App Review F-Secure TOTAL 2024

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,343
F-Secure is a Finnish publisher, well known in the world of IT security.
Formerly based on the Bitdefender engine and on the Avira engine for several years now (in addition to their own engines), the company continues to innovate and improve its flagship antivirus products.
On the program for this 2024 edition, the publisher is focusing on the Cloud and on its DeepGuard behavioral solution to better protect users.
Let's take a look at what F-Secure has in store for us...



User interface :

F-Secure's interface remains the same, so the publisher has made it necessary to provide several explanations before accessing the modules.
I appreciate this, as it helps to explain things properly to novices. You feel taken by the hand, which may annoy geeks...
F-Secure has also modified its software range. The VPN formerly known as Freedom is now included in the antivirus (only in the TOTAL version), as is ID Protection, their password manager.

Web protection: 10/10

F-Secure provides us with excellent web protection that is effective, consistent and intelligent.
He even used his anti-attack shield on one page!
This can happen if the software recognizes an IP address known for Botnet purposes, F-Secure will directly block the source.
Ingenious!


Fake crack : 0,80/1

F-Secure blocked everything except a Bitcoin script using rundll32.exe, but then disappeared.
I gave it 0.20 points.

Malware Pack : Remaining 22 out of 648 threats.

F-Secure provides a good antimalware engine. Even if the scan fails to remove everything, the interceptor catches up behind.
Overall, F-Secure put up a good fight thanks to DeepGuard .
In the end, the machine is certainly infected (the NetOptimiser launched malware via unresponsive PowerShell commands, as well as the presence of the AlteraAgent remote control software), but it can be disinfected without any problem.

Final scan :
F-Secure : 0
NPE : 0
KVRT : 3-1=2 (I ignore a file that is a false positive) => Infection memory

Final opinion:

All in all, F-Secure provides very good anti-malware and Web protection.
DeepGuard is highly effective, although not infallible, given that the machine was infected by 2 pieces of malware at the end of the test (AlteraAgent and a memory infection).
Nevertheless, the machine can be disinfected easily and without problems.
Apart from these 2 threats, F-Secure proves its reliability, consistency and efficiency.
Recommendable.
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
813
Thank you for testing F-Secure, @Shadowra I really appreciate it. The web protection is one of the main reasons I use it (besides the rest of the protection). It has notified me of a previous phishing Cake site that was reported here on the forum, as well as another website that was flagged and posted here. The settings may be minimal and simplistic, but it's harder to get them wrong in that regard (for non-geeks).
 
Last edited:

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
450
What I like about this av: Deepguard
What I hate: the Avira engine and it doesn't have its own firewall.
Thanks for the test.
Same here.

I dislike how the Avira engine often copies the detection names of ESET and Kaspersky without conducting its own thorough analysis. Avira frequently uses ESET or Kaspersky's detection with random letter suffixes, but ESET or Kaspersky can detect the same threat variant using the same detection while Avira cannot. Additionally, the Avira engine relies too heavily on cloud.

Also, I dislike Avira's attitude towards sample analysis:

1. Avira analysts spent several months analyzing some malware samples, but they have not yet produced any results so far.
Screenshot 2024-03-02 at 21.39.12.png


2. Avira closed my ticket without replying or asking me, and they still haven't processed the samples.
Screenshot 2024-03-02 at 21.41.59.png


3. I have submitted an initially misidentified backdoor trojan sample (which was initially flagged by ESET as Adware, though this classification was not very accurate) to Avira. The analyst at Avira seemingly replicated ESET's initial adware detection without conducting a thorough analysis. This particular sample (found at VirusTotal) is, in my belief, if subjected to proper analysis, easily classifiable as a trojan rather than adware...

