Just noticed this on the PCTools web site. CyberHawk has been renamed to ThreatFire (http://www.threatfire.com/)with a new web site and there is a new beta (http://www.pctools.com/forum/forumdisplay.php?f=59) version available (i.e., beta of v3).

Description of free vs. pro versions from website:

{QUOTE-> ThreatFire is structured a bit differently than Cyberhawk, so to avoid any potential conflicts you cannot have both Cyberhawk and ThreatFire installed on the same machine. If you’d like to try ThreatFire, please be sure to keep a backup of your Cyberhawk install file so that you can easily revert back to that version, should you choose.

Like Cyberhawk, ThreatFire will be available in two versions: ThreatFire Free Edition and ThreatFire Pro

You’ll see that the new free version includes many additional features previously found only in the Pro version: rootkit scanner, malware quarantine and removal, custom rules, etc.

For the Pro version, we’ve included an on-demand antivirus scanner so that in addition to the always on, real-time behavior-based protection you can now scan your system for any dormant threats. We’ve also significantly improved the malware cleanup and quarantine in ThreatFire. <-QUOTE}

Good news :thumb:

BTW, what kind of antivirus engine does the Pro edition come with?

I assume the same as used in PC Tools Antivirus...
Anyway, certanly good news. Will try it for sure. I hope the team behind it will stay the same. At least tech support seems to be the same (kudos to Armando :) ).

{QUOTE-> I assume the same as used in PC Tools Antivirus... <-QUOTE}

PCTools antivirus is powered by KAV isn't it? So it will be KAV if that's the case. Although I don't think it will be too long before they start to develop their own AV.

Anyways, the program sounds good and the free version offers a lot more than Cyberhawk Pro. However, I'll be patient until a issue free non-beta is released. That may take a while, going by the progression of Cyberhawk. Hope I am wrong.

btw Good going PCTools!

{QUOTE-> PCTools antivirus is powered by KAV isn't it? <-QUOTE}
I think that PC Tools AV is powered by VirusBuster (http://www.virusbuster.hu/en/)

Crapz, i thought it's final already and that there is a separate beta version.
But from whati can see, ThreatFire is only a beta by default. Correct?
I'll just wait a bit more...

Yeah, looks like your right lucas1985. They dropped KAV for Virusbuster (http://www.wilderssecurity.com/showthread.php?t=149706).

{QUOTE-> But from whati can see, ThreatFire is only a beta by default... <-QUOTE}

Well, as you know, Cyberhawk always had some issue with most releases. I guess a software such as this always needs tweaking.

TF-free, PCTools-f/w and AntiVir/Avast/AVG might be a good, free Suite (ugh) for those inclined (that don't want Comode.)

Hi, folks: ThresatFire pro = ThreatFire free + On demand AV ? Do I read this right? I have not noticed any on-demand only AV is asking mooney. This is an eye-opener indeed. I would rather use ThrestFire free version and any other result-proven free AV. And use that saved $$$ to buy treats for Picchu-my lapdog. Another marketing blunder from PCTools ?

I said what the hell anyway and installed it. And damn, they did a fine job on GUI. Sweet trey icon (guys at PC Tools know how to make nice trey icons thats for sure!). GUI is also nice. It still has the good old Cyberhawk feel but completelly PC Toolsified ;D Will see how it runs over time. But very good first impression though! :thumb:

Hi all; to answer some queries:

Yes, ThreatFire includes the AV engine from PC Tools AntiVirus, this is a unique engine to PC Tools and although some of it was licensed it is now our own engine. This is the same engine that recently received two VB100 awards in the latest review and has WestCoast Labs certification.

Yes, the excellent team from Cyberhawk/Novatix are still the team behind ThreatFire!

Free vs. Pro - the Free version basically gives you what used to be the full paid version of Cyberhawk, i.e. a lot of functionality. The Paid version gives you Free version + the AV engine being active for real-time blacklist (i.e. when some behavior is detected it is checked against the AV engine as well) and on-demand scanning (it's not just on-demand scanning). The free version on it's own is a very capable product and could be run in combination with another AV product if you choose (just be aware of some performance impact in doing so). And yes we know we're giving away a lot for free, it's not a "marketing blunder" ;)

Best,

Simon
PC Tools

Make sure you keep up us to date Rejzor.

Hi Simon, could you answer Rejzor's question:
{QUOTE-> ThreatFire is only a beta by default. Correct? <-QUOTE}
Thanks

{QUOTE-> And yes we know we're giving away a lot for free <-QUOTE}
You can say that again!

