I’ll start by announcing that we have just released a new Linux Security 9.00. This new release includes the same scanning technology which was introduced in Internet Gatekeeper 4 in January this year, so the same performance improvements are now accessible to Linux Security users as well.

Other than that, several bugs have been fixed and the WebUI looks a little bit different. We know that a lot of you are waiting for support for new Linux kernel versions, but unfortunately this release is supported on pretty much the same distributions as the previous release, with a few exceptions. We wanted to integrate the new scanning technology to the product first in order to keep the detection rate and performance up to date and concentrate on the new kernels next. However, as you can see in the release notes, we did add Ubuntu 10.04 and SLES 11 as supported distributions if you install the product in command-line only mode.

In case you are wondering why the version number jumped from 7 to 9 when there aren’t that many changes, it was done just to bring the number in line with our other corporate products. So don’t be scared of updating ;)

The release package can be downloaded from our Web Club.

As usual, please report any problems to F-Secure support or the email address at the bottom of this page.

Please find the release package in the following location:

f-secure-internet-gatekeeper-for-linux-4.00.2138.tar.gz
md5sum: 51802c59873b11b0350b9d621a8177bd
sha1sum: 713dc49b7c982e9c2893c74618af7a83ec546d2d

PS. For all of you Debian and Ubuntu users, there is now a .deb package available for easy installation. Sorry for not having a repository up yet, let us know you want it and we’ll see what happens ;) The usual contact address is at the bottom of this page.

What is new?

• System firewall watcher. Mac Protection turns on the OS X firewall if it was off and encourages you to keep it on.
• Network panic button. Block all network communication in or out from your Mac, except to Apple and F-Secure software update servers.
• Graphical uninstaller application in the product installation directory /Applications/F-Secure.
• Localization to 27 languages.

As always, you can download the installer from the Beta Program page for Mac Protection and those who already have it installed should get the automatic upgrade prompt very soon.

Thank you for all the feedback you have sent. Keep telling us about any problems you see, like strange hangs or crashes. As much as we do automatically test every build of Mac Protection, we can never shake out every bug without the help of real users.

If you need help or want to discuss Mac Protection, you can do it in our Mac Protection beta forum

SuSE users will be happy to hear that the init script bug which caused problems for product startup after rebooting the computer has now been fixed. For a full list of changes, please have a look at the release notes.

The product package can be downloaded here:

f-secure-internet-gatekeeper-for-linux-3.03.1299.tar.gz
md5sum: 939a3c3954d5c568965eef479d445470
sha1sum: aceb18dc3124d57292d8baee7b7d47dc76a47771

The new utilities on the CD are:

* PhotoRec is a tool that can be used to recover data that has been accidentally deleted or lost due to a corrupted file system on a disk.
* TestDisk is another data recovery tool that can be used to recover a lost partition, for example.
* smartmontools contain utilities that can be used to inspect S.M.A.R.T. values of hard disks. By analyzing these numbers you may get a hint if your hard disk is starting to show signs of breaking down. Check the Documentation page for more information and tutorials on how to use the tools.

Note: F-Secure does not provide any support for using the above mentioned utilities and the best resource for help on using them can probably be found from their Wiki pages.

Have a look at the release notes and then download the product package here:

f-secure-rescue-cd-3.11.23804.zip
f-secure-rescue-cd-3.11.23804.zip.md5sum
f-secure-rescue-cd-3.11.23804.zip.sha1sum

The Mac & Linux team is an international team of 10 multi-talented agile software development professionals. We develop and maintain F-Secure’s Mac and Linux products like Mac Protection, Linux Security, Internet Gatekeeper for Linux and Rescue CD and use Scrum to run our projects. We have a lot of challenges and learning opportunities to offer, and we like to have fun while working.

As a member of our team, your main responsibilities will be planning and automating tests as well as manual testing. You will also participate in project planning, product design, maintaining our development systems and helping sales and support. Looking for better ways of doing things will be an important part of your work.

You can find the whole ad (and other open positions at F-Secure) here.

If the position sounds like it should be yours, please apply by Friday next week (Sept 4th)! We’re waiting eagerly to hear from you!

What is Rescue CD?
Rescue CD is a free tool you can use to fix a computer that no longer starts because the operating system has been corrupted by malware. For more advanced users, Rescue CD enables other kinds of repair and data recovery operations as well.

When should I use it?
There are two main situations when you should use the Rescue CD:

• The computer no longer starts, as the operating system has been corrupted by malware. In this case you can use the Rescue CD to scan the computer and quarantine the malware. This may allow the operating system to start properly again.
• If you suspect that your security software has been compromised by malware. You can use the Rescue CD to check this, as it is independent of the operating system.

How does it work?
Rescue CD contains a Knoppix (a kind of Linux) operating system which allows using your Windows PC and getting access to the hard disks.

How do I use it?
Rescue CD is included on our Internet Security CD. If you don’t have it, or need to have the newest version, you can download it from here in the blog or on the F-Secure website, and burn it on a CD yourself.

