New Update F-Secure beta version updates

[TuxTalk]

@bazang "Security is not software. Security is a process". Profound, yet for the average user, it is also a tool, a safety net.

And back to the thread topic at hand, well sort of, Ville (F -Secure Mod/Product expert) did not respond to the replies posted, and I don't think they will. I'm thinking F-Secure sold their soul to Gen Digital already, and the architecture, the re-engineering has been a part of the merger, that they're keeping it under wraps for now?

It's a marriage made in heaven in this regard, both apps have the VPN and Password Manager incorporated in the app itself. Both VPN/s use Amazon servers. Maybe that was part of the initial discontinuation of the Freedome app, to make it more of a seamless transition from F-Secure into F-Secure Avira?

Edit: As F-Secure maintains its vice like grip on trying to be the king of FPs

Real-World Protection Test July-October 2024

The second half year results of the ongoing Real-World Protection Test July-October 2024 are now available.

www.av-comparatives.org

View attachment 286290

Never have any FP with Trend, AV-C are a bunch of Noobs.

 

[Oldie1950]

I renewed my F-Secure subscription a few days ago. Due to the switch from F-Secure to Avira, I requested a refund of the subscription costs.

 

[Jonny Quest]

I renewed my F-Secure subscription a few days ago. Due to the switch from F-Secure to Avira, I requested a refund of the subscription costs.

At one time, I had a subscription to Avira Pro which I'm now installing again on all of my PC's. It's also nicer to work with a portal that actually has more information and functionally to it than F-Secure's stripped down version.

 

[simmerskool]

Emsisoft could be next. Abandoning the firewall, simplifying settings, minimizing changes, ...

"could be next" in what sense? taken over by Norton group (I forget the correct name), or taken over by another? I don't see that happening. My recent usage of Emsi has been very positive (fwiw) and I sense their independence fwiw2. They stopped developing their firewall years ago, saying windows fire was good (enough) for integration with Emsisoft. Or I hope they stay independent.

 

[Sunqfu]

It's really sad to see F-Secure slowly melting away.

 

[bazang]

@bazang "Security is not software. Security is a process". Profound, yet for the average user, it is also a tool, a safety net.

The average user thinks that security is software and there are security software publishers that pander to that user ignorance. It is a big reason why the malware problem will never be solved. Security software is like putting a bandaid onto a broken leg and saying "OK. There you go. You are fixed."

The security software publishing industry has poisoned the global population by preying upon users' ignorance. That's what has happened over the past decades.

Average users, without knowledge, need way more than just a security software. Their systems need to be managed. By that I mean there are lots of things that average users need to be prohibited doing.

Edit: As F-Secure maintains its vice like grip on trying to be the king of FPs

View attachment 286290

I have seen this always wonders what AV-C is up to? I have never experienced a false positive with F-Secure. But every single time that AV-C does one of their rounds of testing, they must have specially crafted files that they throw at F-Secure (and the others) and F-Secure detects something.

False Positives are no big deal. They are blown way out of proportion. The reason they are promoted as a huge deal is that the end user lacks the knowledge to know what to do. Going back to Square 1: Security is not software. It is a process (that involves people and those people need to have the knowledge).

Instead security software publishers promote and perpetuate user ignorance, and snowball societies into never making "security through knowledgeable and proficient users" a priority.

One need not be a 50 year IT Pro to be proficient enough to handle most security issues.

The other side of the coin is that people are people, and they will unravel security no matter what to do what they want to do. That is why devices need to lock users out of being able to do almost all of what they can do today on a Windows system. Their systems need to be managed.

 

[Vitali Ortzi]

Never have any FP with Trend, AV-C are a bunch of Noobs.

Fact they have false positives in their test doesn't mean you have encountered the same files and they probably use fake cracks for the test (look at the test methodology for more accurate information about the test )


Maybe you specifically aren't using all kinds of cracks activators etc
Since you have good behavior but doesn't mean all users wouldn't and the results are important to understand how much you can get impacted by false positives
(Low false positives means it's probably not too aggressive again piracy and those who use only popular safe software can use the most aggressive false positives avs )

 

[Vitali Ortzi]

Never have any FP with Trend, AV-C are a bunch of Noobs.

