I’ve noticed quite a few security vendors slipping extra features like spam filtering and firewall protection into their entry-level antivirus products. Sometimes it’s hard to distinguish between antivirus and full security suite. F-Secure Anti-Virus 2014 ($39.99 direct for three licenses) bucks that trend. All of its features are focused on the core tasks of wiping out malware and preventing new infestations. Its excellent test results are somewhat tarnished by serious problems with installation on system that already had malware present.
F-Secure’s main window takes a minimalist approach. There are just two buttons, one to launch a scan and one to open the settings window. From the Tools tab you can opt for different scan choices and manually check for updates, among other things. The Statistics tab rounds out the collection, displaying simple stats on threats cleaned and threats blocked.
There is one slightly odd thing about the interface. Right-clicking the system tray icon brings up a menu with a number of choices; you can turn on gaming mode, contact support, check for updates, and more. But you can’t open the product’s main window from here, and you can’t even open it directly from a shortcut. Rather, the shortcut opens F-Secure’s “launch pad.” From the launch pad you can open the main window or redundantly access the same menu associated with the system tray icon.
Terrible Installation Troubles
F-Secure installed just fine on half of my malware-infested virtual machines; the other half required widely varying degrees of help from tech support. The F-Secure Rescue CD helped bypass ransomware that prevented installation on one system and fixed problems on a couple of others. It uses an antiquated, all-text user interface, but it did the job.
Well, mostly. I really should have heeded the warning in the Rescue CD’s initial screen: “If a Windows system file is infected, the computer many not restart.” Indeed, the process of diagnosing and repair on one test system rendered it totally unbootable.
In order to fix this system and two others, tech support requested many diagnostic logs and had me run a wide variety of diagnostics. Among these were F-Secure’s built-in diagnostic tool, their online scanner, and an in-house tool they call Crime Scene Investigator. They also requested logs from third-party tools Autoruns and GMER. I reinstalled TCP/IP on one system and ran a variety of system commands.
In the end, one system was still damaged, and F-Secure couldn’t fix it. At least we managed to restore its ability to boot. It took a full week for F-Secure’s experts to isolate the problem—a hitherto unknown bug in the Rescue CD. They supplied an updated Rescue CD and, with a bit more back-and-forth, we fixed that last system.
I rate the installation experience for antivirus products on a scale of one to five stars. Five stars would indicate a nearly trouble-free installation, while four stars means that any problems were solved easily by ancillary tools, perhaps a rescue CD or command-line scanner. When tech support has to take a hand directly, the rating goes down to three stars, or two stars if it takes a really long time. Normally I reserve one star to mean that the product never did manage to install on all test systems. However, I feel that a user whose computer was disabled for over a week by an antivirus would definitely have a one-star experience.
Excellent Malware Cleanup
When F-Secure completes a scan, it reports how many files it scanned and how many of various malware types it found. By default it offers automatic cleaning, but if you choose this option you’ll find that it skips items considered to be low risk. For testing, I always chose to confirm all removals myself.
F-Secure divides its findings into four types: Viruses, Spyware, Riskware, and Suspicious items. Here “Viruses” means dangerous malware, not literally just viruses. When you choose “item by item” cleanup you must confirm removal of each type, then wait for it to slowly clean all items of that type. I watched carefully for any items with “none” in the Action column and changed those to quarantine.
Getting through a scan with F-Secure took more effort than with many products, but the results were very impressive. It detected 86 percent of the malware samples, tying with Jumpshot for best detection among recent products. Its overall malware cleanup score of 6.6 points puts it in a tie with Bitdefender Antivirus Plus (2014) for top score.
Among products tested with my previous collection of malware samples, Malwarebytes Anti-Malware 1.70 earned the best score, 7.1 points. Webroot SecureAnywhere Antivirus 2013 did quite well also, with 6.6 points. It’s worth noting that F-Secure’s previous edition didn’t do nearly as well in this test, earning just 5.5 points. On the other hand, it took four stars for a smooth installation experience.
For a detailed explanation of my testing methodology, see How We Test Malware Removal.
F-Secure Anti-Virus 2014 malware removal chart
Excellent Malware Blocking
It’s definitely easier for an antivirus program to detect and prevent malware attack when it has been installed on a clean system. Once the malware gets its hooks into Windows, rooting it out can be a real fight. F-Secure also earned an impressive score in my malware blocking test.