{QUOTE-> ThreatFire is only a beta by default. Correct? <-QUOTE}

Correct, the beta was launched today. Cyberhawk 2 is still the official full non-beta release, but ThreatFire 3 is currently Beta 1.

It's a pretty solid beta in our testing, but normal safe-guards when testing beta software should be used. That being said I'm running it on all my PCs, including corporate ones, as are a lot of other people at PC Tools and it's looking good.

Expect probably a couple of beta builds to fix niggling issues before we go final.

Regards,

Simon
PC Tools

Will these updates be available via SmartUpdate or will we have to update it by manually downloading and installing new version (like for example most of Comodo betas and some others like Kaspersky beta programs)?

Hi RejZoR--

There's unfortunately not a straight answer for this during this initial beta period.

Depending on the situation, new updates may either be via Smart Update or may require a full uninstall then reinstall--it will basically depend on the specific update. The idea going forward though, is that ThreatFire will work on the same Smart Update platform as other PC Tools products.

Kind regards,

Becky Dubrow

Oh nice and light... wouldnt need much more done to it MD:o

Will those of us that hold a current license for CyberHawk Pro be able to migrate to ThreatFire Pro?

This is really cool news! How light is it? I was wondering if it is lighter than CH as I heard it could be a bit heavy.

Cheers, innerpeace

{QUOTE-> Will those of us that hold a current license for CyberHawk Pro be able to migrate to ThreatFire Pro? <-QUOTE}

Yes--after the beta is completed, all Cyberhawk Pro users who hold a valid license will be able to "upgrade" for free to ThreatFire Pro.

When we officially release the non-beta version of ThreatFire you'll all be able to request a free ThreatFire Pro license from the www.threatfire.com website. You'll need your original Cyberhawk Pro license in order to do so.

(due to changes in the licensing scheme we couldn't just migrate all Cyberhawk Pro users to ThreatFire Pro, but we have designed a process to make it as simple as possible to get the new ThreatFire Pro)

Becky

{QUOTE-> Advanced custom rules settings, fully configurable <-QUOTE}

This single features line makes all the difference in the world to some of us who lean a lot on "FREE" versions.

I hope this proggy is fine tuned it all enough to everyones expectations.

Thanks for the new notice.

it is finding things in hidden folder my First Defence ISR?... think theyre ok though not malaware, Adobe things guess i ignore that !MD

{QUOTE-> it is finding things in hidden folder my First Defence ISR?... think theyre ok though not malaware, Adobe things guess i ignore that !MD <-QUOTE}


update
does the Pro run ok along side other AV's?? is it heavier becuase of av?

Hi folks and PCTools : Thanks for your rapid reply and explanations re Free vs Pro. From what I can gather , your added benefits in Pro version are two folded: firstly, an on-demand scanner (AV engine) and secondly, an always on, real-time behavior-based protection against blacklists utilizing AV engine. As to the latter part, how wide is that feature's scope. Let me put into more detailed perspectives; in avast home, its realtime has 6 shields= network, files,Web,IM,email and p2p. What do you have? I do not have your price structure for Pro version, and hoping its cost is in line with other paid softwares in term of quality and value.

ThreatFirePro is advertised @ $19.95 per year...

Hi,folks: Compared to PCTools Av at $ 29.95/year ? a bargain or ???

i upgraded to pro for free beta?. huh? isnt it all in beta mode.? ???

No. Free beta has the same restrictions as the free FINAL (when it comes out).
Same restrictions apply, even though it's still in beta.

I'm running it along avast! and so far it's working just great. Gotta try movies if there is still slowdown at startup of WMP11 like it was in Cyberhawk 2.0.4...

EDIT: No slowdowns yey :D All the bugs i've reported so far have been fixed in each next update. Way to go!

Sounds good. Have tried CH a few times before but had problems. I am running Avast with GESWall. Will TF and GESWall run well together or is there an overlap? I know I have read postings on this but I cannot find them in a search.

Belgammin? has made a couple of useful postings about CH and DSA but not GESWall.

Any advice will be useful.

Works perfect on our second PC (Avast + CyberhAWK Pro + GeSWall Pro).

Threatfire is CB Pro with a user interface in the PC tools style. So enjoy

{QUOTE-> Hi all; to answer some queries:

Yes, ThreatFire includes the AV engine from PC Tools AntiVirus, this is a unique engine to PC Tools and although some of it was licensed it is now our own engine. This is the same engine that recently received two VB100 awards in the latest review and has WestCoast Labs certification.

Yes, the excellent team from Cyberhawk/Novatix are still the team behind ThreatFire!