Btw with my experience the test results of false positives
The ones with least false positives align close to my experience with piracy (eset, Kaspersky are my recommendation for piracy users based on security / false positive balance)

 

[bazang]

@Jonny Quest

Confirmation F-Secure is switching-out its own technologies for Avira's EPP = Endpoint Protection Platform:

 

[Dreams&Visions]

@Jonny Quest

Confirmation F-Secure is switching-out its own technologies for Avira's EPP = Endpoint Protection Platform:

[...]

Since when does Avira employ a Behavior Blocker? I was not aware they have one since I last used it (>2y ago). I know they have HEUR(istics) and AVC (the cloud). I did not find anything on a quick Google search (apart from things which I knew from the GUI at all). Not aware of HIPS also?

 

[Dreams&Visions]

I renewed my F-Secure subscription a few days ago. Due to the switch from F-Secure to Avira, I requested a refund of the subscription costs.

Successful?

 

[Oldie1950]

Successful?

Yes, I was notified of the refund.

 

[silversurfer]

Since when does Avira employ a Behavior Blocker? I was not aware they have one since I last used it (>2y ago). I know they have HEUR(istics) and AVC (the cloud). I did not find anything on a quick Google search (apart from things which I knew from the GUI at all). Not aware of HIPS also?

AFAIK, the technology "Sentry" of behavioral blocking was originally developed by BullGuard, here you can find more information the forum thread from 2022:

New Update - Finally... The next generation of Avira is available.

Well, downloded/installed the New version and am trying it out for a few days. So far I like it. But theres a small....oversight? ive noticed. There is no right click scan option. It's a small thing but considering pretty much every AV nowdays has that option it's just something that's stuck...

malwaretips.com

 

[bazang]

Since when does Avira employ a Behavior Blocker? I was not aware they have one since I last used it (>2y ago). I know they have HEUR(istics) and AVC (the cloud). I did not find anything on a quick Google search (apart from things which I knew from the GUI at all). Not aware of HIPS also?

As @silversurfer said. Avira has the Bullguard Sentry behavior blocker.

My guess about F-Secure based simply upon observed facts:

1. Avira components will have much fewer false positives (FP).
2. F-Secure is not doing well financially; a sale or an agreement of sale to GenDigital is possible.
3. The move to Avira components would then make sense.
4. Maybe GenDigital\Avira gave F-Secure a great deal to move to Avira technologies, and this would make sense if F-Secure is attempting to reduce costs?

Until the F-Secure leadership explains what it is doing in 19.9 and what changes and how they will affect the product ¯\_(ツ)_/¯ ???

F-Secure staff are not answering direct questions about the impending changes which is a sure indicator that something is up.

 

[Szellem]

As @silversurfer said. Avira has the Bullguard Sentry behavior blocker.

My guess about F-Secure based simply upon observed facts:

1. Avira components will have much fewer false positives (FP).
2. F-Secure is not doing well financially; a sale or an agreement of sale to GenDigital is possible.
3. The move to Avira components would then make sense.
4. Maybe GenDigital\Avira gave F-Secure a great deal to move to Avira technologies, and this would make sense if F-Secure is attempting to reduce costs?

Until the F-Secure leadership explains what it is doing in 19.9 and what changes and how they will affect the product ¯\_(ツ)_/¯ ???

F-Secure staff are not answering direct questions about the impending changes which is a sure indicator that something is up.

This is very bad news.

 

[Lord Ami]

Release 19.9 beta 2 (6.0.551)​

Bug fixes:

• Improved robustness of Device Protection installation (PBL-13781)
• Visibility of banking sessions on ARM64 processor (PBL-13779)

Know issues:

• During upgrade from beta 1 to beta 2, Device Protection components will be uninstalled, and then reinstalled, automatically. During the time period while Device Protection is not installed, Windows Defender will be activated, and there will be a notification from Windows about Virus protection being turned off.

The digital signature dates for both SentryEye.exe (7 Oct → 30 Oct) and Endpointprotection.exe (15 Oct → 13 Nov) were updated with this beta refresh. This is a good sign, as I recently checked these files on Avira's solutions and found them to be newer versions (compared to 1st beta). However, I didn't document the exact versions, so I can't confirm if they're identical now.

