App Review Second Opinion Scanners: F Secure

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
no security product removal is 100% reliable, accurate or complete; once there is an infection the system (malware running on the system; not just a malicious file sitting in some directory doing nothing), that system can no longer be trusted and the user should perform a clean install of the operating system
You got it wrong. The example Anthony gave wasn't about the removal quality of an already infected system (Though F-Secure is also poor at that as he said in the first line).
The example is about a malicious document file and doing a right-click scan on it. What he's saying is that F-Secure's scanner detected the file but couldn't delete it and only offered a skip option. I understood what he meant as I have seen this myself also. This is a long known issue of F-Secure. I saw this happening for .jar files and also some other formats that I can't seem to remember at the moment. I even asked the F-Secure beta team dev to fix it maybe almost or more than 2 years ago and they said that it's not on their priority list. The ability to simply not being able to delete a file that's not even running on the system and not doing anything to fix the problem is not acceptable.
 

Andrezj

Level 6
Nov 21, 2022
248
You got it wrong. The example Anthony gave wasn't about the removal quality of an already infected system (Though F-Secure is also poor at that as he said in the first line).
The example is about a malicious document file and doing a right-click scan on it. What he's saying is that F-Secure's scanner detected the file but couldn't delete it and only offered a skip option. I understood what he meant as I have seen this myself also. This is a long known issue of F-Secure. I saw this happening for .jar files and also some other formats that I can't seem to remember at the moment. I even asked the F-Secure beta team dev to fix it maybe almost or more than 2 years ago and they said that it's not on their priority list. The ability to simply not being able to delete a file that's not even running on the system and not doing anything to fix the problem is not acceptable.
not aware of all those details, i believe it
my reply was specific to a malware already loaded into system memory

this is the reply f-secure says about detecting a file, but not able to remove it:

"The file is not dangerous, because the F-Secure program has identified the file, and will not allow the file to run on the computer. "


there is malware out there that can mess with ownership and ntfs permissions such that the file can only be removed with a tool like ithurricane's powertool
 

Andrezj

Level 6
Nov 21, 2022
248
As the past few videos have shown some scanners are poor but some are quite good and are certainly a much better option than a clean install of an OS and the re-installation of all applications (although I'm sure you meant reverting back to a clean disk image if one exists).
either method; no clean backup disk image then have to do a clean install of the operating system
as i said, by the time the infection is removed it can already have fully compromised the system and\or network

it is on the user to resolve the issue as they see fit; it is their right to get infected and it is their system\network & money and they have the right to lose that too
all kinds of stories about enterprises and institutions that refused to do clean installs of all devices after bad infections and they experience all kinds of issues, some got re-hacked, not once but multiple times
most do not use backups, such as hospitals there is no way to backup pharmacy dispensing robot, monitoring devices, lung machines or diagnostic medical equipment that all operate on stripped-down, modified versions of windows long term service branch (not the windows in the desktop pc that the technician runs the equipment, but the embedded oem supplied windows on the machine), and those versions were never designed to be patched

for a home user or small business it is not that difficult to clean install, but i agree it can be a pain
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
The long standing problem with the F-S is its weak repairing capability. The last time I tested F-Secure, I was impressed that instead of cleaning malicious macros in an infected document, it only allowed the user to skip...

Where I disagree: F-Secure is an excellent antivirus. But, it has indeed a rather weak disinfection capacity. It can delete, but not when an attack is present in a compressed element (Macro style, Java etc)
Even if it can block it at launch or at copy. I won't blame it for this because some antivirus programs do this, including Avira

Why would you want to disinfect a JAR or Office file instead of deleting it? I see no use case for that. There are no macro viruses anymore that infect your personal office files. All the macro malware nowadays was crafted specifically for the purpose to infect systems. These should be deleted and not disinfected. Same with runnable JAR files. If they contain malicious code, the whole JAR cannot be trusted.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Why would you want to disinfect a JAR or Office file instead of deleting it? I see no use case for that. There are no macro viruses anymore that infect your personal office files. All the macro malware nowadays was crafted specifically for the purpose to infect systems. These should be deleted and not disinfected. Same with runnable JAR files. If they contain malicious code, the whole JAR cannot be trusted.
Actually, F-Secure did't even delete jar files, let alone disinfect it when I tested. Disinfecting is not necessary. We didn't talk about disinfecting an infected file here. Instead of removing, F-Secure only offered a skip option which is bizarre. It's a fault of their program and as I said the devs are aware of it but decided not to do anything to fix it anytime soon.
 

Anthony Qian

Level 9
Verified
Well-known
Apr 17, 2021
448
Why would you want to disinfect a JAR or Office file instead of deleting it? I see no use case for that. There are no macro viruses anymore that infect your personal office files. All the macro malware nowadays was crafted specifically for the purpose to infect systems. These should be deleted and not disinfected. Same with runnable JAR files. If they contain malicious code, the whole JAR cannot be trusted.
F-Secure does not allow me to delete infected document samples. The only option I can see is Skip…
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
Why would you want to disinfect a JAR or Office file instead of deleting it? I see no use case for that. There are no macro viruses anymore that infect your personal office files. All the macro malware nowadays was crafted specifically for the purpose to infect systems. These should be deleted and not disinfected. Same with runnable JAR files. If they contain malicious code, the whole JAR cannot be trusted.
What the guys here mean is what I’ve said times and times again. F-Secure frequently refuses to take action on threats, different than reporting and terminating. As someone who works at a security company, I am sure you can agree that all security programs, apart from blocking and terminating processes should take the necessary steps to prevent the spread of malware as well. By shredding it, not just by displaying colourful notifications and ugly corporate genetic art graphics drawn by illustrators far from capable who were paid 20 euro for their work.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top