F-PROT Professional Version 3.0 is
the perfect combination of easy network installation, updating,
administration and the world’s most advanced anti-virus
technology.
Award winning virus detection and
removal capabilities of F-PROT Professional are now easier to
access, distribute and maintain on all Windows platforms,
including NT 4 Workstations and Servers and Windows compatible
networks.
New features include:
F-PROT Gatekeeper real time
scanner technology for all Windows environments
Web Club - Internet
connections to up-to-date information on F-Secure WWW
server directly from within F-PROT, including access to a
large variety of technical information for the administration
and access to continuously updated virus descriptions for the
end user
A Wizard for the administrator
to create an automatic network installation and update script
directly from the Administrator menu
The new F-PROT Anti-Virus
Service automatically manages updates even if there is no-one
logged on the computer under Windows NT
The comprehensive collection
of F-PROT on-line virus descriptions are available at the
click of a mouse
New Windows 95 compatible user
interface and numerous improvements in ease-of-use
Microsoft Systems Management
Server (SMS) support for installations and updates on large
Windows networks
SNMP support for reporting in
large networks
Extremely fast scanning inside
compressed files.
While creating the new generation
of the F-PROT Professional products F-Secure has taken care
to preserve the investment current F-PROT users have made in
customizing their F-PROT installation, automating the virus
detection and learning to use the product. F-PROT Professional
Version 3.0 installs automatically on top of an existing F-PROT
Professional installation and uses all the existing settings. Due
to its automatic network installation and update procedures,
installations are easy to automate even in large networks.
History of F-PROT
4/1989F-PROT v1.0
8/1991F-PROT v2.0
12/1993F-PROT for Windows 3.x
4/1994F-PROT for OS/2 1.x
2/1995F-PROT for OS/2 2.x
3/1995F-PROT Gatekeeper for Windows
12/1995F-PROT for Windows 95
12/1995F-PROT for Windows NT 3/1997F-PROT for Windows NT Server
7/1997F-PROT v3.0
Virus situation
Case: CAP
Number of macro viruses exceeded
1000 in the beginning of June. One of the most common macro
viruses right now is WordMacro/CAP. It spread quickly during the
late spring. Unlike most other Word macro viruses, CAP also
spreads under Word 97.
It also works with any
nationalized version of Word.
CAP was written in Venezuela and
the author is known. If you wish to give your opinion on virus
writing directly to him, you can reach him at jqw3rty@hotmail.com.
One of the reasons CAP spread so
fast was that it spread during any file operation. Opening,
closing, saving or printing is enough to infect a file.
Technically WordMacro/CAP is one
of the most complex macro viruses and has extraordinary features.
It consists of several encrypted macros.
The virus contains these texts in
comments:
‘C.A.P: Un virus social..
y ahora digital..
‘"j4cKy Qw3rTy"
(jqw3rty@hotmail.com).
‘Venezuela, Maracay, Dic
1996.
‘P.D. Que haces gochito ?
Nunca seras Simon Bolivar.. Bolsa !
When infecting Word, CAP modifies
up to five already-existing menus, redirecting them to the virus
code. This creates some problems, as the names of the modified
entries are different in different Word installations and
different language versions of Word.
When CAP infects documents, it
deletes all existing macros from them. Otherwise CAP does not do
anything destructive. However, it does remove the Tools/Macro and
Tools/Customize menus and disables File/Templates menu in order
to protect itself.
F-PROT has handled CAP since
version 2.26.
Olivia
Olivia is a complex virus from
Taiwan. It has been spread in at least a fake beta version of the
RAR 2.5 archive program in June 1997. Olivia infects COM and EXE
files.
Olivia activates on the 10th of
April and the 23rd of December. On these dates it will open the
CD-ROM drive of the machine and display this text on the screen:
please put a love music CD
into your CD-ROM..and pass any key to continue..
When the users inserts an audio CD
disc and hits a key, the virus starts to play the music on CD and
at the same time overwrites the hard disk. A message in Taiwanese
is displayed on screen while this happens - the message
apparently says "Happy birthday".
After the hard disk has been
overwritten, the machine will hand with music still playing.
F-PROT detects Olivia.
Cleaner
Cleaner is a simple memory
resident virus which infects COM and EXE files when they are
executed.
Cleaner activates on the 8th of
September on every year. At this date, the virus will display the
following text on the screen:
O HDD-CLEANER Version 2.0 O
O Copyright (c) 1997 (1st JAN) O
O Made in Hungary, Sopron O
DESTRUCTION IN PROGRESS...