Free vs. Pro - the Free version basically gives you what used to be the full paid version of Cyberhawk, i.e. a lot of functionality. The Paid version gives you Free version + the AV engine being active for real-time blacklist (i.e. when some behavior is detected it is checked against the AV engine as well) and on-demand scanning (it's not just on-demand scanning). The free version on it's own is a very capable product and could be run in combination with another AV product if you choose (just be aware of some performance impact in doing so). And yes we know we're giving away a lot for free, it's not a "marketing blunder" ;)

Best,

Simon
PC Tools <-QUOTE}

Simon,

Have a look at the messages of the A2 IDS. They are supurb compared to ThreatFire. ThreatFire is a more configurable application than A2 with IDS, so when you manage to give more clues of what triggered the behavior blocker to react (like A2's IDS) I would happily change the configurations of the family PC from DefenseWall + A2 IDS to DefenseWall + ThreatFire Pro

On our second/gaming/graphix PC I am for certain going to change from GeSWall Pro + Avast + CyberHawk Pro to GeSWall Pro + Threatfire Pro.

Having the AV to check only at behavior exceptions is a good concept. Most people have their AV's scanning incoming data, scanning files when they are read and when they are written again. Your idea is a vast improvement in performance with no down sides.

One other featue request is an option in the pro version which has simular capabilities as A2's Intelligent False Positive Reduction. Another good idea is to incorporate something like DefenseWall in your suite.

Thanks and Regards Kees.

It appears that ThreatFire prevents Daemon Tools and Alcohol 52% instalaltion (no warnings, they just fail to install). I've also sent a support ticket regarding this so they'll check it out.

Quick question: Will TF overlap / conflict w/ pro-security? I'd like to try it on my NAS box, that has Outpost FW, NOD32, Pro-Security, SpyWare Terminator, & BoClean. I've disabled BoClean. NAS box runs 24/7 D/L'ng movies, music...

...screamer

I think you are bound to get some doubling up of coverage with PS and TF, however you'll just have to install both to find out if they can coexist...

Having been one of the very first supporters of Cyberhawk i just have to give ThreatFire a try.

On install i notice most drivers are still the same CyberHawk names so for all practical purposes looks like this remains an authentic CyberHawk design alright with some nice new additionals and hopefully many bug fixes.

I notice in addition to launching an IE page that just like CH, ThreatFire announces it wants to SUSPEND iexplorer but doesn't prevent it from loading as usual. Uneducated guess here is that since it's a behavioral blocker the SUSPEND is only for micro-seconds just to do a instant-scan that nothing malicious or of a risk is determined.

Anyone have any other ideas on that front?

its been running on my pc for a while and its running very smoothly.its using around 8 to 8.5 mb as shown on task manager.

Install went well, no conflicts w/ PS. One thing though, no tray icon. TFService & TFtrayApp are running but no icon is sys tray

???

...screamer

Just tried ThreatFire and it caused a BSOD in Win 2k sp4.

As soon as I pressed the finish button it crashed. The computer rebooted but Chkdsk came up with problems on all partitions. I noted particularly that the TF folder or part of it was corrupted. Once it had rebooted the mouse and keyboard were locked out although on the hardware side it looked ok, ie. k/b & mouse were lit as normal.

Tried a second reboot from a reset and same saga.

Could not get back into Win from safe mode so resorted to an image restore booting from CD.

Not encouraged to try this any further.

Using

2k sp4
Avast
SSM - learning mode (paid)
Kerio 2.1.5
BOClean 4.24

I just tried ThreatFire and it BSOD my machine (which i detest :dry: )

I restarted, reinstalled after uninstall and the same BSOD again & again. I come to an easy conclusion it's very unstable and not close yet to prime time by a long shot.

Like the above poster, i AM NOT encouraged to try it again. CyberHawk "NEVER" BSOD my machines in any version, yeah there might have been some minor performance concerns here & there, but when a proggy consistently BSOD's my units, it's a real bummer.

My mouse & keyboard were also disabled like a virus would do, plus CTRL+ALT+DEL was unavailable leaving nothing but a complete Hard Reset to boot again.

Program is NOT been thoroughly tested in-house, thats very obvious.

It ruined my FD-ISR where i can't even reach my backup snapshot. I'm testing in an alternate hard drive which now i have to pull the panel and totally delete the partition, ZERO and wipe the drive and reinstall. Lousy release if you ask me. :thumbd:

I now miss the old CyberHawk and lucky for me i still have some of their early releases should i decide i need them, which in reality i don't.

Enough of this. Back to the drawing boards for PCTools IMO.

Installed on two computers and running fine without any problems. The two computers are running (both with all updates):

Notebook: XP Home, Avira PE, PC Tools firewall plus, GeSWall

Desktop: XP Pro, Norton AV 2007, Outpost Pro 4, GeSWall

I was dubious about trying this out as cyberhawk trashed my system, but as i now have returnil i may as well give it a go.

