F-Prot Antivirus 3.15 Released!
jim_kJune 30th, 2004, 01:54 PMFRISK Software International has released F-Prot Antivirus 3.15
This release features an update checker (installed in Services) which checks for updates frequently when the system is online. The status can be viewed by running the main F-Prot Antivirus OnDemand Scanner (FP-Win.exe).
The biggest change is getting ready for Windows XP Service Pack 2. It appears that F-Prot will integrate itself into the new Security Center.
I'm about to install XP SP2 (it is downloading now at 384KB/sec). I'll be here with screen shots if everything goes as intended.
F-Prot 4 is still planned for later this year. It looks like they want to give it a little more testing and work before release.
http://www.f-prot.com/news/gen_news/040630_release_win315.htmljim_kJune 30th, 2004, 02:35 PMThis is the Security Center. F-Prot is detected properly.jim_kJune 30th, 2004, 02:37 PMThe main F-Prot Interface hasn't changed much. The only change is the virus signature file status.tazdevlJune 30th, 2004, 02:41 PMI'm not sure why folks care about their AV being detected by SP2. I'm a beta tester and the function is targeted specifically at users that are unfamiliar with security. It just reminds them that they need an AV and really has no other value add to experienced users.ronjorJune 30th, 2004, 02:42 PMjim_k
Thanks for posting this. Do you have to open the security center or does it pop up first?jim_kJune 30th, 2004, 02:45 PM{QUOTE-> jim_k
Thanks for posting this. Do you have to open the security center or does it pop up first? <-QUOTE}
If there is a problem, it will alert you. See this screen shot:jim_kJune 30th, 2004, 02:47 PM{QUOTE-> I'm not sure why folks care about their AV being detected by SP2. I'm a beta tester and the function is targeted specifically at users that are unfamiliar with security. It just reminds them that they need an AV and really has no other value add to experienced users. <-QUOTE}
I don't care if my AV is detected by Windows. This new feature is best for new users.
It also tells you if your AV is out of date.ronjorJune 30th, 2004, 02:49 PM{QUOTE-> If there is a problem, it will alert you. See this screen shot: <-QUOTE}
Thanks jim_k
Now turn on your resident protection! :Djim_kJune 30th, 2004, 02:57 PMOther things I have noticed so far. I'll know more for sure when the next signature update is released:
* The Security Center warning icon may appear when first starting up, but it will go away after a few seconds.
* The new update system does not appear to actually update F-Prot. It is just an alert system. If it detects an update, Windows XP SP2 will let you know. Older versions of Windows will say nothing, but the updates available message will appear in the main F-Prot Application. For maximum update security, use the F-Prot scheduler and set it to update about every 4 hours.
* If Updater is running on a schedule, you may get the out of date warnings from Windows before F-Prot can update itself.
All of the above annoyances can be avoided by disabling antivirus detection. Only advanced users would want to do this. These warnings are good for newer users who don't know how to protect their computers.
Hopefully, all major AV vendors will support this system in older and newer versions of their software. If they don't, everyone will disable Security Center and it will be useless.
Hopefully, F-Prot 4 will have a slightly more robust update system. From what I have heard from the FRISK sales and support teams, updates will be one of the major improvements in version 4. I just wish they would give us a beta.
I will continue to post in this thread as I find new things or bugs. If you have any questions or you want me to post additional screen shots, please let me know by sending me an e-mail through this forum (just click my user name).tazdevlJune 30th, 2004, 03:25 PM{QUOTE-> I don't care if my AV is detected by Windows. This new feature is best for new users.
It also tells you if your AV is out of date. <-QUOTE}
Thanks for reiterating my point.
Every AV I can think of has automatic updates. So what's the benefit? You need both the AV AND the OS to remind you to update your definitions?
Being identified by the Security Center doesn't help the AV work better with SP2 either, so there is no true benefit.BlackcatJune 30th, 2004, 03:36 PMThanks for the heads up about the new F-Prot 4, jim_k.
