LaZorMan
1
F-Secure Anti-Virus 5.40 – Ready for New Challenges
Internet-borne viruses, such as Nimda and Klez, proved that virus outbreaks are becoming more frequent and more complex with multiple propagation methods. Antivirus vendors now have a serious challenge to get the virus definition updates available for customers and delivered all the way to workstations and servers to stop the virus outbreaks from spreading. In addition to the updated virus definition, the complex virus infections may require extra tools for removing the virus from infected machines. The new release of F-Secure Anti-Virus 5.40 with F-Secure Policy Manager 5.10 takes a huge leap toward answering the new challenges the rapidly-spreading virus outbreaks pose.
It’s about getting the cure before it’s too late
In contrast with human diseases, an overdose of antidotes against all newly discovered germs in the computer world is exactly the right thing to do. Making the customer feel safe with frequently delivered virus definition updates before a virus incident happens has been one of our key drivers for a long time. In practice, this means that the chain starting at the Anti-Virus Research Lab all the way to the customer workstations and servers must be streamlined and solid. According to Messagelabs’ test, F-Secure has been the fastest antivirus vendor to provide definition updates against the latest threats. MessageLabs is a UK-based content provider of secured e-mail services. They use several top-notch antivirus products to protect their customers against viruses.
Having the update available still does not mean that the customers are safe. For this, F-Secure has been developing advanced delivery mechanisms for transferring the virus definition updates from F-Secure to customer workstations and servers. The communication technology using incremental transfers ensures that customers get the updates automatically in the background shortly after the F-Secure Research Lab has published them. F-Secure Anti-Virus Proxy is introduced together with F-Secure Anti-Virus 5.40 as a new concept for distributing virus definitions in a corporate environment. The proxy reduces network traffic for limited Internet connections in a remote office by downloading the virus definition update and distributing the update locally to remote office workstations. F-Secure Anti-Virus Proxy works only with versions F-Secure Anti-Virus 5.40 and upward.
Cleaning up after viruses
As computer viruses are getting more complex and more difficult to remove, antivirus vendors have been placed in a situation where the software has required additional utilities for removing the complex viruses and worms. F-Secure Anti-Virus 5.40 has been improved so that the need for additional utilities is significantly reduced. This enhancement makes life easier for the end-user or network administrator, since the software can disinfect even the most complex viruses automatically, without the need for downloading removal utilities.
More speed and scheduling
Thanks to the restructuring of scanning engines, F-Secure Anti-Virus 5.40 can run faster on low-end machines with adjusting the configuration. For corporate environments, F-Secure Anti-Virus 5.40 introduces scheduled scanning which can be controlled by the administrator.
F-Secure Anti-Virus 5.40 – The changes are under the hood
The 5.40 version that is based on a totally new internal architecture is about to be shipped. All the familiar features such as multiple scanning engines and policy-based management are there, but implemented in a more efficient way. There is also a set of new powerful features, which can be discovered and used through F-Secure Policy Manager Console.
New scanning engine architecture – why is it important?
Previous versions of F-Secure Anti-Virus run the scanning engines in kernel mode. This means that the antivirus product is tightly integrated with the heart of the operating system. It is easy to intercept and monitor system activity in this mode and this enables the product to provide powerful and reliable protection against viruses. The disadvantage is, however, that memory consumption may become a problem. F-Secure Anti-Virus 5.40 moves the memory-consuming scanning engines to user mode, but leaves the traffic-intercepting modules in kernel mode. This enables the product to benefit from both programming techniques; the power of kernel mode and the more polite resource handling in user-mode.
So how does this affect the user? The most noticeable improvement will be seen in low-end machines. F-Secure Anti-Virus still uses roughly the same amount of memory. But the memory is allocated in a much more polite way. This means that the operating system can optimize the memory and leave more free memory for other applications. The overall effect should be a noticeable increase in system performance. However the operating system’s Task Manager reports higher memory consumption than when running version 5.30. How is this possible? This is caused by the fact that the Windows Task Manager does not report kernel mode memory properly. Task Manager’s total memory figure is also misleading because it does not take into account the operating system’s memory optimization. So the new version really uses memory in a much more polite way than previous versions.
