McMcbrad
Level 20
- Oct 16, 2020
- 967
I normally don't review software so quick after downloading it, but F-Secure is a very hot topic now, so I'll just do a quick review and I will keep updating it day by day.
Just one click and the product starts downloading, scanning for incompatible software & installing - simultaneously.
Downloaded through the My Account page, the name of the installer contains a key that is used to automatically sign you in and pull subscription data from the server (common tactic).
There is also no firewall, but F-Secure now features a low-level Web Filter that works for all apps - that should block connection to some C&C servers, so lack of Firewall is not a dealbreaker.
There is no firewall and web-filtering works only in browsers at this time.
Alerts are shown only when threat is found and from time to time, displaying tips/more information about the product. They are easy to understand and rarely require any action. The product handles pretty much every situation automatically.
Performance: F-
Right after installation F-Secure starts "settling in" and the number of files verified by DeepGuard and scanner engine grows rapidly. During this time, there is a constant CPU and disk activity, but after this is done, having F-Secure is almost like having no AV. All apps launch instantly, file compression/decompression feels quick and CPU usage on idle doesn't exceed 1-2%.
Overall device feels extremely responsive.
There is a very high CPU Usage during scan (80%), but users don't have to perform full scans often, so that's not a dealbreaker either.
Memory usage is a bit high, but as any Android developer would say, memory is to be used, not to be saved.
F-Secure on Idle
F-Secure during full scan
F-Secure during app launch
The Avira Engine is already highly-efficient and provides accurate classification (which is important for correct repair in case of threats like Neshta).
DeepGuard is highly-effective against executables and PowerShell malware & maldocs, but I could easily bypass it with Java malware.
Web-blocking is highly-efficient and have been improved from my last test. F-Secure requires that a browser extension is installed, but even without this extension, it still works in browsers. Unfortunately, it hasn't been designed to work in other apps. I was able to download malware by using PowerShell & BITS Transfer.
These flaws might not be relevant to some users, but effective protection should cover all infection vectors and F-Secure has already failed.
I created a human-readable (unobfuscated) loader that downloads Java malware through bits & executes it and there was no reaction from FS throughout the whole process.
Banking protection is also featured. Opening a website (barclays.co.uk on my test) instantly adds a green border around the browser, without re-launching new window/tab.
Standard anti-ransomware protection is included (Controlled Folders Access-alike). I haven't tested that against code injection yet.
Removal:
F-Secure was able to remove successfully fake service, auto-run in registry and scheduled tasks that I created, pointing to malware executable, but neither DeepGuard, nor a scan could remove scheduled task, registry entry or service pointing to PowerShell with malicious code as an argument.
Execution has been prevented in all 3 cases, but lack of correct removal causes an infinite loop of malware detection and prevention, which is not a great experience. It might panic novice users who are not familiar with malware and malware detection principles.
The correlational capabilities could be improved.
F-Secure Installation
F-Secure Installation can only be compared to the install process of Webroot - extremely quick, takes less than a minute.Just one click and the product starts downloading, scanning for incompatible software & installing - simultaneously.
Downloaded through the My Account page, the name of the installer contains a key that is used to automatically sign you in and pull subscription data from the server (common tactic).
F-Secure UI/UX
The UI/UX makes a great first impression. It's clean, organised and contains nothing unneeded. There are no carousels displaying information on how many packets firewall dropped (unlike McAfee) and there is no bloatware, such as shredders, cleaners and more.There is no firewall and web-filtering works only in browsers at this time.
Alerts are shown only when threat is found and from time to time, displaying tips/more information about the product. They are easy to understand and rarely require any action. The product handles pretty much every situation automatically.
Performance: F-Secure Cheetah
Right after installation F-Secure starts "settling in" and the number of files verified by DeepGuard and scanner engine grows rapidly. During this time, there is a constant CPU and disk activity, but after this is done, having F-Secure is almost like having no AV. All apps launch instantly, file compression/decompression feels quick and CPU usage on idle doesn't exceed 1-2%.Overall device feels extremely responsive.
There is a very high CPU Usage during scan (80%), but users don't have to perform full scans often, so that's not a dealbreaker either.
Memory usage is a bit high, but as any Android developer would say, memory is to be used, not to be saved.
F-Secure on Idle
F-Secure during full scan
F-Secure during app launch
Protection
F-Secure offers great protection that includes the Avira SDK, DeepGuard Behavioural Blocker and Web-Filtering.The Avira Engine is already highly-efficient and provides accurate classification (which is important for correct repair in case of threats like Neshta).
DeepGuard is highly-effective against executables and PowerShell malware & maldocs, but I could easily bypass it with Java malware.
Web-blocking is highly-efficient and have been improved from my last test. F-Secure requires that a browser extension is installed, but even without this extension, it still works in browsers. Unfortunately, it hasn't been designed to work in other apps. I was able to download malware by using PowerShell & BITS Transfer.
These flaws might not be relevant to some users, but effective protection should cover all infection vectors and F-Secure has already failed.
I created a human-readable (unobfuscated) loader that downloads Java malware through bits & executes it and there was no reaction from FS throughout the whole process.
Banking protection is also featured. Opening a website (barclays.co.uk on my test) instantly adds a green border around the browser, without re-launching new window/tab.
What is Banking Protection and how does it work?
Banking Protection adds another layer of security when banking online and/or carrying out online money transactions.
When using Banking Protection, every website you enter is checked by querying our Security Cloud. By carrying out this check, Banking Protection gets the information whether the site is listed as one of our trusted banking sites or not. If it is, a notification is shown indicating that you are entering an online banking site secured with https, and that Banking Protection deems the site safe for you to use.
When you start your next online banking session, Banking Protection automatically gets activated again.
Note: On the PC, Banking Protection offers an elevated level of security. Once you have started an online banking session and Banking Protection mode has been activated, Banking Protection disconnects all untrusted applications from the Internet and prevents them from reconnecting while on a trusted banking site. Blocking connections prevents hijacking of your banking sessions keeping your money safe. You can also only access websites that are considered safe during a banking session, otherwise they get blocked.
Note: To benefit from the Banking Protection feature on Android devices, SAFE browser needs to be in use.
Standard anti-ransomware protection is included (Controlled Folders Access-alike). I haven't tested that against code injection yet.
Removal:
F-Secure was able to remove successfully fake service, auto-run in registry and scheduled tasks that I created, pointing to malware executable, but neither DeepGuard, nor a scan could remove scheduled task, registry entry or service pointing to PowerShell with malicious code as an argument.
Execution has been prevented in all 3 cases, but lack of correct removal causes an infinite loop of malware detection and prevention, which is not a great experience. It might panic novice users who are not familiar with malware and malware detection principles.
The correlational capabilities could be improved.
Last edited: