Anti-Virus Ownage, Anti-Spyware - Not So Much

F-Secure's Antivirus recieved a VB100% rating from Virus Bulletin and has the West Coast Labs checkmark certification for virus detection and cleaning (looked it up). However, F-Secure didn't participate in ICSA's testing (International Computer Security Association). The AV scans files on access, on demand, and on schedule. No multiple schedules here, though-the single scheduled scan uses whatever settings are current for a manual scan. It can run daily, weekly, or monthly, with an option to hold off until the system has been idle for five minutes. The antivirus also scans the incoming and outgoing e-mail stream and (new in this version) can optionally scan and clean HTML traffic as it enters your system.

F-Secure's integrated virus and spyware scan uses its very own BlackLight rootkit protection technology. It took about 22 minutes to scan my system, so it's not especially fast or slow. A Norton or PC-Cillin would take about 30 minutes on the same system, Panda or BitDefender spent around 15, and the spyware-only scans from Spyware Doctor and Spy Sweeper zoomed through in about 7 minutes. However, F-Secure took a good bit longer on a fully malware-infested test system (ya, I set one up), and the repeated pop-ups from the real-time protection system were a real pain in the err....umm application. Right in the middle of the on-demand scan, the program would announce that it found this or that threat and offer to quarantine or delete it. The quarantine process took anywhere from half a minute to 5 minutes or more, and sometimes ended with a request to reboot (which would, of course, stop the ongoing scan). Often a separate (and pointless) standard Windows message box announced the same discovery, without offering to do anything about it. When the real-time scan failed to quarantine the threat (as was often the case), I got the same warning again a few minutes later. And if I chose to take no action rather than fruitlessly try to quarantine again, the program literally made me feel guilty for leaving malware on the system.

The on-demand scan separates its results into three groups: viruses, spyware, and "riskware." You can let it take its default actions or view the results in detail and make your own choices. Naturally, I chose the manual mode so I could see what it found. On a couple of infested test systems, the removal process got stuck on one item or another. It did ask me to "please wait," but I figured that the hour I had already spent was long enough. Fortunately, it wasn't stuck in a loop-I managed to back up and exclude the problem item, thereby allowing for the removal of the rest. Most of the "stuck" items were actually removed. Overall, though, the removal process is very slow compared with most other spyware scanners. I tried to time it on a system with no malicious software running but with some malware installers dumped in a folder on the desktop. Even here, it hung while removing one of the installers and it at least went on for 15 minutes without finishing. Comparing this to its competition, F-Secure's scanner needs a lot of work.

Upon tallying the results of my spyware removal testing, I found that F-Secure missed just one of the 16 spyware samples. But despite its prolonged efforts, it didn't fully remove four of the threats it detected.

When charged with guarding a clean system and preventing malware infestation, though, F-Secure worked like the pro it was supposed to be, with some thanks to the System Control option. I didn't choose to block medium-risk actions such as writing to the System32 folder or modifying the start-up sequence, since plenty of innocuous programs do the same. But when it reported higher risk factors, I let it block them. In some cases the malware application installed, while the executable files were wiped out, completely preventing them from running. Even after this is done, it's better to run a removal scan in order to finish the process.

Overall, it blocked all but one of the 16 spyware and all but one of the eight keyloggers, a rather impressive result. In order to get this level of effectiveness, however, it's necessary to read and carefully consider all of the System Control warnings that appear.