I must say i am pleasently suprised as it seems to have no impact on system performance.

The only downside was KIS7 goes crazy at first until every componment of ThreatFire is added to the trusted zone.

Has anything been updated from the latest version of Cyberhawk to Threatfire? Or are the "engines" if you will, all the same?

{QUOTE-> Has anything been updated from the latest version of Cyberhawk to Threatfire? Or are the "engines" if you will, all the same? <-QUOTE}

Who knows? It's all a blackbox.

Works fine here too btw.

You'll notice on install, expecially if you're running any HIPS, ThreatFire immediately wants to Modify EVERY RUNNING PROCESS in your TaskManager as well as Critical system files, and to me that's just too risky. Now outdated & older rootkits performed the same exact procedure like a dll injection-type sequence, but i run Rootkits that are infinitely more stable than this and definitely without BSOD'ing my system even after countless reboots.

Needless to say, i am very upset with their obsolete technique. It is too risky and will render a system unstable. At least it did mine and from what i just read above i'm not the only one.

{QUOTE-> Needless to say, i am very upset with their obsolete technique. It is too risky and will render a system unstable. At least it did mine and from what i just read above i'm not the only one. <-QUOTE}
SSM does the same (discovered by the authors of RkU)

Got it installed and running here and so far no problems at all. Seems light around 7.5mb total ram. Performance is fine. Will see if anything comes up in the next few days...

2nd day running with comodo boclean and returnil with protection on. Having fun gaming online no problems so far. :thumb:

Looks bit interesting to me. I just tested it with a new malware which i found few days ago and only 4 av engines have detected it on virus total. i also tested it with some firewall leak test tools here are the images attached

I only this week started doing my new reinstalls ($M Volume License) with SP2 + all updates and i been experiencing BSOD's 3 times now with security programs, including IceSword, Drive Sentry and now this.

If it keeps up there is no choice but to retrofit back to SP1 which been stable as a rock and NO bluescreen issues like this in succession. So for those who wondered why i always showed SP1 in my system credentials, this is the concern i always feared.

SP2 makes for issues on some systems, mine is one of them.

Threatfire looks good & uses low resources, but it "calls home" at reboot even with updates & community protection disabled... Any suggestions?

{QUOTE-> I only this week started doing my new reinstalls ($M Volume License) with SP2 + all updates and i been experiencing BSOD's 3 times now with security programs, including IceSword, Drive Sentry and now this.

If it keeps up there is no choice but to retrofit back to SP1 which been stable as a rock and NO bluescreen issues like this in succession. So for those who wondered why i always showed SP1 in my system credentials, this is the concern i always feared.

SP2 makes for issues on some systems, mine is one of them. <-QUOTE}

What about ppl stop using >50 security programs at once and use only those that actually compliment themself? Any kind of antivirus with decent track record on VB100% and AV-Comparatives with ThreatFire can already provide outstanding detection rates without compromising actual security and stability. I really don't see any point in using bunch of virtualizing tools and bunch of behavior blockers and HIPS on top of it along with antiviruses and truck load of antispyware tools. It's just unnecessary overkill.

{QUOTE-> What about ppl stop using >50 security programs at once and use only those that actually compliment themself? Any kind of antivirus with decent track record on VB100% and AV-Comparatives with ThreatFire can already provide outstanding detection rates without compromising actual security and stability. I really don't see any point in using bunch of virtualizing tools and bunch of behavior blockers and HIPS on top of it along with antiviruses and truck load of antispyware tools. It's just unnecessary overkill. <-QUOTE}

I guess you never heard of layers.You can never have enough layers. In fact, I think according to this (http://www.wilderssecurity.com/showthread.php?t=181819), most people don't have enough layers, as their defenses don't cover all the 9 defensive styles.

{QUOTE-> I guess you never heard of layers.You can never have enough layers. In fact, I think according to this (http://www.wilderssecurity.com/showthread.php?t=181819), most people don't have enough layers, as their defenses don't cover all the 9 defensive styles. <-QUOTE}
To be honest, I think all these "layers" of stuff is ridiculous too.. Just where on Earth are you guys planning to go armed with every possible security app under the sun? Whatever happened to being reasonable and practical? I've been on the internet for 12 years now and never needed anything other than an AV and a router or firewall.