Let's hope it appears before the end of the year with a better unpacking engine, better trojan detection, a quarantine function and more control over the Real time Monitor in 2000/XP :)PigmanJune 30th, 2004, 03:38 PMHave they done anything with the engine? Improved the heuristics or anything?ronjorJune 30th, 2004, 03:43 PM{QUOTE-> Thanks for the heads up about the new F-Prot 4, jim_k.
Let's hope it appears before the end of the year with a better unpacking engine, better trojan detection, a quarantine function and more control over the Real time Monitor in 2000/XP :) <-QUOTE}
Blackcat
I heard October is the target date for release.jim_kJune 30th, 2004, 03:51 PM{QUOTE-> Thanks for reiterating my point.
Every AV I can think of has automatic updates. So what's the benefit? You need both the AV AND the OS to remind you to update your definitions?
Being identified by the Security Center doesn't help the AV work better with SP2 either, so there is no true benefit. <-QUOTE}It is still intended mostly for new users.
Most AV programs do alert you if there is a settings problem or they are out of date for any reason. Automatic Updates can fail (I have seen it happen with Norton AntiVirus).
However, it is hard to get too much warning for new users. Most people ignore security warnings. They click Yes on all ActiveX installs. This is what causes problems. If there are more warnings about security, maybe people will pay attention and look for help wither from the security product vendor, or a forum like this one.
Here's another critical thing: Trojans could disable AV software. The software could simply break (I've seen it happen). This is just another layer for security, even if it is a rather small layer.
I'm not trying to insult the intelligence of anyone here or anywhere else. The problem with security in general is that there is no training. It is not taught anywhere. Even people just coming out of school and entering the work force today do not know about it, because nobody tell them about it. Trust me, I'm still in high school right now. The content that is taught in most computer classes is outdated and frequently just plain wrong. This is particularly true when it comes to security, which is hardly ever covered. My school only recently got a working version of Symantec AntiVirus Corporate Edition. It ran correctly on a few computers when we left for summer vacation. I'll see what happens when school starts again in August. It probably still won't work right on half of the computers.jim_kJune 30th, 2004, 03:55 PM{QUOTE-> Have they done anything with the engine? Improved the heuristics or anything? <-QUOTE}
Well, there is a new engine version (3.15.1). I'm sure there have been some minor changes, but I haven't heard anything official. There are almost always a few changes, usually just bug fixes.
F-Prot has always had good heuristics, especially if you enable Neural Network.
To enable Neural Network...
Use the AI switch when scanning from the command line.
From the OnDemand Scanner, click Advanced, then edit, and finally check Enable Neural Network.
Note: Neural Network Hueristics increase the chance of false positives, which is why they are disabled by default.jim_kJune 30th, 2004, 04:01 PM{QUOTE-> Thanks for the heads up about the new F-Prot 4, jim_k.
Let's hope it appears before the end of the year with a better unpacking engine, better trojan detection, a quarantine function and more control over the Real time Monitor in 2000/XP :) <-QUOTE} Here's what I have learned from talking to sales and support:
Unpacking: I think it will be greatly improved.
Quarantine: This will happen
RealTime Monitor Configuration in NT operating systems: This should happen
Updates: It will support automatic incremental updates of all program components
Better multi-user platform support
It will also less user interaction while offering more information and feedback.
Trojan detection has been improving lately.BlackcatJune 30th, 2004, 04:09 PM{QUOTE-> Blackcat
I heard October is the target date for release. <-QUOTE}
Thanks, ronjor, this means a possible beta in August if all goes well.
It's a pretty bare-bones scanner now at the present time, but if they have carried out the necessary improvements, particularly against trojans, then it may be near to challenging KAV.RejZoRJuly 1st, 2004, 08:46 AMWell Antivirus monitoring in SP2 is a good thing if you think twice. Its not just for n00bs. If the AV is terminated (Process Kill) the icon remains in taskbar(traybar) because program doesn't send the icon refresh command to OS. You see the icon in tray and you think you are protected. But if you'd move the mouse over the icon,it will disapear :P This monitoring will warn you in such case :PAMRXJuly 1st, 2004, 08:53 AMRejZor has a very good point. some AVs has this weakness.jim_kJuly 1st, 2004, 03:04 PM{QUOTE-> If the AV is terminated (Process Kill) the icon remains in taskbar(traybar) because program doesn't send the icon refresh command to OS. <-QUOTE}
F-Prot on NT/2000/XP/2003 can't be killed completely this way. If you kill the RealTime Protector (F-STOPW.EXE) through the task manager, the icon will go away and after a minute, Security Center will alert you. However, the background driver (FSTOPW.SYS) is still protecting. If you try to run an infected file (such as the EICAR.COM test file), you will get a standard Windows Access Denied error and the file can't be opened.
