User Feedback F-Secure Quick Review

Software
F-Secure Safe
Installation
5.00 star(s)
Installation Feedback
See bellow
Interface (UI)
5.00 star(s)
Interface Feedback
See bellow
Usability
5.00 star(s)
Usability Feedback
See bellow
Performance and System Impact
5.00 star(s)
Performance and System Impact Feedback
See bellow
Protection
4.00 star(s)
Protection Feedback
See bellow
Real-time file system protection
4.00 star(s)
Internet Surf protection
5.00 star(s)
Pros
  1. Easy to use
  2. Simple and non-intrusive
  3. Ransomware protection
  4. Accurate and reliable antivirus engine
  5. Effective malicious URL blocking
Cons
  1. Not as many features as some competitors
  2. Scans can be rather slow
Software installed on computer
Less than 30 days
Computer specs
See configuration
Recommended for
  1. All types of users
Overall Rating
4.00 star(s)
Disclaimer
  1. Any views or opinions expressed are that of the member giving the information and may be subjective.
    This software may behave differently on your device.

    We encourage you to compare these opinions with others and take informed decisions on what security products to use.
    Before buying a product you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

McMcbrad

Level 20
Oct 16, 2020
967
I normally don't review software so quick after downloading it, but F-Secure is a very hot topic now, so I'll just do a quick review and I will keep updating it day by day.

F-Secure Installation​

F-Secure Installation can only be compared to the install process of Webroot - extremely quick, takes less than a minute.
Just one click and the product starts downloading, scanning for incompatible software & installing - simultaneously.
Downloaded through the My Account page, the name of the installer contains a key that is used to automatically sign you in and pull subscription data from the server (common tactic).

F-Secure UI/UX​

The UI/UX makes a great first impression. It's clean, organised and contains nothing unneeded. There are no carousels displaying information on how many packets firewall dropped (unlike McAfee) and there is no bloatware, such as shredders, cleaners and more. There is also no firewall, but F-Secure now features a low-level Web Filter that works for all apps - that should block connection to some C&C servers, so lack of Firewall is not a dealbreaker.
There is no firewall and web-filtering works only in browsers at this time.

1606329007040.png
1606329040660.png
1606329220671.png
1606398741794.png
1606400299336.png


Alerts are shown only when threat is found and from time to time, displaying tips/more information about the product. They are easy to understand and rarely require any action. The product handles pretty much every situation automatically.

Performance: F-Secure Cheetah​

Right after installation F-Secure starts "settling in" and the number of files verified by DeepGuard and scanner engine grows rapidly. During this time, there is a constant CPU and disk activity, but after this is done, having F-Secure is almost like having no AV. All apps launch instantly, file compression/decompression feels quick and CPU usage on idle doesn't exceed 1-2%.
Overall device feels extremely responsive.
There is a very high CPU Usage during scan (80%), but users don't have to perform full scans often, so that's not a dealbreaker either.
Memory usage is a bit high, but as any Android developer would say, memory is to be used, not to be saved.

F-Secure on Idle
1606399493195.png


F-Secure during full scan
1606399735311.png


F-Secure during app launch
1606399883442.png

Protection​

F-Secure offers great protection that includes the Avira SDK, DeepGuard Behavioural Blocker and Web-Filtering.
The Avira Engine is already highly-efficient and provides accurate classification (which is important for correct repair in case of threats like Neshta).
DeepGuard is highly-effective against executables and PowerShell malware & maldocs, but I could easily bypass it with Java malware.
Web-blocking is highly-efficient and have been improved from my last test. F-Secure requires that a browser extension is installed, but even without this extension, it still works in browsers. Unfortunately, it hasn't been designed to work in other apps. I was able to download malware by using PowerShell & BITS Transfer.
These flaws might not be relevant to some users, but effective protection should cover all infection vectors and F-Secure has already failed.
I created a human-readable (unobfuscated) loader that downloads Java malware through bits & executes it and there was no reaction from FS throughout the whole process.

Banking protection is also featured. Opening a website (barclays.co.uk on my test) instantly adds a green border around the browser, without re-launching new window/tab.

What is Banking Protection and how does it work?

Banking Protection adds another layer of security when banking online and/or carrying out online money transactions.

When using Banking Protection, every website you enter is checked by querying our Security Cloud. By carrying out this check, Banking Protection gets the information whether the site is listed as one of our trusted banking sites or not. If it is, a notification is shown indicating that you are entering an online banking site secured with https, and that Banking Protection deems the site safe for you to use.

When you start your next online banking session, Banking Protection automatically gets activated again.

Note: On the PC, Banking Protection offers an elevated level of security. Once you have started an online banking session and Banking Protection mode has been activated, Banking Protection disconnects all untrusted applications from the Internet and prevents them from reconnecting while on a trusted banking site. Blocking connections prevents hijacking of your banking sessions keeping your money safe. You can also only access websites that are considered safe during a banking session, otherwise they get blocked.