IMO, all you need for 99.9% of the situations out there are a decent AV and at most one other HIPS type program. That plus an image or two of your setup should cover you. I am simply amazed that some of these overapp'd PCs even run at all, much less BSOD every other day...

i totally agree, i think some people are just paranoid, to me a good AV, hardware firewall and a good Image backup program is enough

Well, I just don´t see what all the fuzz is about, I´m not impressed at all, firstly, it´s obvious that it won´t prompt you about a lot of suspicious behavior, secondly, it detects leaktests by signature, and thirdly, making of advanced rules is way too complex. So, no CyberHawk for me, but for the people who like it, have fun guys. :)

{QUOTE-> Well, I just don´t see what all the fuzz is about, I´m not impressed at all, firstly, it´s obvious that it won´t prompt you about a lot of suspicious behavior <-QUOTE}
Perhaps it's just intelligent enough to distinguish between "suspicious behavior" and something that is actually harmful.. The less prompting I get from it, the better for me.

So whats better, an intelligent behavior blocker or dumb HIPS that asks you for everything and anyting, yet it's always up to you top decide. But when Cyberhawk (now ThreatFire) detects something there's like 99% chance it's actually bad. It doesn't detect leaktests by signature because they can't detect them via behavior. But they are in fact harmless and signature detection doesn't work just for these. Lots of common malware and adware is detected this way.
Plus some components of these leaktests are in fact greyware. By themself, they aren't malicious but in combination with other components they can be.
ANd third, who says you have to make any extra options? If you don't know how to make them, leave that option alone. I'm not gonna bang my head into a wall trying to create a program if i don't know how to programm one. Same here.
Default rules are balanced enough for anyone anyway.

@ RejZoR & Kerodo

I´m sorry but I believe there is no such thing as "intelligent" HIPS, if you don´t want to see alerts just don´t use HIPS. A HIPS job is to (silently) protect you from zero day attacks, and to alert you about possible dangerous behavior, the more behaviors covered, the better.

Because just like any other HIPS, CyberHawk doesn´t know which process is malicious and which is not, so how is it "intelligent" again? Even the HIPS in KAV/KIS will alert you about all processes who perform dangerous stuff, eventhough KAV can actually spot malicious tools by signature, know what I mean? So to answer your question, "dumb" behavior blockers are better. :)

Actually behavior blockers aren't dumb. HIPS programs are.

{QUOTE-> Actually behavior blockers aren't dumb. HIPS programs are. <-QUOTE}

Please, let's not have another definition debate again.. They are so counter-productive...

I suppose if one has the knowledge level of a malware analyst, one probably might use SSM or something of that class. For most of us normal mortals, Threatfire or Norton Antibot might be better.

{QUOTE->
IMO, all you need for 99.9% of the situations out there are a decent AV and at most one other HIPS type program. That plus an image or two of your setup should cover you. I am simply amazed that some of these overapp'd PCs even run at all, much less BSOD every other day... <-QUOTE}

Actually given that some users expect these overlapping setups to run on Virtual machines makes it even more amazing...

Hi, folks: Are all behavior blocker and HIPS are smart stuff? That all depend upon who are behind those apps. Some developers are smarter than others in the way of users-friendly. Some think they have the most advanced technologies which can outperform any other rivals. But when it put out for public testing, nothing but negative feed-backs, problems after problems. Do we say these apps are smarter ones, yes in their incubator, but not out in the open. I am involved with product development-consumer products--daily. Any inventions by our smart brains have to be filtered by some tech-deficient marketing staff. Their inputs are not taken lightly usually. That is why I smell ThreatFire will not be a user-friendly product as it stands now, alothough it comes from tons of brilliant brainpower.

{QUOTE-> Hi, folks: Are all behavior blocker and HIPS are smart stuff? That all depend upon who are behind those apps. Some developers are smarter than others in the way of users-friendly. Some think they have the most advanced technologies which can outperform any other rivals. But when it put out for public testing, nothing but negative feed-backs, problems after problems. Do we say these apps are smarter ones, yes in their incubator, but not out in the open. I am involved with product development-consumer products--daily. Any inventions by our smart brains have to be filtered by some tech-deficient marketing staff. Their inputs are not taken lightly usually. That is why I smell ThreatFire will not be a user-friendly product as it stands now, alothough it comes from tons of brilliant brainpower. <-QUOTE}
Every piece of software is certain to garner feedback from among thousands of users who don't like some niggles or aspects of how it works, especially when said software is still in beta. To be honest, I don't really see your point at all (if there is indeed one).

{QUOTE-> @ RejZoR & Kerodo

I´m sorry but I believe there is no such thing as "intelligent" HIPS <-QUOTE}
Keywords: "you" and "believe". Which means it doesn't necessarily has anything to do with fact, which is indeed the case here.

