Back to Top

Tuesday, July 24, 2007

Living off of the hype

Disclaimer: I work for a competitor, however this is my personal opinion and does not necessarily represent the views of any of my past or future employers.

So tell me, what does F-Secure exactly contribute to the malware fighting effort? Sure, they have a blog and a chief researcher who has an opinion about everything (including many things he hasn't though trough very well - like the .bank top level domain or SMS authentication), but they are only a front for Kaspersky Labs. (To be fair, they mention it in one of their blog posts). They are 99.99% Kaspersky, so why do they need researchers in two locations? Stop the marketing guys and do something useful.

Again, in the spirit of fairness, I know that this blog contributed to raising the awareness about the malware issue, however I feel that they don't give enough credit to the main force behind them (BTW, I'm not in any way affiliated with Kaspersky Labs).


  1. y'know, i've wondered the same thing about authentium...

    although, as i understand it, f-secure also have their own engine which they use in addition to kaspersky's (i think they called it orion)... they also used to have the f-prot engine in there too, but i don't think they do anymore...

  2. Source

    Third Question:
    This question is actually a set of three.

    1 – What is your relationship with Kaspersky Labs – do you in fact incorporate some of their engines?

    2 – It is well known that your software includes the Kaspersky scan engine. Do you create signatures for the Kaspersky engine or do you wait for the signature updates that come from Kaspersky Labs?

    3 – I believe you get definitions from Kaspersky as you use the KAV engine in addition to others. Do you spend some time checking those before adding them to the update mechanism?


    It seems some of the details are more well known to some than to others. Let's sum it up.

    Our products use a multiple engine approach and we have partnerships with a number of other vendors – Kaspersky is one of them. When we have an urgent case, the detection is added to our own proprietary engine. Any detection that is added to one of our products, whether our own engine or a partner's is throughly tested by our Database Update Publishers before it is released.

    We think this process works pretty well for us – see the previous post on our detection rates.

    Speaking of Kaspersky… They're an important partner of ours and we recently celebrated the tenth anniversary of that relationship. And so we had the Kaspersky management team here for a visit yesterday and today.

  3. Quote from the post:

    To be fair, they mention it in one of their blog posts