Of course, if this happens, you should restart the computer and run a full system scan (probably from the command line (http://www.f-prot.com/support/windows/I_have_virus.html#content)).
Security Center is also good if a trojan completely unloads the monitor process and the driver, but if it did that, it would probably kill Security Center as well.
Other things I noticed in this release:
A small background service is used to check for updates. Like all other F-Prot components, it uses very little memory and won't have a negative effect on the system.
The help file has been improved. It was great before, but it now has even more information.TinribsJuly 1st, 2004, 06:08 PMI/m a long time fan and user of F-Prot, its a very underated and , in my view, an underused product, this I believe is a reluctance to advertise enough.
Its a seriously good product that I would be more than happy (and have/do) entrust my pc's and data to.
Its detection rates are very adequate and its memory footprint , both resident and installed, is very small.ronjorJuly 1st, 2004, 06:12 PM{QUOTE-> I/m a long time fan and user of F-Prot, its a very underated and , in my view, an underused product, this I believe is a reluctance to advertise enough.
Its a seriously good product that I would be more than happy (and have/do) entrust my pc's and data to.
Its detection rates are very adequate and its memory footprint , both resident and installed, is very small. <-QUOTE}
I agree. It is excellent. I use XP now and use F-Prot as an on demand scanner.
I used the DOS version on Win98.TinribsJuly 1st, 2004, 06:14 PMYou are right! I've used and advocated using the Dos version for many years, and still do!!, its still very useful and it would certainly take precedence over alot of new 'antivirus' products that I see and test.
This release features an update checker (installed in Services) which checks for updates frequently when the system is online. The status can be viewed by running the main F-Prot Antivirus OnDemand Scanner (FP-Win.exe).
The biggest change is getting ready for Windows XP Service Pack 2. It appears that F-Prot will integrate itself into the new Security Center.
I'm about to install XP SP2 (it is downloading now at 384KB/sec). I'll be here with screen shots if everything goes as intended.
F-Prot 4 is still planned for later this year. It looks like they want to give it a little more testing and work before release.
http://www.f-prot.com/news/gen_news/040630_release_win315.htmljim_kJune 30th, 2004, 02:35 PMThis is the Security Center. F-Prot is detected properly.jim_kJune 30th, 2004, 02:37 PMThe main F-Prot Interface hasn't changed much. The only change is the virus signature file status.tazdevlJune 30th, 2004, 02:41 PMI'm not sure why folks care about their AV being detected by SP2. I'm a beta tester and the function is targeted specifically at users that are unfamiliar with security. It just reminds them that they need an AV and really has no other value add to experienced users.ronjorJune 30th, 2004, 02:42 PMjim_k
Thanks for posting this. Do you have to open the security center or does it pop up first?jim_kJune 30th, 2004, 02:45 PM{QUOTE-> jim_k
Thanks for posting this. Do you have to open the security center or does it pop up first? <-QUOTE}
If there is a problem, it will alert you. See this screen shot:jim_kJune 30th, 2004, 02:47 PM{QUOTE-> I'm not sure why folks care about their AV being detected by SP2. I'm a beta tester and the function is targeted specifically at users that are unfamiliar with security. It just reminds them that they need an AV and really has no other value add to experienced users. <-QUOTE}
I don't care if my AV is detected by Windows. This new feature is best for new users.