After this the virus overwrites
the beginning of the hard drive. Only the first 16 sectors are
overwritten, so recovery is possible. Cleaner will also cause
different compatibility problems.
This virus was found in the wild
in June 1997, after the Hungarian version of the computer
magazine CHIP accidentally distributed it on their cover CD-ROM.
A new version of the CD-ROM was burned with an up-to-date version
of F-PROT on it.
F-PROT detects Cleaner.
Common Questions and Answers
If you have questions about
information security or virus prevention, contact your local
F-PROT distributor. You can also contact F-Secure directly
via phone at +358-9-478 444.
Written questions can be e-mailed
to:
F-PROT-Support@F-Secure.com
Or mailed to:
F-Secure Ltd
F-PROT Support
Päiväntaite 8
02210 ESPOO
FINLAND
We have a policy in our
organization to only use RTF file format when sending Word
document out of our organization. This seems to prevent us from
infecting our clients even if we have occasional virus outbreaks
within the company. But is the RTF format always safe?
The RTF file format does not
support macros at all, so you can not have macro viruses in an
RTF file. Even if the original Word document would have been
infected, the macros disappear when you save the file as RTF.
However, we have seen cases where
lazy employess have not followed house rules exactly, and have
simply renamed their old DOC files to have the RTF extension.
A file like this can still
contains viruses and the recipient has no easy way of
distinguishing real RTF files from DOC files that have been
renamed to RTF. In addition, some macro viruses always save the
file to DOC format, regardless of the file format chosen by the
user.
Also, some program (like Word 7.0)
support saving embedded objects inside RTF files. This allows you
to have, for example, an EXE program inside an RTF file. Cases
like this are rare though.
Files with the RTF extension are
not always safe - however, use of this format instead of the
traditional DOC format has only advantages.
We use Lotus Notes/Microsoft
Exchange/CC:mail/etc as our mail system. Is there a version of
F-PROT which would scan the attachments we send through this
system?
If your workstations are running
F-PROT Gatekeeper, it will automatically scan attachments sent
and received through e-mail. Just like it scans files transferred
over www or ftp or programs or document on floppies or hard
drives.
Changes in F-PROT Professional
3.0
We’ve added detection of
about 100 traditional and 700 macro viruses since version 2.26.
Changes in F-PROT for DOS
The DOS version has no changes
with version 3.0, and still uses the old version numbering.
Changes in F-PROT for Windows
Support for the MACRO.DEF
definition file has been added to Gatekeeper 95 and Gatekeeper
NT. This means that we are able to provide the best possible
macro virus detection and disinfection capabilities on all
platforms and both realtime and on demand versions.
F-PROT 3.0 supports the file
formats used by Microsoft Office 97 with the following
limitations: Disinfection of Excel 97 files is not supported yet.
Word 97 files are disinfected by removing all macros. Gatekeepers
do not support 97 files on any platform yet.
F-PROT 3.0 supports scanning
inside archive files with the following features: Supports ZIP
and LZH packages, support for ARJ will be introduced in
forthcoming versions. Only Windows on-demand scanners support
scanning inside packed archives. Support for Gatekeepers will be
introduced in forthcoming versions. Files inside recursive,
nested archives inside multiple layers of archives are scanned
Changes in F-PROT for Windows NT
As an extension to current network
communication of F-PROT for Windows, this version introduces the
support for SNMP communication. This allows F-PROT for Windows to
send alert traps over the WANs in case of any virus activity
detected by Windows on-demand scanners or Gatekeepers. The
support for SNMP has the following key features:
Supported in both NT Workstation
and NT Server products for NT 3.5, 3.51 and 4.0 versions.
Both Windows NT on-demand scanner
and Gatekeeper are capable of generating SNMP alert traps in case
of virus detection and send it to SNMP management system
Autoinst and Setup support the
installation of SNMP support
Gatekeeper NT now supports
scanning NT boot sectors on diskettes and boot sectors and MBRs
on hard disks.
The update of NT Gatekeeper
drivers can be handled without local administrator rights, unless
the admin has changed the F-PROT NT directory to read-only
The update of F-PROT Recognizer
driver will be updated with Setup and Autoinst by renaming the
current recognizer file to another name and copying the new
driver
New drivers will be taken into
action after the machine is rebooted, otherwise the old drivers
will stay in memory.
