Presentation is loading. Please wait.

Presentation is loading. Please wait.

FUNCTIONALITY AND FEATURES. Page 2 Agenda Main topics System requirements Scanning Viruses Spyware Updating virus signature updates Other features.

Published byBrittany Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "FUNCTIONALITY AND FEATURES. Page 2 Agenda Main topics System requirements Scanning Viruses Spyware Updating virus signature updates Other features."— Presentation transcript:

1 FUNCTIONALITY AND FEATURES

2 Page 2 Agenda Main topics System requirements Scanning Viruses Spyware Updating virus signature updates Other features

3 Page 3 Requirements Supported platfroms Windows 2000 Professional (with SP4 or higher) and Windows XP (Professional and Home Edition, with SP1 or higher) Also installs on Longhorn Beta Minimum requirements Intel Pentium compatible hardware 128 MB (Windows 2000), 256 MB (Windows XP) 256 MB or more recommended! 50 MB free hard disk space Internet connection recommended

4 SCANNING

5 Page 5 Scanning types Scanning for Viruses and Spyware Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning What is scanned What is monitored Whole file system (incl. cookies, hosts file) HTTP SMTP, POP3 and IMAP Selected files/folders All files Browser ControlIE & pop-ups System ControlSome sections of the registry

6 Page 6 Real-Time Scanning: Virus Protection Files are scanned every time they are accessed Created, opened, renamed, copied etc… Transparent operation Real-time scanner scans processes every time it is enabled or virus definitions are updated All running process are checked and related files are scanned (using real- time scanning settings). Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

7 Page 7 Real-Time Scanning: Spyware Protection When real-time scanning is enabled, computer is protected against viruses and spyware ”Scan for spyware” must be enabled (default setting) Transparent operation (depending on the “actions” settings) Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

8 Page 8 Email Scanning Scans the content of “incoming” POP3 or IMAP and outgoing SMTP mail traffic (only for viruses!) Ensures that no viruses are sent or received through email Intercepts the traffic before the real-time scanner Email client independent Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

9 Page 9 Web Traffic Scanning HTTP traffic is scanned for viruses Protects from new type of viruses like recently discovered JPG vulnerability Can be enabled when new virus outbreak or vulnerability occurs Disabled by default Transparent operation Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

10 Page 10 Manual Scanning Manual scans can be run to check a certain file, folder or drive Viruses and Spyware can be scanned separately or together Usually, manual scans are more detailed scans and therefore more time consuming Quarantine function (for spyware only!) Can be locked by the administrator Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

11 Page 11 Scheduled Scanning Scan the computer at a specific time by selecting the “Enable scheduled scanning” checkbox Only scanning for viruses On daily, weekly or monthly bases Start time can be a fixed time or a fixed computer idle time Accesses scheduling service in Windows Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

12 Page 12 Browser Control When Browser Control is enabled, it blocks intrusive ad popups and protects Internet Explorer against unwanted changes Ad-Popup blocker Blocks banned pop-ups and tracking cookies Updated automatically User can manually add banned sites Internet Explorer Shield Blocks drive-by downloads, browser hijacking and ActiveX installations Monitors IE entries in registry Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

13 Page 13 System Control Protects against unexpected system changes (unknown, new malware) Monitors certain sections of the windows registry and alerts on changes System start-up changes, critical file associations, application hijacking, generally critical system changes Thus clients are protected from new unknown malware and spyware Scanning types Real-time Scanning Web Traffic Scanning Email Scanning Manual Scanning Scheduled Scanning Browser Control System Control

14 Page 14 Generally about Scanning Scanning performed by three anti- virus engines Libra, AVP and Orion and an anti-spyware engine Draco Possible to turn individual engines off Multiple engines not a performance problem By default only certain file types are scanned File types commonly used with malicious code Possibility of scanning all file types (performance issue!) Supported archive types ZIP, ARJ, LZH, TAR, TGZ, GZ, CAB, RAR, BZ2 and JAR Packed files can not be disinfected, only deleted or renamed

