1 / 34

FUNCTIONALITY AND FEATURES

FUNCTIONALITY AND FEATURES. Agenda. Main topics System requirements Scanning Viruses Spyware Updating virus signature updates Other features. Requirements. Supported platfroms

margot
Download Presentation

FUNCTIONALITY AND FEATURES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FUNCTIONALITY AND FEATURES

  2. Agenda • Main topics • System requirements • Scanning • Viruses • Spyware • Updating virus signature updates • Other features

  3. Requirements • Supported platfroms • Windows 2000 Professional (with SP4 or higher) and Windows XP (Professional and Home Edition, with SP1 or higher) • Also installs on Longhorn Beta • Minimum requirements • Intel Pentium compatible hardware • 128 MB (Windows 2000), 256 MB (Windows XP) • 256 MB or more recommended! • 50 MB free hard disk space • Internet connection recommended

  4. SCANNING

  5. Scanning for Viruses and Spyware Scanning types What is scanned What is monitored Real-time Scanning Whole file system (incl. cookies, hosts file) Email Scanning SMTP, POP3 and IMAP Web Traffic Scanning HTTP Manual Scanning Selected files/folders Scheduled Scanning All files Browser Control IE & pop-ups System Control Some sections of the registry

  6. Real-Time Scanning:Virus Protection • Files are scanned every time they are accessed • Created, opened, renamed, copied etc… • Transparent operation • Real-time scanner scans processes every time it is enabled or virus definitions are updated • All running process are checked and related files are scanned (using real-time scanning settings). Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  7. Real-Time Scanning: Spyware Protection • When real-time scanning is enabled, computer is protected against viruses and spyware • ”Scan for spyware” must be enabled (default setting) • Transparent operation (depending on the “actions” settings) Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  8. Email Scanning • Scans the content of “incoming” POP3 or IMAP and outgoing SMTP mail traffic (only for viruses!) • Ensures that no viruses are sent or received through email • Intercepts the traffic before the real-time scanner • Email client independent Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  9. Web Traffic Scanning • HTTP traffic is scanned for viruses • Protects from new type of viruses like recently discovered JPG vulnerability • Can be enabled when new virus outbreak or vulnerability occurs • Disabled by default • Transparent operation Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  10. Manual Scanning • Manual scans can be run to check a certain file, folder or drive • Viruses and Spyware can be scanned separately or together • Usually, manual scans are more detailed scans and therefore more time consuming • Quarantine function (for spyware only!) • Can be locked by the administrator Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  11. Scheduled Scanning • Scan the computer at a specific time by selecting the “Enable scheduled scanning” checkbox • Only scanning for viruses • On daily, weekly or monthly bases • Start time can be a fixed time or a fixed computer idle time • Accesses scheduling service in Windows Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  12. When Browser Control is enabled, it blocks intrusive ad popups and protects Internet Explorer against unwanted changes Ad-Popup blocker Blocks banned pop-ups and tracking cookies Updated automatically User can manually add banned sites Browser Control • Internet Explorer Shield • Blocks drive-by downloads, browser hijacking and ActiveX installations • Monitors IE entries in registry Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  13. System Control • Protects against unexpected system changes (unknown, new malware) • Monitors certain sections of the windows registry and alerts on changes • System start-up changes, critical file associations, application hijacking, generally critical system changes • Thus clients are protected from new unknown malware and spyware Scanning types Real-time Scanning Email Scanning Web Traffic Scanning Manual Scanning Scheduled Scanning Browser Control System Control

  14. Scanning performed by three anti-virus engines Libra, AVP and Orion and an anti-spyware engine Draco Possible to turn individual engines off Multiple engines not a performance problem By default only certain file types are scanned File types commonly used with malicious code Possibility of scanning all file types (performance issue!) Supported archive types ZIP, ARJ, LZH, TAR, TGZ, GZ, CAB, RAR, BZ2 and JAR Packed files can not be disinfected, only deleted or renamed Generally about Scanning

  15. Anti-Virus Separate signature files for all three scanning engines Detection of tens of thousands of variants Scan engines also contain heuristic functionality Anti-Spyware 8 categories (Data miners, Dialer, Monitoring tool, Vulnerability…) Over 600 families (Claria, DataMaker, CoolWebSearch…) Over 3000 variants Over 35000 signatures Detection Hierarchy

  16. Anti-Virus Primary actions If prompts user for decision possibilities are disinfect, delete infected file or do nothing If automatic actions selected then either disinfect, delete, rename infected file or do nothing Secondary actions (automatic) Rename or delete Anti-Spyware Prompt user for decision Possibilities are to quarantine, delete infected file, exclude from scan or do nothing Note! It is possible to set up customized messages when malware is found Actions on Detection

  17. Scan Wizard • Scan wizard for viruses and spyware easy to use

  18. Lavasoft TAC:Threat Assessment Chart • Criteria to add software to Spyware list is based on a point system • Points added according to five criteria: Removal, Integration, Distribution, Behaviour, Privacy • Software requires a TAC number of three or higher (on a scale of zero to ten) to be included in the database • This list is public and complying to these strict rules is important as most spyware is legal software • Draco anti-spyware engine based on AdAware from Lavasoft