When I opened my folder of samples, it started wiping them out right away. Within a few minutes, it had detected and eliminated 86 percent of the samples. I launch those that survived, noting whether F-Secure detected them, and how well it blocked installation by those it did detect. One way or another, it detected 94 percent of the samples and earned an impressive 9.4 points.
A few other products tested with this same collection also detected 94 percent; top detection rate, 97 percent, belongs to AVG AntiVirus FREE 2014. AVG and Ad-Aware Free Antivirus+ 10.5 tied with F-Secure for top overall score.
With 9.9 of 10 possible points, Webroot totally owned last year’s test, which used a different malware collection. For an explanation of my hands-on malware blocking test, see How We Test Malware Blocking.
F-Secure Anti-Virus 2014 malware blocking chart
I also check a product’s ability to prevent downloading malware in the first place, either by blocking the URL altogether or by wiping out malicious files during download. Several recent products have aced this test, even blocking URLs that weren’t accessible at the moment.
McAfee AntiVirus Plus 2014 blocked 91 percent, Trend Micro Titanium Antivirus+ 2014 blocked 95 percent, and Norton AntiVirus (2014) blocked 100 percent of the URLs I tried.
F-Secure didn’t do nearly as well. It doesn’t include URL-based blocking, so any detection had to happen during or immediately after the download. At that point, it eliminated half of the downloaded samples.
Traditional malware detection looks for specific known malware using signatures of specific files or of malware families. To that type of protection F-Secure adds DeepGuard, a technology that monitors running processes and flags those that exhibit suspicious behaviors.
DeepGuard did flag some of my hand-coded test programs as suspicious, but that’s not at all unreasonable. These are programs never seen on any other computer, and they do things that really warrant suspicion, like launching malicious URLs or gathering phishing URLs from online sites. In my testing, it didn’t block any other valid files. By contract, Trend Micro’s behavior-based detection blocked quite a few files as suspicious and quarantined several of my own utilities as malware.
Another facet of DeepGuard involves watching for Internet access attempts by unknown programs, much like the program control side of a personal firewall. When it detects an access attempt, you’ll have to decide whether to trust the program or to block it from the Internet. Of course you can dig in and change your answer if it turns out you made a mistake.
The DeepGuard settings page mentions blocking exploits, so I attacked the test system with over 30 exploits generated by the Core IMPACT penetration tool. I didn’t see DeepGuard blocking them directly, but the antivirus component detected almost 60 percent of the exploits, even identifying a few by their unique CVE number.
Very Good Lab Results
F-Secure doesn’t participate in the mostly-static tests run by ICSA Labs and West Coast Labs, but F-Secure technology earns very good scores with the other labs. F-Secure has earned VB100 certification in all of the last ten tests by Virus Bulletin.
Some vendors have opted out of the retrospective test by AV-Comparatives. This test attempts to assess an antivirus product’s ability to block zero day attacks by forcing the AV to use old signature files. F-Secure earned the top score, ADVANCED+, in this test, and also took ADVANCED+ in the normal on-demand scanning test. In this lab’s grueling, weeks-long, real-world test, F-Secure earned an ADVANCED rating.
AV-Test rates security products on protection, performance, and usability. With six possible points in each area, the maximum score is 18. In the latest two tests, F-Secure averaged 16.75 points. Only Norton, Kaspersky, and Bitdefender have better averages.
For a more complete description of the labs and their tests, please read the article see How We Interpret Antivirus Lab Tests.
F-Secure Anti-Virus 2014 lab tests chart
Great Choice for a Clean Machine
If you can ensure installation on a clean PC, F-Secure is a great choice for protection. It earned top scores in my hands-on protection tests, and the independent labs also give it high ratings.
However, I do take issue with the amount of difficulty I had installing it and running scans on malware-infested systems. Remember, even a clean system could get into this situation if a zero-day attacker managed to establish a foothold before F-Secure could handle it. In particular, I think a user whose computer was rendered unusuable for a week might take issue.
If they can solve these issue, F-Secure is a potential Editors’ Choice. For now, our antivirus Editors’ Choice products remain Bitdefender Antivirus Plus (2014), Norton AntiVirus (2014), and Webroot SecureAnywhere Antivirus 2013.
Copyright © 2012 Ziff Davis, Inc