Screenshot 2024-03-02 at 21.50.01.png


Anyway, I really hope F-Secure can replace the Avira engine...
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,763
I would have thought of Kaspersky or ESET, but I don't know if they offer a solution for using their engines...
Kaspersky does offer their SDK, Eset as well AntiMalware SDK for Windows and Linux | ESET
Eset doesn’t offer Mac version of their SDK though.
But integrating a new SDK is not a one-day task.
F-Secure previously mentioned that they are ready to switch engines at any time so it looks like their developers are already trained into implementing plan B.
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
813
Why not develop F-Secure's own engine as a standalone detection engine?
But, if they are already using their own in tandem with Avira's, and it had the results shown by Shadowra's test, how would that make it better? I know the post was from the time in using BD's scanning engine, but just to consider the other scanning engines of F-Secure.
F-Secure SAFE also has some other engines that cover some specific detection techniques or add additional ways to combat threats.

In addition, quite powerful and own (at least, was) F-Secure engine is "cloud one". It is also expanded view of their Ultralight design.

Another cool thing is F-Secure DeepGuard. You could read about these technologies and realizations there: Whitepapers & Reports - F-Secure Blog

For example, whitepapers: "F-Secure Ultralight", "F-Secure Security Cloud", "F-Secure DeepGuard" (3rd edition). I think they should provide comprehensive information.

// In general, I mean that F-Secure has created a long time ago, let's say, an "engine" that allows you to use different "cores" at once. Including scanning. Therefore, F-Secure solutions can detect a treat based on multiple engines. And use them for scanning.
 
Last edited:

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,763
Why not develop F-Secure's own engine as a standalone detection engine?
Developing an engine is not a task to complete overnight, at the very least they will need 1 year of research, 1 year of development and 1 year of testing. And it will be costly as well. Why not just subscribe to someone who's already experienced?
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
813
Developing an engine is not a task to complete overnight, at the very least they will need 1 year of research, 1 year of development and 1 year of testing. And it will be costly as well. Why not just subscribe to someone who's already experienced?
And at what cost for the user's experience in that learning curve on their part, which may then include more malware issues for the customers? More people defecting from F-Secure?
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
813
I'm also curious about the behind-the-scenes results of people who are using it being provided by their ISP's here in the States and Europe? What is the infection rate or issues we don't know about that maybe aren't as public as the normal consumers-only paid subscription users?

Back in ~2011, I had a subscription to F-Secure IS, and then found out that Charter Internet (Spectrum now) had a rebranded version of F-Secure. In comparing the two, Charters was a build behind, and some definition updates were behind my paid-for version. I'm not sure of how it's different today, but at that time, I thought to stick with my "more up-to-date and current", paid version.
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,745
To replace it with whose engine? They already tried Bitdefender and it didn’t work too well for them. Who else is out there? Sophos is not amazing.
Anyway, I really hope F-Secure can replace the Avira engine...
F-Secure can develop its own engine. Avast/AVG engine. Sophos engine. ESET engine. Kaspersky engine ( might not due to political and data privacy issues ). Symantec engine.

I think Symantec may disbanned Avira like Symantec already did with Bullguard antivirus products.
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,763
F-Secure can develop its own engine. Avast/AVG engine. Sophos engine. ESET engine. Kaspersky engine ( might not due to political and data privacy issues ). Symantec engine.

I think Symantec may disbanned Avira like Symantec already did with Bullguard antivirus products.
AVG, Avast and Symantec/Broadcom/NortonLifeLock offer no SDKs for OEMs. The choice is between Kaspersky, Eset and Bitdefender with Eset not being able to supply engines for Mac products. To develop their own engines is possible, perhaps they can do an AI (static analysis one). If they want a full blown engine with emulators, fuzzy signatures and other modern parameters, that may be beyond their investment capabilities.
 

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
450
But, if they are already using their own in tandem with Avira's, and it had the results shown by Shadowra's test, how would that make it better? I know the post was from the time in using BD's scanning engine, but just to consider the other scanning engines of F-Secure.
The test results showcased in this post are less than optimal, revealing some weaknesses in Avira engine, specifically its weakness in memory scanning and disinfection. Effectiveness in memory scanning relies on precise malware characteristic extraction and detection, which is the area where the Avira engine is not good at.

Developing an engine is not a task to complete overnight, at the very least they will need 1 year of research, 1 year of development and 1 year of testing. And it will be costly as well. Why not just subscribe to someone who's already experienced?
But F-Secure is not a new and minor player in the industry. For F-Secure’s long-term interests, mainly using its own detection is important because it will give F-Secure more control.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top