A new version of our Internet Gatekeeper for Linux is now available. This service release version fixes a few bugs and we have added support for a couple of new Linux distributions too.

SuSE users will be happy to hear that the init script bug which caused problems for product startup after rebooting the computer has now been fixed. For a full list of changes, please have a look at the release notes.

The product package can be downloaded here:

f-secure-internet-gatekeeper-for-linux-3.03.1299.tar.gz
md5sum: 939a3c3954d5c568965eef479d445470
sha1sum: aceb18dc3124d57292d8baee7b7d47dc76a47771

Now it is time to release the new Rescue CD for which we put out the beta some time ago. We decided to update the version number to 3.11 since we added a couple of useful utilities to the CD image. Otherwise this is the same version as is available on our Internet Security 2010 installation CD.

The new utilities on the CD are:

* PhotoRec is a tool that can be used to recover data that has been accidentally deleted or lost due to a corrupted file system on a disk.
* TestDisk is another data recovery tool that can be used to recover a lost partition, for example.
* smartmontools contain utilities that can be used to inspect S.M.A.R.T. values of hard disks. By analyzing these numbers you may get a hint if your hard disk is starting to show signs of breaking down. Check the Documentation page for more information and tutorials on how to use the tools.

Note: F-Secure does not provide any support for using the above mentioned utilities and the best resource for help on using them can probably be found from their Wiki pages.

Have a look at the release notes and then download the product package here:

f-secure-rescue-cd-3.11.23804.zip
f-secure-rescue-cd-3.11.23804.zip.md5sum
f-secure-rescue-cd-3.11.23804.zip.sha1sum

So much testing to do, test cases to automate, blog posts to write and so little time - we’re looking for a Test Engineer to join us in the Mac & Linux team in Helsinki!

The Mac & Linux team is an international team of 10 multi-talented agile software development professionals. We develop and maintain F-Secure’s Mac and Linux products like Mac Protection, Linux Security, Internet Gatekeeper for Linux and Rescue CD and use Scrum to run our projects. We have a lot of challenges and learning opportunities to offer, and we like to have fun while working.

As a member of our team, your main responsibilities will be planning and automating tests as well as manual testing. You will also participate in project planning, product design, maintaining our development systems and helping sales and support. Looking for better ways of doing things will be an important part of your work.

You can find the whole ad (and other open positions at F-Secure) here.

If the position sounds like it should be yours, please apply by Friday next week (Sept 4th)! We’re waiting eagerly to hear from you!

We noticed that lately our posts about Rescue CD have been quite technical and focusing on details. So, here’s a brief overview for the people who aren’t that familiar with the tool yet.

What is Rescue CD?
Rescue CD is a free tool you can use to fix a computer that no longer starts because the operating system has been corrupted by malware. For more advanced users, Rescue CD enables other kinds of repair and data recovery operations as well.

When should I use it?
There are two main situations when you should use the Rescue CD:

• The computer no longer starts, as the operating system has been corrupted by malware. In this case you can use the Rescue CD to scan the computer and quarantine the malware. This may allow the operating system to start properly again.
• If you suspect that your security software has been compromised by malware. You can use the Rescue CD to check this, as it is independent of the operating system.

How does it work?
Rescue CD contains a Knoppix (a kind of Linux) operating system which allows using your Windows PC and getting access to the hard disks.

How do I use it?
Rescue CD is included on our Internet Security CD. If you don’t have it, or need to have the newest version, you can download it from here in the blog or on the F-Secure website, and burn it on a CD yourself.

Also, prepare to provide our latest malware definition databases to the tool. This is done either by simply having a network connection or using a USB stick. Instructions for the latter option can be found here (under Using USB stick to store malware definitions).

After getting rescued, remember to make sure that you have an up-to-date security solution to keep you from trouble in the future.

For more information and basic instructions for using the Rescue CD, please check the Rescue CD User’s Guide. And if you still have questions, comments or problems regarding the tool, drop us a line! Ideas and feature requests are also welcome.

