App Review F-Secure Internet Security v19.5

[Shadowra]

Content source

https://odysee.com/@Shadowra:f/F-Secure-Internet-Security-v19.5:3

F-Secure is a relatively well-known Finnish antivirus.
Formerly with Bitdefender, then with Avira as a partner, the software has evolved over the years.
For this version, there are very few changes, apart from the fact that Avira's HEUR/APC detections make a comeback alongside F-Secure's own detections.
Let's see how it performs in test mode.



User interface :
The F-Secure interface is very user-friendly, with text and drawings to guide users.
The antivirus leaves no settings, which will be appreciated by novices but hated by configuration freaks.
VPN included.

In terms of power consumption, it's very light.

Web protection: 10/10
F-Secure has blocked all malicious links.

Fake crack : 1/1
F-Secure blocked the file directly on extraction using the Avira Cloud (HEUR/APC)

Malware Pack : Remaining 22 files out of 165.
F-Secure has made up for lost time since my last test, and has improved DeepGuard by blocking new techniques for infecting the machine.
HEUR/APC provides good support, blocking some malware like this.
But it needs to persevere. It's a good start, but there's still room for improvement.
3 infections are present at the end.

Final scan :
F-Secure : 0
NPE : 3
Autoruns : 0
Malwarebytes : 7
KVRT : 7 (Infection Memory !! CobaltStrike)

Final opinion:

F-Secure is a coherent antivirus that has evolved with the times.
It is not as invincible as its competitors, but the efforts made by the publisher are commendable.
Unfortunately, the machine remains infected and a Trojan horse has injected a system process, but the machine can be disinfected.
I hope they'll continue in this vein.

 

[Bot]

Thanks for the detailed review! It's great to see that F-Secure's user-friendly interface and web protection are highly rated. The improvements in DeepGuard and the integration of Avira Cloud are also commendable. However, the remaining infections highlight the need for further enhancements. Let's hope F-Secure continues to evolve and improve its detection capabilities.

 

[KnownStormChaser]

Thanks for the review! Nice to see their detections have improved, too bad some were still missed, but I've definitely seen worse outcomes with other vendors. One feature I love about F-Secure is that it will disconnect remote access software if you visit a banking website, something I have not seen in any other antivirus yet. The Beekeeper (movie) would definitely approve, lol!

 

[Jonny Quest]

Thank you @Shadowra I personally appreciate this review My question is, in normal everyday use, using the understanding most of us here have, how likely is it that I will be hitting a site or downloading (would it be flagged upon downloading?), or having an issue like this occur (i.e.ColbaltStrike)?

Again, I absolutely appreciate the informative work you do here

 

[Shadowra]

Thank you @Shadowra I personally appreciate this review My question is, in normal everyday use, using the understanding most of us here have, how likely is it that I will be hitting a site or downloading (would it be flagged upon downloading?), or having an issue like this occur (i.e.ColbaltStrike)?

Again, I absolutely appreciate the informative work you do here

If you don't download Torrent files, totally unknown files or anything else, no risk
(and if you have good Internet habits, even better )

 

[Jonny Quest]

Thanks for the review! Nice to see their detections have improved, too bad some were still missed, but I've definitely seen worse outcomes with other vendors. One feature I love about F-Secure is that it will disconnect remote access software if you visit a banking website, something I have not seen in any other antivirus yet. The Beekeeper (movie) would definitely approve, lol!

Yes, it's one of the many features I like, as well as the web protection

Analiza modułów do ochrony bankowości i płatności internetowych » AVLab.pl

Ochrona internetowych płatności online ma na celu zabezpieczyć finanse, dane osobowe i chronić się przed cyberprzestępczością. Test trybu bankowego w nowoczesnych rozwiązaniach antywirusowych.

avlab.pl

 

[ForgottenSeer 114834]

Thank you @Shadowra (would it be flagged upon downloading?)

Even though there are core pre-execution modules present, there may be difficulties with this particular malware depending on a few variables, without testing one can only speculate.


Factors Affecting Detection:

Download method: How the Cobalt Strike payload is downloaded (e.g., email attachment, malicious website, exploit kit) can impact detection.

Payload obfuscation: Attackers may obfuscate or encrypt the payload to bypass antivirus detection.

Delivery mechanisms: Cobalt Strike can be delivered through various methods, including PowerShell, macros, or legitimate software updates, which can complicate detection.

 

[cartaphilus]

Thanks for the review! Nice to see their detections have improved, too bad some were still missed, but I've definitely seen worse outcomes with other vendors. One feature I love about F-Secure is that it will disconnect remote access software if you visit a banking website, something I have not seen in any other antivirus yet. The Beekeeper (movie) would definitely approve, lol!

Yeah it's really annoying. I was speaking to this nice gentleman with an Indian accent about paying my IRS taxes. Each time I gave him control of my screen to type in my bank's name since this whole online banking thing is some black magic, the connection would drop. It was very annoying. Thankfully the workout was buying $50000.00 worth of Xbox game cards. Thank goodness. He was Soo nice.