  19. Threat Assessment System • Integration • Can cause system instability • Distribution • Intentionally hidden installation or clear indication that application is designed with the explicit intention of making it difficult orimpossible to remove • Bundled installation that is undisclosed, no noticegiven to the user pre-install or the hostapplication’s EULA attempts to hide the application’s inclusion • No info disclosed in EULA, confusingEULA, or a hidden EULA listing

  20. Threat Assessment System • Behaviour • Virus or trojan • Connects to perform or aid in a D-DoS attack • Use or creation of tracking cookies • Changes browsing results (browser hijack, redirect,replacestext or graphics, opens random websites) • Operates stealthily • Opens web sites not initiated by the user, unsolicited pop-ups or requests to join a different site • Auto-updates without user permission or knowledge • Dials an unauthorized Internet connection • Opens or exploits a system vulnerability

  21. Threat Assessment System • Privacy • Connects to a remote system with or without the user's awareness to transmit usage statistics and/or personally identifiable information • Connects to a remote system without the user's awareness to transmit/receive information • Tracks the user's surfing habits • Removal • Provides no uninstaller at all or non-functional application uninstaller • Lacks clear evidence of intention, suspicion that the application's developer intentionally made the software difficult to uninstall

  22. Spyware Category Structure 8 Categories > 600Families >3000 Variants >35000 Signatures Data Miner Claria (Adware) CoolWebSearch Variant 1 Monitoring tool Blazing Tools(Keylogger) CoolWebSearch Variant 2 Vulnerability WideStep Elite (Keylogger) CoolWebSearch Variant 3 File Signatures Malware CoolWebSearch(Browser Hijacker) CoolWebSearch Variant 4 Registry Key Signatures Dialer DateMaker(Adult Dialer) CoolWebSearch Variant 5 Registry Value Signatures Worm Blaster(Network Worm) CoolWebSearch Variant 6 Cookie Tracking Cookies(Adware) Misc LycosSidesearch(Bundled Adware)

  23. DATABASE UPDATES

  24. Virus & Spy Databases • Heart of Virus & Spy Protection • Provided by Anti-Virus Research • Different for each scanning engine (Orion, AVP, Libra and Draco) • Databases are signed (DAAS) and only taken into use if it is certain the updates originated from F-Secure • Daily update usually a few kilobytes • Viruses are normally detected by several scanning engines and disinfected by the first detecting engine

  25. F-Secure Update Server Updates • Database updates are downloaded and handled by F-Secure Automatic Update Engine • Also possible to manually update with a file downloaded from F-Secure website (FSUPDATE.EXE) Centrally managed AVCS Policy Manager Server Automatic Update Agent Automatic Update Server Automatic Update Agent Automatic Update Agent Stand-alone AVCS

  26. Network Quarantine • Intelligent Network Access (INA) • If the virus definitions are old or if real-time scanning is disabled, the product automatically changes the Internet Shield security level into Access Restricted • Network access is restricted until the virus definitions are updated and/or real-time scanning is enabled (prompts the end user to update)

  27. Network Admission Control (NAC) • Solution developed by Cisco Systems • Requires a Cisco architecture (Cisco Trust Agents (CTA) on each device, Cisco IOS Network Access Device (NAD) and Access Control Server (ACS)) • No centralized management • Provides a host with the appropriate network access based on the state of the system • Healthy: Full network access granted • Quarantine: E.g. outdated virus definitions during outbreak => access restrictions

  28. OTHER FEATURES

  29. Unloading and Uninstalling • It is possible to unload FSAVCS to free memory (approx. 13 MB of memory) • 2 unload possiblilities • Unload only Virus & Spy Protection • Unload Virus & Spy Protection and Internet Shield (not recommended) • Features meant for home users (while playing games etc.) • Feature can be disabled from the policy • Product has protection against uninstallation • Not password based, requires a change in policy

  30. Try and Buy Version • It is possible to try out F-Secure products for 30 days with the TNB version • Available for both servers and workstations • After 30 days no longer operates, but can be activated once license bought • After purchase of license no need to reinstall • All functionality present

  31. Sidegrade Support • Automatic detection and removal for main competitors • McAffee • Computer Associates (CA) • Trend Micro • Symantec • Transparent to the end user • No user intervention required

  32. On-line Help • Online help is always available to end users by pressing “Help” • New online help includes F-Secure Anti-Virus Client Security administration manual • Available in the Policy Manager Console (by pressing “F1”)

  33. Internet Shield • Integrated desktop firewall (Internet Shield) • Integrated stateful inspection desktop firewall that provides robust monitoring and filtering of Internet traffic preventing unauthorized access to the workstation over the network • Program access control from the workstation to the Internet • Protecting the workstation from Internet hackers and network worms. • Intrusion Detection System, (IDS) • The IDS analyses Internet traffic and automatically detects and blocks malicious hacker and network worm attacks such as port scans and Slammer that are not detected by traditional antivirus software.

  34. Summary • Main topics • System requirements • Scanning • Viruses • Spyware • Updating virus signature updates • Other features

More Related