Also, prepare to provide our latest malware definition databases to the tool. This is done either by simply having a network connection or using a USB stick. Instructions for the latter option can be found here (under Using USB stick to store malware definitions).

After getting rescued, remember to make sure that you have an up-to-date security solution to keep you from trouble in the future.

For more information and basic instructions for using the Rescue CD, please check the Rescue CD User’s Guide. And if you still have questions, comments or problems regarding the tool, drop us a line! Ideas and feature requests are also welcome.

So what new do we have?
Here is a Quick Changelog

• New Security Platform
• New Knoppix
• USB stick improvements
  • Ability to speed up the process by storing malware definitions on USB stick if scan is done often
  • Ability to automate scanning or enable malware definition download behind a proxy
  • Ability to run personalized automated script for the system as part of the process
  • Ability to convert RescueCD into bootable USB stick

New Knoppix

We have taken the Knoppix 6.0.1 as the new base for the RescueCD. It has been stripped down somewhat to make download a bit smaller and initialization process is slightly altered to make it fairly simple to use. If you think some crucial tool is missing from the image please let us know and we consider including it later. Both emacs and vi are removed on purpose :)

New Security Platform

Security Platform has been updated to version 2.50. It should be faster now.

Extended usability of USB stick with the product

Using USB stick to store malware definitions

To use USB stick as malware definition storage initialize USB stick by creating directory fsecure on the stick and under that subdirectory rescuecd. Now when you boot the machine with RescueCD and USB stick is inserted into machine it will automatically use the stick to store definitions into. (there must be ~256MB of free space on the stick)

To automate the scan process with help of USB stick

Act as above and after you have booted up you can have a look at the config file /mnt/usbstick/fsecure/rescuecd/config. This file explains different options that can be useful to automate the process or enable virus definition downloads by setting a proxy.

If you wish to automate the scanning process just set the TIMEOUT=5 and every dialog will show only for 5 seconds and after that proceed to next step. Process will halt to last screen that shows scan result.

If you are behind a proxy you can set the http_proxy in the config file according explained specifications.

Running personalized script as part of the process

If you have initialized the USB stick you can create file /mnt/usbstick/fsecure/rescuecd/custom_script.sh

This script can contain your own customised actions that are taken before scan process. This is basically same thing as repair_script.sh used to be, but just renamed to have more generic meaning. You can for example use this script to backup all pictures or documents from your machine to the stick (if it is large enough) or have rsync backup files to remote machine over network.

Converting RescueCD into bootable USB stick (for advanced users)

One of the nice features that we managed to push to the CD is transmogrify script. This script can be used to change normal USB stick into bootable RescueCD stick. Word of warning thou the script will delete everything from target device. So be very careful as you use it to create your bootable USB stick.

To create a USB stick version of the RescueCD, please run the following command in ‘Alt-F2′ after booting the CD:
/opt/f-secure/transmogrify_cd_into_stick.sh [cdrom device] [usb stick device]

[cdrom device] usually is one of the following /dev/hda /dev/hdc /dev/sr0. You can verify the device by changing to different virtual console with ‘Alt-F2′ and typing df. The device on the very first line with /mnt-system is the device you wish to use as first argument to the script.

[usb stick device] is bit harder to figure out. If you have just booted the computer without any stick and have the one that you wish to use in your hand insert it in and check dmesg | grep -A2 usb-storage. Command should print out something like

usb-storage: waiting for device to settle before scanning
scsi 126:0:0:0: Direct-Access USB 2.0 USB Flash Drive 0.00 PQ: 0 ANSI: 2
sd 126:0:0:0: [sdd] 3948544 512-byte hardware sectors (2022 MB)

so in this case destination device would be /dev/sdd
Note: if you create USB stick after databases have been downloaded you will have the fresh virus description databases already on your next boot.

The package can be downloaded here.
Please have a look at the release notes before using the product. They are also available inside the zip package.

checksums for f-secure-rescue-cd-beta-3.10.22900.zip:
md5sum: bbef00aa8e0be2c6398cd1cdfba71470
sha1sum: 12a339b755323c170eb2b1c0e2ddcc88b1b0f0cb

And as before comments and suggestions are welcome trough email address displayed at the bottom of the page.

Many thanks to KNOPPIX team NTFS-3G developers and people in OSS scene.

Another obstacle is the position our user interface should take with regards of the surrounding environment. The kind of applications we typically develop usually do not require much user interaction - indeed, we even want to minimize user interaction whenever we can, since we don’t want to bother the user without good cause. A user probably expects a prominent notification when our product find malware on the disk, but is not that interested in a regular database update (they come several times per day on Windows platforms). At the same time, the user wants to be sure that the application is actually performing as expected.

In the Mac Protection Technology Preview, we went the way of not displaying any user interface elements at all unless the user explicitly launches our UI, or our on-access scanner has detected malware. We essentially treat the on-access scanning as a system service, that is always running in the background, invisible to the user. If the user is curious whether it is working correctly or not, he or she can launch the user interface from the Applications folder. However, it is clear from the feedback that some users have different expectations - there is a need of telling the user “yes, the product is installed and working OK” in a non-intrusive and lightweight manner.