Note: To benefit from the Banking Protection feature on Android devices, SAFE browser needs to be in use.

Standard anti-ransomware protection is included (Controlled Folders Access-alike). I haven't tested that against code injection yet.

Removal:
F-Secure was able to remove successfully fake service, auto-run in registry and scheduled tasks that I created, pointing to malware executable, but neither DeepGuard, nor a scan could remove scheduled task, registry entry or service pointing to PowerShell with malicious code as an argument.
Execution has been prevented in all 3 cases, but lack of correct removal causes an infinite loop of malware detection and prevention, which is not a great experience. It might panic novice users who are not familiar with malware and malware detection principles.
The correlational capabilities could be improved.
 
Last edited:

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,112
Fair review. Just one question I have at the moment. The full scan, was that a full scan or the quick scan? I know others accidentally misplaced them.

I do agree it's very light on the system. On my own, the memory usage for the Ultralight service is even a bit smaller, around 292 with process hacker. 262 with taskmanager, but I fully agree that it's supposed to be used and what I have on this machine, it gets a bit silly if I would complain.
 

McMcbrad

Level 20
Oct 16, 2020
967
Thanks for this quick review (in progress)(y)
Is it possible for a tool like NoVirusThanks SysHardener or Simple Windows Hardening from @Andy Ful cover that Java malware bypass?
Can you provide more information about that bypass?
This is the missed sample: VirusTotal
There is no reaction from FS and javaw.exe is actively working.
It has created a copy of itself in %temp% folder and node.js is contacting a suspicious domain
1606404504774.png


I normally don't reverse-engineer samples, as I don't deal with code that hasn't undergone proper system analysis and design process (rarely out of curiosity I do),
but it looks very suspicious.
 

McMcbrad

Level 20
Oct 16, 2020
967
Fair review. Just one question I have at the moment. The full scan, was that a full scan or the quick scan? I know others accidentally misplaced them.

I do agree it's very light on the system. On my own, the memory usage for the Ultralight service is even a bit smaller, around 292 with process hacker. 262 with taskmanager, but I fully agree that it's supposed to be used and what I have on this machine, it gets a bit silly if I would complain.
It was full scan :)
I launched it from Tools ->> Virus Scan Options ->> Full Scan
 

Andy Ful

Level 67
Verified
Trusted
Content Creator
Dec 23, 2014
5,629
SysHardener can be bypassed on any setting by shortcuts (LNK, etc.), CHM, and several other (not so common) file types with active content. These files can use command-line or embedded scripts to run PowerShell or Java malware.
On default settings, it can be also bypassed directly by JAR files or by popular BAT, CMD, or CHM files.
These infection vectors are blocked by SWH.
 

McMcbrad

Level 20
Oct 16, 2020
967
If you rarely use java apps (or maybe even never), best way to deal with that is to remove (or simply don't even install) Java Runtime Environment.
Nevertheless, I only downloaded 2 java malware samples and they both have been missed, this is one area F-Secure need to look at.
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,090
SysHardener can be bypassed on any setting by shortcuts (LNK, etc.), CHM, and several other (not so common) file types with active content. These files can use command-line or embedded scripts to run PowerShell or Java malware.
On default settings, it can be also bypassed directly by JAR files or by popular BAT, CMD, or CHM files.
These infection vectors are blocked by SWH.
Do I understand it correctly that SWH would have prevented this Java malware to run?
In that case it would be a perfect companion for F-Secure Safe.
 

McMcbrad

Level 20
Oct 16, 2020
967
Do I understand it correctly that SWH would have prevented this Java malware to run?
In that case it would be a perfect companion for F-Secure Safe.
This is what happens if the tool is used:
1606405799699.png

This is from the SRP Log:
Access to C:\Users\***\Desktop\FedEx_AWB_1988380371_NOV. 22_2020.jar has been restricted by your Administrator by the default software restriction policy level.
 

McMcbrad

Level 20
Oct 16, 2020
967
My bad! Standard user account.
It executes on SUA just fine. In my experience, java malware rarely requires admin privileges...
Many AVs don't cope with that properly, that's why I've made it a standard vector on all my tests.

 

McMcbrad

Level 20
Oct 16, 2020
967
My question is F-secure is better than avira? What make him better?

There's a difference in price: avira 44,95€ / F-secure 59.90€.
I'll have to test Avira to answer this question. Next on test will be Microsoft Defender with tools from @Andy Ful and Avira is scheduled after, followed by Kaspersky. Software Battle review of F-Secure vs AVG is coming up and then Bitdefender vs. AVG vs. Kaspersky.
What I can say before even doing the test is, F-Secure provides a much more modern and clean experience.
 

Lord Ami

Level 19
Verified
Trusted
Malware Hunter
Sep 14, 2014
941
Top