get to
know us

Independent Testing

F-Secure submits its security products for comparative review by independent, internationally renowned product testing organizations. These tests are important to us, not just as an objective appraisal of the product's quality and effectiveness, but also as a benchmark for its performance and competitiveness.

The results of these tests guide us in continuously improving our product features, detection methodologies and services.

AV-TEST's Best Protection award is presented to the best antivirus product of the year in terms of protection against malware infections caused by current threats such as zero-day attacks, malicious websites and e-mails.

The Germany-based AV-TEST Institute is internationally known and respected as a leading provider of independent information security product testing and analysis. In antivirus product testing, submitted products are run against a constantly evolving set of test samples and scenarios.

"F-Secure provides an unobtrusive security solution that's easy to use with excellent protection."

Andreas Marx

AV-TEST's Best Protection Award 2014 is only the most recent award or certification won by F-Secure products. A more comprehensive list of awards won over the years is listed in our Awards page.

What is labs?

F-Secure products are underpinned by the leading-edge technologies and services created in our Labs, which are in turn the creations of special teams dedicated to anti-malware analysis and digital security research.

Based in two locations around the world, these teams investigate the latest threats and trends, in close cooperation with industry partners and recognized international and national information security authorities, in order to develop the systems and technical knowledge needed to protect millions of users against threats to their digital security and freedom.


Created at the same time as the company's inception in 1988, F-Secure's Helsinki Lab has played a pivotal role in developing the technology and expertise that have made the firm a respected name in the field of digital security. Today, the teams in Helsinki continue to research the latest threats in order to produce the critical knowledge needed to guide the analysis systems, reputation services and other technologies that power F-Secure's award-winning products.

Kuala Lumpur

First established in October 2006 to strategically complement the ongoing work at F-Secure's Lab halfway across the globe, the anti-malware analysis team based in Kuala Lumpur works closely with the threat research and systems-focused teams in Helsinki, while also providing a crucial bridge in making the technically-dense topic of digital security more accessible to the users of F-Secure's products.

faces of labs

Mikko Hypponen   |   Sean Sullivan

Chief Research Officer

Mikko has been with F-Secure since 1991. In that time, he has led the team that took down the world-wide network used by the Sobig.F worm in 2003, was the first to warn the world about the Sasser outbreak in 2004 and named the infamous Storm Worm in 2007.

Mikko has also assisted law enforcement in USA, Europe and Asia on cybercrime cases; written for several international magazines; and addressed the most important security-related conferences worldwide, building a reputation as an authority on information security. Some even call him a rock star.

Mikko regularly posts about and comments on developments in digital security and freedom via @Mikko.

Security Advisor

Based in the Helsinki Lab, Sean works closely with F-Secure analysts to bring the results of their in-depth investigations to the attention of a global audience. His tireless efforts to make their often technically dense research more approachable is most visible in the Labs Weblog. He also regularly speaks at internal and external presentations covering digital security and freedom, as well other technology-related topics.

Sean also actively communicates with independent researchers, industry partners, media representatives and interested followers from around the world via @5ean5ullivan.


Fighting for digital freedom

At F-Secure, we believe there are three crucial elements that must be addressed for any freedom to be worthwhile and meaningful:

Safeguarding what you value is a fundamental human need.
You are empowered when you have the ability and the tools to protect what you care for.

Your right to privacy extends to your data.
You should be able to choose what to make public or keep private.

You are the rightful author of your own identity.
Control of it in all spheres - online, offline, private or public -
is your inalienable right.

Each of these spheres encompasses a range of issues and concerns, which can overlap and interplay in a myriad of ways.

Every person views them a little differently, and each person has their own 'right' balance of security, privacy and identity.

We understand that. That's why we at F-Secure aim to provide tools and services that put choice and control over these elements into the best hands possible - your own.


We believe protecting the security and privacy of your data is important. The following policies are just some of the guidelines we follow to ensure that any threats we deal with are correctly dealt with and that any customer data we handle remains private and secure.

Classifying Potentially Unwanted Applications (PUAs)

A Potentially Unwanted Application (PUA) is a program that has behaviors or aspects which are considered undesirable, unwanted or risky, but does not meet the stricter definition of malware.

To determine if a program is a PUA, we evaluate it using a guideline which lists behaviors or traits in 5 categories that are generally considered unwanted or risky. The guideline also takes general consumer opinion of the program into account. If a program exhibits behavior or traits that match, or have the same effect as, one or more of the listed items, we consider it a PUA.

To find out more about evaluating PUAs and the guideline we use to do so, see:

Privacy Policy in Brief

This summary describes the basic principles of how we process the personal data that we collect.

When you buy our products, we ask you for your contact information to manage your license. Our services also collect personal data and other data so we can provide, support, enhance and market our services to you. Our security and content management services need to process your file and browser traffic data to protect and enable your digital life. We anonymize such data whenever possible and restrict our own visibility to your personal content.

We always apply strict security measures to protect your personal data.

When you visit our web site, we track your movement on our site so that we can improve your customer experience. We seek to protect your privacy, not to sell it. We aim for transparency when using your personal data to market our services to you.

Full F-Secure Personal data policy for products and services

Policy on detecting spying programs developed by various governments

In late 2001, F-Secure Corporation received various queries on our standpoint regarding the possibility of spying programs developed by various governments.

Much of this discussion was generated by media coverage on rumored backdoor trojan known as "Magic Lantern", developed by FBI or NSA in USA. Discussion was increased as several US-based anti-virus vendors made comments implying they would on purpose leave a backdoor in their anti-virus products to allow such a spying program to work.

Thus, F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.

We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime.

We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would.

F-Secure Corporation always aims to do what's best for our customers.

Data Transfer Declaration: Impact on Privacy and Bandwidth

In order to detect patterns of attack and stop malware from infecting a protected machine, security products need to collect data from their users that can be used to identify and separate harmful actions from benign activity. This data collection can however be problematic from a privacy point of view.

In answer to these concerns, we created this Data Transfer Declaration (PDF) to clearly detail the kind of data our Internet security products collect and how such material is processed. Briefly put - we collect only what we need and anonymize it as early as possible, stripping away anything that looks like the user's personal data.

With the remainder, we can still continue our work in identifying and stopping attacks before they affect our users.