{QUOTE-> Because just like any other HIPS, CyberHawk doesn´t know which process is malicious and which is not, so how is it "intelligent" again? Even the HIPS in KAV/KIS will alert you about all processes who perform dangerous stuff, eventhough KAV can actually spot malicious tools by signature, know what I mean? So to answer your question, "dumb" behavior blockers are better. :) <-QUOTE}
"Dumb" HIPS will alert you everytime a process fires one of their rules, regardless of whether that process is benign or malicious. In the end, the user still needs to make a decision whether a process is harmful. Behavior blockers like ThreatFire and Micropoint (another excellent behavior blocker from China) function by analyzing a SERIES of actions (much like how a human user of a HIPS program would) instead of blindly flagging single ones, and then use an inbuilt algorithm to try to determine whether the series of actions fit the pattern of a virus or harmless program. Behavior blockers can monitor everything a HIPS can, and some of them actually do. They just don't blindly jump in your face every time something triggers their rules.

{QUOTE-> Well, I just don´t see what all the fuzz is about, I´m not impressed at all, firstly, it´s obvious that it won´t prompt you about a lot of suspicious behavior, secondly, it detects leaktests by signature, and thirdly, making of advanced rules is way too complex. So, no CyberHawk for me, but for the people who like it, have fun guys. :) <-QUOTE}
Don,t try to judge a behav blocker like a HIPS.

{QUOTE-> Threatfire looks good & uses low resources, but it "calls home" at reboot even with updates & community protection disabled... Any suggestions? <-QUOTE}
This is not good to hear. Can u post a snapshot? Anyone else noticed it?
I remember similar behaviour from CH and it was corrected after we mentioned it here.

Who cares? People are so freakin WAY too paranoid even where they shouldn't be. Oh noes, it's calling home. Oh dear, it's not like it's sending all your pr0n to them...

{QUOTE-> Who cares? People are so freakin WAY too paranoid even where they shouldn't be. Oh noes, it's calling home. Oh dear, it's not like it's sending all your pr0n to them... <-QUOTE}
That,s a ridiculous remark. I always thought of u a helping person.
BTW there is no porn on my PC.

ill stick with Norton Antibot till its final ;D

{QUOTE-> That,s a radiculous remark. I always thought of u a helping person.
BTW there is no porn on my PC. <-QUOTE}

i think he was only kidding aigle :D

About Porn? Yes
Rest- not sure!

I xpect it to be better. So far I have not seen off and on CPU spikes from its service( especially on launch of application), Ch used to give such spikes with sometimes slow downs etc.

They should have changed the GUI of pop ups too, to match the new GUI.

Hi,
Could somebody please elaborate on the "buffer overflow" protection feature of Threatfire? How does it compare to other software, let's say Comodo Memory Guardian?
I've read many posts on this forum about buffer overflow, but it seems there is no consensus on how important it is.
I'd appreciate any comments and thoughts.
Thanks

Had to dump Threatfire. Too reminiscent of CH. Frequent 75% CPU spikes. Slowed starting apps to a crawl.

Then again YMMV??

...screamer

I must say I haven't seen any probs with TF here so far at all, and I just tonight went thru a major program upgrade as well as Microsoft Update installs, and was pleased to see that TF didn't once bother me with a bunch of ridiculous popups. It knows what's normal and what isn't, and that's exactly why I like it...

{QUOTE-> Every piece of software is certain to garner feedback from among thousands of users who don't like some niggles or aspects of how it works, especially when said software is still in beta. To be honest, I don't really see your point at all (if there is indeed one). <-QUOTE}
Hi, folks;My point is very simple, does not need scientist's IQ to comprehend: You can invent any product(of course, in this case is an application) which may be plated with gold and also comes from best of the best brains. But if it can not be used by majority of population(in this case is pc home users, not commercial IT experts), where are you going to recoup your dev. costs and retain your reputation. Luckily, TF is still in early beta, anything deviated from that direction(user-friendly) can be fixed and adjusted, if the pilot of this program has a clear vision. I did not say TF will not mature as an excellent product, but I do worry its direction and its path to become a full version.

After tried CH a lot of times, I decided to give a try to this new version, because like some of you, I don't like dumb HIPS programs annoying me all the time...

The same problems that I had before seems to continues...

Besides that, I run a program that change the IE homepage, and another that change the windows startup items, and ThreatFire didn't alert me about nothing! Is this normal!?

