F-Secure does not do well against scripts. A user needs to disable wscript globally. They also have to know that fact in the first place.wscript
An F-Secure user should disable the usual suspects - either the interpreters\sponsors or their associated file types.
If you performed a prolific downloader test with F-Secure, then you would end up with an infected machine. A person can bank on that result every single time.
AV have not been focusing on java malware for years because fewer and fewer users install it. I know malware can download and install it, but that is just how the AV industry works. Much of what directs AV industry efforts are the incidence of threats. java malware, statistically, is no longer considered a significant threat.java malware was a miss