For a while now we have been doing incremental work to push out new RescueCD with new features.

So what new do we have?
Here is a Quick Changelog

• New Security Platform
• New Knoppix
• USB stick improvements
  • Ability to speed up the process by storing malware definitions on USB stick if scan is done often
  • Ability to automate scanning or enable malware definition download behind a proxy
  • Ability to run personalized automated script for the system as part of the process
  • Ability to convert RescueCD into bootable USB stick

New Knoppix

We have taken the Knoppix 6.0.1 as the new base for the RescueCD. It has been stripped down somewhat to make download a bit smaller and initialization process is slightly altered to make it fairly simple to use. If you think some crucial tool is missing from the image please let us know and we consider including it later. Both emacs and vi are removed on purpose :)

New Security Platform

Security Platform has been updated to version 2.50. It should be faster now.

Extended usability of USB stick with the product

Using USB stick to store malware definitions

To use USB stick as malware definition storage initialize USB stick by creating directory fsecure on the stick and under that subdirectory rescuecd. Now when you boot the machine with RescueCD and USB stick is inserted into machine it will automatically use the stick to store definitions into. (there must be ~256MB of free space on the stick)

To automate the scan process with help of USB stick

Act as above and after you have booted up you can have a look at the config file /mnt/usbstick/fsecure/rescuecd/config. This file explains different options that can be useful to automate the process or enable virus definition downloads by setting a proxy.

If you wish to automate the scanning process just set the TIMEOUT=5 and every dialog will show only for 5 seconds and after that proceed to next step. Process will halt to last screen that shows scan result.

If you are behind a proxy you can set the http_proxy in the config file according explained specifications.

Running personalized script as part of the process

If you have initialized the USB stick you can create file /mnt/usbstick/fsecure/rescuecd/custom_script.sh

This script can contain your own customised actions that are taken before scan process. This is basically same thing as repair_script.sh used to be, but just renamed to have more generic meaning. You can for example use this script to backup all pictures or documents from your machine to the stick (if it is large enough) or have rsync backup files to remote machine over network.

Converting RescueCD into bootable USB stick (for advanced users)

One of the nice features that we managed to push to the CD is transmogrify script. This script can be used to change normal USB stick into bootable RescueCD stick. Word of warning thou the script will delete everything from target device. So be very careful as you use it to create your bootable USB stick.

To create a USB stick version of the RescueCD, please run the following command in ‘Alt-F2′ after booting the CD:
/opt/f-secure/transmogrify_cd_into_stick.sh [cdrom device] [usb stick device]

[cdrom device] usually is one of the following /dev/hda /dev/hdc /dev/sr0. You can verify the device by changing to different virtual console with ‘Alt-F2′ and typing df. The device on the very first line with /mnt-system is the device you wish to use as first argument to the script.

[usb stick device] is bit harder to figure out. If you have just booted the computer without any stick and have the one that you wish to use in your hand insert it in and check dmesg | grep -A2 usb-storage. Command should print out something like

usb-storage: waiting for device to settle before scanning
scsi 126:0:0:0: Direct-Access USB 2.0 USB Flash Drive 0.00 PQ: 0 ANSI: 2
sd 126:0:0:0: [sdd] 3948544 512-byte hardware sectors (2022 MB)

so in this case destination device would be /dev/sdd
Note: if you create USB stick after databases have been downloaded you will have the fresh virus description databases already on your next boot.

The package can be downloaded here.
Please have a look at the release notes before using the product. They are also available inside the zip package.

checksums for f-secure-rescue-cd-beta-3.10.22900.zip:
md5sum: bbef00aa8e0be2c6398cd1cdfba71470
sha1sum: 12a339b755323c170eb2b1c0e2ddcc88b1b0f0cb

And as before comments and suggestions are welcome trough email address displayed at the bottom of the page.

Many thanks to KNOPPIX team NTFS-3G developers and people in OSS scene.