Another benefit from the architectural change is that system stability is improved. The product can now recover gracefully in the unlikely event of a scanning engine failure. There have been some malware attacks where a file attempts to crash or overload the antivirus scanning engines. F-Secure Anti-Virus is now even more resistant against this kind of attack. The engines are of course very resistant and stable themselves, but if an engine crashes the product can restart one engine while it continues scanning with the other two engines.
The viruses get tougher – so does F-Secure Anti-Virus
The past years have been a very turbulent period in the IT security field. E-mail worms have set new speed records and forced antivirus vendors to publish updates at a much faster rate. Another unfortunate development is viruses and worms that require extensive cleaning operations. The very widespread Nimda virus last autumn is a good example. It infected computers in a way that was so complex that no antivirus product was able to clean it without an external utility.
F-Secure Anti-Virus is now capable of handling much more complex viruses directly without the need for manual operations. There are a lot of internal changes that makes this possible. The most visible are the new secondary disinfection settings that can be accessed through F-Secure Policy Manager Console. These settings enable the administrator to granularly define how to handle infected mailboxes, OLE-files, ordinary files etc. Separate actions can be defined for old and new files as well as in situations where no user is logged in to the computer. The defaults should be OK in most situations, but it is nice to know that the behavior of the product can be changed if the administrator feels that a certain type of infection should be handled differently. This may also enable customers to use automatic infection handling in situations where manual handling was chosen for security reasons.
F-Secure Anti-Virus 5.40 provides better performance, increased stability and improved infection handling. We recommend that all corporate users take this new version into use to be even more secure against virus outbreaks. This ensures proper handling of the latest rapidly-spreading worms, if one happens to hit your network.
Want to know more about the virus threat?
Why is everything happening so quickly in the antivirus field? How is it possible for a virus to spread around the world in less than 24 hours? What is the real difference between a virus and a worm? To find answers to these questions and more, go to _http://www.F-Secure.com/products/white-papers/virus.pdf_
if you want to know more.
LaZorMan
Internet-borne viruses, such as Nimda and Klez, proved that virus outbreaks are becoming more frequent and more complex with multiple propagation methods. Antivirus vendors now have a serious challenge to get the virus definition updates available for customers and delivered all the way to workstations and servers to stop the virus outbreaks from spreading. In addition to the updated virus definition, the complex virus infections may require extra tools for removing the virus from infected machines. The new release of F-Secure Anti-Virus 5.40 with F-Secure Policy Manager 5.10 takes a huge leap toward answering the new challenges the rapidly-spreading virus outbreaks pose.
It’s about getting the cure before it’s too late
In contrast with human diseases, an overdose of antidotes against all newly discovered germs in the computer world is exactly the right thing to do. Making the customer feel safe with frequently delivered virus definition updates before a virus incident happens has been one of our key drivers for a long time. In practice, this means that the chain starting at the Anti-Virus Research Lab all the way to the customer workstations and servers must be streamlined and solid. According to Messagelabs’ test, F-Secure has been the fastest antivirus vendor to provide definition updates against the latest threats. MessageLabs is a UK-based content provider of secured e-mail services. They use several top-notch antivirus products to protect their customers against viruses.
Having the update available still does not mean that the customers are safe. For this, F-Secure has been developing advanced delivery mechanisms for transferring the virus definition updates from F-Secure to customer workstations and servers. The communication technology using incremental transfers ensures that customers get the updates automatically in the background shortly after the F-Secure Research Lab has published them. F-Secure Anti-Virus Proxy is introduced together with F-Secure Anti-Virus 5.40 as a new concept for distributing virus definitions in a corporate environment. The proxy reduces network traffic for limited Internet connections in a remote office by downloading the virus definition update and distributing the update locally to remote office workstations. F-Secure Anti-Virus Proxy works only with versions F-Secure Anti-Virus 5.40 and upward.