It also tells you if your AV is out of date.ronjorJune 30th, 2004, 02:49 PM{QUOTE-> If there is a problem, it will alert you. See this screen shot: <-QUOTE}
Thanks jim_k
Now turn on your resident protection! :Djim_kJune 30th, 2004, 02:57 PMOther things I have noticed so far. I'll know more for sure when the next signature update is released:
* The Security Center warning icon may appear when first starting up, but it will go away after a few seconds.
* The new update system does not appear to actually update F-Prot. It is just an alert system. If it detects an update, Windows XP SP2 will let you know. Older versions of Windows will say nothing, but the updates available message will appear in the main F-Prot Application. For maximum update security, use the F-Prot scheduler and set it to update about every 4 hours.
* If Updater is running on a schedule, you may get the out of date warnings from Windows before F-Prot can update itself.
All of the above annoyances can be avoided by disabling antivirus detection. Only advanced users would want to do this. These warnings are good for newer users who don't know how to protect their computers.
Hopefully, all major AV vendors will support this system in older and newer versions of their software. If they don't, everyone will disable Security Center and it will be useless.
Hopefully, F-Prot 4 will have a slightly more robust update system. From what I have heard from the FRISK sales and support teams, updates will be one of the major improvements in version 4. I just wish they would give us a beta.
I will continue to post in this thread as I find new things or bugs. If you have any questions or you want me to post additional screen shots, please let me know by sending me an e-mail through this forum (just click my user name).tazdevlJune 30th, 2004, 03:25 PM{QUOTE-> I don't care if my AV is detected by Windows. This new feature is best for new users.
It also tells you if your AV is out of date. <-QUOTE}
Thanks for reiterating my point.
Every AV I can think of has automatic updates. So what's the benefit? You need both the AV AND the OS to remind you to update your definitions?
Being identified by the Security Center doesn't help the AV work better with SP2 either, so there is no true benefit.BlackcatJune 30th, 2004, 03:36 PMThanks for the heads up about the new F-Prot 4, jim_k.
Let's hope it appears before the end of the year with a better unpacking engine, better trojan detection, a quarantine function and more control over the Real time Monitor in 2000/XP :)PigmanJune 30th, 2004, 03:38 PMHave they done anything with the engine? Improved the heuristics or anything?ronjorJune 30th, 2004, 03:43 PM{QUOTE-> Thanks for the heads up about the new F-Prot 4, jim_k.
Let's hope it appears before the end of the year with a better unpacking engine, better trojan detection, a quarantine function and more control over the Real time Monitor in 2000/XP :) <-QUOTE}
Blackcat
I heard October is the target date for release.jim_kJune 30th, 2004, 03:51 PM{QUOTE-> Thanks for reiterating my point.
Every AV I can think of has automatic updates. So what's the benefit? You need both the AV AND the OS to remind you to update your definitions?
Being identified by the Security Center doesn't help the AV work better with SP2 either, so there is no true benefit. <-QUOTE}It is still intended mostly for new users.
Most AV programs do alert you if there is a settings problem or they are out of date for any reason. Automatic Updates can fail (I have seen it happen with Norton AntiVirus).
However, it is hard to get too much warning for new users. Most people ignore security warnings. They click Yes on all ActiveX installs. This is what causes problems. If there are more warnings about security, maybe people will pay attention and look for help wither from the security product vendor, or a forum like this one.
Here's another critical thing: Trojans could disable AV software. The software could simply break (I've seen it happen). This is just another layer for security, even if it is a rather small layer.
I'm not trying to insult the intelligence of anyone here or anywhere else. The problem with security in general is that there is no training. It is not taught anywhere. Even people just coming out of school and entering the work force today do not know about it, because nobody tell them about it. Trust me, I'm still in high school right now. The content that is taught in most computer classes is outdated and frequently just plain wrong. This is particularly true when it comes to security, which is hardly ever covered. My school only recently got a working version of Symantec AntiVirus Corporate Edition. It ran correctly on a few computers when we left for summer vacation. I'll see what happens when school starts again in August. It probably still won't work right on half of the computers.jim_kJune 30th, 2004, 03:55 PM{QUOTE-> Have they done anything with the engine? Improved the heuristics or anything? <-QUOTE}
Well, there is a new engine version (3.15.1). I'm sure there have been some minor changes, but I haven't heard anything official. There are almost always a few changes, usually just bug fixes.