15 Page 15 Detection Hierarchy Anti-Virus Separate signature files for all three scanning engines Detection of tens of thousands of variants Scan engines also contain heuristic functionality Anti-Spyware 8 categories (Data miners, Dialer, Monitoring tool, Vulnerability…) Over 600 families (Claria, DataMaker, CoolWebSearch…) Over 3000 variants Over 35000 signatures

16 Page 16 Actions on Detection Anti-Virus Primary actions If prompts user for decision possibilities are disinfect, delete infected file or do nothing If automatic actions selected then either disinfect, delete, rename infected file or do nothing Secondary actions (automatic) Rename or delete Anti-Spyware Prompt user for decision Possibilities are to quarantine, delete infected file, exclude from scan or do nothing Note! It is possible to set up customized messages when malware is found

17 Page 17 Scan Wizard Scan wizard for viruses and spyware easy to use

18 Page 18 Lavasoft TAC: Threat Assessment Chart Criteria to add software to Spyware list is based on a point system Points added according to five criteria: Removal, Integration, Distribution, Behaviour, Privacy Software requires a TAC number of three or higher (on a scale of zero to ten) to be included in the database This list is public and complying to these strict rules is important as most spyware is legal software Draco anti-spyware engine based on AdAware from Lavasoft

19 Page 19 Threat Assessment System Integration Can cause system instability Distribution Intentionally hidden installation or clear indication that application is designed with the explicit intention of making it difficult or impossible to remove Bundled installation that is undisclosed, no notice given to the user pre- install or the host application’s EULA attempts to hide the application’s inclusion No info disclosed in EULA, confusing EULA, or a hidden EULA listing

20 Page 20 Threat Assessment System Behaviour Virus or trojan Connects to perform or aid in a D-DoS attack Use or creation of tracking cookies Changes browsing results (browser hijack, redirect, replaces text or graphics, opens random websites) Operates stealthily Opens web sites not initiated by the user, unsolicited pop-ups or requests to join a different site Auto-updates without user permission or knowledge Dials an unauthorized Internet connection Opens or exploits a system vulnerability

21 Page 21 Threat Assessment System Privacy Connects to a remote system with or without the user's awareness to transmit usage statistics and/or personally identifiable information Connects to a remote system without the user's awareness to transmit/receive information Tracks the user's surfing habits Removal Provides no uninstaller at all or non-functional application uninstaller Lacks clear evidence of intention, suspicion that the application's developer intentionally made the software difficult to uninstall

22 Page 22 >35000 Signatures File Signatures Registry Key Signatures Registry Value Signatures >3000 Variants CoolWebSearch Variant 1 CoolWebSearch Variant 2 CoolWebSearch Variant 3 CoolWebSearch Variant 4 CoolWebSearch Variant 5 CoolWebSearch Variant 6 > 600 Families 8 Categories Spyware Category Structure Data Miner Monitoring tool Vulnerability Malware Dialer Worm Cookie Misc Claria (Adware) Blazing Tools (Keylogger) WideStep Elite (Keylogger) CoolWebSearch (Browser Hijacker) DateMaker (Adult Dialer) Blaster (Network Worm) Tracking Cookies (Adware) LycosSidesearch (Bundled Adware)

23 DATABASE UPDATES

24 Page 24 Virus & Spy Databases Heart of Virus & Spy Protection Provided by Anti-Virus Research Different for each scanning engine (Orion, AVP, Libra and Draco) Databases are signed (DAAS) and only taken into use if it is certain the updates originated from F-Secure Daily update usually a few kilobytes Viruses are normally detected by several scanning engines and disinfected by the first detecting engine

25 Page 25 F-Secure Update Server Updates Database updates are downloaded and handled by F-Secure Automatic Update Engine Also possible to manually update with a file downloaded from F-Secure website ( FSUPDATE.EXE ) Centrally managed AVCS Automatic Update Agent Policy Manager Server Automatic Update Agent Stand-alone AVCS Automatic Update Agent Automatic Update Server

