FSAV PSB not suitable for classroom use, due to lack of SWUP moderation?

etomcat
etomcat W/ Alumni Posts: 1,172 Firewall Master

Dear Sirs,

 

In F-Secure PSB's Software Updater module, there is a policy setting called "Scan on system startup" with the selectable values of "Yes, always scan on system startup" and "No, only scan if other criteria require scanning".

 

Let's consider the case of a school's computers located in classrooms. These are are turned off at the end of a lesson for the 15 min break and and then turned at the start of the next lesson or at least get rebooted between the lessons. This means PSB SWUP will scan the computer 6-7 times a day, unnecessarily consuming lots of CPU resources or the automatic scanning needs to be disabled and it will only run on-demand. Both of those options are problematic.

 

It would be better to implement some kind of a limiter in PSB SWUP that makes sure a computer is only scanned for missing hotfixes only once within 12 or 24 hours, even if it is frequently re-booted or turned on and off a dozen times.

 

Thanks for your kind attention, Yours Sincerely:

Tamas Feher, Hungary.

 

Comments

  • AndyRD
    AndyRD W/ Alumni Posts: 16 Junior Protector

    Hi Tamas,

     

    Thank you for this feedback, we can easily see how this would affect this "use pattern" for the workstations.

     

    We are currently evaluating how we might be able to improve this with future versions, but at present we cannot say we have a solution or a schedule.

     

    Best Regards,

    Andy

     

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    Regretfully, I have to report that FSAV PSB is as a whole unsuitable for classroom use, based on experience with hungarian schools.

     

    There is a persistent trend of FSAV producing false alarms on class work and homework programs coded by IT, ECDL students. Yet, the lack of remote sample submission capability makes it impossible to fix those incidents and F-Secure developers don't implement such a feature.

     

    I can only see the false alarm file names and sometimes hashes, say "levente_a_group_homework.exe" and "1d6eeac1c10e32f1d7963f1a7e75c80635633bd7" in the PSB SoP webportal and I do submit them to the lab, but they always respond a full binary would be needed to investigate.

     

    How do I collect binaries manually from schools located hundreds of kilometers apart, with no competent admin person on-site? (Remember that the promised "remote-desktop" capability was eventually dropped from FSAV PSB endpoint's feature list, so I can't even collect samples via manual tele-operation.)

     

    I see occurances that result in PSB getting uninstalled from school computers to "fix" false alarms. It is painful that F-Secure Oy is stalling an otherwise promising service-product by neglecting to implement essential features and customers end up un-protected as a result.

     

    (BTW, FSAV PSB 12 is otherwise very efficient at catching e-mail malware, adware-ridden games, an insanely long laundry list of crack/warez/serialz tools used by under-funded schools, clandestine bitcoin miners installed by people wishing to earn money on publicly funded electricity, weird LoIC derivatives, etc. It's just that false malware alarms occur too frequently on student work files and that badly hinders the core educational work of schools, with no way to fix them currently. Thus, I need to complain.)

     

    Thanks for your kind attention, Sincerely: Tamas Feher, Hungary.

  • Toweri
    Toweri W/ Alumni Posts: 6 Security Scout

    May I suggest you consider a remote desktop solution, such as TeamViewer (www.teamviewer.com) that would allow you to connect to a particular computer and download the guarantined binary to be submitted to F-Secure for analysis.

    Teamviewer can be installed as a service, enabling connection independent of user actions.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    How could I install Teamviewer or other remote desktop software on far-away school computers which I have no access to?

     

    Anyhow, common remote desktop solutions carry a huge risk of ransom-hacking. (The same as ransomware, but without malicious binary: hackers scan the net to find login and huess the password. Once inside the computer, they use legitimate disk encryption softwares to make the stored content unreadable and leave a demand note for bitcoins. That is quite common occurance here in Hungary.)

     

    By the way, about 3 years ago F-Secure Corp. promised to integrate a custom remote desktop solution in FSAV PSB, but the project was quietly dropped about 9 months later. That would have been a more secure option, if ever realized. The cloud-based backup technology was removed from PSB and sold off to a 3rd party, leaving F-Secure without a built-in remedy against "ransom cryptors".

     

    Best regards: Tamas Feher, Hungary.

  • Toweri
    Toweri W/ Alumni Posts: 6 Security Scout

    Teamviewer or other solutions can be installed the same way you had the FSAV installed in the first place.

    The TW connection is based on 1024 bit RSA public/private key exchange and AES (256 Bit) session encoding. Problems with hacked passwords can be avoided with strong passwords. Brute force attacks are stopped with delayed login: After 24 unsuccessful attempts you are already at 1000 minutes (17 hours) interval that is reset only by correct password. I'd say it fairly secure.

This discussion has been closed.