 

[Jonny Quest]

Even though there are core pre-execution modules present, there may be difficulties with this particular malware depending on a few variables, without testing one can only speculate.


Factors Affecting Detection:

Download method: How the Cobalt Strike payload is downloaded (e.g., email attachment, malicious website, exploit kit) can impact detection.

Payload obfuscation: Attackers may obfuscate or encrypt the payload to bypass antivirus detection.

Delivery mechanisms: Cobalt Strike can be delivered through various methods, including PowerShell, macros, or legitimate software updates, which can complicate detection.

Thank you, Lynx. Is it something I need to be concerned about? Do I ditch F-Secure, even though it's been light on my PC's and glitch free for about 1 year now? I'm not trying to defend it to the point of its blind spots, but would Avast, ESET, Norton or Zone Alarm be so much better, that I would be foolish not to switch? Or is this one of those, "it failed in 1-2 areas so lets ditch it for the next AV" phenomenon? My online experience is very limited, I usually hit about 6 favorite sites a day, and that's about it (besides links from here). No gaming, no torrenting, not a lot of downloads except a couple of utility software to check out every now and then.

I do have Bitdefender installed on 2 PC's (AV+ and Total) but I'm not a fan of how glitchy it can be at times, and of all the processes and the amount of RAM it uses, to then install it on the other 3 PC's.

 

[ForgottenSeer 114834]

Thank you, Lynx. Is it something I need to be concerned about?

Switching security products alone won't guarantee protection from Cobalt Strike attacks.


The odds of being hit by a malware delivered through Cobalt Strike depend on several factors:

Your online behavior: Clicking on suspicious links, downloading from untrusted sources, or opening attachments from unknown senders significantly increases your risk.

The nature of your targets: High-profile individuals, organizations, or companies are more likely to be targeted by sophisticated attacks using tools like Cobalt Strike.

 

[Jonny Quest]

Switching security products alone won't guarantee protection from Cobalt Strike attacks.


The odds of being hit by a malware delivered through Cobalt Strike depend on several factors:

Your online behavior: Clicking on suspicious links, downloading from untrusted sources, or opening attachments from unknown senders significantly increases your risk.

The nature of your targets: High-profile individuals, organizations, or companies are more likely to be targeted by sophisticated attacks using tools like Cobalt Strike.

Thank you, Lynx So it sounds like not to panic and stick with what I know, and what's been working for me.

 

[ForgottenSeer 114834]

Thank you, Lynx So it sounds like not to panic and stick with what I know, and what's been working for me.

You've hit the nail on the head. Without comprehensive testing on the specific sample, any claims remain speculative.

 

[cartaphilus]

Thank you, Lynx. Is it something I need to be concerned about? Do I ditch F-Secure, even though it's been light on my PC's and glitch free for about 1 year now? I'm not trying to defend it to the point of its blind spots, but would Avast, ESET, Norton or Zone Alarm be so much better, that I would be foolish not to switch? Or is this one of those, "it failed in 1-2 areas so lets ditch it for the next AV" phenomenon? My online experience is very limited, I usually hit about 6 favorite sites a day, and that's about it (besides links from here). No gaming, no torrenting, not a lot of downloads except a couple of utility software to check out every now and then.

I do have Bitdefender installed on 2 PC's (AV+ and Total) but I'm not a fan of how glitchy it can be at times, and of all the processes and the amount of RAM it uses, to then install it on the other 3 PC's.

I think the only novel thing would be ZA but there you are sacrificing performance over 0.001% of undetected payload of cobalt strike on your system.

And no. Switching to other solutions maybe outside of Kaspersky (many cobalt strike variants are coded not to execute the payload when Russian keyboard is detected....makes you wonder the origin of those payloads.) you will be playing the old game of: this one didn't detect it this month, next month this AV will detect it but other will fail etc. It's basically an AV Russian Roulette (pun intended).

 

[franz]

If you don't download Torrent files, totally unknown files or anything else, no risk
(and if you have good Internet habits, even better )

What about this claim, and would you agree when it comes to torrents:
Some torrent files contain dangerous malware that can infect your computer. This can cause major problems on your device and expose your privacy, data and other sensitive information to third parties, spies, hackers, your ISP and at times, government surveillance.

With a reliable VPN, you can safely and securely download files or torrent anonymously while protecting your device and privacy at the same time. Tips on how to torrent anonymously and safely A VPN hides your identity and encrypts all traffic sources to ensure you are adequately protected. This encryption ensures that no one—the government, your ISP, and hackers—can see what you're doing while you're online.

Finding the best VPN for torrenting among all those claiming to be the best can be difficult, but there are several important factors that will help you identify the right VPN solution for your unique needs. The right VPN for your torrenting needs should have robust security protocols, protect your information, and be lightning fast in terms of download speeds.

 

[cartaphilus]

What about this claim, and would you agree when it comes to torrents:
Some torrent files contain dangerous malware that can infect your computer. This can cause major problems on your device and expose your privacy, data and other sensitive information to third parties, spies, hackers, your ISP and at times, government surveillance.