Cleaning up after viruses
As computer viruses are getting more complex and more difficult to remove, antivirus vendors have been placed in a situation where the software has required additional utilities for removing the complex viruses and worms. F-Secure Anti-Virus 5.40 has been improved so that the need for additional utilities is significantly reduced. This enhancement makes life easier for the end-user or network administrator, since the software can disinfect even the most complex viruses automatically, without the need for downloading removal utilities.
More speed and scheduling
Thanks to the restructuring of scanning engines, F-Secure Anti-Virus 5.40 can run faster on low-end machines with adjusting the configuration. For corporate environments, F-Secure Anti-Virus 5.40 introduces scheduled scanning which can be controlled by the administrator.
F-Secure Anti-Virus 5.40 – The changes are under the hood
The 5.40 version that is based on a totally new internal architecture is about to be shipped. All the familiar features such as multiple scanning engines and policy-based management are there, but implemented in a more efficient way. There is also a set of new powerful features, which can be discovered and used through F-Secure Policy Manager Console.
New scanning engine architecture – why is it important?
Previous versions of F-Secure Anti-Virus run the scanning engines in kernel mode. This means that the antivirus product is tightly integrated with the heart of the operating system. It is easy to intercept and monitor system activity in this mode and this enables the product to provide powerful and reliable protection against viruses. The disadvantage is, however, that memory consumption may become a problem. F-Secure Anti-Virus 5.40 moves the memory-consuming scanning engines to user mode, but leaves the traffic-intercepting modules in kernel mode. This enables the product to benefit from both programming techniques; the power of kernel mode and the more polite resource handling in user-mode.
So how does this affect the user? The most noticeable improvement will be seen in low-end machines. F-Secure Anti-Virus still uses roughly the same amount of memory. But the memory is allocated in a much more polite way. This means that the operating system can optimize the memory and leave more free memory for other applications. The overall effect should be a noticeable increase in system performance. However the operating system’s Task Manager reports higher memory consumption than when running version 5.30. How is this possible? This is caused by the fact that the Windows Task Manager does not report kernel mode memory properly. Task Manager’s total memory figure is also misleading because it does not take into account the operating system’s memory optimization. So the new version really uses memory in a much more polite way than previous versions.
Another benefit from the architectural change is that system stability is improved. The product can now recover gracefully in the unlikely event of a scanning engine failure. There have been some malware attacks where a file attempts to crash or overload the antivirus scanning engines. F-Secure Anti-Virus is now even more resistant against this kind of attack. The engines are of course very resistant and stable themselves, but if an engine crashes the product can restart one engine while it continues scanning with the other two engines.
The viruses get tougher – so does F-Secure Anti-Virus
The past years have been a very turbulent period in the IT security field. E-mail worms have set new speed records and forced antivirus vendors to publish updates at a much faster rate. Another unfortunate development is viruses and worms that require extensive cleaning operations. The very widespread Nimda virus last autumn is a good example. It infected computers in a way that was so complex that no antivirus product was able to clean it without an external utility.
F-Secure Anti-Virus is now capable of handling much more complex viruses directly without the need for manual operations. There are a lot of internal changes that makes this possible. The most visible are the new secondary disinfection settings that can be accessed through F-Secure Policy Manager Console. These settings enable the administrator to granularly define how to handle infected mailboxes, OLE-files, ordinary files etc. Separate actions can be defined for old and new files as well as in situations where no user is logged in to the computer. The defaults should be OK in most situations, but it is nice to know that the behavior of the product can be changed if the administrator feels that a certain type of infection should be handled differently. This may also enable customers to use automatic infection handling in situations where manual handling was chosen for security reasons.
F-Secure Anti-Virus 5.40 provides better performance, increased stability and improved infection handling. We recommend that all corporate users take this new version into use to be even more secure against virus outbreaks. This ensures proper handling of the latest rapidly-spreading worms, if one happens to hit your network.
Want to know more about the virus threat?
Why is everything happening so quickly in the antivirus field? How is it possible for a virus to spread around the world in less than 24 hours? What is the real difference between a virus and a worm? To find answers to these questions and more, go to _http://www.F-Secure.com/products/white-papers/virus.pdf_
if you want to know more.
LaZorMan