F-Prot has always had good heuristics, especially if you enable Neural Network.
To enable Neural Network...
Use the AI switch when scanning from the command line.
From the OnDemand Scanner, click Advanced, then edit, and finally check Enable Neural Network.
Note: Neural Network Hueristics increase the chance of false positives, which is why they are disabled by default.jim_kJune 30th, 2004, 04:01 PM{QUOTE-> Thanks for the heads up about the new F-Prot 4, jim_k.
Let's hope it appears before the end of the year with a better unpacking engine, better trojan detection, a quarantine function and more control over the Real time Monitor in 2000/XP :) <-QUOTE} Here's what I have learned from talking to sales and support:
Unpacking: I think it will be greatly improved.
Quarantine: This will happen
RealTime Monitor Configuration in NT operating systems: This should happen
Updates: It will support automatic incremental updates of all program components
Better multi-user platform support
It will also less user interaction while offering more information and feedback.
Trojan detection has been improving lately.BlackcatJune 30th, 2004, 04:09 PM{QUOTE-> Blackcat
I heard October is the target date for release. <-QUOTE}
Thanks, ronjor, this means a possible beta in August if all goes well.
It's a pretty bare-bones scanner now at the present time, but if they have carried out the necessary improvements, particularly against trojans, then it may be near to challenging KAV.RejZoRJuly 1st, 2004, 08:46 AMWell Antivirus monitoring in SP2 is a good thing if you think twice. Its not just for n00bs. If the AV is terminated (Process Kill) the icon remains in taskbar(traybar) because program doesn't send the icon refresh command to OS. You see the icon in tray and you think you are protected. But if you'd move the mouse over the icon,it will disapear :P This monitoring will warn you in such case :PAMRXJuly 1st, 2004, 08:53 AMRejZor has a very good point. some AVs has this weakness.jim_kJuly 1st, 2004, 03:04 PM{QUOTE-> If the AV is terminated (Process Kill) the icon remains in taskbar(traybar) because program doesn't send the icon refresh command to OS. <-QUOTE}
F-Prot on NT/2000/XP/2003 can't be killed completely this way. If you kill the RealTime Protector (F-STOPW.EXE) through the task manager, the icon will go away and after a minute, Security Center will alert you. However, the background driver (FSTOPW.SYS) is still protecting. If you try to run an infected file (such as the EICAR.COM test file), you will get a standard Windows Access Denied error and the file can't be opened.
Of course, if this happens, you should restart the computer and run a full system scan (probably from the command line (http://www.f-prot.com/support/windows/I_have_virus.html#content)).
Security Center is also good if a trojan completely unloads the monitor process and the driver, but if it did that, it would probably kill Security Center as well.
Other things I noticed in this release:
A small background service is used to check for updates. Like all other F-Prot components, it uses very little memory and won't have a negative effect on the system.
The help file has been improved. It was great before, but it now has even more information.TinribsJuly 1st, 2004, 06:08 PMI/m a long time fan and user of F-Prot, its a very underated and , in my view, an underused product, this I believe is a reluctance to advertise enough.
Its a seriously good product that I would be more than happy (and have/do) entrust my pc's and data to.
Its detection rates are very adequate and its memory footprint , both resident and installed, is very small.ronjorJuly 1st, 2004, 06:12 PM{QUOTE-> I/m a long time fan and user of F-Prot, its a very underated and , in my view, an underused product, this I believe is a reluctance to advertise enough.
Its a seriously good product that I would be more than happy (and have/do) entrust my pc's and data to.
Its detection rates are very adequate and its memory footprint , both resident and installed, is very small. <-QUOTE}
I agree. It is excellent. I use XP now and use F-Prot as an on demand scanner.
I used the DOS version on Win98.TinribsJuly 1st, 2004, 06:14 PMYou are right! I've used and advocated using the Dos version for many years, and still do!!, its still very useful and it would certainly take precedence over alot of new 'antivirus' products that I see and test.