Having a computer program communicate with the user in a clear, understandable and consistent way is a non-trivial problem to solve. In the Mac world, the Apple Human Interface Guidelines can help us a long way in presenting information in a format that is familiar for a Mac user. At the same time, a user may expect products from F-Secure to behave similarly across operating systems - an expectation that sometimes conflicts with our desire to fit into the environment. The Technology Preview of F-Secure Mac Protection shares a lot of UI elements with the similarly recent Internet Security Technology Preview for Windows.

Another obstacle is the position our user interface should take with regards of the surrounding environment. The kind of applications we typically develop usually do not require much user interaction - indeed, we even want to minimize user interaction whenever we can, since we don’t want to bother the user without good cause. A user probably expects a prominent notification when our product find malware on the disk, but is not that interested in a regular database update (they come several times per day on Windows platforms). At the same time, the user wants to be sure that the application is actually performing as expected.

In the Mac Protection Technology Preview, we went the way of not displaying any user interface elements at all unless the user explicitly launches our UI, or our on-access scanner has detected malware. We essentially treat the on-access scanning as a system service, that is always running in the background, invisible to the user. If the user is curious whether it is working correctly or not, he or she can launch the user interface from the Applications folder. However, it is clear from the feedback that some users have different expectations - there is a need of telling the user “yes, the product is installed and working OK” in a non-intrusive and lightweight manner.

In the Linux Security products, we have accomplished this with two small programs; one for KDE and one for GNOME, both fitting into the respective environment. In Windows, there is a system tray icon visible giving that kind of feedback. On Mac, the place to give such information is not as clear-cut. There has been considerable discussion about this in our team, and clearly our Technology Preview testers have some thoughts about this too (and, by the way, the feedback we’ve got from our Mac Protection Technology Preview is over-the-top awesome - we are really blessed with such enthusiastic and knowledgeable testers!).

In OS X, I personally feel that the Dock should be reserved for applications that the user interacts with on a regular basis. In an ideal situation, a user should not have to interact with our application in their day-to-day work - only in the rare event that malware is found or during installation/uninstallation et cetera should the user need to bring up our user interface. But as our feedback tells us, if there is no Dock icon visible, how is the user supposed to know that the product is running and functioning properly? One element of the Mac OS X Aqua UI is the “menu bar extras” that sit in the upper-right corner of a Mac, and in some ways it resembles the system tray in Windows. Some applications make their own menu bar extras, but this is strictly reserved for use by Apple according to the Human Interface Guidelines - so we would like to avoid it if possible. But what is there then left for us to use that could be very visible but at the same time non-intrusive? Some users seem to like the idea of having our application icon in the Dock all the time. Right now, we close the UI completely when the last window exits. This is consistent with the Apple guidelines, even though they give plenty of room for interpretation:

In most cases, applications that are not document-based should quit when the main window is closed. For Example, System Preferences quits if the user closes the window. If an application continues to perform some function when the main window is closed, however, it may be appropriate to leave it running when the main window is closed. For example, iTunes continues to play when the user closes the main window.

The way I see it, our user interface is like the Apple System Preferences in that its main purpose is to control the behavior of system services. However, I understand that one could argue that, like iTunes, since our products still perform some function even after the user has closed all its Windows, it should still remain active in the Dock. The upside of that approach would be that we could use the Dock icon to represent the status of the product.

We’re happy to receive any and all opinions our readers may have on this subject - please send them along to . And once again, thanks a million for the feedback we’ve already got - it is extremely useful in guiding us in the right direction as we take one step at a time towards a better user experience.

Last year, when we were writing a series of posts titled ”Stuff that works” (part 1, part 2, part 3, part 4), we were using a home-grown set of shell scripts to automatically build our software. Initially the scripts were run from cron every night, then later every hour and even later the script was triggered for every commit.

The autobuilder script worked, but we were missing features like IRC notifications, triggering builds from a web page and IRC and statistics. We would also have liked to have a history of builds combined with the test results of every build.

