cancel
Showing results for 
Search instead for 
Did you mean: 

When can we expect "Boot Time Protection"?

When can we expect "Boot Time Protection"?

Hi,

 

It is becoming very important these days to have "Boot time protection" or some kind of "Preferential Loading at startup of Windows". None of the F-Secure consumer products have this feature. There are certain videos on youtube which show the importance of this feature. In one particular video the F-Secure's much capable DeepGuard is immediately able to protect against a ransomware/malware sample (but this malware sample creates a daughter .js file and a startup entry for this .js file), but due to the absense of "Boot Time Protection" is not able to stop the encryption of the user files (caused by the execution of the .js file at startup). By the time F-Secure was fully up and running after startup, user files were already encrypted.

This is a must have feature and I think F-Secure team should add this to its products on a priority basis. I believe that F-Secure is one of the best products out there (I just love its DeepGuard) and am pretty sure that F-Secure's team will definitely take some positive action on this.

 

Thanks.

12 Comments
Champion

F-Secure don't have Boot Time Protection ?!

+1 from me ! its a need, it is not just a feature, it's something necessary!

Supporter
yes, its necessary :)
Champion

https://www.youtube.com/embed/Y1wTfTKjBQ0?wmode=opaque

an example which F-Secure will fail becuase of lacks of Boot Time Protection! system will infect with Ransomware in startup..

F-Secure

Thank for for informing us of this. After seeing the video, it looks like the method of the testing is not reflective of how ransomware enters the users' computer in the real world. And I'm emphasizing this because the malware's method of entry into the user's system is also part of how our detections work. Typical ransomware nowadays come in via spam emails. A minority is also propagated via exploit kits, malvertising and other web-related infection vectors. So if there are files that are coming in from those potential infection vectors, our detection layers have an extra layer of suspicion that is attributed to that file and it will most likely be detected.

 

That being said, the testing done in the video started with the file already in the system. The infection vector is not in the picture anymore and as such, all our network, web traffic and additional data for our Deepguard, is not available anymore. And in the real world, these ransomware files will not just appear that way. So in this testing, the only parts of the products that are tested are the file detection layers, and some parts of Deepguard. So in a way, this is not our product's full potential in protecting users against ransomware in the real world.

 

That being said, I've had a quick discussion with some of our engine developers, and we will still schedule an investigation into how we can load the product early enough without sacrificing performance. But of course we will also balance this if having this will truly give real protection for our users, or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses.

Champion

Thanks to You dear @Chris_x10

 

i am not that much good in English , so if i did underestand correct, i'll appreciate that if you confirm it,

you want to do an investagion on this matter to see if it's possible  add this feature and in the meantime keep F-Secure Performance good right?

about this i personally as your home customer, have no problem with a little bit more protection, my system startup time increase 5-6 seconds!

 

"That being said, the testing done in the video started with the file already in the system."
 you know that DeepGuard and F-Secure other technologies cannot protect us against 100% of cyber threats right? the same thing with any other cyber security solution exists. so imagine this Ransomware Penetrate to your Customers's systems as a Zero-Day. well what happens? DeepGuard will block it and then? system still is infected and once user restart or reboot it's cumpoter.. well i'm sure we won't that.

"or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses."

this is something really sure that Ransomware as a Zero-Day, will arrives to user system somehow finally. so again, the story is the same.

 

at the end, Keep us Update please in this matter.


Thank You!

F-Secure

@Parham: Even with zero days the files won't just automatically emerge in the system, there is still an infection vector. Whether it's browser and browser plugins exploitation, network shares, and the like. Every method of delivery of the malware into the system is still additional information that Deepguard can use. And Deepguard does use this delivery information. This is what I meant by real-world testing, to include the method through which the infection really happens.

 

With that in mind, I am not really worried. But of course, every single layer of protection adds to the level of security.

Champion

Thank You dear Chris for the clarification.

" every single layer of protection adds to the level of security."

then we await to see this layer ( Boot Time Protection ) in F-Secure Products.

 

Thank You for care about our protection.

Champion

Hi

Excuse me i forgot to ask

is this request under consideration corrently? becuase it's status had not any changes..

Regards,Parham

Community Manager

Hi Parham,

 

We are still looking at the possibility of this request. I will change the status once we have a clear idea about it.

Supporter

I think we can cover f-secure with MBRFilter by Cisco Smiley Tongue right?