure it is firewall i want please tell me what to do

     

  • BlackcatBlackcat Posts: 511

    If you are not happy in using the stripped-down firewall in FS Internet Security 2014, try the standalone F-Secure AV and a firewall of your choice.

     

    Good choices would be;

     

    1. Comodo Firewall; http://personalfirewall.comodo.com/

     

    2. Zone Alarm Free Firewall; http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

     

    3. TinyWall; http://tinywall.pados.hu/

     

    4. PrivateFireWall; http://www.privacyware.com/personal_firewall.html

  • NikKNikK Posts: 931

    Some additional information:

     

    F-Secure's own firewall solution was removed in Internet Security 2013. It's now only available in business versions. The reason it was removed was because F-Secure thinks that the default firewall in Windows is good enough. And F-Secure's Deepguard(application monitor) will block any internet connection attempts made by unknown applications.

    What's important to know is that the firewall in Windows XP only has inbound filtering, while Windows Vista and later also has outbound filtering, but the outbound filtering is disabled by default. The reason is it can be quite complicated to set up the outbound filtering to work the way you want it to.

     

    The Windows firewall(not XP) is a great firewall that offers both inbound and outbound filtering. The only problem with it is that outbound filtering is difficult to use. This is probably why many users chose to use a different firewall(see the examples from Blackcat).

     

    There are programs that can help you with this but I only recommend it to advanced users, for example Windows Firewall Control  This program(WFC) provides an interface to create firewall rules and alerts, but it's not a firewall itself. It only communicates with Windows own firewall to make it easier, but you still have to decide yourself what applications, including windows internal applications, to allow for making connections from your computer.

    Note: F-Secure Deepguard detects WFC as an unknown application, so you need to allow it in order to be able to use it.

This discussion has been closed.