We were already setting up a MySQL database for builds and test results when we discovered that Continuous Integration is actually a hot topic these days and there is plenty of software available to help you with it. We eventually decided on software called Hudson.

Hudson is open source software and it is under active development by a large and growing community.
Hudson is written in Java and packaged so it can be set up easily and quickly. Basically you download the hudson.war file and run it: java -jar hudson.war

That’s it! Then you point your browser to port 8080 on that host and you have a pretty Web UI for setting up, managing and monitoring of various build jobs.

In a nutshell a job consists of following steps:

Poll a version control repository for changes.

Check out the source to a workspace directory.

Execute a build script.

Archive build results from workspace (or build artifacts like Hudson calls them.)

(Optional) pick up test results from XML files in workspace.

Each build of each job has a nice web page showing if the build was successful, when it was run and how long it took. The build artifacts can be downloaded from the same page and you can also inspect the test results.
You can configure a job to trigger one or more other jobs. For example, when the job that builds F-Secure Mac Protection finishes successfully, we have set it to trigger 2 other jobs: Installtest and Smoketest.

A job does not have to build software. Hudson does not care what the build script does. The build script in Installtest downloads the last successful build artifact from the job that launched it and installs it on a Mac mini running on a side table in the corner of the team room. Then it makes couple of simple checks and uninstalls the software. The result of this run is recorded in an XML file in the JUnit format. When the build script exists successfully, Hudson reads the XML file and stores the test results.

Hudson executes the Installtest parallel with the Smoketest job. Smoketest takes much longer to run (about 7-8 minutes), which is why we have the Installtest to provide us fast feedback in case we break something. Smoketest is similar to Installtest, except it runs many more tests.

We have also a number of other jobs, which are triggered by the Smoketest: Fulltest (runs all the tests taking about an hour), Upgradetest (runs upgrade from previous version and all tests from fulltest) and Performancetest (runs a set of common user tasks, measuring the time it takes.)

As you see, it is a good practice to split long jobs into multiple smaller jobs that run quicker. The quicker a job runs, the faster you get to know if you broke something and the faster you can fix it.

Hudson also has a whole lot of plugins that can be used to enhance and extend the basic functionality. There are plugins for supporting most of the popular version control systems and plugins to analyze source code and create reports and lots more. (And there is a plugin for IRC too.)

If you are doing continuous integration you could do a lot worse than use Hudson to help you. I definitely recommend you check it out.

The team hit a major milestone last week: technology preview of F-Secure Mac Protection.

The team is now called ”Mac & Linux team” and we’re taking care of all F-Secure Linux software and also the new Mac software. Mac OS X is, after all, a UNIX system under the pretty user interface.

We are considering whether we should post also Mac-related articles here on the Linux blog or not. We love Linux as much as we love the Mac, but maybe our readers are only interested in one or other. Please tell us what you think by email to

Last month we released a beta of Internet Gatekeeper for Linux. Now it has reached maturity and we’re announcing its general availability. Internet Gatekeeper is a stable multi-purpose virus scanning proxy that supports the FTP, SMTP, POP3 and HTTP protocols. As mentioned before, the Internet Gatekeeper now builds upon the same foundation as our product Linux Security, enabling us to provide fast and effective updates. IGK supports several modes of operation, including acting as a transparent proxy, a reverse proxy scanning incoming files in HTTP PUT or POST request, as well as chaining with other proxy software such as Squid.

Please download your free 30-day trial from our main website. Check our support pages if you have any problems, and in particular, try searching our Knowledge Base articles.

We are now releasing a new beta version of our Internet Gatekeeper for Linux. This version contains several architectural improvements and utilizes the same core components as our Linux Security 7 product. More information can be found in the release notes and manual within the product package.

Without further ado - please download and give it a spin on your test box :). And, as always, do drop us a note about your experiences with the beta!

Product package:
f-secure-internet-gatekeeper-for-linux-3.02.1164-beta.tgz (MD5, SHA1)