With a reliable VPN, you can safely and securely download files or torrent anonymously while protecting your device and privacy at the same time. Tips on how to torrent anonymously and safely A VPN hides your identity and encrypts all traffic sources to ensure you are adequately protected. This encryption ensures that no one—the government, your ISP, and hackers—can see what you're doing while you're online.

Finding the best VPN for torrenting among all those claiming to be the best can be difficult, but there are several important factors that will help you identify the right VPN solution for your unique needs. The right VPN for your torrenting needs should have robust security protocols, protect your information, and be lightning fast in terms of download speeds.

Wtf that's two mutually exclusive things.

1) is a system infection brought on by a payloaded executable

The 2nd
Is a privacy shield that REDUCES (does not prevent) DCMA letters or RIAA letters and maybe MAYBE a visit from a cop. But that's only if you are sharing and downloading something like kiddy p.

VPN has nothing with you getting infected. That's some bull crap statement.

You can download the same payloaded executable wether you use a VPN or not (if using torrents to download). Some VPN offers DNS level malware site blocker and ad blocker but the same can be done with nextdns without the performance impact of a VPN.

Whatever VPN provider wrote the above stateme t should never ever be trusted to protect you. Since right out of the gate they started with a lie.

 

[franz]

Wtf that's two mutually exclusive things.

1) is a system infection brought on by a payloaded executable

The 2nd
Is a privacy shield that REDUCES (does not prevent) DCMA letters or RIAA letters and maybe MAYBE a visit from a cop. But that's only if you are sharing and downloading something like kiddy p.

VPN has nothing with you getting infected. That's some bull crap statement.

You can download the same payloaded executable wether you use a VPN or not (if using torrents to download). Some VPN offers DNS level malware site blocker and ad blocker but the same can be done with nextdns without the performance impact of a VPN.

Whatever VPN provider wrote the above stateme t should never ever be trusted to protect you. Since right out of the gate they started with a lie.

I found this here: How to Torrent Safely: A Beginner’s Guide | ITIGIC

 

[cartaphilus]

I found this here: How to Torrent Safely: A Beginner’s Guide | ITIGIC

Oh thank God it wasn't a VPN provider.

A vpn is like logging into a proxy that's hosted off site. The only thing that it hides is your IP and maybe your OS but even that is doubtful (and there are easy ways around the OS ID).

So the proxy/VPN does not scan the content of the file and especially a torrent which is broken up into multiple pieces and only assembled at your client. The VPN only sees each incomplete piece of a larger file so it itself can't scan what it cant fully see. VPN won't protect you from a malicious torrent executable.

 

[rashmi]

F-Secure falls in the middle when it comes to anti-malware, with an inconsistent behavior blocker. It's puzzling to me why they oppose features like password protection, although many users have asked for it. There are far superior options on the market.

 

[ForgottenSeer 114834]

F-Secure falls in the middle when it comes to anti-malware, with an inconsistent behavior blocker. It's puzzling to me why they oppose features like password protection, although many users have asked for it. There are far superior options on the market.

Could you elaborate on the experience and capabilities that informed your opinion?

 

[Khushal]

F-Secure is a relatively well-known Finnish antivirus.
Formerly with Bitdefender, then with Avira as a partner, the software has evolved over the years.
For this version, there are very few changes, apart from the fact that Avira's HEUR/APC detections make a comeback alongside F-Secure's own detections.
Let's see how it performs in test mode.



User interface :
The F-Secure interface is very user-friendly, with text and drawings to guide users.
The antivirus leaves no settings, which will be appreciated by novices but hated by configuration freaks.
VPN included.

In terms of power consumption, it's very light.

Web protection: 10/10
F-Secure has blocked all malicious links.

Fake crack : 1/1
F-Secure blocked the file directly on extraction using the Avira Cloud (HEUR/APC)

Malware Pack : Remaining 22 files out of 165.
F-Secure has made up for lost time since my last test, and has improved DeepGuard by blocking new techniques for infecting the machine.
HEUR/APC provides good support, blocking some malware like this.
But it needs to persevere. It's a good start, but there's still room for improvement.
3 infections are present at the end.

Final scan :
F-Secure : 0
NPE : 3
Autoruns : 0
Malwarebytes : 7
KVRT : 7 (Infection Memory !! CobaltStrike)

Final opinion:

F-Secure is a coherent antivirus that has evolved with the times.
It is not as invincible as its competitors, but the efforts made by the publisher are commendable.
Unfortunately, the machine remains infected and a Trojan horse has injected a system process, but the machine can be disinfected.
I hope they'll continue in this vein.

CobaltStrike, Meterpreter and Rozena are some of the famous tools used by threat actors. It is sad to see F-Secure failing. Most blocks out of the remaining files were by HEUR/APC (and Avira's signatures) and not Deepguard so it means that Avira itself would saved the system to a very similar extent. Obviously, in F-Secure's defense, Cometer is not an easy malware to track especially as i think it was deployed by RemoteAdmin and stays exclusively in memory and of the 4 scanners only Kaspersky was able to detect it. So, in my view F-Secure is only recommended for careful surfers.