Unfortunately the log files I previously outlined were cleaned. Checking the new logs tells me that the whole VDF package was completely reinstalled:

[info] [Core] [thread id: 704] [CoreSdk] Updated '0' files for 'avcp-engine' module
[info] [Core] [thread id: 704] [CoreSdk] Updated '88' files for 'avcp-vdf' module

EDIT:
Beta 1

• Core: 2.0.1.8
• Detection: 8.3.70.44 (2024-10-16T00:00:00Z)
• EPP: 1.0.2410.4113
• ODS: 1.0.2410.1851
• Quarantine: 1.0.2410.1217
• Remediation: 1.0.2410.1677
• VDF: 8.20.38.124 (2024-11-12T14:15:25Z)

Beta 2

• Core: 2.0.2.12
• Detection: 8.3.70.44 (2024-10-16T00:00:00Z)
• EPP: 1.0.2411.4265
• ODS: 1.0.2410.1911
• Quarantine: 1.0.2410.1266
• Remediation: 1.0.2410.1753
• VDF: 8.20.38.254 (2024-11-18T15:57:55Z)

 

[Dreams&Visions]

As @silversurfer said. Avira has the Bullguard Sentry behavior blocker.

My guess about F-Secure based simply upon observed facts:

1. Avira components will have much fewer false positives (FP).
2. F-Secure is not doing well financially; a sale or an agreement of sale to GenDigital is possible.
3. The move to Avira components would then make sense.
4. Maybe GenDigital\Avira gave F-Secure a great deal to move to Avira technologies, and this would make sense if F-Secure is attempting to reduce costs?

Until the F-Secure leadership explains what it is doing in 19.9 and what changes and how they will affect the product ¯\_(ツ)_/¯ ???

F-Secure staff are not answering direct questions about the impending changes which is a sure indicator that something is up.

Quite shocking news for me, but it's the common game it seems, the big fish eats the small ones.
I wonder why they are about to completely dump technologies like DeepGuard?
I never used BullGuard, i know it was preinstalled in long gone days, when u used to buy your PC at Aldi. Medion is now a very big and common player (or maybe always was, however the visible marketing hasn't been there for long).
No idea how good BullGuard really is / was, I remember having read it's not that good, but when and where, IDK, as i have been team Avast in my younger days, and since joining here first, moving to Asia (now travelling there a lot, too, India is booked for February funny enough).

Long story short, thank you for the clarification

 

[bazang]

I wonder why they are about to completely dump technologies like DeepGuard?

F-Secure is keeping DeepGuard for MacOS.

The name "DeepGuard" is actually only a marketing term. Within F-Secure's product line, "DeepGuard" works completely differently on different platforms. So the code bases are different for each protection feature or "technology" called "DeepGuard." Not many people know this.

Either the move to Avira is a consolidation step, or F-Secure has another reason to switch - such as laying off some of its development staff. It is cheaper to purchase components and then integrate them into your software and infrastructure than it is develop proprietary technologies internally. This is generally accurate.

 

[Dreams&Visions]

F-Secure is keeping DeepGuard for MacOS.

The name "DeepGuard" is actually only a marketing term. Within F-Secure's product line, "DeepGuard" works completely differently on different platforms. So the code bases are different for each protection feature or "technology" called "DeepGuard." Not many people know this.

Either the move to Avira is a consolidation step, or F-Secure has another reason to switch - such as laying off some of its development staff. It is cheaper to purchase components and then integrate them into your software and infrastructure than it is develop proprietary technologies internally. This is generally accurate.

Wow, thank you for the heads up, did not know that!
Haven't invested in a MacBook yet (maybe I'm to bond to M$, IDK), but used to have iPhones and an iPod Classic (which unfortunately died lately, was quite difficult to find something comparable, good old times are long gone...).

I did like the AMSI protection they added lately, it worked quite well against scriptors, which IMO was quite a weakness of FS (and is of many AV; let alone the static (=signature based) detection). I wonder if it is comparable w/ BullGuard (in terms of protection).
Actually I'm not sure whether DeepGuard is also tied to some cloud, which calculates the danger of the tracked malware actions? Of course, the module gets some kind of local database from time to time each week, but it's tough to test it offline, it seems to recognize malware also by hash, and many (PEEXE) malware did require outbound to trigger detection (loaders, stealer) as far as I noticed testing.

I follow your guess that FS might go the way many AV have gone before, and just license technology (like Bitdefender engine being found in many AV out there, and being replaced in favour to Avira by FS also).