26 Page 26 Network Quarantine Intelligent Network Access (INA) If the virus definitions are old or if real-time scanning is disabled, the product automatically changes the Internet Shield security level into Access Restricted Network access is restricted until the virus definitions are updated and/or real-time scanning is enabled (prompts the end user to update)

27 Page 27 Network Admission Control (NAC) Solution developed by Cisco Systems Requires a Cisco architecture (Cisco Trust Agents (CTA) on each device, Cisco IOS Network Access Device (NAD) and Access Control Server (ACS)) No centralized management Provides a host with the appropriate network access based on the state of the system Healthy: Full network access granted Quarantine: E.g. outdated virus definitions during outbreak => access restrictions

28 OTHER FEATURES

29 Page 29 Unloading and Uninstalling It is possible to unload FSAVCS to free memory (approx. 13 MB of memory) 2 unload possiblilities Unload only Virus & Spy Protection Unload Virus & Spy Protection and Internet Shield (not recommended) Features meant for home users (while playing games etc.) Feature can be disabled from the policy Product has protection against uninstallation Not password based, requires a change in policy

30 Page 30 Try and Buy Version It is possible to try out F-Secure products for 30 days with the TNB version Available for both servers and workstations After 30 days no longer operates, but can be activated once license bought After purchase of license no need to reinstall All functionality present

31 Page 31 Sidegrade Support Automatic detection and removal for main competitors McAffee Computer Associates (CA) Trend Micro Symantec Transparent to the end user No user intervention required

32 Page 32 On-line Help Online help is always available to end users by pressing “Help” New online help includes F-Secure Anti-Virus Client Security administration manual Available in the Policy Manager Console (by pressing “F1”)

33 Page 33 Internet Shield Integrated desktop firewall (Internet Shield) Integrated stateful inspection desktop firewall that provides robust monitoring and filtering of Internet traffic preventing unauthorized access to the workstation over the network Program access control from the workstation to the Internet Protecting the workstation from Internet hackers and network worms. Intrusion Detection System, (IDS) The IDS analyses Internet traffic and automatically detects and blocks malicious hacker and network worm attacks such as port scans and Slammer that are not detected by traditional antivirus software.

34 Page 34 Summary Main topics System requirements Scanning Viruses Spyware Updating virus signature updates Other features

Download ppt "FUNCTIONALITY AND FEATURES. Page 2 Agenda Main topics System requirements Scanning Viruses Spyware Updating virus signature updates Other features."

Similar presentations

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
Spyware & It’s Remedies CS 526 Research Project Spring 2008 Presented By - Ankur Chattopadhyay Erica Kirkbride University Of Colorado At Colorado Springs.

Spyware & It’s Remedies CS 526 Research Project Spring 2008 Presented By - Ankur Chattopadhyay Erica Kirkbride University Of Colorado At Colorado Springs.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Explanations Of Software Utilities By Tim Wong.

Explanations Of Software Utilities By Tim Wong.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
How to Protect Your PC Grayware Adware, Malware, Spyware.

How to Protect Your PC Grayware Adware, Malware, Spyware.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
No.24 Prerawat Denvutivorkarn M.2/2. Definition: antivirus is protective software designed to defend your computer against malicious software. Malicious.

No.24 Prerawat Denvutivorkarn M.2/2. Definition: "antivirus" is protective software designed to defend your computer against malicious software. Malicious.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
VIRUS AND SPY PROTECTION ADMINISTRATION. Page 2 Agenda Main topics Administration interface Local user interface Administrating scanning remotely Tips.

VIRUS AND SPY PROTECTION ADMINISTRATION. Page 2 Agenda Main topics Administration interface Local user interface Administrating scanning remotely Tips.
ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine.

ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine.

Similar presentations

Ads by Google