When uninstalling WUBI it asks if you want to create a back-up file (for re-installing) and when doing so TF will pop-up to warn about the files being created. But when doing MS-update or updating drivers, it doesn't ask you to permit the actions that obviusly caused. For a set-it-and-forget-it apps., this is great! For those wanting more control, I think TF would be a disappointment. Since the majority of users prefer not to be bothered with pop-ups, I think TF will be accepted by the majority. I would compare this with PrevX, but "lighter". Great for a beta!!!

i had this new malware few days before which was not detected by major avs in virus total then after submitting it to many avs it was added to database as somthing like "win32.rbot.byj".
when i tried it on TF it alerted of malware.
and it knows the name of malware also.
may be thats why it tries to connect to internet.

Nope, this is from local blacklist data base that is checked on triger events.

That will be the good thing about the PRO version.

Behavior rules will be set tighter (I Guess), when fired the AntiVirus is used to check for known bad guys. When known => message, when not known => prompt. After user prompt the file shoudl be sent to PC Tools for analyses (because black list can also be used to create white list).

Regards K

@ solcroft

I guess it´s a different point of view, but I already explained why I wouldn´t feel safe with a HIPS like Cyberhawk.

{QUOTE-> "Dumb" HIPS will alert you everytime a process fires one of their rules, regardless of whether that process is benign or malicious. In the end, the user still needs to make a decision whether a process is harmful. <-QUOTE}

But how do "smart" HIPS know if a process is malicious or not? And if they think that a process is most likely to be malicious they will still leave the decision up to you not? I mean you guys make it sound like everytime CyberHawk prompts you about something, it´s bound to be malware, but this is not the case. I´ve seen that most of the time it acts just like a "dumb" HIPS, but it seems to be monitoring less, that´s my whole point.

{QUOTE-> Behavior blockers like ThreatFire and Micropoint (another excellent behavior blocker from China) function by analyzing a SERIES of actions (much like how a human user of a HIPS program would) instead of blindly flagging single ones, and then use an inbuilt algorithm to try to determine whether the series of actions fit the pattern of a virus or harmless program. <-QUOTE}

Sounds good in theory, but I do not believe in this technology, no HIPS in the world can identify malware with 100% certainty, not even signature based tools can do this. So at the end of the day it makes sense to alert about every suspicious behavior from (almost) every process, something that even KAV/KIS does.

{QUOTE-> @ solcroft

I mean you guys make it sound like everytime CyberHawk prompts you about something, it´s bound to be malware, but this is not the case. I´ve seen that most of the time it acts just like a "dumb" HIPS, but it seems to be monitoring less, that´s my whole point. <-QUOTE}
Ultimately it's really up to your own choices and preferences, but your observation in this case is incorrect. Take the time to test TF against malware and normal programs alike, and you'll see the difference.

{QUOTE-> Sounds good in theory, but I do not believe in this technology, no HIPS in the world can identify malware with 100% certainty, not even signature based tools can do this. So at the end of the day it makes sense to alert about every suspicious behavior from (almost) every process, something that even KAV/KIS does. <-QUOTE}
Again, it's up to your personal preferences. And of course, who's to say that you'll be able to create rules and identify malware with 100% certainty in place of TF? What you choose to use is your decision, but there's no reason to try to cast doubt on a perfectly viable alternative just because you don't fully understand it.

The nay-sayers came out of the woodwork when BoClean got bought out. Very few trusted AVS, because it came from AOL even though it used the KAV-engine. If PCTools had bought SAS, the detractors would be just as hard. I trialled CH and don't notice much difference with TF, just a change of gui??? Some people are not going to like TF just because of "the sins of the father"...puh-shaw!

Well i don't because i know who's behind the program and so do guys at PC Tools.
It's best to keep original team on the project even though you own the brand now.

I am not happy that CH was bought by PC Tools. It,s my personal opinion though.
I wish it was not PC Tools.

I think we need three options here.

1- Allow( will allow action)
2- Deny( it will deny action and will kill the malicious process like old CyberHawk)
3- Qurantine(it will deny action, will kill the malicious process and quaratine the malicious file)

I posted this on their forums.

This p.o.s. of a program still renders Firefox unusable on my machine for some reason. It messes with the profile when I try and add add-ons and gives me errors; then multiple files start appearing in the firefox profile folder.

{QUOTE-> I think we need three options here.

1- Allow( will allow action)
2- Deny( it will deny action and will kill the malicious process like old CyberHawk)
3- Qurantine(it will deny action, will kill the malicious process and quaratine the malicious file)

I posted this on their forums. <-QUOTE}
Don't really see why you'd just want to Deny the action and kill the running process, as it will most likely just run or resurface again at some point and prompt you all over again. Why not quarantine it?

