F-Secure far behind competition

andrzej

Looks that this article should be considered by F-Secure developers looking for program enhancements http://www.gartner.com/technology/reprints.do?id=1-18TSH6H&ct=120117&st=sb

Dmitriy

Yes, according to Gartner, we are behind competition. However, according to AV-test.org, we are the best. Read on at: http://www.av-test.org/fileadmin/pdf/avtest_award_2011_english.pdf

andrzej

You misread my post. I was referring to your program weakness (i.e. dependency on others) as well as the lack of features pointed out in the article.

I am not going to discuss the issue of vision, since this may change as soon as tomorrow,  redefining who is right or wrong

Andrzej

MJ-perComp

The only dependency F-Secure has is with Bitdefender. But a well based partnership might be the better choice over aquiring the other company, which McAfee, Symantec and TM did in the past, today suffering from weak detection, engine complexity and performance. F-Secure has decided to invest its own strengths in its own modules, module integration, vision and research, leaving the simple things in the OEM-engine (Aquarius) and filling remaining tasks with best of breed technology. F-Secure has also decided twice in the past 20 years to replace the engine for different reasons which was an easy task due to the counter sign technology, while the other vendors were bound to their engines they just invested in.

 

Bitdefender does not provide the scanner architecture, the reputation network, deepguard, heuristics aso. Still F-Secures own engines can take over detection in case Aquarius fails to deliver or has problems with the detection. This happens from time to time and none of the users suffered from that.

Roadmaps for Policy Manager 10 and its successors bring new features towards managability and product roadmaps are also well outlined.

 

I think you get my point! F-Secure does a great job delivering security to computers. There is always room for improvements and when I discuss with customers of the competiton you learn a lot about their weeknesses as well.

 

F-Secure keep going (maybe a bit faster )

my2ct

andrzej

Matthias,

Last words before I accept your answer as solution.

By no means I would ever consider Gartner as expert in any field. I thought it will be a good idea to share this opinion/review by an external source, summarizing accomplishments and weakness of F-Secure along with the competition.

While AV-Comparatives or AV-Test, which both rate F-Secure really high, both focus primarily on consumer products the above article discussed the business oriented end-points.

In my opinion there is a lot of room for improvement in Policy Management Console interface, but after reviewing multiple products last year I must admit that none of them is perfect (at least not to my expectations).

F-Secure is rated relatively high wrt false positive detection, I submitted second sample this week - this is of course not really relevant to the current thread.

MJ-perComp

Agree, Gartner has a certain focus. F-Secure is placed very much on the diagonal line in the center o fthe grid and it might only take a few features to move from "niche" to "leaders" next year. This is what R&D have to keep in mind!

 

Concerning the False positives:

In times when 150.000 samples are submitted per day and databases have grown to enormous sizes at all vendors generic detection is the only possible way to handle this. On the other side generic detection means that a peace of software that was not alerted about til now can suddenly match a detection. I do not remember a false positive (FP) that was not "generic" for a long time now.

 

To avoid these "generic FPs" F-Secure has designed ORSP and whitelisted certain OS files from beeing tempered with even if a FP comes up on them. ORSP is not only able to confirm a malware detection but also to confirm a good file.

 

The number of FPs counted in a test is a sign for the quallity (or better age of the binaries listes) in the database and the preciseness of the generic detections. F-Secure is VERY high in detection and has some FPs. Others have lower detection, but no FPs.

 

The "ability to execute" depends on how fast the vendor can escalate and react on a FP-alert. F-Secure can react within 30 mins after escalation and provide a fixed update. I guess that is pretty fast?

 

Remark 1: If you are sure the file is OK then you can alsways exclude it from scanning and have immediate "No detection")

Remark2: If a FP is only reported by one or a few (private) customers the time to fix might be higher as then the root cause for the FP is removed, which takes more time than adding the biary to a whitelist.

 

Thanks!

Matthias

andrzej

We are really drifting away from the original subject

Internally controlled scan exclusion is something I do not have much luck with.

According to http://www.f-secure.com/en/web/home_global/support/article/kba/7423/k/7423/p/1 exectuable will always be scanned.

When specific FP is being installed on multiple systems in user defined location my only option is to include trusted hash in the DeepGuard, this unfortunately works for me for on average 30% cases.

On the other hand I must admit that Analytical lab is very responsive and they promptly provide solutions to my submissions

MJ-perComp

Not really drifting away - if other readers want to understand my conclusion they need to have a bit more background.

 

I have no idea what goes wrong in you place, but the fact that you get help is exactly the point that ALL tests including the gardner study miss.

 

AV is not a product it is a service!

 

Have a nice Weekend!

Matthias

tripodzid

If this is really true, I will definitely recommend F-Secure to other friends..

 

 

_______________

Business is the game!!