In the Linux Security products, we have accomplished this with two small programs; one for KDE and one for GNOME, both fitting into the respective environment. In Windows, there is a system tray icon visible giving that kind of feedback. On Mac, the place to give such information is not as clear-cut. There has been considerable discussion about this in our team, and clearly our Technology Preview testers have some thoughts about this too (and, by the way, the feedback we’ve got from our Mac Protection Technology Preview is over-the-top awesome - we are really blessed with such enthusiastic and knowledgeable testers!).

In OS X, I personally feel that the Dock should be reserved for applications that the user interacts with on a regular basis. In an ideal situation, a user should not have to interact with our application in their day-to-day work - only in the rare event that malware is found or during installation/uninstallation et cetera should the user need to bring up our user interface. But as our feedback tells us, if there is no Dock icon visible, how is the user supposed to know that the product is running and functioning properly? One element of the Mac OS X Aqua UI is the “menu bar extras” that sit in the upper-right corner of a Mac, and in some ways it resembles the system tray in Windows. Some applications make their own menu bar extras, but this is strictly reserved for use by Apple according to the Human Interface Guidelines - so we would like to avoid it if possible. But what is there then left for us to use that could be very visible but at the same time non-intrusive? Some users seem to like the idea of having our application icon in the Dock all the time. Right now, we close the UI completely when the last window exits. This is consistent with the Apple guidelines, even though they give plenty of room for interpretation:

In most cases, applications that are not document-based should quit when the main window is closed. For Example, System Preferences quits if the user closes the window. If an application continues to perform some function when the main window is closed, however, it may be appropriate to leave it running when the main window is closed. For example, iTunes continues to play when the user closes the main window.

The way I see it, our user interface is like the Apple System Preferences in that its main purpose is to control the behavior of system services. However, I understand that one could argue that, like iTunes, since our products still perform some function even after the user has closed all its Windows, it should still remain active in the Dock. The upside of that approach would be that we could use the Dock icon to represent the status of the product.

We’re happy to receive any and all opinions our readers may have on this subject - please send them along to . And once again, thanks a million for the feedback we’ve already got - it is extremely useful in guiding us in the right direction as we take one step at a time towards a better user experience.

The autobuilder script worked, but we were missing features like IRC notifications, triggering builds from a web page and IRC and statistics. We would also have liked to have a history of builds combined with the test results of every build.

We were already setting up a MySQL database for builds and test results when we discovered that Continuous Integration is actually a hot topic these days and there is plenty of software available to help you with it. We eventually decided on software called Hudson.

Hudson is open source software and it is under active development by a large and growing community.
Hudson is written in Java and packaged so it can be set up easily and quickly. Basically you download the hudson.war file and run it: java -jar hudson.war

That’s it! Then you point your browser to port 8080 on that host and you have a pretty Web UI for setting up, managing and monitoring of various build jobs.

In a nutshell a job consists of following steps:

Poll a version control repository for changes.

Check out the source to a workspace directory.

Execute a build script.

Archive build results from workspace (or build artifacts like Hudson calls them.)

(Optional) pick up test results from XML files in workspace.

Each build of each job has a nice web page showing if the build was successful, when it was run and how long it took. The build artifacts can be downloaded from the same page and you can also inspect the test results.
You can configure a job to trigger one or more other jobs. For example, when the job that builds F-Secure Mac Protection finishes successfully, we have set it to trigger 2 other jobs: Installtest and Smoketest.

A job does not have to build software. Hudson does not care what the build script does. The build script in Installtest downloads the last successful build artifact from the job that launched it and installs it on a Mac mini running on a side table in the corner of the team room. Then it makes couple of simple checks and uninstalls the software. The result of this run is recorded in an XML file in the JUnit format. When the build script exists successfully, Hudson reads the XML file and stores the test results.

Hudson executes the Installtest parallel with the Smoketest job. Smoketest takes much longer to run (about 7-8 minutes), which is why we have the Installtest to provide us fast feedback in case we break something. Smoketest is similar to Installtest, except it runs many more tests.

We have also a number of other jobs, which are triggered by the Smoketest: Fulltest (runs all the tests taking about an hour), Upgradetest (runs upgrade from previous version and all tests from fulltest) and Performancetest (runs a set of common user tasks, measuring the time it takes.)

As you see, it is a good practice to split long jobs into multiple smaller jobs that run quicker. The quicker a job runs, the faster you get to know if you broke something and the faster you can fix it.

Hudson also has a whole lot of plugins that can be used to enhance and extend the basic functionality. There are plugins for supporting most of the popular version control systems and plugins to analyze source code and create reports and lots more. (And there is a plugin for IRC too.)

If you are doing continuous integration you could do a lot worse than use Hudson to help you. I definitely recommend you check it out.