{QUOTE-> This p.o.s. of a program still renders Firefox unusable on my machine for some reason. It messes with the profile when I try and add add-ons and gives me errors; then multiple files start appearing in the firefox profile folder. <-QUOTE}
Never had any problems here with TF and Firefox, none of any sort. Must be some reason for it, bizarre or otherwise...

{QUOTE-> I think we need three options here.

1- Allow( will allow action)
2- Deny( it will deny action and will kill the malicious process like old CyberHawk)
3- Qurantine(it will deny action, will kill the malicious process and quaratine the malicious file)

I posted this on their forums. <-QUOTE}

Here's a response from Cyberhawk support in another thread:

http://www.wilderssecurity.com/showthread.php?t=183020&page=2

{QUOTE-> Hi Espresso--

Currently the only choices when ThreatFire enforces a Custom Rule you have created is Allow or Quarantine.

However, you'll notice that the Threat Control Center still includes a "Denied" bin. This bin is actually not used for anything in this release, but the plan for a future update (v. 3.1) would be to modify the alert dialogs for Custom Rules to show the choice of Allow or Deny, rather than Allow or Quarantine. You would also have the opportunity to check the "Remember this answer" box to always allow or always deny that action. In many cases for custom rules it just makes more sense to only "Deny" the action rather than "Quarantine" it.

In most other cases with the ThreatFire alerts (all non-custom rule alerts), Allow or Quarantine should suffice.

Kind regards,

Becky Dubrow
__________________
PC Tools ThreatFire Team
5777 Central Ave., Ste. 130
Boulder, CO 80301
USA
http://www.threatfire.com
http://www.pctools.com <-QUOTE}

@ solcroft

{QUOTE-> What you choose to use is your decision, but there's no reason to try to cast doubt on a perfectly viable alternative just because you don't fully understand it. <-QUOTE}

It´s not a matter of not understanding the product, I just doubt the fact that it´s truly "intelligent".

{QUOTE-> Take the time to test TF against malware and normal programs alike, and you'll see the difference. <-QUOTE}

Yes, the best way to find this out is to do a test and see if it really stays quite (most of the time) when installing harmless tools, and only alerts you about malicious tools. The problem is that it currently detects almost all malicious tools by signature, is this a full blown AV btw?

{QUOTE-> What you choose to use is your decision, but there's no reason to try to cast doubt on a perfectly viable alternative just because you don't fully understand it. <-QUOTE}

Yes, personally I like HIPS that give you more control, but I´d admit I was perhaps way too negativ, I´ve done some more testing, and I was wrong, it seems that ThreatFire has indeed been improved and is monitoring more things now, so certainly not a bad product. Btw, I have checked out MicroPoint and didn´t like it. ;)

{QUOTE-> Hi, folks: ThresatFire pro = ThreatFire free + On demand AV ? Do I read this right? I have not noticed any on-demand only AV is asking mooney. This is an eye-opener indeed. I would rather use ThrestFire free version and any other result-proven free AV. And use that saved $$$ to buy treats for Picchu-my lapdog. Another marketing blunder from PCTools ? <-QUOTE}
Hi, folks: Out of curiosity, I am testing this new ThreatFire. So far so good on my Intel T5500 laptop, no need for PeptoBismal yet. Today I come across that PC Tools does offer a free version of AntiVirus 3.6. I just wonder, perhaps someone from PCTools can clarify my question here: Is the on-demand scanner in ThreatFire Pro is the same or at least part of that in PCTools AV free version ? If not, can you elaborate it ? Thanks.

Hi Perman--

Glad ThreatFire is working well for you so far (and no stomach upset! :) ).

Please see pctools post earlier on this thread which hopefully answers your question:

http://www.wilderssecurity.com/showpost.php?p=1059480&postcount=11

While you could certainly run the free versions of both ThreatFire and PC Tools AV, you'd lose out on the integrated real-time blacklist check you'd get with ThreatFire Pro.

This doesn't affect ThreatFire's overall effectiveness against threats, of course, as this check is only invoked AFTER it's behaviorally detected some suspicious activity. However, it does make the subsequent user interactions much more straightforward: you'll see the "red" (known bad threat) alert and the threat will be automatically quarantined. Otherwise you'll typically see the "yellow" (unknown or suspicious activity) alert where you must decide whether to Allow or Quarantine.

This is particularly helpful for users who are perhaps not as advanced or expert as many on this forum.

Hope this helps.

Becky Dubrow

Hi, Becky: Thanks for your light-speed reply. Yes, so far so good I have not touched PeptoBismal yet. I do hope when ThreatFire final is released I can upgrade to pro. I did use Cyberhawk for a while, and I do miss those happy old times. Have a nice one. Thanks.

CyberHawk is better than ThreatFire, in my opinion!

I mean the name!